commit
0e0101043b
8
COPYING
8
COPYING
@ -17,7 +17,7 @@ which is held by Julianne Frances Haugh, may be copied, such that the
|
||||
copyright holder maintains some semblance of artistic control over the
|
||||
development of the package, while giving the users of the package the
|
||||
right to use and distribute the Package in a more-or-less customary
|
||||
fashion, plus the right to make reasonable modifications.
|
||||
fashion, plus the right to make reasonable modifications.
|
||||
|
||||
So there.
|
||||
|
||||
@ -28,7 +28,7 @@ Definitions:
|
||||
|
||||
A "Package" refers to the collection of files distributed by the
|
||||
Copyright Holder, and derivatives of that collection of files created
|
||||
through textual modification, or segments thereof.
|
||||
through textual modification, or segments thereof.
|
||||
|
||||
"Standard Version" refers to such a Package if it has not been modified,
|
||||
or has been modified in accordance with the wishes of the Copyright
|
||||
@ -100,12 +100,12 @@ Standard Version.
|
||||
d) make other distribution arrangements with the Copyright Holder.
|
||||
|
||||
5. You may charge a reasonable copying fee for any distribution of this
|
||||
Package. You may charge any fee you choose for support of this Package.
|
||||
Package. You may charge any fee you choose for support of this Package.
|
||||
YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
|
||||
distribute this Package in aggregate with other (possibly commercial)
|
||||
programs as part of a larger (possibly commercial) software distribution
|
||||
provided that YOU DO NOT ADVERTISE this package as a product of your
|
||||
own.
|
||||
own.
|
||||
|
||||
6. The name of the Copyright Holder may not be used to endorse or
|
||||
promote products derived from this software without specific prior
|
||||
|
30
ChangeLog
30
ChangeLog
@ -285,7 +285,7 @@
|
||||
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
|
||||
when option -v/-V (-w/-W) are provided.
|
||||
when option -v/-V (-w/-W) are provided.
|
||||
|
||||
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
@ -662,8 +662,8 @@
|
||||
|
||||
* configure.in: Prepare for next point release 4.2.
|
||||
* if using the static char* for pw_dir, strdup it so
|
||||
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
|
||||
* Kill the child process group, rather than just the
|
||||
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
|
||||
* Kill the child process group, rather than just the
|
||||
immediate child; this is needed now that su no
|
||||
longer starts a controlling terminal when not running an
|
||||
interactive shell (closes: Debian#713979)
|
||||
@ -890,7 +890,7 @@
|
||||
|
||||
* po/pt.po: Updated to 557t.
|
||||
|
||||
2012-01-19 Holger Wansing <linux@wansing-online.de>
|
||||
2012-01-19 Holger Wansing <linux@wansing-online.de>
|
||||
|
||||
* po/de.po: Updated to 557t.
|
||||
|
||||
@ -1477,8 +1477,8 @@
|
||||
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
|
||||
set to 'x' in passwd and there are no entry in shadow for the
|
||||
user.
|
||||
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
|
||||
set to 'x' in group and there are no entry in gshadow for the
|
||||
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
|
||||
set to 'x' in group and there are no entry in gshadow for the
|
||||
group.
|
||||
|
||||
2011-07-28 Nicolas François <nicolas.francois@centraliens.net>
|
||||
@ -1550,7 +1550,7 @@
|
||||
2011-07-22 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
|
||||
invalid configuration.
|
||||
invalid configuration.
|
||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
|
||||
comments.
|
||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
|
||||
@ -1787,7 +1787,7 @@
|
||||
man/login.defs.d/DEFAULT_HOME.xml,
|
||||
man/login.defs.d/LOGIN_RETRIES.xml,
|
||||
man/login.defs.d/MD5_CRYPT_ENAB.xml,
|
||||
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
|
||||
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
|
||||
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml:
|
||||
Fix typos
|
||||
* man/po/de.po: German translation of manpages completed
|
||||
@ -1834,7 +1834,7 @@
|
||||
|
||||
2011-03-30 YunQiang Su <wzssyqa@gmail.com>
|
||||
|
||||
* man/po/zh_CN.po: convert Simplified Chinese translation
|
||||
* man/po/zh_CN.po: convert Simplified Chinese translation
|
||||
of manpages to gettext
|
||||
* po/zh_CN.po: Simplified Chinese translation completed
|
||||
|
||||
@ -1973,7 +1973,7 @@
|
||||
boolean. safe_system last argument is a boolean.
|
||||
* libmisc/system.c: Check return value of dup2.
|
||||
* libmisc/system.c: Do not check *printf/*puts return value.
|
||||
* libmisc/system.c: Do not check execve return value.
|
||||
* libmisc/system.c: Do not check execve return value.
|
||||
* libmisc/salt.c: Do not check *printf/*puts return value.
|
||||
* libmisc/loginprompt.c: Do not check gethostname return value.
|
||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
|
||||
@ -2126,7 +2126,7 @@
|
||||
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/useradd.c: spool is a constant string.
|
||||
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
|
||||
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
|
||||
|
||||
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
@ -4975,7 +4975,7 @@
|
||||
<sgrubb@redhat.com>
|
||||
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
|
||||
of AUDIT_USER_CHAUTHTOK.
|
||||
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
|
||||
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
|
||||
of AUDIT_USER_CHAUTHTOK.
|
||||
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
|
||||
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
|
||||
@ -5231,7 +5231,7 @@
|
||||
* NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
|
||||
support for long options --add (-a), --delete (-d),
|
||||
--remove-password (-r), --restrict (-R), --administrators (-A),
|
||||
and --members (-M)
|
||||
and --members (-M)
|
||||
* man/gpasswd.1.xml: Document the new long options.
|
||||
* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
|
||||
defined.
|
||||
@ -7420,7 +7420,7 @@
|
||||
to mimic useradd's behavior choices of UID and GID.
|
||||
* src/newusers.c: Reuse the generic find_new_uid() and
|
||||
find_new_gid() functions. This permits to respect the
|
||||
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
|
||||
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
|
||||
* src/newusers.c: Check if the user or group exist using the
|
||||
external databases (with the libc getpwnam/getgrnam functions).
|
||||
Refuse to update an user which exist in an external database but
|
||||
@ -9217,7 +9217,7 @@
|
||||
Debian's patch 202_it_man_uses_gettext. Thanks to Giuseppe
|
||||
Sacco who contributed the Italian translation.
|
||||
* man/de/de.po: (nearly) complete German translation of man pages
|
||||
Imported from Debian's patch 203_de-man-update. Thanks to
|
||||
Imported from Debian's patch 203_de-man-update. Thanks to
|
||||
Simon Brandmair
|
||||
* src/usermod.c: Clarify the online help of usermod for "-a"
|
||||
Imported from Debian's patch 402-clarify_usermod_usage
|
||||
|
@ -2,7 +2,7 @@
|
||||
|
||||
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
||||
|
||||
SUBDIRS = libmisc lib
|
||||
SUBDIRS = libmisc lib
|
||||
|
||||
if ENABLE_SUBIDS
|
||||
SUBDIRS += libsubid
|
||||
|
24
NEWS
24
NEWS
@ -15,7 +15,7 @@ shadow-4.1.5.1 -> shadow-4.2 UNRELEASED
|
||||
|
||||
- su
|
||||
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
|
||||
interactive mode), kill the child process group, rather than just the
|
||||
interactive mode), kill the child process group, rather than just the
|
||||
immediate child.
|
||||
* Fix segmentation faults for users without a proper home or shell in
|
||||
their passwd entries.
|
||||
@ -622,7 +622,7 @@ shadow-4.0.18.2 -> shadow-4.1.0 09-12-2007
|
||||
- Add support for uClibc with no l64a().
|
||||
- userdel, usermod: Fix infinite loop caused by erroneous group file
|
||||
containing two entries with the same name. (The fix strategy differs
|
||||
from
|
||||
from
|
||||
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
|
||||
- userdel: Abort if an error is detected while updating the passwd or group
|
||||
databases. The passwd or group files will not be written.
|
||||
@ -1001,9 +1001,9 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
||||
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
||||
|
||||
*** general:
|
||||
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
|
||||
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
|
||||
close PAM session,
|
||||
- fixed configure.in: really enable shadow group support by default (pointed by
|
||||
- fixed configure.in: really enable shadow group support by default (pointed by
|
||||
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
|
||||
- login.defs: removed handle QMAIL_DIR variable,
|
||||
- login: allow regular user to login on read-only root file system (not only for root)
|
||||
@ -1080,7 +1080,7 @@ shadow-4.0.10 -> shadow-4.0.11 18-07-2005
|
||||
- S/Key support is back,
|
||||
- usermod: added -a option. This flag can only be used in conjunction with the -G
|
||||
option. It cause usermod to append user to the current supplementary group list.
|
||||
(patch by Peter Vrabec <pvrabec@redhat.com>)
|
||||
(patch by Peter Vrabec <pvrabec@redhat.com>)
|
||||
- chage: added missing \n in error messages,
|
||||
- useradd, groupadd: change -O option to -K and document it in man page,
|
||||
- su, sulogin, login: fixed erroneous warning messages when used with PAM about some
|
||||
@ -1130,7 +1130,7 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
||||
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
|
||||
- login: made login's -f option also able to use the username after -- if none
|
||||
was passed as it's optarg
|
||||
http://bugs.debian.org/53702
|
||||
http://bugs.debian.org/53702
|
||||
- login: check for hushed login and pass PAM_SILENT if true,
|
||||
http://bugs.debian.org/48002
|
||||
- login: fixed username on succesful login (was using the normal username,
|
||||
@ -1208,7 +1208,7 @@ shadow-4.0.7 -> shadow-4.0.8 26-04-2005
|
||||
-- new: chage.1, chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3,
|
||||
logoutd.8, porttime.5, pwck.8, shadow.3, shadowconfig.8, su.1,
|
||||
- passwd(1): fix #160477 Debian bug: improve -S output description,
|
||||
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
||||
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
||||
(without gshadow) doesn't permit to use newgrp,
|
||||
- newgrp(1): newgrp uses /bin/sh (not bash),
|
||||
- faillog(8): updated after rewritten faillog command for use getopt_long(),
|
||||
@ -1238,7 +1238,7 @@ shadow-4.0.6 -> shadow-4.0.7 26-01-2005
|
||||
- chpasswd:
|
||||
-- switch chpasswd to use getopt_long() and adds a --md5 option
|
||||
(by Ian Gulliver <ian@penguinhosting.net>),
|
||||
-- rewritten chpasswd(8) man page.
|
||||
-- rewritten chpasswd(8) man page.
|
||||
|
||||
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
|
||||
|
||||
@ -1309,7 +1309,7 @@ shadow-4.0.4 => shadow-4.0.4.1 14-01-2004
|
||||
- bug fixes in automake files for generate correct tar ball on "make dist":
|
||||
added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
|
||||
|
||||
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
||||
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
||||
|
||||
*** general:
|
||||
- added missing information about -f options in groupadd usage message
|
||||
@ -1408,7 +1408,7 @@ shadow-4.0.0 => shadow-4.0.1
|
||||
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
|
||||
- implemented functions for better reloading the nscd cache (per NSS map)
|
||||
(Thorsten Kukuk <kukuk@suse.de>),
|
||||
- fixed warnings "not used but defined" on compile using gcc 3.0.x
|
||||
- fixed warnings "not used but defined" on compile using gcc 3.0.x
|
||||
(bulletpr00ph <bullet@users.sourceforge.net>),
|
||||
- added ja, ko translations found in SuSE,
|
||||
- added symlinks: newgrp -> sg, vipw -> vigr,
|
||||
@ -1416,7 +1416,7 @@ shadow-4.0.0 => shadow-4.0.1
|
||||
- added sg(1) man page as roff .so link to newgrp(1),
|
||||
- installed fix for SEGV when using pwck -s on /etc/passwd file with
|
||||
empty lines in it.
|
||||
|
||||
|
||||
shadow-20001016 => shadow-4.0.0 06-01-2002
|
||||
|
||||
- fix bug discovered and fixed by Marcel Ritter
|
||||
@ -1466,7 +1466,7 @@ shadow-20000902 => shadow-20001012
|
||||
overwrite previously existing groups in adduser,
|
||||
- added PAM support for chage (bind to "chage" PAM config file) also
|
||||
added PAM support for all other small tools like chpasswd, groupadd,
|
||||
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
||||
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
||||
"shadow" PAM config file) - this modifications mainly based on
|
||||
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
|
||||
- many small fixes and improvements in automake (mow "make dist"
|
||||
|
2
TODO
2
TODO
@ -1,4 +1,4 @@
|
||||
* Create a common usage function that'd take the array of
|
||||
* Create a common usage function that'd take the array of
|
||||
long options and an array of descriptions and output that so things would
|
||||
be standardized across the utils.
|
||||
Usage strings should be normalized and split first.
|
||||
|
@ -4,14 +4,14 @@
|
||||
** --marekm
|
||||
**
|
||||
** 02/26/96
|
||||
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
||||
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
||||
** systems - Cristian Gafton, gafton@sorosis.ro
|
||||
**
|
||||
** 6/27/95
|
||||
** shadow-adduser 1.4:
|
||||
**
|
||||
** now it copies the /etc/skel dir into the person's dir,
|
||||
** makes the mail folders, changed some defaults and made a 'make
|
||||
** now it copies the /etc/skel dir into the person's dir,
|
||||
** makes the mail folders, changed some defaults and made a 'make
|
||||
** install' just for the hell of it.
|
||||
**
|
||||
** Greg Gallagher
|
||||
@ -19,20 +19,20 @@
|
||||
**
|
||||
** 1/28/95
|
||||
** shadow-adduser 1.3:
|
||||
**
|
||||
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||
**
|
||||
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
||||
** It was such a stupid bug that I would have never seen it myself.
|
||||
**
|
||||
** Brandon
|
||||
*****
|
||||
** 01/27/95
|
||||
**
|
||||
**
|
||||
** shadow-adduser 1.2:
|
||||
** I took the C source from adduser-shadow (credits are below) and made
|
||||
** it a little more worthwhile. Many small changes... Here's
|
||||
** the ones I can remember:
|
||||
**
|
||||
**
|
||||
** Removed support for non-shadowed systems (if you don't have shadow,
|
||||
** use the original adduser, don't get this shadow version!)
|
||||
** Added support for the correct /etc/shadow fields (Min days before
|
||||
@ -56,7 +56,7 @@
|
||||
** Brandon
|
||||
** photon@usis.com
|
||||
**
|
||||
*****
|
||||
*****
|
||||
** adduser 1.0: add a new user account (For systems not using shadow)
|
||||
** With a nice little interface and a will to do all the work for you.
|
||||
**
|
||||
@ -119,14 +119,14 @@
|
||||
|
||||
void main()
|
||||
{
|
||||
char foo[32];
|
||||
char foo[32];
|
||||
char uname[9],person[32],dir[32],shell[32];
|
||||
unsigned int group,min_pass,max_pass,warn_pass,user_die;
|
||||
/* the group and uid of the new user */
|
||||
int bad=0,done=0,correct=0,gets_warning=0;
|
||||
char cmd[255];
|
||||
struct group *grp;
|
||||
|
||||
|
||||
/* flags, in order:
|
||||
* bad to see if the username is in /etc/passwd, or if strange stuff has
|
||||
* been typed if the user might be put in group 0
|
||||
@ -137,24 +137,24 @@ void main()
|
||||
*/
|
||||
|
||||
/* The real program starts HERE! */
|
||||
|
||||
|
||||
if(geteuid()!=0)
|
||||
{
|
||||
printf("It seems you don't have access to add a new user. Try\n");
|
||||
printf("logging in as root or su root to gain super-user access.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
|
||||
/* Sanity checks
|
||||
*/
|
||||
|
||||
|
||||
if (!(grp=getgrgid(DEFAULT_GROUP))){
|
||||
printf("Error: the default group %d does not exist on this system!\n",
|
||||
DEFAULT_GROUP);
|
||||
printf("adduser must be recompiled.\n");
|
||||
exit(1);
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
while(!correct) { /* loop until a "good" uname is chosen */
|
||||
while(!done) {
|
||||
printf("\nLogin to add (^C to quit): ");
|
||||
@ -178,19 +178,19 @@ void main()
|
||||
} else
|
||||
done=1;
|
||||
}; /* done, we have a valid new user name */
|
||||
|
||||
|
||||
/* all set, get the rest of the stuff */
|
||||
printf("\nEditing information for new user [%s]\n",uname);
|
||||
|
||||
|
||||
printf("\nFull Name [%s]: ",uname);
|
||||
gets(person);
|
||||
if (!strlen(person)) {
|
||||
bzero(person,sizeof(person));
|
||||
strcpy(person,uname);
|
||||
};
|
||||
|
||||
|
||||
do {
|
||||
bad=0;
|
||||
bad=0;
|
||||
printf("GID [%d]: ",DEFAULT_GROUP);
|
||||
gets(foo);
|
||||
if (!strlen(foo))
|
||||
@ -220,7 +220,7 @@ void main()
|
||||
|
||||
|
||||
fflush(stdin);
|
||||
|
||||
|
||||
printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
|
||||
printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
|
||||
fflush(stdout);
|
||||
@ -237,30 +237,30 @@ void main()
|
||||
gets(shell);
|
||||
if (!strlen(shell))
|
||||
sprintf(shell,"%s",DEFAULT_SHELL);
|
||||
|
||||
|
||||
printf("\nMin. Password Change Days [0]: ");
|
||||
gets(foo);
|
||||
min_pass=atoi(foo);
|
||||
|
||||
|
||||
printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
|
||||
gets(foo);
|
||||
if (strlen(foo) > 1)
|
||||
max_pass = atoi(foo);
|
||||
else
|
||||
max_pass = DEFAULT_MAX_PASS;
|
||||
|
||||
|
||||
printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
|
||||
gets(foo);
|
||||
warn_pass = atoi(foo);
|
||||
if (warn_pass==0)
|
||||
warn_pass = DEFAULT_WARN_PASS;
|
||||
|
||||
|
||||
printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
|
||||
gets(foo);
|
||||
user_die = atoi(foo);
|
||||
if (user_die == 0)
|
||||
user_die = DEFAULT_USER_DIE;
|
||||
|
||||
|
||||
printf("\nInformation for new user [%s] [%s]:\n",uname,person);
|
||||
printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
|
||||
printf("GID: [%d]\n",group);
|
||||
@ -279,7 +279,7 @@ void main()
|
||||
bzero(cmd,sizeof(cmd));
|
||||
sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
|
||||
USERADD_PATH,group,dir,shell,person,uname);
|
||||
printf("Calling useradd to add new user:\n%s\n",cmd);
|
||||
printf("Calling useradd to add new user:\n%s\n",cmd);
|
||||
if(system(cmd)){
|
||||
printf("User add failed!\n");
|
||||
exit(errno);
|
||||
|
@ -1311,7 +1311,7 @@
|
||||
|
||||
This means that fred's password is valid, it was last changed on
|
||||
03/04/96, it can be changed at any time, it expires after 60 days,
|
||||
fred will not be warned, and and the account won't be disabled when
|
||||
fred will not be warned, and the account won't be disabled when
|
||||
the password expires.
|
||||
|
||||
This simply means that if fred logs in after the password expires, he
|
||||
@ -1487,7 +1487,7 @@
|
||||
|
||||
If a user logs into a line that is listed in /etc/dialups, and his
|
||||
shell is listed in the file /etc/d_passwd he will be allowed access
|
||||
only by suppling the correct password.
|
||||
only by supplying the correct password.
|
||||
|
||||
Another useful purpose for using dial-up passwords might be to setup a
|
||||
line that only allows a certain type of connect (perhaps a PPP or UUCP
|
||||
|
@ -63,4 +63,3 @@ To completely disable limits for a user, a single dash (-) will do.
|
||||
Also, please note that all limit settings are set PER LOGIN. They are
|
||||
not global, nor are they permanent. Perhaps global limits will come, but
|
||||
for now this will have to do ;)
|
||||
|
||||
|
@ -3,7 +3,7 @@
|
||||
# This is the current (still incomplete) list of platforms this
|
||||
# package has been verified to work on. Additions (preferably
|
||||
# in the format as described below) are welcome. Thanks!
|
||||
#
|
||||
#
|
||||
# V: last version reported to work
|
||||
# H: host type
|
||||
# L: Linux libc version
|
||||
|
@ -37,4 +37,3 @@ New ideas to add to this list are welcome, too. --marekm
|
||||
per-user configuration, to be executed with run-parts. Some hooks should
|
||||
be executed at package install time for existing users, likewise for
|
||||
package removal and possibly modification. (Debian Bug#36019)
|
||||
|
||||
|
@ -1,4 +1,4 @@
|
||||
<HEAD>
|
||||
<head>
|
||||
<title>shadow - Welcome</title>
|
||||
</head>
|
||||
<body>
|
||||
|
@ -1,20 +1,20 @@
|
||||
# $Id$
|
||||
#
|
||||
# Login access control table.
|
||||
#
|
||||
#
|
||||
# When someone logs in, the table is scanned for the first entry that
|
||||
# matches the (user, host) combination, or, in case of non-networked
|
||||
# logins, the first entry that matches the (user, tty) combination. The
|
||||
# permissions field of that table entry determines whether the login will
|
||||
# permissions field of that table entry determines whether the login will
|
||||
# be accepted or refused.
|
||||
#
|
||||
#
|
||||
# Format of the login access control table is three fields separated by a
|
||||
# ":" character:
|
||||
#
|
||||
#
|
||||
# permission : users : origins
|
||||
#
|
||||
#
|
||||
# The first field should be a "+" (access granted) or "-" (access denied)
|
||||
# character.
|
||||
# character.
|
||||
#
|
||||
# The second field should be a list of one or more login names, group
|
||||
# names, or ALL (always matches). A pattern of the form user@host is
|
||||
@ -37,7 +37,7 @@
|
||||
# listed: the program does not look at a user's primary group id value.
|
||||
#
|
||||
##############################################################################
|
||||
#
|
||||
#
|
||||
# Disallow console logins to all but a few accounts.
|
||||
#
|
||||
#-:ALL EXCEPT wheel shutdown sync:console
|
||||
|
@ -465,7 +465,6 @@ USERGROUPS_ENAB yes
|
||||
# Set to "yes" to prevent for all accounts
|
||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||
|
||||
PREVENT_NO_AUTH superuser
|
||||
|
||||
#
|
||||
|
@ -1,7 +1,7 @@
|
||||
|
||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
||||
|
||||
DEFS =
|
||||
DEFS =
|
||||
|
||||
noinst_LTLIBRARIES = libshadow.la
|
||||
|
||||
|
@ -403,11 +403,11 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
||||
file_len = strlen(db->filename) + 11;/* %lu max size */
|
||||
lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
|
||||
file = (char*)malloc(file_len);
|
||||
if(file == NULL) {
|
||||
if (file == NULL) {
|
||||
goto cleanup_ENOMEM;
|
||||
}
|
||||
lock = (char*)malloc(lock_file_len);
|
||||
if(lock == NULL) {
|
||||
if (lock == NULL) {
|
||||
goto cleanup_ENOMEM;
|
||||
}
|
||||
snprintf (file, file_len, "%s.%lu",
|
||||
@ -419,9 +419,9 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
||||
err = 1;
|
||||
}
|
||||
cleanup_ENOMEM:
|
||||
if(file)
|
||||
if (file)
|
||||
free(file);
|
||||
if(lock)
|
||||
if (lock)
|
||||
free(lock);
|
||||
return err;
|
||||
}
|
||||
|
@ -45,8 +45,8 @@
|
||||
struct faillog {
|
||||
short fail_cnt; /* failures since last success */
|
||||
short fail_max; /* failures before turning account off */
|
||||
char fail_line[12]; /* last failure occured here */
|
||||
time_t fail_time; /* last failure occured then */
|
||||
char fail_line[12]; /* last failure occurred here */
|
||||
time_t fail_time; /* last failure occurred then */
|
||||
/*
|
||||
* If nonzero, the account will be re-enabled if there are no
|
||||
* failures for fail_locktime seconds since last failure.
|
||||
|
@ -127,7 +127,7 @@ int pw_auth (const char *cipher,
|
||||
#ifdef SKEY
|
||||
/*
|
||||
* If the user has an S/KEY entry show them the pertinent info
|
||||
* and then we can try validating the created cyphertext and the SKEY.
|
||||
* and then we can try validating the created ciphertext and the SKEY.
|
||||
* If there is no SKEY information we default to not using SKEY.
|
||||
*/
|
||||
|
||||
|
@ -17,7 +17,7 @@ int run_part (char *script_path, char *name, char *action)
|
||||
char *args[] = { script_path, NULL };
|
||||
|
||||
pid=fork();
|
||||
if (pid==-1){
|
||||
if (pid==-1) {
|
||||
perror ("Could not fork");
|
||||
return 1;
|
||||
}
|
||||
|
@ -331,7 +331,7 @@ int del_seuser (const char *login_name)
|
||||
|
||||
if (0 == exists) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
|
||||
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
|
||||
login_name);
|
||||
ret = 0; /* probably default mapping */
|
||||
goto done;
|
||||
@ -346,7 +346,7 @@ int del_seuser (const char *login_name)
|
||||
|
||||
if (0 == exists) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
|
||||
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
|
||||
login_name);
|
||||
ret = 0; /* Login mapping defined in policy can't be deleted */
|
||||
goto done;
|
||||
|
@ -91,7 +91,7 @@ struct passwd *sgetpwent (const char *buf)
|
||||
}
|
||||
|
||||
/* something at the end, columns over shot */
|
||||
if( cp != NULL ) {
|
||||
if ( cp != NULL ) {
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
|
@ -53,7 +53,7 @@ static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
|
||||
static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
|
||||
{
|
||||
struct subordinate_range *rangeent = ent;
|
||||
|
||||
|
||||
free ((void *)(rangeent->owner));
|
||||
free (rangeent);
|
||||
}
|
||||
@ -224,7 +224,7 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
|
||||
/* Get UID of the username we are looking for */
|
||||
pwd = getpwnam(owner);
|
||||
if (NULL == pwd) {
|
||||
/* Username not defined in /etc/passwd, or error occured during lookup */
|
||||
/* Username not defined in /etc/passwd, or error occurred during lookup */
|
||||
return NULL;
|
||||
}
|
||||
owner_uid = pwd->pw_uid;
|
||||
@ -296,7 +296,7 @@ static bool have_range(struct commonio_db *db,
|
||||
end = start + count - 1;
|
||||
range = find_range (db, owner, start);
|
||||
while (range) {
|
||||
unsigned long last;
|
||||
unsigned long last;
|
||||
|
||||
last = range->start + range->count - 1;
|
||||
if (last >= (start + count - 1))
|
||||
@ -847,7 +847,7 @@ static int append_uids(uid_t **uids, const char *owner, int n)
|
||||
} else {
|
||||
struct passwd *pwd = getpwnam(owner);
|
||||
if (NULL == pwd) {
|
||||
/* Username not defined in /etc/passwd, or error occured during lookup */
|
||||
/* Username not defined in /etc/passwd, or error occurred during lookup */
|
||||
free(*uids);
|
||||
*uids = NULL;
|
||||
return -1;
|
||||
|
@ -68,7 +68,7 @@ void audit_help_open (void)
|
||||
* This function will log a message to the audit system using a predefined
|
||||
* message format. Parameter usage is as follows:
|
||||
*
|
||||
* type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
||||
* type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
||||
* attributes.
|
||||
* pgname - program's name
|
||||
* op - operation. "adding user", "changing finger info", "deleting group"
|
||||
|
@ -117,7 +117,7 @@ static void error_acl (struct error_context *ctx, const char *fmt, ...)
|
||||
{
|
||||
va_list ap;
|
||||
|
||||
/* ignore the case when destination does not support ACLs
|
||||
/* ignore the case when destination does not support ACLs
|
||||
* or extended attributes */
|
||||
if (ENOTSUP == errno) {
|
||||
errno = 0;
|
||||
|
@ -157,7 +157,7 @@ static int check_gid (const gid_t gid,
|
||||
* [GID_MIN:GID_MAX] range.
|
||||
* This ID should be higher than all the used GID, but if not possible,
|
||||
* the lowest unused ID in the range will be returned.
|
||||
*
|
||||
*
|
||||
* Return 0 on success, -1 if no unused GIDs are available.
|
||||
*/
|
||||
int find_new_gid (bool sys_group,
|
||||
|
@ -43,7 +43,7 @@
|
||||
*
|
||||
* If successful, find_new_sub_gids provides a range of unused
|
||||
* user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.
|
||||
*
|
||||
*
|
||||
* Return 0 on success, -1 if no unused GIDs are available.
|
||||
*/
|
||||
int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
|
||||
|
@ -43,7 +43,7 @@
|
||||
*
|
||||
* If successful, find_new_sub_uids provides a range of unused
|
||||
* user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.
|
||||
*
|
||||
*
|
||||
* Return 0 on success, -1 if no unused UIDs are available.
|
||||
*/
|
||||
int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
|
||||
|
@ -157,7 +157,7 @@ static int check_uid(const uid_t uid,
|
||||
* [UID_MIN:UID_MAX] range.
|
||||
* This ID should be higher than all the used UID, but if not possible,
|
||||
* the lowest unused ID in the range will be returned.
|
||||
*
|
||||
*
|
||||
* Return 0 on success, -1 if no unused UIDs are available.
|
||||
*/
|
||||
int find_new_uid(bool sys_user,
|
||||
|
@ -209,7 +209,7 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
|
||||
}
|
||||
#endif
|
||||
|
||||
bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
|
||||
bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
|
||||
pos = buf = xmalloc(bufsize);
|
||||
|
||||
/* Build the mapping command */
|
||||
|
@ -202,7 +202,7 @@ static int check_logins (const char *name, const char *maxlogins)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Function setup_user_limits - checks/set limits for the curent login
|
||||
/* Function setup_user_limits - checks/set limits for the current login
|
||||
* Original idea from Joel Katz's lshell. Ported to shadow-login
|
||||
* by Cristian Gafton - gafton@sorosis.ro
|
||||
*
|
||||
@ -404,7 +404,7 @@ static bool user_in_group (const char *uname, const char *gname)
|
||||
{
|
||||
struct group *groupdata;
|
||||
|
||||
if (uname == NULL || gname == NULL){
|
||||
if (uname == NULL || gname == NULL) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -42,7 +42,7 @@
|
||||
#include <lastlog.h>
|
||||
#include "prototypes.h"
|
||||
|
||||
/*
|
||||
/*
|
||||
* dolastlog - create lastlog entry
|
||||
*
|
||||
* A "last login" entry is created for the user being logged in. The
|
||||
|
@ -103,7 +103,7 @@ void login_prompt (const char *prompt, char *name, int namesize)
|
||||
(void) fflush (stdout);
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* Read the user's response. The trailing newline will be
|
||||
* removed.
|
||||
*/
|
||||
|
@ -29,7 +29,7 @@
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ident "$Id$"
|
||||
|
@ -176,10 +176,10 @@ extern struct group *prefix_getgrnam(const char *name)
|
||||
struct group * grp = NULL;
|
||||
|
||||
fg = fopen(group_db_file, "rt");
|
||||
if(!fg)
|
||||
if (!fg)
|
||||
return NULL;
|
||||
while((grp = fgetgrent(fg)) != NULL) {
|
||||
if(!strcmp(name, grp->gr_name))
|
||||
while ((grp = fgetgrent(fg)) != NULL) {
|
||||
if (!strcmp(name, grp->gr_name))
|
||||
break;
|
||||
}
|
||||
fclose(fg);
|
||||
@ -196,10 +196,10 @@ extern struct group *prefix_getgrgid(gid_t gid)
|
||||
struct group * grp = NULL;
|
||||
|
||||
fg = fopen(group_db_file, "rt");
|
||||
if(!fg)
|
||||
if (!fg)
|
||||
return NULL;
|
||||
while((grp = fgetgrent(fg)) != NULL) {
|
||||
if(gid == grp->gr_gid)
|
||||
while ((grp = fgetgrent(fg)) != NULL) {
|
||||
if (gid == grp->gr_gid)
|
||||
break;
|
||||
}
|
||||
fclose(fg);
|
||||
@ -216,10 +216,10 @@ extern struct passwd *prefix_getpwuid(uid_t uid)
|
||||
struct passwd *pwd = NULL;
|
||||
|
||||
fg = fopen(passwd_db_file, "rt");
|
||||
if(!fg)
|
||||
if (!fg)
|
||||
return NULL;
|
||||
while((pwd = fgetpwent(fg)) != NULL) {
|
||||
if(uid == pwd->pw_uid)
|
||||
while ((pwd = fgetpwent(fg)) != NULL) {
|
||||
if (uid == pwd->pw_uid)
|
||||
break;
|
||||
}
|
||||
fclose(fg);
|
||||
@ -236,10 +236,10 @@ extern struct passwd *prefix_getpwnam(const char* name)
|
||||
struct passwd *pwd = NULL;
|
||||
|
||||
fg = fopen(passwd_db_file, "rt");
|
||||
if(!fg)
|
||||
if (!fg)
|
||||
return NULL;
|
||||
while((pwd = fgetpwent(fg)) != NULL) {
|
||||
if(!strcmp(name, pwd->pw_name))
|
||||
while ((pwd = fgetpwent(fg)) != NULL) {
|
||||
if (!strcmp(name, pwd->pw_name))
|
||||
break;
|
||||
}
|
||||
fclose(fg);
|
||||
@ -256,10 +256,10 @@ extern struct spwd *prefix_getspnam(const char* name)
|
||||
struct spwd *sp = NULL;
|
||||
|
||||
fg = fopen(spw_db_file, "rt");
|
||||
if(!fg)
|
||||
if (!fg)
|
||||
return NULL;
|
||||
while((sp = fgetspent(fg)) != NULL) {
|
||||
if(!strcmp(name, sp->sp_namp))
|
||||
while ((sp = fgetspent(fg)) != NULL) {
|
||||
if (!strcmp(name, sp->sp_namp))
|
||||
break;
|
||||
}
|
||||
fclose(fg);
|
||||
@ -272,7 +272,7 @@ extern struct spwd *prefix_getspnam(const char* name)
|
||||
|
||||
extern void prefix_setpwent()
|
||||
{
|
||||
if(!passwd_db_file) {
|
||||
if (!passwd_db_file) {
|
||||
setpwent();
|
||||
return;
|
||||
}
|
||||
@ -280,19 +280,19 @@ extern void prefix_setpwent()
|
||||
fclose (fp_pwent);
|
||||
|
||||
fp_pwent = fopen(passwd_db_file, "rt");
|
||||
if(!fp_pwent)
|
||||
if (!fp_pwent)
|
||||
return;
|
||||
}
|
||||
extern struct passwd* prefix_getpwent()
|
||||
{
|
||||
if(!passwd_db_file) {
|
||||
if (!passwd_db_file) {
|
||||
return getpwent();
|
||||
}
|
||||
return fgetpwent(fp_pwent);
|
||||
}
|
||||
extern void prefix_endpwent()
|
||||
{
|
||||
if(!passwd_db_file) {
|
||||
if (!passwd_db_file) {
|
||||
endpwent();
|
||||
return;
|
||||
}
|
||||
@ -303,7 +303,7 @@ extern void prefix_endpwent()
|
||||
|
||||
extern void prefix_setgrent()
|
||||
{
|
||||
if(!group_db_file) {
|
||||
if (!group_db_file) {
|
||||
setgrent();
|
||||
return;
|
||||
}
|
||||
@ -311,19 +311,19 @@ extern void prefix_setgrent()
|
||||
fclose (fp_grent);
|
||||
|
||||
fp_grent = fopen(group_db_file, "rt");
|
||||
if(!fp_grent)
|
||||
if (!fp_grent)
|
||||
return;
|
||||
}
|
||||
extern struct group* prefix_getgrent()
|
||||
{
|
||||
if(!group_db_file) {
|
||||
if (!group_db_file) {
|
||||
return getgrent();
|
||||
}
|
||||
return fgetgrent(fp_grent);
|
||||
}
|
||||
extern void prefix_endgrent()
|
||||
{
|
||||
if(!group_db_file) {
|
||||
if (!group_db_file) {
|
||||
endgrent();
|
||||
return;
|
||||
}
|
||||
|
@ -263,7 +263,7 @@ static void print_date (time_t date)
|
||||
char buf[80];
|
||||
char format[80];
|
||||
|
||||
if( iflg ) {
|
||||
if (iflg) {
|
||||
(void) snprintf (format, 80, "%%Y-%%m-%%d");
|
||||
}
|
||||
else {
|
||||
|
@ -515,7 +515,7 @@ int main (int argc, char **argv)
|
||||
newpwd = cp;
|
||||
|
||||
#ifdef USE_PAM
|
||||
if (use_pam){
|
||||
if (use_pam) {
|
||||
if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: (line %d, user %s) password not changed\n"),
|
||||
@ -633,7 +633,7 @@ int main (int argc, char **argv)
|
||||
newpw.pw_passwd = cp;
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* The updated password file entry is then put back and will
|
||||
* be written to the password file later, after all the
|
||||
* other entries have been updated as well.
|
||||
|
14
src/login.c
14
src/login.c
@ -217,7 +217,7 @@ static void setup_tty (void)
|
||||
|
||||
/*
|
||||
* ttymon invocation prefers this, but these settings
|
||||
* won't come into effect after the first username login
|
||||
* won't come into effect after the first username login
|
||||
*/
|
||||
(void) STTY (0, &termio);
|
||||
}
|
||||
@ -401,7 +401,7 @@ static void init_env (void)
|
||||
}
|
||||
}
|
||||
#endif /* !USE_PAM */
|
||||
/*
|
||||
/*
|
||||
* Add the clock frequency so that profiling commands work
|
||||
* correctly.
|
||||
*/
|
||||
@ -520,7 +520,7 @@ static void update_utmp (const char *user,
|
||||
* of reasons, such as X servers or network logins.
|
||||
*
|
||||
* the flags which login supports are
|
||||
*
|
||||
*
|
||||
* -p - preserve the environment
|
||||
* -r - perform autologin protocol for rlogin
|
||||
* -f - do not perform authentication, user is preauthenticated
|
||||
@ -650,7 +650,7 @@ int main (int argc, char **argv)
|
||||
(void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
||||
|
||||
{
|
||||
/*
|
||||
/*
|
||||
* Use the ULIMIT in the login.defs file, and if
|
||||
* there isn't one, use the default value. The
|
||||
* user may have one for themselves, but otherwise,
|
||||
@ -983,12 +983,12 @@ int main (int argc, char **argv)
|
||||
|
||||
if (strcmp (user_passwd, "") == 0) {
|
||||
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
||||
if(prevent_no_auth == NULL) {
|
||||
if (prevent_no_auth == NULL) {
|
||||
prevent_no_auth = "superuser";
|
||||
}
|
||||
if(strcmp(prevent_no_auth, "yes") == 0) {
|
||||
if (strcmp(prevent_no_auth, "yes") == 0) {
|
||||
failed = true;
|
||||
} else if( (pwd->pw_uid == 0)
|
||||
} else if ((pwd->pw_uid == 0)
|
||||
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
||||
failed = true;
|
||||
}
|
||||
|
8
src/su.c
8
src/su.c
@ -508,13 +508,13 @@ static void check_perms_nopam (const struct passwd *pw)
|
||||
|
||||
if (strcmp (pw->pw_passwd, "") == 0) {
|
||||
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
||||
if(prevent_no_auth == NULL) {
|
||||
if (prevent_no_auth == NULL) {
|
||||
prevent_no_auth = "superuser";
|
||||
}
|
||||
if(strcmp(prevent_no_auth, "yes") == 0) {
|
||||
if (strcmp(prevent_no_auth, "yes") == 0) {
|
||||
fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n"));
|
||||
exit(1);
|
||||
} else if( (pw->pw_uid == 0)
|
||||
} else if ((pw->pw_uid == 0)
|
||||
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
||||
fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n"));
|
||||
exit(1);
|
||||
@ -579,7 +579,7 @@ static void check_perms_nopam (const struct passwd *pw)
|
||||
oldsig = signal (SIGQUIT, die);
|
||||
|
||||
/*
|
||||
* See if the system defined authentication method is being used.
|
||||
* See if the system defined authentication method is being used.
|
||||
* The first character of an administrator defined method is an '@'
|
||||
* character.
|
||||
*/
|
||||
|
@ -360,7 +360,7 @@ static void get_defaults (void)
|
||||
char buf[1024];
|
||||
char *cp;
|
||||
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
size_t len;
|
||||
int wlen;
|
||||
|
||||
@ -460,8 +460,8 @@ static void get_defaults (void)
|
||||
if ('\0' == *cp) {
|
||||
cp = SKEL_DIR; /* XXX warning: const */
|
||||
}
|
||||
|
||||
if(prefix[0]) {
|
||||
|
||||
if (prefix[0]) {
|
||||
size_t len;
|
||||
int wlen;
|
||||
char* _def_template; /* avoid const warning */
|
||||
@ -490,7 +490,7 @@ static void get_defaults (void)
|
||||
}
|
||||
(void) fclose (fp);
|
||||
getdef_err:
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
free(default_file);
|
||||
}
|
||||
}
|
||||
@ -551,7 +551,7 @@ static int set_defaults (void)
|
||||
wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
|
||||
assert (wlen <= (int) len -1);
|
||||
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
|
||||
default_file = malloc(len);
|
||||
if (default_file == NULL) {
|
||||
@ -722,7 +722,7 @@ static int set_defaults (void)
|
||||
ret = 0;
|
||||
setdef_err:
|
||||
free(new_file);
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
free(default_file);
|
||||
}
|
||||
|
||||
@ -1049,7 +1049,7 @@ static void grp_update (void)
|
||||
fail_exit (E_GRP_UPDATE); /* XXX */
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* Add the username to the list of group members and
|
||||
* update the group entry to reflect the change.
|
||||
*/
|
||||
@ -1124,7 +1124,7 @@ static void grp_update (void)
|
||||
fail_exit (E_GRP_UPDATE); /* XXX */
|
||||
}
|
||||
|
||||
/*
|
||||
/*
|
||||
* Add the username to the list of group members and
|
||||
* update the group entry to reflect the change.
|
||||
*/
|
||||
@ -1534,7 +1534,7 @@ static void process_flags (int argc, char **argv)
|
||||
|
||||
user_home = uh;
|
||||
}
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
||||
int wlen;
|
||||
char* _prefix_user_home; /* to avoid const warning */
|
||||
@ -2331,7 +2331,7 @@ static void create_mail (void)
|
||||
spool = "/var/mail";
|
||||
}
|
||||
file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
|
||||
if(prefix[0])
|
||||
if (prefix[0])
|
||||
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
||||
else
|
||||
sprintf (file, "%s/%s", spool, user_name);
|
||||
@ -2385,18 +2385,18 @@ static void check_uid_range(int rflg, uid_t user_id)
|
||||
{
|
||||
uid_t uid_min ;
|
||||
uid_t uid_max ;
|
||||
if(rflg){
|
||||
if (rflg) {
|
||||
uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
|
||||
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
|
||||
if(uid_min <= uid_max){
|
||||
if(user_id < uid_min || user_id >uid_max)
|
||||
if (uid_min <= uid_max) {
|
||||
if (user_id < uid_min || user_id >uid_max)
|
||||
fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||
}
|
||||
}else{
|
||||
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
|
||||
uid_max = (uid_t)getdef_ulong("UID_MAX", 6000UL);
|
||||
if(uid_min <= uid_max){
|
||||
if(user_id < uid_min || user_id >uid_max)
|
||||
if (uid_min <= uid_max) {
|
||||
if (user_id < uid_min || user_id >uid_max)
|
||||
fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||
}
|
||||
}
|
||||
@ -2594,7 +2594,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
if(uflg)
|
||||
if (uflg)
|
||||
check_uid_range(rflg,user_id);
|
||||
#ifdef WITH_TCB
|
||||
if (getdef_bool ("USE_TCB")) {
|
||||
|
@ -1046,7 +1046,7 @@ int main (int argc, char **argv)
|
||||
{NULL, 0, NULL, '\0'}
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
#ifdef WITH_SELINUX
|
||||
"fhrR:P:Z",
|
||||
#else /* !WITH_SELINUX */
|
||||
"fhrR:P:",
|
||||
@ -1067,7 +1067,7 @@ int main (int argc, char **argv)
|
||||
break;
|
||||
case 'P': /* no-op, handled in process_prefix_flag () */
|
||||
break;
|
||||
#ifdef WITH_SELINUX
|
||||
#ifdef WITH_SELINUX
|
||||
case 'Z':
|
||||
if (prefix[0]) {
|
||||
fprintf (stderr,
|
||||
@ -1168,9 +1168,9 @@ int main (int argc, char **argv)
|
||||
}
|
||||
user_id = pwd->pw_uid;
|
||||
user_gid = pwd->pw_gid;
|
||||
|
||||
if(prefix[0]) {
|
||||
|
||||
|
||||
if (prefix[0]) {
|
||||
|
||||
size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
|
||||
int wlen;
|
||||
user_home = xmalloc(len);
|
||||
@ -1347,7 +1347,7 @@ int main (int argc, char **argv)
|
||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
if(prefix[0] == '\0')
|
||||
if (prefix[0] == '\0')
|
||||
user_cancel (user_name);
|
||||
close_files ();
|
||||
|
||||
|
@ -370,7 +370,6 @@ static struct ulong_range getulong_range(const char *str)
|
||||
result.last = (unsigned long int)last;
|
||||
out:
|
||||
return result;
|
||||
|
||||
}
|
||||
|
||||
struct ulong_range_list_entry {
|
||||
@ -949,7 +948,7 @@ static void update_gshadow (void)
|
||||
|
||||
changed = false;
|
||||
|
||||
/*
|
||||
/*
|
||||
* Update the group entry to reflect the changes.
|
||||
*/
|
||||
if (sgr_update (nsgrp) == 0) {
|
||||
@ -1281,7 +1280,7 @@ static void process_flags (int argc, char **argv)
|
||||
if (!gflg) {
|
||||
user_newgid = user_gid;
|
||||
}
|
||||
if(prefix[0]) {
|
||||
if (prefix[0]) {
|
||||
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
||||
int wlen;
|
||||
prefix_user_home = xmalloc(len);
|
||||
@ -2247,7 +2246,7 @@ int main (int argc, char **argv)
|
||||
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
sub_uid_dbname ());
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
@ -2260,7 +2259,7 @@ int main (int argc, char **argv)
|
||||
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to add uid range %lu-%lu to '%s'\n"),
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
sub_uid_dbname ());
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
@ -2273,7 +2272,7 @@ int main (int argc, char **argv)
|
||||
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
sub_gid_dbname ());
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
@ -2286,7 +2285,7 @@ int main (int argc, char **argv)
|
||||
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to add gid range %lu-%lu to '%s'\n"),
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
Prog, ptr->range.first, ptr->range.last,
|
||||
sub_gid_dbname ());
|
||||
fail_exit (E_SUB_GID_UPDATE);
|
||||
}
|
||||
|
@ -6,7 +6,7 @@ You should run it on a chroot, or on a secured dedicated system.
|
||||
|
||||
To test a Debian system:
|
||||
$ mkdir sid-chroot
|
||||
$ sudo debootstrap sid sid-chroot/ http://ftp.fr.debian.org/debian/
|
||||
$ sudo debootstrap sid sid-chroot/ http://deb.debian.org/debian/
|
||||
edit or copy a sources.list
|
||||
$ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/
|
||||
edit or copy a resolv.conf
|
||||
@ -17,5 +17,3 @@ edit or copy a resolv.conf
|
||||
# aptitude update
|
||||
# aptitude install expect
|
||||
# cd /dev ; mknod --mode=666 /dev/ptmx c 5 2
|
||||
|
||||
|
||||
|
@ -51,10 +51,10 @@ echo "-: test failed"
|
||||
# Empty the complete log.
|
||||
> testsuite.log
|
||||
|
||||
find ${build_path} -name "*.gcda" -delete
|
||||
find "${build_path}" -name "*.gcda" -delete
|
||||
run_test ./su/01/su_root.test
|
||||
run_test ./su/01/su_user.test
|
||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
||||
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||
run_test ./su/02/env_FOO-options_--login
|
||||
run_test ./su/02/env_FOO-options_--login_bash
|
||||
run_test ./su/02/env_FOO-options_--preserve-environment
|
||||
@ -121,7 +121,7 @@ run_test ./su/11_su_sulog_failure/su.test
|
||||
run_test ./su/12_su_child_failure/su.test
|
||||
run_test ./su/13_su_child_success/su.test
|
||||
run_test ./chage/01/run
|
||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
||||
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||
run_test ./chage/02/run
|
||||
run_test ./chage/03_chsh_usage/chage.test
|
||||
run_test ./chage/04_chsh_usage_invalid_option/chage.test
|
||||
@ -1221,7 +1221,7 @@ run_test ./passwd/22_passwd_usage/passwd.test
|
||||
run_test ./login/01_login_prompt/login.test
|
||||
run_test ./login/02_login_user/login.test
|
||||
run_test ./login/03_login_check_tty/login.test
|
||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
||||
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||
run_test ./subids/01_useradd_no_subids/useradd.test
|
||||
run_test ./subids/02_useradd_with_subids/useradd.test
|
||||
run_test ./subids/03_useradd_no_subgid/useradd.test
|
||||
@ -1301,9 +1301,8 @@ echo
|
||||
echo "$succeeded test(s) passed"
|
||||
echo "$failed test(s) failed"
|
||||
echo "log written in 'testsuite.log'"
|
||||
if [ "$failed" != "0" ]
|
||||
if [ "$failed" != 0 ]
|
||||
then
|
||||
echo "the following tests failed:"
|
||||
echo $failed_tests
|
||||
echo "$failed_tests"
|
||||
fi
|
||||
|
||||
|
@ -16,8 +16,8 @@ failed_tests=""
|
||||
|
||||
run_test()
|
||||
{
|
||||
find $build_path -name "*.gcda" -delete
|
||||
find $build_path -name "*.gcno" | while read f
|
||||
find "$build_path" -name "*.gcda" -delete
|
||||
find "$build_path" -name "*.gcno" | while read f
|
||||
do
|
||||
g=${f%gcno}gcda
|
||||
touch $g
|
||||
@ -1320,9 +1320,8 @@ echo
|
||||
echo "$succeeded test(s) passed"
|
||||
echo "$failed test(s) failed"
|
||||
echo "log written in 'testsuite.log'"
|
||||
if [ "$failed" != "0" ]
|
||||
if [ "$failed" != 0 ]
|
||||
then
|
||||
echo "the following tests failed:"
|
||||
echo $failed_tests
|
||||
echo "$failed_tests"
|
||||
fi
|
||||
|
||||
|
@ -51,10 +51,10 @@ echo "-: test failed"
|
||||
# Empty the complete log.
|
||||
> testsuite.log
|
||||
|
||||
find ${build_path} -name "*.gcda" -delete
|
||||
find "${build_path}" -name "*.gcda" -delete
|
||||
run_test ./su/01/su_root.test
|
||||
run_test ./su/01/su_user.test
|
||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
||||
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||
run_test ./su/02/env_FOO-options_--login
|
||||
run_test ./su/02/env_FOO-options_--login_bash
|
||||
run_test ./su/02/env_FOO-options_--preserve-environment
|
||||
@ -133,9 +133,8 @@ echo
|
||||
echo "$succeeded test(s) passed"
|
||||
echo "$failed test(s) failed"
|
||||
echo "log written in 'testsuite.log'"
|
||||
if [ "$failed" != "0" ]
|
||||
if [ "$failed" != 0 ]
|
||||
then
|
||||
echo "the following tests failed:"
|
||||
echo $failed_tests
|
||||
echo "$failed_tests"
|
||||
fi
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user