commit
0e0101043b
8
COPYING
8
COPYING
@ -17,7 +17,7 @@ which is held by Julianne Frances Haugh, may be copied, such that the
|
|||||||
copyright holder maintains some semblance of artistic control over the
|
copyright holder maintains some semblance of artistic control over the
|
||||||
development of the package, while giving the users of the package the
|
development of the package, while giving the users of the package the
|
||||||
right to use and distribute the Package in a more-or-less customary
|
right to use and distribute the Package in a more-or-less customary
|
||||||
fashion, plus the right to make reasonable modifications.
|
fashion, plus the right to make reasonable modifications.
|
||||||
|
|
||||||
So there.
|
So there.
|
||||||
|
|
||||||
@ -28,7 +28,7 @@ Definitions:
|
|||||||
|
|
||||||
A "Package" refers to the collection of files distributed by the
|
A "Package" refers to the collection of files distributed by the
|
||||||
Copyright Holder, and derivatives of that collection of files created
|
Copyright Holder, and derivatives of that collection of files created
|
||||||
through textual modification, or segments thereof.
|
through textual modification, or segments thereof.
|
||||||
|
|
||||||
"Standard Version" refers to such a Package if it has not been modified,
|
"Standard Version" refers to such a Package if it has not been modified,
|
||||||
or has been modified in accordance with the wishes of the Copyright
|
or has been modified in accordance with the wishes of the Copyright
|
||||||
@ -100,12 +100,12 @@ Standard Version.
|
|||||||
d) make other distribution arrangements with the Copyright Holder.
|
d) make other distribution arrangements with the Copyright Holder.
|
||||||
|
|
||||||
5. You may charge a reasonable copying fee for any distribution of this
|
5. You may charge a reasonable copying fee for any distribution of this
|
||||||
Package. You may charge any fee you choose for support of this Package.
|
Package. You may charge any fee you choose for support of this Package.
|
||||||
YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
|
YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
|
||||||
distribute this Package in aggregate with other (possibly commercial)
|
distribute this Package in aggregate with other (possibly commercial)
|
||||||
programs as part of a larger (possibly commercial) software distribution
|
programs as part of a larger (possibly commercial) software distribution
|
||||||
provided that YOU DO NOT ADVERTISE this package as a product of your
|
provided that YOU DO NOT ADVERTISE this package as a product of your
|
||||||
own.
|
own.
|
||||||
|
|
||||||
6. The name of the Copyright Holder may not be used to endorse or
|
6. The name of the Copyright Holder may not be used to endorse or
|
||||||
promote products derived from this software without specific prior
|
promote products derived from this software without specific prior
|
||||||
|
30
ChangeLog
30
ChangeLog
@ -285,7 +285,7 @@
|
|||||||
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
|
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
|
||||||
when option -v/-V (-w/-W) are provided.
|
when option -v/-V (-w/-W) are provided.
|
||||||
|
|
||||||
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
2013-08-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
@ -662,8 +662,8 @@
|
|||||||
|
|
||||||
* configure.in: Prepare for next point release 4.2.
|
* configure.in: Prepare for next point release 4.2.
|
||||||
* if using the static char* for pw_dir, strdup it so
|
* if using the static char* for pw_dir, strdup it so
|
||||||
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
|
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
|
||||||
* Kill the child process group, rather than just the
|
* Kill the child process group, rather than just the
|
||||||
immediate child; this is needed now that su no
|
immediate child; this is needed now that su no
|
||||||
longer starts a controlling terminal when not running an
|
longer starts a controlling terminal when not running an
|
||||||
interactive shell (closes: Debian#713979)
|
interactive shell (closes: Debian#713979)
|
||||||
@ -890,7 +890,7 @@
|
|||||||
|
|
||||||
* po/pt.po: Updated to 557t.
|
* po/pt.po: Updated to 557t.
|
||||||
|
|
||||||
2012-01-19 Holger Wansing <linux@wansing-online.de>
|
2012-01-19 Holger Wansing <linux@wansing-online.de>
|
||||||
|
|
||||||
* po/de.po: Updated to 557t.
|
* po/de.po: Updated to 557t.
|
||||||
|
|
||||||
@ -1477,8 +1477,8 @@
|
|||||||
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
|
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
|
||||||
set to 'x' in passwd and there are no entry in shadow for the
|
set to 'x' in passwd and there are no entry in shadow for the
|
||||||
user.
|
user.
|
||||||
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
|
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
|
||||||
set to 'x' in group and there are no entry in gshadow for the
|
set to 'x' in group and there are no entry in gshadow for the
|
||||||
group.
|
group.
|
||||||
|
|
||||||
2011-07-28 Nicolas François <nicolas.francois@centraliens.net>
|
2011-07-28 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
@ -1550,7 +1550,7 @@
|
|||||||
2011-07-22 Nicolas François <nicolas.francois@centraliens.net>
|
2011-07-22 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
|
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
|
||||||
invalid configuration.
|
invalid configuration.
|
||||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
|
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
|
||||||
comments.
|
comments.
|
||||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
|
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
|
||||||
@ -1787,7 +1787,7 @@
|
|||||||
man/login.defs.d/DEFAULT_HOME.xml,
|
man/login.defs.d/DEFAULT_HOME.xml,
|
||||||
man/login.defs.d/LOGIN_RETRIES.xml,
|
man/login.defs.d/LOGIN_RETRIES.xml,
|
||||||
man/login.defs.d/MD5_CRYPT_ENAB.xml,
|
man/login.defs.d/MD5_CRYPT_ENAB.xml,
|
||||||
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
|
man/login.defs.d/PORTTIME_CHECKS_ENAB.xml,
|
||||||
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml:
|
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml:
|
||||||
Fix typos
|
Fix typos
|
||||||
* man/po/de.po: German translation of manpages completed
|
* man/po/de.po: German translation of manpages completed
|
||||||
@ -1834,7 +1834,7 @@
|
|||||||
|
|
||||||
2011-03-30 YunQiang Su <wzssyqa@gmail.com>
|
2011-03-30 YunQiang Su <wzssyqa@gmail.com>
|
||||||
|
|
||||||
* man/po/zh_CN.po: convert Simplified Chinese translation
|
* man/po/zh_CN.po: convert Simplified Chinese translation
|
||||||
of manpages to gettext
|
of manpages to gettext
|
||||||
* po/zh_CN.po: Simplified Chinese translation completed
|
* po/zh_CN.po: Simplified Chinese translation completed
|
||||||
|
|
||||||
@ -1973,7 +1973,7 @@
|
|||||||
boolean. safe_system last argument is a boolean.
|
boolean. safe_system last argument is a boolean.
|
||||||
* libmisc/system.c: Check return value of dup2.
|
* libmisc/system.c: Check return value of dup2.
|
||||||
* libmisc/system.c: Do not check *printf/*puts return value.
|
* libmisc/system.c: Do not check *printf/*puts return value.
|
||||||
* libmisc/system.c: Do not check execve return value.
|
* libmisc/system.c: Do not check execve return value.
|
||||||
* libmisc/salt.c: Do not check *printf/*puts return value.
|
* libmisc/salt.c: Do not check *printf/*puts return value.
|
||||||
* libmisc/loginprompt.c: Do not check gethostname return value.
|
* libmisc/loginprompt.c: Do not check gethostname return value.
|
||||||
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
|
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
|
||||||
@ -2126,7 +2126,7 @@
|
|||||||
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/useradd.c: spool is a constant string.
|
* src/useradd.c: spool is a constant string.
|
||||||
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
|
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
|
||||||
|
|
||||||
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
@ -4975,7 +4975,7 @@
|
|||||||
<sgrubb@redhat.com>
|
<sgrubb@redhat.com>
|
||||||
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
|
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
|
||||||
of AUDIT_USER_CHAUTHTOK.
|
of AUDIT_USER_CHAUTHTOK.
|
||||||
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
|
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
|
||||||
of AUDIT_USER_CHAUTHTOK.
|
of AUDIT_USER_CHAUTHTOK.
|
||||||
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
|
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
|
||||||
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
|
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
|
||||||
@ -5231,7 +5231,7 @@
|
|||||||
* NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
|
* NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
|
||||||
support for long options --add (-a), --delete (-d),
|
support for long options --add (-a), --delete (-d),
|
||||||
--remove-password (-r), --restrict (-R), --administrators (-A),
|
--remove-password (-r), --restrict (-R), --administrators (-A),
|
||||||
and --members (-M)
|
and --members (-M)
|
||||||
* man/gpasswd.1.xml: Document the new long options.
|
* man/gpasswd.1.xml: Document the new long options.
|
||||||
* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
|
* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
|
||||||
defined.
|
defined.
|
||||||
@ -7420,7 +7420,7 @@
|
|||||||
to mimic useradd's behavior choices of UID and GID.
|
to mimic useradd's behavior choices of UID and GID.
|
||||||
* src/newusers.c: Reuse the generic find_new_uid() and
|
* src/newusers.c: Reuse the generic find_new_uid() and
|
||||||
find_new_gid() functions. This permits to respect the
|
find_new_gid() functions. This permits to respect the
|
||||||
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
|
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
|
||||||
* src/newusers.c: Check if the user or group exist using the
|
* src/newusers.c: Check if the user or group exist using the
|
||||||
external databases (with the libc getpwnam/getgrnam functions).
|
external databases (with the libc getpwnam/getgrnam functions).
|
||||||
Refuse to update an user which exist in an external database but
|
Refuse to update an user which exist in an external database but
|
||||||
@ -9217,7 +9217,7 @@
|
|||||||
Debian's patch 202_it_man_uses_gettext. Thanks to Giuseppe
|
Debian's patch 202_it_man_uses_gettext. Thanks to Giuseppe
|
||||||
Sacco who contributed the Italian translation.
|
Sacco who contributed the Italian translation.
|
||||||
* man/de/de.po: (nearly) complete German translation of man pages
|
* man/de/de.po: (nearly) complete German translation of man pages
|
||||||
Imported from Debian's patch 203_de-man-update. Thanks to
|
Imported from Debian's patch 203_de-man-update. Thanks to
|
||||||
Simon Brandmair
|
Simon Brandmair
|
||||||
* src/usermod.c: Clarify the online help of usermod for "-a"
|
* src/usermod.c: Clarify the online help of usermod for "-a"
|
||||||
Imported from Debian's patch 402-clarify_usermod_usage
|
Imported from Debian's patch 402-clarify_usermod_usage
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
||||||
|
|
||||||
SUBDIRS = libmisc lib
|
SUBDIRS = libmisc lib
|
||||||
|
|
||||||
if ENABLE_SUBIDS
|
if ENABLE_SUBIDS
|
||||||
SUBDIRS += libsubid
|
SUBDIRS += libsubid
|
||||||
|
24
NEWS
24
NEWS
@ -15,7 +15,7 @@ shadow-4.1.5.1 -> shadow-4.2 UNRELEASED
|
|||||||
|
|
||||||
- su
|
- su
|
||||||
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
|
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
|
||||||
interactive mode), kill the child process group, rather than just the
|
interactive mode), kill the child process group, rather than just the
|
||||||
immediate child.
|
immediate child.
|
||||||
* Fix segmentation faults for users without a proper home or shell in
|
* Fix segmentation faults for users without a proper home or shell in
|
||||||
their passwd entries.
|
their passwd entries.
|
||||||
@ -622,7 +622,7 @@ shadow-4.0.18.2 -> shadow-4.1.0 09-12-2007
|
|||||||
- Add support for uClibc with no l64a().
|
- Add support for uClibc with no l64a().
|
||||||
- userdel, usermod: Fix infinite loop caused by erroneous group file
|
- userdel, usermod: Fix infinite loop caused by erroneous group file
|
||||||
containing two entries with the same name. (The fix strategy differs
|
containing two entries with the same name. (The fix strategy differs
|
||||||
from
|
from
|
||||||
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
|
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
|
||||||
- userdel: Abort if an error is detected while updating the passwd or group
|
- userdel: Abort if an error is detected while updating the passwd or group
|
||||||
databases. The passwd or group files will not be written.
|
databases. The passwd or group files will not be written.
|
||||||
@ -1001,9 +1001,9 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
|
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
|
||||||
close PAM session,
|
close PAM session,
|
||||||
- fixed configure.in: really enable shadow group support by default (pointed by
|
- fixed configure.in: really enable shadow group support by default (pointed by
|
||||||
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
|
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
|
||||||
- login.defs: removed handle QMAIL_DIR variable,
|
- login.defs: removed handle QMAIL_DIR variable,
|
||||||
- login: allow regular user to login on read-only root file system (not only for root)
|
- login: allow regular user to login on read-only root file system (not only for root)
|
||||||
@ -1080,7 +1080,7 @@ shadow-4.0.10 -> shadow-4.0.11 18-07-2005
|
|||||||
- S/Key support is back,
|
- S/Key support is back,
|
||||||
- usermod: added -a option. This flag can only be used in conjunction with the -G
|
- usermod: added -a option. This flag can only be used in conjunction with the -G
|
||||||
option. It cause usermod to append user to the current supplementary group list.
|
option. It cause usermod to append user to the current supplementary group list.
|
||||||
(patch by Peter Vrabec <pvrabec@redhat.com>)
|
(patch by Peter Vrabec <pvrabec@redhat.com>)
|
||||||
- chage: added missing \n in error messages,
|
- chage: added missing \n in error messages,
|
||||||
- useradd, groupadd: change -O option to -K and document it in man page,
|
- useradd, groupadd: change -O option to -K and document it in man page,
|
||||||
- su, sulogin, login: fixed erroneous warning messages when used with PAM about some
|
- su, sulogin, login: fixed erroneous warning messages when used with PAM about some
|
||||||
@ -1130,7 +1130,7 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
|||||||
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
|
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
|
||||||
- login: made login's -f option also able to use the username after -- if none
|
- login: made login's -f option also able to use the username after -- if none
|
||||||
was passed as it's optarg
|
was passed as it's optarg
|
||||||
http://bugs.debian.org/53702
|
http://bugs.debian.org/53702
|
||||||
- login: check for hushed login and pass PAM_SILENT if true,
|
- login: check for hushed login and pass PAM_SILENT if true,
|
||||||
http://bugs.debian.org/48002
|
http://bugs.debian.org/48002
|
||||||
- login: fixed username on succesful login (was using the normal username,
|
- login: fixed username on succesful login (was using the normal username,
|
||||||
@ -1208,7 +1208,7 @@ shadow-4.0.7 -> shadow-4.0.8 26-04-2005
|
|||||||
-- new: chage.1, chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3,
|
-- new: chage.1, chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3,
|
||||||
logoutd.8, porttime.5, pwck.8, shadow.3, shadowconfig.8, su.1,
|
logoutd.8, porttime.5, pwck.8, shadow.3, shadowconfig.8, su.1,
|
||||||
- passwd(1): fix #160477 Debian bug: improve -S output description,
|
- passwd(1): fix #160477 Debian bug: improve -S output description,
|
||||||
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
||||||
(without gshadow) doesn't permit to use newgrp,
|
(without gshadow) doesn't permit to use newgrp,
|
||||||
- newgrp(1): newgrp uses /bin/sh (not bash),
|
- newgrp(1): newgrp uses /bin/sh (not bash),
|
||||||
- faillog(8): updated after rewritten faillog command for use getopt_long(),
|
- faillog(8): updated after rewritten faillog command for use getopt_long(),
|
||||||
@ -1238,7 +1238,7 @@ shadow-4.0.6 -> shadow-4.0.7 26-01-2005
|
|||||||
- chpasswd:
|
- chpasswd:
|
||||||
-- switch chpasswd to use getopt_long() and adds a --md5 option
|
-- switch chpasswd to use getopt_long() and adds a --md5 option
|
||||||
(by Ian Gulliver <ian@penguinhosting.net>),
|
(by Ian Gulliver <ian@penguinhosting.net>),
|
||||||
-- rewritten chpasswd(8) man page.
|
-- rewritten chpasswd(8) man page.
|
||||||
|
|
||||||
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
|
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
|
||||||
|
|
||||||
@ -1309,7 +1309,7 @@ shadow-4.0.4 => shadow-4.0.4.1 14-01-2004
|
|||||||
- bug fixes in automake files for generate correct tar ball on "make dist":
|
- bug fixes in automake files for generate correct tar ball on "make dist":
|
||||||
added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
|
added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
|
||||||
|
|
||||||
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- added missing information about -f options in groupadd usage message
|
- added missing information about -f options in groupadd usage message
|
||||||
@ -1408,7 +1408,7 @@ shadow-4.0.0 => shadow-4.0.1
|
|||||||
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
|
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
|
||||||
- implemented functions for better reloading the nscd cache (per NSS map)
|
- implemented functions for better reloading the nscd cache (per NSS map)
|
||||||
(Thorsten Kukuk <kukuk@suse.de>),
|
(Thorsten Kukuk <kukuk@suse.de>),
|
||||||
- fixed warnings "not used but defined" on compile using gcc 3.0.x
|
- fixed warnings "not used but defined" on compile using gcc 3.0.x
|
||||||
(bulletpr00ph <bullet@users.sourceforge.net>),
|
(bulletpr00ph <bullet@users.sourceforge.net>),
|
||||||
- added ja, ko translations found in SuSE,
|
- added ja, ko translations found in SuSE,
|
||||||
- added symlinks: newgrp -> sg, vipw -> vigr,
|
- added symlinks: newgrp -> sg, vipw -> vigr,
|
||||||
@ -1416,7 +1416,7 @@ shadow-4.0.0 => shadow-4.0.1
|
|||||||
- added sg(1) man page as roff .so link to newgrp(1),
|
- added sg(1) man page as roff .so link to newgrp(1),
|
||||||
- installed fix for SEGV when using pwck -s on /etc/passwd file with
|
- installed fix for SEGV when using pwck -s on /etc/passwd file with
|
||||||
empty lines in it.
|
empty lines in it.
|
||||||
|
|
||||||
shadow-20001016 => shadow-4.0.0 06-01-2002
|
shadow-20001016 => shadow-4.0.0 06-01-2002
|
||||||
|
|
||||||
- fix bug discovered and fixed by Marcel Ritter
|
- fix bug discovered and fixed by Marcel Ritter
|
||||||
@ -1466,7 +1466,7 @@ shadow-20000902 => shadow-20001012
|
|||||||
overwrite previously existing groups in adduser,
|
overwrite previously existing groups in adduser,
|
||||||
- added PAM support for chage (bind to "chage" PAM config file) also
|
- added PAM support for chage (bind to "chage" PAM config file) also
|
||||||
added PAM support for all other small tools like chpasswd, groupadd,
|
added PAM support for all other small tools like chpasswd, groupadd,
|
||||||
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
||||||
"shadow" PAM config file) - this modifications mainly based on
|
"shadow" PAM config file) - this modifications mainly based on
|
||||||
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
|
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
|
||||||
- many small fixes and improvements in automake (mow "make dist"
|
- many small fixes and improvements in automake (mow "make dist"
|
||||||
|
2
TODO
2
TODO
@ -1,4 +1,4 @@
|
|||||||
* Create a common usage function that'd take the array of
|
* Create a common usage function that'd take the array of
|
||||||
long options and an array of descriptions and output that so things would
|
long options and an array of descriptions and output that so things would
|
||||||
be standardized across the utils.
|
be standardized across the utils.
|
||||||
Usage strings should be normalized and split first.
|
Usage strings should be normalized and split first.
|
||||||
|
@ -4,14 +4,14 @@
|
|||||||
** --marekm
|
** --marekm
|
||||||
**
|
**
|
||||||
** 02/26/96
|
** 02/26/96
|
||||||
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
||||||
** systems - Cristian Gafton, gafton@sorosis.ro
|
** systems - Cristian Gafton, gafton@sorosis.ro
|
||||||
**
|
**
|
||||||
** 6/27/95
|
** 6/27/95
|
||||||
** shadow-adduser 1.4:
|
** shadow-adduser 1.4:
|
||||||
**
|
**
|
||||||
** now it copies the /etc/skel dir into the person's dir,
|
** now it copies the /etc/skel dir into the person's dir,
|
||||||
** makes the mail folders, changed some defaults and made a 'make
|
** makes the mail folders, changed some defaults and made a 'make
|
||||||
** install' just for the hell of it.
|
** install' just for the hell of it.
|
||||||
**
|
**
|
||||||
** Greg Gallagher
|
** Greg Gallagher
|
||||||
@ -19,20 +19,20 @@
|
|||||||
**
|
**
|
||||||
** 1/28/95
|
** 1/28/95
|
||||||
** shadow-adduser 1.3:
|
** shadow-adduser 1.3:
|
||||||
**
|
**
|
||||||
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
||||||
** It was such a stupid bug that I would have never seen it myself.
|
** It was such a stupid bug that I would have never seen it myself.
|
||||||
**
|
**
|
||||||
** Brandon
|
** Brandon
|
||||||
*****
|
*****
|
||||||
** 01/27/95
|
** 01/27/95
|
||||||
**
|
**
|
||||||
** shadow-adduser 1.2:
|
** shadow-adduser 1.2:
|
||||||
** I took the C source from adduser-shadow (credits are below) and made
|
** I took the C source from adduser-shadow (credits are below) and made
|
||||||
** it a little more worthwhile. Many small changes... Here's
|
** it a little more worthwhile. Many small changes... Here's
|
||||||
** the ones I can remember:
|
** the ones I can remember:
|
||||||
**
|
**
|
||||||
** Removed support for non-shadowed systems (if you don't have shadow,
|
** Removed support for non-shadowed systems (if you don't have shadow,
|
||||||
** use the original adduser, don't get this shadow version!)
|
** use the original adduser, don't get this shadow version!)
|
||||||
** Added support for the correct /etc/shadow fields (Min days before
|
** Added support for the correct /etc/shadow fields (Min days before
|
||||||
@ -56,7 +56,7 @@
|
|||||||
** Brandon
|
** Brandon
|
||||||
** photon@usis.com
|
** photon@usis.com
|
||||||
**
|
**
|
||||||
*****
|
*****
|
||||||
** adduser 1.0: add a new user account (For systems not using shadow)
|
** adduser 1.0: add a new user account (For systems not using shadow)
|
||||||
** With a nice little interface and a will to do all the work for you.
|
** With a nice little interface and a will to do all the work for you.
|
||||||
**
|
**
|
||||||
@ -119,14 +119,14 @@
|
|||||||
|
|
||||||
void main()
|
void main()
|
||||||
{
|
{
|
||||||
char foo[32];
|
char foo[32];
|
||||||
char uname[9],person[32],dir[32],shell[32];
|
char uname[9],person[32],dir[32],shell[32];
|
||||||
unsigned int group,min_pass,max_pass,warn_pass,user_die;
|
unsigned int group,min_pass,max_pass,warn_pass,user_die;
|
||||||
/* the group and uid of the new user */
|
/* the group and uid of the new user */
|
||||||
int bad=0,done=0,correct=0,gets_warning=0;
|
int bad=0,done=0,correct=0,gets_warning=0;
|
||||||
char cmd[255];
|
char cmd[255];
|
||||||
struct group *grp;
|
struct group *grp;
|
||||||
|
|
||||||
/* flags, in order:
|
/* flags, in order:
|
||||||
* bad to see if the username is in /etc/passwd, or if strange stuff has
|
* bad to see if the username is in /etc/passwd, or if strange stuff has
|
||||||
* been typed if the user might be put in group 0
|
* been typed if the user might be put in group 0
|
||||||
@ -137,24 +137,24 @@ void main()
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/* The real program starts HERE! */
|
/* The real program starts HERE! */
|
||||||
|
|
||||||
if(geteuid()!=0)
|
if(geteuid()!=0)
|
||||||
{
|
{
|
||||||
printf("It seems you don't have access to add a new user. Try\n");
|
printf("It seems you don't have access to add a new user. Try\n");
|
||||||
printf("logging in as root or su root to gain super-user access.\n");
|
printf("logging in as root or su root to gain super-user access.\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Sanity checks
|
/* Sanity checks
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (!(grp=getgrgid(DEFAULT_GROUP))){
|
if (!(grp=getgrgid(DEFAULT_GROUP))){
|
||||||
printf("Error: the default group %d does not exist on this system!\n",
|
printf("Error: the default group %d does not exist on this system!\n",
|
||||||
DEFAULT_GROUP);
|
DEFAULT_GROUP);
|
||||||
printf("adduser must be recompiled.\n");
|
printf("adduser must be recompiled.\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
};
|
};
|
||||||
|
|
||||||
while(!correct) { /* loop until a "good" uname is chosen */
|
while(!correct) { /* loop until a "good" uname is chosen */
|
||||||
while(!done) {
|
while(!done) {
|
||||||
printf("\nLogin to add (^C to quit): ");
|
printf("\nLogin to add (^C to quit): ");
|
||||||
@ -178,19 +178,19 @@ void main()
|
|||||||
} else
|
} else
|
||||||
done=1;
|
done=1;
|
||||||
}; /* done, we have a valid new user name */
|
}; /* done, we have a valid new user name */
|
||||||
|
|
||||||
/* all set, get the rest of the stuff */
|
/* all set, get the rest of the stuff */
|
||||||
printf("\nEditing information for new user [%s]\n",uname);
|
printf("\nEditing information for new user [%s]\n",uname);
|
||||||
|
|
||||||
printf("\nFull Name [%s]: ",uname);
|
printf("\nFull Name [%s]: ",uname);
|
||||||
gets(person);
|
gets(person);
|
||||||
if (!strlen(person)) {
|
if (!strlen(person)) {
|
||||||
bzero(person,sizeof(person));
|
bzero(person,sizeof(person));
|
||||||
strcpy(person,uname);
|
strcpy(person,uname);
|
||||||
};
|
};
|
||||||
|
|
||||||
do {
|
do {
|
||||||
bad=0;
|
bad=0;
|
||||||
printf("GID [%d]: ",DEFAULT_GROUP);
|
printf("GID [%d]: ",DEFAULT_GROUP);
|
||||||
gets(foo);
|
gets(foo);
|
||||||
if (!strlen(foo))
|
if (!strlen(foo))
|
||||||
@ -220,7 +220,7 @@ void main()
|
|||||||
|
|
||||||
|
|
||||||
fflush(stdin);
|
fflush(stdin);
|
||||||
|
|
||||||
printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
|
printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
|
||||||
printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
|
printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
@ -237,30 +237,30 @@ void main()
|
|||||||
gets(shell);
|
gets(shell);
|
||||||
if (!strlen(shell))
|
if (!strlen(shell))
|
||||||
sprintf(shell,"%s",DEFAULT_SHELL);
|
sprintf(shell,"%s",DEFAULT_SHELL);
|
||||||
|
|
||||||
printf("\nMin. Password Change Days [0]: ");
|
printf("\nMin. Password Change Days [0]: ");
|
||||||
gets(foo);
|
gets(foo);
|
||||||
min_pass=atoi(foo);
|
min_pass=atoi(foo);
|
||||||
|
|
||||||
printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
|
printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
|
||||||
gets(foo);
|
gets(foo);
|
||||||
if (strlen(foo) > 1)
|
if (strlen(foo) > 1)
|
||||||
max_pass = atoi(foo);
|
max_pass = atoi(foo);
|
||||||
else
|
else
|
||||||
max_pass = DEFAULT_MAX_PASS;
|
max_pass = DEFAULT_MAX_PASS;
|
||||||
|
|
||||||
printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
|
printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
|
||||||
gets(foo);
|
gets(foo);
|
||||||
warn_pass = atoi(foo);
|
warn_pass = atoi(foo);
|
||||||
if (warn_pass==0)
|
if (warn_pass==0)
|
||||||
warn_pass = DEFAULT_WARN_PASS;
|
warn_pass = DEFAULT_WARN_PASS;
|
||||||
|
|
||||||
printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
|
printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
|
||||||
gets(foo);
|
gets(foo);
|
||||||
user_die = atoi(foo);
|
user_die = atoi(foo);
|
||||||
if (user_die == 0)
|
if (user_die == 0)
|
||||||
user_die = DEFAULT_USER_DIE;
|
user_die = DEFAULT_USER_DIE;
|
||||||
|
|
||||||
printf("\nInformation for new user [%s] [%s]:\n",uname,person);
|
printf("\nInformation for new user [%s] [%s]:\n",uname,person);
|
||||||
printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
|
printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
|
||||||
printf("GID: [%d]\n",group);
|
printf("GID: [%d]\n",group);
|
||||||
@ -279,7 +279,7 @@ void main()
|
|||||||
bzero(cmd,sizeof(cmd));
|
bzero(cmd,sizeof(cmd));
|
||||||
sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
|
sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
|
||||||
USERADD_PATH,group,dir,shell,person,uname);
|
USERADD_PATH,group,dir,shell,person,uname);
|
||||||
printf("Calling useradd to add new user:\n%s\n",cmd);
|
printf("Calling useradd to add new user:\n%s\n",cmd);
|
||||||
if(system(cmd)){
|
if(system(cmd)){
|
||||||
printf("User add failed!\n");
|
printf("User add failed!\n");
|
||||||
exit(errno);
|
exit(errno);
|
||||||
|
@ -1311,7 +1311,7 @@
|
|||||||
|
|
||||||
This means that fred's password is valid, it was last changed on
|
This means that fred's password is valid, it was last changed on
|
||||||
03/04/96, it can be changed at any time, it expires after 60 days,
|
03/04/96, it can be changed at any time, it expires after 60 days,
|
||||||
fred will not be warned, and and the account won't be disabled when
|
fred will not be warned, and the account won't be disabled when
|
||||||
the password expires.
|
the password expires.
|
||||||
|
|
||||||
This simply means that if fred logs in after the password expires, he
|
This simply means that if fred logs in after the password expires, he
|
||||||
@ -1487,7 +1487,7 @@
|
|||||||
|
|
||||||
If a user logs into a line that is listed in /etc/dialups, and his
|
If a user logs into a line that is listed in /etc/dialups, and his
|
||||||
shell is listed in the file /etc/d_passwd he will be allowed access
|
shell is listed in the file /etc/d_passwd he will be allowed access
|
||||||
only by suppling the correct password.
|
only by supplying the correct password.
|
||||||
|
|
||||||
Another useful purpose for using dial-up passwords might be to setup a
|
Another useful purpose for using dial-up passwords might be to setup a
|
||||||
line that only allows a certain type of connect (perhaps a PPP or UUCP
|
line that only allows a certain type of connect (perhaps a PPP or UUCP
|
||||||
|
@ -63,4 +63,3 @@ To completely disable limits for a user, a single dash (-) will do.
|
|||||||
Also, please note that all limit settings are set PER LOGIN. They are
|
Also, please note that all limit settings are set PER LOGIN. They are
|
||||||
not global, nor are they permanent. Perhaps global limits will come, but
|
not global, nor are they permanent. Perhaps global limits will come, but
|
||||||
for now this will have to do ;)
|
for now this will have to do ;)
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# This is the current (still incomplete) list of platforms this
|
# This is the current (still incomplete) list of platforms this
|
||||||
# package has been verified to work on. Additions (preferably
|
# package has been verified to work on. Additions (preferably
|
||||||
# in the format as described below) are welcome. Thanks!
|
# in the format as described below) are welcome. Thanks!
|
||||||
#
|
#
|
||||||
# V: last version reported to work
|
# V: last version reported to work
|
||||||
# H: host type
|
# H: host type
|
||||||
# L: Linux libc version
|
# L: Linux libc version
|
||||||
|
@ -37,4 +37,3 @@ New ideas to add to this list are welcome, too. --marekm
|
|||||||
per-user configuration, to be executed with run-parts. Some hooks should
|
per-user configuration, to be executed with run-parts. Some hooks should
|
||||||
be executed at package install time for existing users, likewise for
|
be executed at package install time for existing users, likewise for
|
||||||
package removal and possibly modification. (Debian Bug#36019)
|
package removal and possibly modification. (Debian Bug#36019)
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
<HEAD>
|
<head>
|
||||||
<title>shadow - Welcome</title>
|
<title>shadow - Welcome</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
@ -1,20 +1,20 @@
|
|||||||
# $Id$
|
# $Id$
|
||||||
#
|
#
|
||||||
# Login access control table.
|
# Login access control table.
|
||||||
#
|
#
|
||||||
# When someone logs in, the table is scanned for the first entry that
|
# When someone logs in, the table is scanned for the first entry that
|
||||||
# matches the (user, host) combination, or, in case of non-networked
|
# matches the (user, host) combination, or, in case of non-networked
|
||||||
# logins, the first entry that matches the (user, tty) combination. The
|
# logins, the first entry that matches the (user, tty) combination. The
|
||||||
# permissions field of that table entry determines whether the login will
|
# permissions field of that table entry determines whether the login will
|
||||||
# be accepted or refused.
|
# be accepted or refused.
|
||||||
#
|
#
|
||||||
# Format of the login access control table is three fields separated by a
|
# Format of the login access control table is three fields separated by a
|
||||||
# ":" character:
|
# ":" character:
|
||||||
#
|
#
|
||||||
# permission : users : origins
|
# permission : users : origins
|
||||||
#
|
#
|
||||||
# The first field should be a "+" (access granted) or "-" (access denied)
|
# The first field should be a "+" (access granted) or "-" (access denied)
|
||||||
# character.
|
# character.
|
||||||
#
|
#
|
||||||
# The second field should be a list of one or more login names, group
|
# The second field should be a list of one or more login names, group
|
||||||
# names, or ALL (always matches). A pattern of the form user@host is
|
# names, or ALL (always matches). A pattern of the form user@host is
|
||||||
@ -37,7 +37,7 @@
|
|||||||
# listed: the program does not look at a user's primary group id value.
|
# listed: the program does not look at a user's primary group id value.
|
||||||
#
|
#
|
||||||
##############################################################################
|
##############################################################################
|
||||||
#
|
#
|
||||||
# Disallow console logins to all but a few accounts.
|
# Disallow console logins to all but a few accounts.
|
||||||
#
|
#
|
||||||
#-:ALL EXCEPT wheel shutdown sync:console
|
#-:ALL EXCEPT wheel shutdown sync:console
|
||||||
|
@ -465,7 +465,6 @@ USERGROUPS_ENAB yes
|
|||||||
# Set to "yes" to prevent for all accounts
|
# Set to "yes" to prevent for all accounts
|
||||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
# Set to "superuser" to prevent for UID 0 / root (default)
|
||||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||||
|
|
||||||
PREVENT_NO_AUTH superuser
|
PREVENT_NO_AUTH superuser
|
||||||
|
|
||||||
#
|
#
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
|
|
||||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
AUTOMAKE_OPTIONS = 1.0 foreign
|
||||||
|
|
||||||
DEFS =
|
DEFS =
|
||||||
|
|
||||||
noinst_LTLIBRARIES = libshadow.la
|
noinst_LTLIBRARIES = libshadow.la
|
||||||
|
|
||||||
|
@ -403,11 +403,11 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
|||||||
file_len = strlen(db->filename) + 11;/* %lu max size */
|
file_len = strlen(db->filename) + 11;/* %lu max size */
|
||||||
lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
|
lock_file_len = strlen(db->filename) + 6; /* sizeof ".lock" */
|
||||||
file = (char*)malloc(file_len);
|
file = (char*)malloc(file_len);
|
||||||
if(file == NULL) {
|
if (file == NULL) {
|
||||||
goto cleanup_ENOMEM;
|
goto cleanup_ENOMEM;
|
||||||
}
|
}
|
||||||
lock = (char*)malloc(lock_file_len);
|
lock = (char*)malloc(lock_file_len);
|
||||||
if(lock == NULL) {
|
if (lock == NULL) {
|
||||||
goto cleanup_ENOMEM;
|
goto cleanup_ENOMEM;
|
||||||
}
|
}
|
||||||
snprintf (file, file_len, "%s.%lu",
|
snprintf (file, file_len, "%s.%lu",
|
||||||
@ -419,9 +419,9 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
|||||||
err = 1;
|
err = 1;
|
||||||
}
|
}
|
||||||
cleanup_ENOMEM:
|
cleanup_ENOMEM:
|
||||||
if(file)
|
if (file)
|
||||||
free(file);
|
free(file);
|
||||||
if(lock)
|
if (lock)
|
||||||
free(lock);
|
free(lock);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
@ -45,8 +45,8 @@
|
|||||||
struct faillog {
|
struct faillog {
|
||||||
short fail_cnt; /* failures since last success */
|
short fail_cnt; /* failures since last success */
|
||||||
short fail_max; /* failures before turning account off */
|
short fail_max; /* failures before turning account off */
|
||||||
char fail_line[12]; /* last failure occured here */
|
char fail_line[12]; /* last failure occurred here */
|
||||||
time_t fail_time; /* last failure occured then */
|
time_t fail_time; /* last failure occurred then */
|
||||||
/*
|
/*
|
||||||
* If nonzero, the account will be re-enabled if there are no
|
* If nonzero, the account will be re-enabled if there are no
|
||||||
* failures for fail_locktime seconds since last failure.
|
* failures for fail_locktime seconds since last failure.
|
||||||
|
@ -127,7 +127,7 @@ int pw_auth (const char *cipher,
|
|||||||
#ifdef SKEY
|
#ifdef SKEY
|
||||||
/*
|
/*
|
||||||
* If the user has an S/KEY entry show them the pertinent info
|
* If the user has an S/KEY entry show them the pertinent info
|
||||||
* and then we can try validating the created cyphertext and the SKEY.
|
* and then we can try validating the created ciphertext and the SKEY.
|
||||||
* If there is no SKEY information we default to not using SKEY.
|
* If there is no SKEY information we default to not using SKEY.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ int run_part (char *script_path, char *name, char *action)
|
|||||||
char *args[] = { script_path, NULL };
|
char *args[] = { script_path, NULL };
|
||||||
|
|
||||||
pid=fork();
|
pid=fork();
|
||||||
if (pid==-1){
|
if (pid==-1) {
|
||||||
perror ("Could not fork");
|
perror ("Could not fork");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -331,7 +331,7 @@ int del_seuser (const char *login_name)
|
|||||||
|
|
||||||
if (0 == exists) {
|
if (0 == exists) {
|
||||||
fprintf (shadow_logfd,
|
fprintf (shadow_logfd,
|
||||||
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
|
_("Login mapping for %s is not defined, OK if default mapping was used\n"),
|
||||||
login_name);
|
login_name);
|
||||||
ret = 0; /* probably default mapping */
|
ret = 0; /* probably default mapping */
|
||||||
goto done;
|
goto done;
|
||||||
@ -346,7 +346,7 @@ int del_seuser (const char *login_name)
|
|||||||
|
|
||||||
if (0 == exists) {
|
if (0 == exists) {
|
||||||
fprintf (shadow_logfd,
|
fprintf (shadow_logfd,
|
||||||
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
|
_("Login mapping for %s is defined in policy, cannot be deleted\n"),
|
||||||
login_name);
|
login_name);
|
||||||
ret = 0; /* Login mapping defined in policy can't be deleted */
|
ret = 0; /* Login mapping defined in policy can't be deleted */
|
||||||
goto done;
|
goto done;
|
||||||
|
@ -91,7 +91,7 @@ struct passwd *sgetpwent (const char *buf)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* something at the end, columns over shot */
|
/* something at the end, columns over shot */
|
||||||
if( cp != NULL ) {
|
if ( cp != NULL ) {
|
||||||
return( NULL );
|
return( NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -53,7 +53,7 @@ static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
|
|||||||
static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
|
static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
|
||||||
{
|
{
|
||||||
struct subordinate_range *rangeent = ent;
|
struct subordinate_range *rangeent = ent;
|
||||||
|
|
||||||
free ((void *)(rangeent->owner));
|
free ((void *)(rangeent->owner));
|
||||||
free (rangeent);
|
free (rangeent);
|
||||||
}
|
}
|
||||||
@ -224,7 +224,7 @@ static const struct subordinate_range *find_range(struct commonio_db *db,
|
|||||||
/* Get UID of the username we are looking for */
|
/* Get UID of the username we are looking for */
|
||||||
pwd = getpwnam(owner);
|
pwd = getpwnam(owner);
|
||||||
if (NULL == pwd) {
|
if (NULL == pwd) {
|
||||||
/* Username not defined in /etc/passwd, or error occured during lookup */
|
/* Username not defined in /etc/passwd, or error occurred during lookup */
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
owner_uid = pwd->pw_uid;
|
owner_uid = pwd->pw_uid;
|
||||||
@ -296,7 +296,7 @@ static bool have_range(struct commonio_db *db,
|
|||||||
end = start + count - 1;
|
end = start + count - 1;
|
||||||
range = find_range (db, owner, start);
|
range = find_range (db, owner, start);
|
||||||
while (range) {
|
while (range) {
|
||||||
unsigned long last;
|
unsigned long last;
|
||||||
|
|
||||||
last = range->start + range->count - 1;
|
last = range->start + range->count - 1;
|
||||||
if (last >= (start + count - 1))
|
if (last >= (start + count - 1))
|
||||||
@ -847,7 +847,7 @@ static int append_uids(uid_t **uids, const char *owner, int n)
|
|||||||
} else {
|
} else {
|
||||||
struct passwd *pwd = getpwnam(owner);
|
struct passwd *pwd = getpwnam(owner);
|
||||||
if (NULL == pwd) {
|
if (NULL == pwd) {
|
||||||
/* Username not defined in /etc/passwd, or error occured during lookup */
|
/* Username not defined in /etc/passwd, or error occurred during lookup */
|
||||||
free(*uids);
|
free(*uids);
|
||||||
*uids = NULL;
|
*uids = NULL;
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -68,7 +68,7 @@ void audit_help_open (void)
|
|||||||
* This function will log a message to the audit system using a predefined
|
* This function will log a message to the audit system using a predefined
|
||||||
* message format. Parameter usage is as follows:
|
* message format. Parameter usage is as follows:
|
||||||
*
|
*
|
||||||
* type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
* type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
|
||||||
* attributes.
|
* attributes.
|
||||||
* pgname - program's name
|
* pgname - program's name
|
||||||
* op - operation. "adding user", "changing finger info", "deleting group"
|
* op - operation. "adding user", "changing finger info", "deleting group"
|
||||||
|
@ -117,7 +117,7 @@ static void error_acl (struct error_context *ctx, const char *fmt, ...)
|
|||||||
{
|
{
|
||||||
va_list ap;
|
va_list ap;
|
||||||
|
|
||||||
/* ignore the case when destination does not support ACLs
|
/* ignore the case when destination does not support ACLs
|
||||||
* or extended attributes */
|
* or extended attributes */
|
||||||
if (ENOTSUP == errno) {
|
if (ENOTSUP == errno) {
|
||||||
errno = 0;
|
errno = 0;
|
||||||
|
@ -157,7 +157,7 @@ static int check_gid (const gid_t gid,
|
|||||||
* [GID_MIN:GID_MAX] range.
|
* [GID_MIN:GID_MAX] range.
|
||||||
* This ID should be higher than all the used GID, but if not possible,
|
* This ID should be higher than all the used GID, but if not possible,
|
||||||
* the lowest unused ID in the range will be returned.
|
* the lowest unused ID in the range will be returned.
|
||||||
*
|
*
|
||||||
* Return 0 on success, -1 if no unused GIDs are available.
|
* Return 0 on success, -1 if no unused GIDs are available.
|
||||||
*/
|
*/
|
||||||
int find_new_gid (bool sys_group,
|
int find_new_gid (bool sys_group,
|
||||||
|
@ -43,7 +43,7 @@
|
|||||||
*
|
*
|
||||||
* If successful, find_new_sub_gids provides a range of unused
|
* If successful, find_new_sub_gids provides a range of unused
|
||||||
* user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.
|
* user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.
|
||||||
*
|
*
|
||||||
* Return 0 on success, -1 if no unused GIDs are available.
|
* Return 0 on success, -1 if no unused GIDs are available.
|
||||||
*/
|
*/
|
||||||
int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
|
int find_new_sub_gids (gid_t *range_start, unsigned long *range_count)
|
||||||
|
@ -43,7 +43,7 @@
|
|||||||
*
|
*
|
||||||
* If successful, find_new_sub_uids provides a range of unused
|
* If successful, find_new_sub_uids provides a range of unused
|
||||||
* user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.
|
* user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.
|
||||||
*
|
*
|
||||||
* Return 0 on success, -1 if no unused UIDs are available.
|
* Return 0 on success, -1 if no unused UIDs are available.
|
||||||
*/
|
*/
|
||||||
int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
|
int find_new_sub_uids (uid_t *range_start, unsigned long *range_count)
|
||||||
|
@ -157,7 +157,7 @@ static int check_uid(const uid_t uid,
|
|||||||
* [UID_MIN:UID_MAX] range.
|
* [UID_MIN:UID_MAX] range.
|
||||||
* This ID should be higher than all the used UID, but if not possible,
|
* This ID should be higher than all the used UID, but if not possible,
|
||||||
* the lowest unused ID in the range will be returned.
|
* the lowest unused ID in the range will be returned.
|
||||||
*
|
*
|
||||||
* Return 0 on success, -1 if no unused UIDs are available.
|
* Return 0 on success, -1 if no unused UIDs are available.
|
||||||
*/
|
*/
|
||||||
int find_new_uid(bool sys_user,
|
int find_new_uid(bool sys_user,
|
||||||
|
@ -209,7 +209,7 @@ void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings,
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
|
bufsize = ranges * ((ULONG_DIGITS + 1) * 3);
|
||||||
pos = buf = xmalloc(bufsize);
|
pos = buf = xmalloc(bufsize);
|
||||||
|
|
||||||
/* Build the mapping command */
|
/* Build the mapping command */
|
||||||
|
@ -202,7 +202,7 @@ static int check_logins (const char *name, const char *maxlogins)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Function setup_user_limits - checks/set limits for the curent login
|
/* Function setup_user_limits - checks/set limits for the current login
|
||||||
* Original idea from Joel Katz's lshell. Ported to shadow-login
|
* Original idea from Joel Katz's lshell. Ported to shadow-login
|
||||||
* by Cristian Gafton - gafton@sorosis.ro
|
* by Cristian Gafton - gafton@sorosis.ro
|
||||||
*
|
*
|
||||||
@ -404,7 +404,7 @@ static bool user_in_group (const char *uname, const char *gname)
|
|||||||
{
|
{
|
||||||
struct group *groupdata;
|
struct group *groupdata;
|
||||||
|
|
||||||
if (uname == NULL || gname == NULL){
|
if (uname == NULL || gname == NULL) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
#include <lastlog.h>
|
#include <lastlog.h>
|
||||||
#include "prototypes.h"
|
#include "prototypes.h"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* dolastlog - create lastlog entry
|
* dolastlog - create lastlog entry
|
||||||
*
|
*
|
||||||
* A "last login" entry is created for the user being logged in. The
|
* A "last login" entry is created for the user being logged in. The
|
||||||
|
@ -103,7 +103,7 @@ void login_prompt (const char *prompt, char *name, int namesize)
|
|||||||
(void) fflush (stdout);
|
(void) fflush (stdout);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read the user's response. The trailing newline will be
|
* Read the user's response. The trailing newline will be
|
||||||
* removed.
|
* removed.
|
||||||
*/
|
*/
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
#ident "$Id$"
|
#ident "$Id$"
|
||||||
|
@ -176,10 +176,10 @@ extern struct group *prefix_getgrnam(const char *name)
|
|||||||
struct group * grp = NULL;
|
struct group * grp = NULL;
|
||||||
|
|
||||||
fg = fopen(group_db_file, "rt");
|
fg = fopen(group_db_file, "rt");
|
||||||
if(!fg)
|
if (!fg)
|
||||||
return NULL;
|
return NULL;
|
||||||
while((grp = fgetgrent(fg)) != NULL) {
|
while ((grp = fgetgrent(fg)) != NULL) {
|
||||||
if(!strcmp(name, grp->gr_name))
|
if (!strcmp(name, grp->gr_name))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
fclose(fg);
|
fclose(fg);
|
||||||
@ -196,10 +196,10 @@ extern struct group *prefix_getgrgid(gid_t gid)
|
|||||||
struct group * grp = NULL;
|
struct group * grp = NULL;
|
||||||
|
|
||||||
fg = fopen(group_db_file, "rt");
|
fg = fopen(group_db_file, "rt");
|
||||||
if(!fg)
|
if (!fg)
|
||||||
return NULL;
|
return NULL;
|
||||||
while((grp = fgetgrent(fg)) != NULL) {
|
while ((grp = fgetgrent(fg)) != NULL) {
|
||||||
if(gid == grp->gr_gid)
|
if (gid == grp->gr_gid)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
fclose(fg);
|
fclose(fg);
|
||||||
@ -216,10 +216,10 @@ extern struct passwd *prefix_getpwuid(uid_t uid)
|
|||||||
struct passwd *pwd = NULL;
|
struct passwd *pwd = NULL;
|
||||||
|
|
||||||
fg = fopen(passwd_db_file, "rt");
|
fg = fopen(passwd_db_file, "rt");
|
||||||
if(!fg)
|
if (!fg)
|
||||||
return NULL;
|
return NULL;
|
||||||
while((pwd = fgetpwent(fg)) != NULL) {
|
while ((pwd = fgetpwent(fg)) != NULL) {
|
||||||
if(uid == pwd->pw_uid)
|
if (uid == pwd->pw_uid)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
fclose(fg);
|
fclose(fg);
|
||||||
@ -236,10 +236,10 @@ extern struct passwd *prefix_getpwnam(const char* name)
|
|||||||
struct passwd *pwd = NULL;
|
struct passwd *pwd = NULL;
|
||||||
|
|
||||||
fg = fopen(passwd_db_file, "rt");
|
fg = fopen(passwd_db_file, "rt");
|
||||||
if(!fg)
|
if (!fg)
|
||||||
return NULL;
|
return NULL;
|
||||||
while((pwd = fgetpwent(fg)) != NULL) {
|
while ((pwd = fgetpwent(fg)) != NULL) {
|
||||||
if(!strcmp(name, pwd->pw_name))
|
if (!strcmp(name, pwd->pw_name))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
fclose(fg);
|
fclose(fg);
|
||||||
@ -256,10 +256,10 @@ extern struct spwd *prefix_getspnam(const char* name)
|
|||||||
struct spwd *sp = NULL;
|
struct spwd *sp = NULL;
|
||||||
|
|
||||||
fg = fopen(spw_db_file, "rt");
|
fg = fopen(spw_db_file, "rt");
|
||||||
if(!fg)
|
if (!fg)
|
||||||
return NULL;
|
return NULL;
|
||||||
while((sp = fgetspent(fg)) != NULL) {
|
while ((sp = fgetspent(fg)) != NULL) {
|
||||||
if(!strcmp(name, sp->sp_namp))
|
if (!strcmp(name, sp->sp_namp))
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
fclose(fg);
|
fclose(fg);
|
||||||
@ -272,7 +272,7 @@ extern struct spwd *prefix_getspnam(const char* name)
|
|||||||
|
|
||||||
extern void prefix_setpwent()
|
extern void prefix_setpwent()
|
||||||
{
|
{
|
||||||
if(!passwd_db_file) {
|
if (!passwd_db_file) {
|
||||||
setpwent();
|
setpwent();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -280,19 +280,19 @@ extern void prefix_setpwent()
|
|||||||
fclose (fp_pwent);
|
fclose (fp_pwent);
|
||||||
|
|
||||||
fp_pwent = fopen(passwd_db_file, "rt");
|
fp_pwent = fopen(passwd_db_file, "rt");
|
||||||
if(!fp_pwent)
|
if (!fp_pwent)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
extern struct passwd* prefix_getpwent()
|
extern struct passwd* prefix_getpwent()
|
||||||
{
|
{
|
||||||
if(!passwd_db_file) {
|
if (!passwd_db_file) {
|
||||||
return getpwent();
|
return getpwent();
|
||||||
}
|
}
|
||||||
return fgetpwent(fp_pwent);
|
return fgetpwent(fp_pwent);
|
||||||
}
|
}
|
||||||
extern void prefix_endpwent()
|
extern void prefix_endpwent()
|
||||||
{
|
{
|
||||||
if(!passwd_db_file) {
|
if (!passwd_db_file) {
|
||||||
endpwent();
|
endpwent();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -303,7 +303,7 @@ extern void prefix_endpwent()
|
|||||||
|
|
||||||
extern void prefix_setgrent()
|
extern void prefix_setgrent()
|
||||||
{
|
{
|
||||||
if(!group_db_file) {
|
if (!group_db_file) {
|
||||||
setgrent();
|
setgrent();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -311,19 +311,19 @@ extern void prefix_setgrent()
|
|||||||
fclose (fp_grent);
|
fclose (fp_grent);
|
||||||
|
|
||||||
fp_grent = fopen(group_db_file, "rt");
|
fp_grent = fopen(group_db_file, "rt");
|
||||||
if(!fp_grent)
|
if (!fp_grent)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
extern struct group* prefix_getgrent()
|
extern struct group* prefix_getgrent()
|
||||||
{
|
{
|
||||||
if(!group_db_file) {
|
if (!group_db_file) {
|
||||||
return getgrent();
|
return getgrent();
|
||||||
}
|
}
|
||||||
return fgetgrent(fp_grent);
|
return fgetgrent(fp_grent);
|
||||||
}
|
}
|
||||||
extern void prefix_endgrent()
|
extern void prefix_endgrent()
|
||||||
{
|
{
|
||||||
if(!group_db_file) {
|
if (!group_db_file) {
|
||||||
endgrent();
|
endgrent();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -263,7 +263,7 @@ static void print_date (time_t date)
|
|||||||
char buf[80];
|
char buf[80];
|
||||||
char format[80];
|
char format[80];
|
||||||
|
|
||||||
if( iflg ) {
|
if (iflg) {
|
||||||
(void) snprintf (format, 80, "%%Y-%%m-%%d");
|
(void) snprintf (format, 80, "%%Y-%%m-%%d");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
@ -515,7 +515,7 @@ int main (int argc, char **argv)
|
|||||||
newpwd = cp;
|
newpwd = cp;
|
||||||
|
|
||||||
#ifdef USE_PAM
|
#ifdef USE_PAM
|
||||||
if (use_pam){
|
if (use_pam) {
|
||||||
if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
|
if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: (line %d, user %s) password not changed\n"),
|
_("%s: (line %d, user %s) password not changed\n"),
|
||||||
@ -633,7 +633,7 @@ int main (int argc, char **argv)
|
|||||||
newpw.pw_passwd = cp;
|
newpw.pw_passwd = cp;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The updated password file entry is then put back and will
|
* The updated password file entry is then put back and will
|
||||||
* be written to the password file later, after all the
|
* be written to the password file later, after all the
|
||||||
* other entries have been updated as well.
|
* other entries have been updated as well.
|
||||||
|
14
src/login.c
14
src/login.c
@ -217,7 +217,7 @@ static void setup_tty (void)
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* ttymon invocation prefers this, but these settings
|
* ttymon invocation prefers this, but these settings
|
||||||
* won't come into effect after the first username login
|
* won't come into effect after the first username login
|
||||||
*/
|
*/
|
||||||
(void) STTY (0, &termio);
|
(void) STTY (0, &termio);
|
||||||
}
|
}
|
||||||
@ -401,7 +401,7 @@ static void init_env (void)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* !USE_PAM */
|
#endif /* !USE_PAM */
|
||||||
/*
|
/*
|
||||||
* Add the clock frequency so that profiling commands work
|
* Add the clock frequency so that profiling commands work
|
||||||
* correctly.
|
* correctly.
|
||||||
*/
|
*/
|
||||||
@ -520,7 +520,7 @@ static void update_utmp (const char *user,
|
|||||||
* of reasons, such as X servers or network logins.
|
* of reasons, such as X servers or network logins.
|
||||||
*
|
*
|
||||||
* the flags which login supports are
|
* the flags which login supports are
|
||||||
*
|
*
|
||||||
* -p - preserve the environment
|
* -p - preserve the environment
|
||||||
* -r - perform autologin protocol for rlogin
|
* -r - perform autologin protocol for rlogin
|
||||||
* -f - do not perform authentication, user is preauthenticated
|
* -f - do not perform authentication, user is preauthenticated
|
||||||
@ -650,7 +650,7 @@ int main (int argc, char **argv)
|
|||||||
(void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
(void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
||||||
|
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Use the ULIMIT in the login.defs file, and if
|
* Use the ULIMIT in the login.defs file, and if
|
||||||
* there isn't one, use the default value. The
|
* there isn't one, use the default value. The
|
||||||
* user may have one for themselves, but otherwise,
|
* user may have one for themselves, but otherwise,
|
||||||
@ -983,12 +983,12 @@ int main (int argc, char **argv)
|
|||||||
|
|
||||||
if (strcmp (user_passwd, "") == 0) {
|
if (strcmp (user_passwd, "") == 0) {
|
||||||
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
||||||
if(prevent_no_auth == NULL) {
|
if (prevent_no_auth == NULL) {
|
||||||
prevent_no_auth = "superuser";
|
prevent_no_auth = "superuser";
|
||||||
}
|
}
|
||||||
if(strcmp(prevent_no_auth, "yes") == 0) {
|
if (strcmp(prevent_no_auth, "yes") == 0) {
|
||||||
failed = true;
|
failed = true;
|
||||||
} else if( (pwd->pw_uid == 0)
|
} else if ((pwd->pw_uid == 0)
|
||||||
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
||||||
failed = true;
|
failed = true;
|
||||||
}
|
}
|
||||||
|
8
src/su.c
8
src/su.c
@ -508,13 +508,13 @@ static void check_perms_nopam (const struct passwd *pw)
|
|||||||
|
|
||||||
if (strcmp (pw->pw_passwd, "") == 0) {
|
if (strcmp (pw->pw_passwd, "") == 0) {
|
||||||
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
char *prevent_no_auth = getdef_str("PREVENT_NO_AUTH");
|
||||||
if(prevent_no_auth == NULL) {
|
if (prevent_no_auth == NULL) {
|
||||||
prevent_no_auth = "superuser";
|
prevent_no_auth = "superuser";
|
||||||
}
|
}
|
||||||
if(strcmp(prevent_no_auth, "yes") == 0) {
|
if (strcmp(prevent_no_auth, "yes") == 0) {
|
||||||
fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n"));
|
fprintf(stderr, _("Password field is empty, this is forbidden for all accounts.\n"));
|
||||||
exit(1);
|
exit(1);
|
||||||
} else if( (pw->pw_uid == 0)
|
} else if ((pw->pw_uid == 0)
|
||||||
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
&& (strcmp(prevent_no_auth, "superuser") == 0)) {
|
||||||
fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n"));
|
fprintf(stderr, _("Password field is empty, this is forbidden for super-user.\n"));
|
||||||
exit(1);
|
exit(1);
|
||||||
@ -579,7 +579,7 @@ static void check_perms_nopam (const struct passwd *pw)
|
|||||||
oldsig = signal (SIGQUIT, die);
|
oldsig = signal (SIGQUIT, die);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* See if the system defined authentication method is being used.
|
* See if the system defined authentication method is being used.
|
||||||
* The first character of an administrator defined method is an '@'
|
* The first character of an administrator defined method is an '@'
|
||||||
* character.
|
* character.
|
||||||
*/
|
*/
|
||||||
|
@ -360,7 +360,7 @@ static void get_defaults (void)
|
|||||||
char buf[1024];
|
char buf[1024];
|
||||||
char *cp;
|
char *cp;
|
||||||
|
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
size_t len;
|
size_t len;
|
||||||
int wlen;
|
int wlen;
|
||||||
|
|
||||||
@ -460,8 +460,8 @@ static void get_defaults (void)
|
|||||||
if ('\0' == *cp) {
|
if ('\0' == *cp) {
|
||||||
cp = SKEL_DIR; /* XXX warning: const */
|
cp = SKEL_DIR; /* XXX warning: const */
|
||||||
}
|
}
|
||||||
|
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
size_t len;
|
size_t len;
|
||||||
int wlen;
|
int wlen;
|
||||||
char* _def_template; /* avoid const warning */
|
char* _def_template; /* avoid const warning */
|
||||||
@ -490,7 +490,7 @@ static void get_defaults (void)
|
|||||||
}
|
}
|
||||||
(void) fclose (fp);
|
(void) fclose (fp);
|
||||||
getdef_err:
|
getdef_err:
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
free(default_file);
|
free(default_file);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -551,7 +551,7 @@ static int set_defaults (void)
|
|||||||
wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
|
wlen = snprintf(new_file, len, "%s%s%s", prefix, prefix[0]?"/":"", NEW_USER_FILE);
|
||||||
assert (wlen <= (int) len -1);
|
assert (wlen <= (int) len -1);
|
||||||
|
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
|
len = strlen(prefix) + strlen(USER_DEFAULTS_FILE) + 2;
|
||||||
default_file = malloc(len);
|
default_file = malloc(len);
|
||||||
if (default_file == NULL) {
|
if (default_file == NULL) {
|
||||||
@ -722,7 +722,7 @@ static int set_defaults (void)
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
setdef_err:
|
setdef_err:
|
||||||
free(new_file);
|
free(new_file);
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
free(default_file);
|
free(default_file);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1049,7 +1049,7 @@ static void grp_update (void)
|
|||||||
fail_exit (E_GRP_UPDATE); /* XXX */
|
fail_exit (E_GRP_UPDATE); /* XXX */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add the username to the list of group members and
|
* Add the username to the list of group members and
|
||||||
* update the group entry to reflect the change.
|
* update the group entry to reflect the change.
|
||||||
*/
|
*/
|
||||||
@ -1124,7 +1124,7 @@ static void grp_update (void)
|
|||||||
fail_exit (E_GRP_UPDATE); /* XXX */
|
fail_exit (E_GRP_UPDATE); /* XXX */
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add the username to the list of group members and
|
* Add the username to the list of group members and
|
||||||
* update the group entry to reflect the change.
|
* update the group entry to reflect the change.
|
||||||
*/
|
*/
|
||||||
@ -1534,7 +1534,7 @@ static void process_flags (int argc, char **argv)
|
|||||||
|
|
||||||
user_home = uh;
|
user_home = uh;
|
||||||
}
|
}
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
||||||
int wlen;
|
int wlen;
|
||||||
char* _prefix_user_home; /* to avoid const warning */
|
char* _prefix_user_home; /* to avoid const warning */
|
||||||
@ -2331,7 +2331,7 @@ static void create_mail (void)
|
|||||||
spool = "/var/mail";
|
spool = "/var/mail";
|
||||||
}
|
}
|
||||||
file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
|
file = alloca (strlen (prefix) + strlen (spool) + strlen (user_name) + 2);
|
||||||
if(prefix[0])
|
if (prefix[0])
|
||||||
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
sprintf (file, "%s/%s/%s", prefix, spool, user_name);
|
||||||
else
|
else
|
||||||
sprintf (file, "%s/%s", spool, user_name);
|
sprintf (file, "%s/%s", spool, user_name);
|
||||||
@ -2385,18 +2385,18 @@ static void check_uid_range(int rflg, uid_t user_id)
|
|||||||
{
|
{
|
||||||
uid_t uid_min ;
|
uid_t uid_min ;
|
||||||
uid_t uid_max ;
|
uid_t uid_max ;
|
||||||
if(rflg){
|
if (rflg) {
|
||||||
uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
|
uid_min = (uid_t)getdef_ulong("SYS_UID_MIN",101UL);
|
||||||
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
|
uid_max = (uid_t)getdef_ulong("SYS_UID_MAX",getdef_ulong("UID_MIN",1000UL)-1);
|
||||||
if(uid_min <= uid_max){
|
if (uid_min <= uid_max) {
|
||||||
if(user_id < uid_min || user_id >uid_max)
|
if (user_id < uid_min || user_id >uid_max)
|
||||||
fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
fprintf(stderr, _("%s warning: %s's uid %d outside of the SYS_UID_MIN %d and SYS_UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||||
}
|
}
|
||||||
}else{
|
}else{
|
||||||
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
|
uid_min = (uid_t)getdef_ulong("UID_MIN", 1000UL);
|
||||||
uid_max = (uid_t)getdef_ulong("UID_MAX", 6000UL);
|
uid_max = (uid_t)getdef_ulong("UID_MAX", 6000UL);
|
||||||
if(uid_min <= uid_max){
|
if (uid_min <= uid_max) {
|
||||||
if(user_id < uid_min || user_id >uid_max)
|
if (user_id < uid_min || user_id >uid_max)
|
||||||
fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
fprintf(stderr, _("%s warning: %s's uid %d outside of the UID_MIN %d and UID_MAX %d range.\n"), Prog, user_name, user_id, uid_min, uid_max);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2594,7 +2594,7 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(uflg)
|
if (uflg)
|
||||||
check_uid_range(rflg,user_id);
|
check_uid_range(rflg,user_id);
|
||||||
#ifdef WITH_TCB
|
#ifdef WITH_TCB
|
||||||
if (getdef_bool ("USE_TCB")) {
|
if (getdef_bool ("USE_TCB")) {
|
||||||
|
@ -1046,7 +1046,7 @@ int main (int argc, char **argv)
|
|||||||
{NULL, 0, NULL, '\0'}
|
{NULL, 0, NULL, '\0'}
|
||||||
};
|
};
|
||||||
while ((c = getopt_long (argc, argv,
|
while ((c = getopt_long (argc, argv,
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
"fhrR:P:Z",
|
"fhrR:P:Z",
|
||||||
#else /* !WITH_SELINUX */
|
#else /* !WITH_SELINUX */
|
||||||
"fhrR:P:",
|
"fhrR:P:",
|
||||||
@ -1067,7 +1067,7 @@ int main (int argc, char **argv)
|
|||||||
break;
|
break;
|
||||||
case 'P': /* no-op, handled in process_prefix_flag () */
|
case 'P': /* no-op, handled in process_prefix_flag () */
|
||||||
break;
|
break;
|
||||||
#ifdef WITH_SELINUX
|
#ifdef WITH_SELINUX
|
||||||
case 'Z':
|
case 'Z':
|
||||||
if (prefix[0]) {
|
if (prefix[0]) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
@ -1168,9 +1168,9 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
user_id = pwd->pw_uid;
|
user_id = pwd->pw_uid;
|
||||||
user_gid = pwd->pw_gid;
|
user_gid = pwd->pw_gid;
|
||||||
|
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
|
|
||||||
size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
|
size_t len = strlen(prefix) + strlen(pwd->pw_dir) + 2;
|
||||||
int wlen;
|
int wlen;
|
||||||
user_home = xmalloc(len);
|
user_home = xmalloc(len);
|
||||||
@ -1347,7 +1347,7 @@ int main (int argc, char **argv)
|
|||||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||||
* the entry from /etc/passwd.
|
* the entry from /etc/passwd.
|
||||||
*/
|
*/
|
||||||
if(prefix[0] == '\0')
|
if (prefix[0] == '\0')
|
||||||
user_cancel (user_name);
|
user_cancel (user_name);
|
||||||
close_files ();
|
close_files ();
|
||||||
|
|
||||||
|
@ -370,7 +370,6 @@ static struct ulong_range getulong_range(const char *str)
|
|||||||
result.last = (unsigned long int)last;
|
result.last = (unsigned long int)last;
|
||||||
out:
|
out:
|
||||||
return result;
|
return result;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
struct ulong_range_list_entry {
|
struct ulong_range_list_entry {
|
||||||
@ -949,7 +948,7 @@ static void update_gshadow (void)
|
|||||||
|
|
||||||
changed = false;
|
changed = false;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Update the group entry to reflect the changes.
|
* Update the group entry to reflect the changes.
|
||||||
*/
|
*/
|
||||||
if (sgr_update (nsgrp) == 0) {
|
if (sgr_update (nsgrp) == 0) {
|
||||||
@ -1281,7 +1280,7 @@ static void process_flags (int argc, char **argv)
|
|||||||
if (!gflg) {
|
if (!gflg) {
|
||||||
user_newgid = user_gid;
|
user_newgid = user_gid;
|
||||||
}
|
}
|
||||||
if(prefix[0]) {
|
if (prefix[0]) {
|
||||||
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
size_t len = strlen(prefix) + strlen(user_home) + 2;
|
||||||
int wlen;
|
int wlen;
|
||||||
prefix_user_home = xmalloc(len);
|
prefix_user_home = xmalloc(len);
|
||||||
@ -2247,7 +2246,7 @@ int main (int argc, char **argv)
|
|||||||
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
_("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
sub_uid_dbname ());
|
sub_uid_dbname ());
|
||||||
fail_exit (E_SUB_UID_UPDATE);
|
fail_exit (E_SUB_UID_UPDATE);
|
||||||
}
|
}
|
||||||
@ -2260,7 +2259,7 @@ int main (int argc, char **argv)
|
|||||||
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to add uid range %lu-%lu to '%s'\n"),
|
_("%s: failed to add uid range %lu-%lu to '%s'\n"),
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
sub_uid_dbname ());
|
sub_uid_dbname ());
|
||||||
fail_exit (E_SUB_UID_UPDATE);
|
fail_exit (E_SUB_UID_UPDATE);
|
||||||
}
|
}
|
||||||
@ -2273,7 +2272,7 @@ int main (int argc, char **argv)
|
|||||||
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
_("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
sub_gid_dbname ());
|
sub_gid_dbname ());
|
||||||
fail_exit (E_SUB_GID_UPDATE);
|
fail_exit (E_SUB_GID_UPDATE);
|
||||||
}
|
}
|
||||||
@ -2286,7 +2285,7 @@ int main (int argc, char **argv)
|
|||||||
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: failed to add gid range %lu-%lu to '%s'\n"),
|
_("%s: failed to add gid range %lu-%lu to '%s'\n"),
|
||||||
Prog, ptr->range.first, ptr->range.last,
|
Prog, ptr->range.first, ptr->range.last,
|
||||||
sub_gid_dbname ());
|
sub_gid_dbname ());
|
||||||
fail_exit (E_SUB_GID_UPDATE);
|
fail_exit (E_SUB_GID_UPDATE);
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@ You should run it on a chroot, or on a secured dedicated system.
|
|||||||
|
|
||||||
To test a Debian system:
|
To test a Debian system:
|
||||||
$ mkdir sid-chroot
|
$ mkdir sid-chroot
|
||||||
$ sudo debootstrap sid sid-chroot/ http://ftp.fr.debian.org/debian/
|
$ sudo debootstrap sid sid-chroot/ http://deb.debian.org/debian/
|
||||||
edit or copy a sources.list
|
edit or copy a sources.list
|
||||||
$ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/
|
$ sudo cp /etc/apt/sources.list sid-chroot/etc/apt/
|
||||||
edit or copy a resolv.conf
|
edit or copy a resolv.conf
|
||||||
@ -17,5 +17,3 @@ edit or copy a resolv.conf
|
|||||||
# aptitude update
|
# aptitude update
|
||||||
# aptitude install expect
|
# aptitude install expect
|
||||||
# cd /dev ; mknod --mode=666 /dev/ptmx c 5 2
|
# cd /dev ; mknod --mode=666 /dev/ptmx c 5 2
|
||||||
|
|
||||||
|
|
||||||
|
@ -51,10 +51,10 @@ echo "-: test failed"
|
|||||||
# Empty the complete log.
|
# Empty the complete log.
|
||||||
> testsuite.log
|
> testsuite.log
|
||||||
|
|
||||||
find ${build_path} -name "*.gcda" -delete
|
find "${build_path}" -name "*.gcda" -delete
|
||||||
run_test ./su/01/su_root.test
|
run_test ./su/01/su_root.test
|
||||||
run_test ./su/01/su_user.test
|
run_test ./su/01/su_user.test
|
||||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||||
run_test ./su/02/env_FOO-options_--login
|
run_test ./su/02/env_FOO-options_--login
|
||||||
run_test ./su/02/env_FOO-options_--login_bash
|
run_test ./su/02/env_FOO-options_--login_bash
|
||||||
run_test ./su/02/env_FOO-options_--preserve-environment
|
run_test ./su/02/env_FOO-options_--preserve-environment
|
||||||
@ -121,7 +121,7 @@ run_test ./su/11_su_sulog_failure/su.test
|
|||||||
run_test ./su/12_su_child_failure/su.test
|
run_test ./su/12_su_child_failure/su.test
|
||||||
run_test ./su/13_su_child_success/su.test
|
run_test ./su/13_su_child_success/su.test
|
||||||
run_test ./chage/01/run
|
run_test ./chage/01/run
|
||||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||||
run_test ./chage/02/run
|
run_test ./chage/02/run
|
||||||
run_test ./chage/03_chsh_usage/chage.test
|
run_test ./chage/03_chsh_usage/chage.test
|
||||||
run_test ./chage/04_chsh_usage_invalid_option/chage.test
|
run_test ./chage/04_chsh_usage_invalid_option/chage.test
|
||||||
@ -1221,7 +1221,7 @@ run_test ./passwd/22_passwd_usage/passwd.test
|
|||||||
run_test ./login/01_login_prompt/login.test
|
run_test ./login/01_login_prompt/login.test
|
||||||
run_test ./login/02_login_user/login.test
|
run_test ./login/02_login_user/login.test
|
||||||
run_test ./login/03_login_check_tty/login.test
|
run_test ./login/03_login_check_tty/login.test
|
||||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||||
run_test ./subids/01_useradd_no_subids/useradd.test
|
run_test ./subids/01_useradd_no_subids/useradd.test
|
||||||
run_test ./subids/02_useradd_with_subids/useradd.test
|
run_test ./subids/02_useradd_with_subids/useradd.test
|
||||||
run_test ./subids/03_useradd_no_subgid/useradd.test
|
run_test ./subids/03_useradd_no_subgid/useradd.test
|
||||||
@ -1301,9 +1301,8 @@ echo
|
|||||||
echo "$succeeded test(s) passed"
|
echo "$succeeded test(s) passed"
|
||||||
echo "$failed test(s) failed"
|
echo "$failed test(s) failed"
|
||||||
echo "log written in 'testsuite.log'"
|
echo "log written in 'testsuite.log'"
|
||||||
if [ "$failed" != "0" ]
|
if [ "$failed" != 0 ]
|
||||||
then
|
then
|
||||||
echo "the following tests failed:"
|
echo "the following tests failed:"
|
||||||
echo $failed_tests
|
echo "$failed_tests"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -16,8 +16,8 @@ failed_tests=""
|
|||||||
|
|
||||||
run_test()
|
run_test()
|
||||||
{
|
{
|
||||||
find $build_path -name "*.gcda" -delete
|
find "$build_path" -name "*.gcda" -delete
|
||||||
find $build_path -name "*.gcno" | while read f
|
find "$build_path" -name "*.gcno" | while read f
|
||||||
do
|
do
|
||||||
g=${f%gcno}gcda
|
g=${f%gcno}gcda
|
||||||
touch $g
|
touch $g
|
||||||
@ -1320,9 +1320,8 @@ echo
|
|||||||
echo "$succeeded test(s) passed"
|
echo "$succeeded test(s) passed"
|
||||||
echo "$failed test(s) failed"
|
echo "$failed test(s) failed"
|
||||||
echo "log written in 'testsuite.log'"
|
echo "log written in 'testsuite.log'"
|
||||||
if [ "$failed" != "0" ]
|
if [ "$failed" != 0 ]
|
||||||
then
|
then
|
||||||
echo "the following tests failed:"
|
echo "the following tests failed:"
|
||||||
echo $failed_tests
|
echo "$failed_tests"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -51,10 +51,10 @@ echo "-: test failed"
|
|||||||
# Empty the complete log.
|
# Empty the complete log.
|
||||||
> testsuite.log
|
> testsuite.log
|
||||||
|
|
||||||
find ${build_path} -name "*.gcda" -delete
|
find "${build_path}" -name "*.gcda" -delete
|
||||||
run_test ./su/01/su_root.test
|
run_test ./su/01/su_root.test
|
||||||
run_test ./su/01/su_user.test
|
run_test ./su/01/su_user.test
|
||||||
find ${build_path} -name "*.gcda" -exec chmod a+rw {} \;
|
find "${build_path}" -name "*.gcda" -exec chmod a+rw {} \;
|
||||||
run_test ./su/02/env_FOO-options_--login
|
run_test ./su/02/env_FOO-options_--login
|
||||||
run_test ./su/02/env_FOO-options_--login_bash
|
run_test ./su/02/env_FOO-options_--login_bash
|
||||||
run_test ./su/02/env_FOO-options_--preserve-environment
|
run_test ./su/02/env_FOO-options_--preserve-environment
|
||||||
@ -133,9 +133,8 @@ echo
|
|||||||
echo "$succeeded test(s) passed"
|
echo "$succeeded test(s) passed"
|
||||||
echo "$failed test(s) failed"
|
echo "$failed test(s) failed"
|
||||||
echo "log written in 'testsuite.log'"
|
echo "log written in 'testsuite.log'"
|
||||||
if [ "$failed" != "0" ]
|
if [ "$failed" != 0 ]
|
||||||
then
|
then
|
||||||
echo "the following tests failed:"
|
echo "the following tests failed:"
|
||||||
echo $failed_tests
|
echo "$failed_tests"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user