diff --git a/ChangeLog b/ChangeLog index 5caa93d8..85ac19d9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +2010-03-18 Nicolas François + + * src/pwck.c: Document the sections closed by #endif + * src/pwck.c, man/pwck.8.xml: No alternative shadow file can be + given when USE_TCB is enabled. + 2010-03-18 Nicolas François * src/pwck.c: Do not use pwd_file and spw_file. Always use the diff --git a/TODO b/TODO index 292b723d..32266b15 100644 --- a/TODO +++ b/TODO @@ -115,6 +115,7 @@ ALL: entry (with a password). - Add check to move passwd passwords to shadow if there is a shadow file. + - Support an alternative /etc/tcb directory as second parameter. - su - add a login.defs configuration parameter to add variables to keep in diff --git a/man/pwck.8.xml b/man/pwck.8.xml index 92976d92..7acd7e30 100644 --- a/man/pwck.8.xml +++ b/man/pwck.8.xml @@ -88,6 +88,9 @@ The pwck command verifies the integrity of the users and authentication information. It checks that all entries in /etc/passwd and /etc/shadow + (or the files in + /etc/tcb, when is + enabled) have the proper format and contain valid data. The user is prompted to delete entries that are improperly formatted or which have other uncorrectable errors. @@ -200,7 +203,7 @@ /etc/shadow by UID. - This option has no effect when TCB is enabled. + This option has no effect when is enabled. @@ -208,10 +211,18 @@ By default, pwck operates on the files - /etc/passwd and /etc/shadow. - The user may select alternate files with the passwd and shadow - parameters. + /etc/passwd and + /etc/shadow (or the + files in /etc/tcb). + The user may select alternate files with the + passwd and + shadow parameters. + + + Note that when is enabled, you cannot + specify an alternative shadow file. In + future releases, this paramater could be replaced by an alternate + TCB directory. diff --git a/src/pwck.c b/src/pwck.c index 0b8d2a3a..f42e16af 100644 --- a/src/pwck.c +++ b/src/pwck.c @@ -49,7 +49,7 @@ #include "nscd.h" #ifdef WITH_TCB #include "tcbfuncs.h" -#endif +#endif /* WITH_TCB */ /* * Exit codes @@ -123,8 +123,17 @@ static void fail_exit (int code) */ static void usage (void) { - fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"), - Prog); +#ifdef WITH_TCB + if (getdef_bool ("USE_TCB")) { + fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd]\n"), + Prog); + } else +#endif /* WITH_TCB */ + { + fprintf (stderr, + _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"), + Prog); + } exit (E_USAGE); } @@ -178,6 +187,14 @@ static void process_flags (int argc, char **argv) use_system_pw_file = false; } if ((optind + 2) == argc) { +#ifdef WITH_TCB + if (getdef_bool ("USE_TCB")) { + fprintf (stderr, + _("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"), + Prog); + usage (); + } +#endif /* WITH_TCB */ spw_setdbname (argv[optind + 1]); is_shadow = true; use_system_spw_file = false; @@ -197,7 +214,7 @@ static void open_files (void) bool use_tcb = false; #ifdef WITH_TCB use_tcb = getdef_bool ("USE_TCB"); -#endif +#endif /* WITH_TCB */ /* * Lock the files if we aren't in "read-only" mode @@ -513,7 +530,7 @@ static void check_pw_file (int *errors, bool *changed) } spw_opened = true; } -#endif +#endif /* WITH_TCB */ spw = (struct spwd *) spw_locate (pwd->pw_name); if (NULL == spw) { printf (_("no matching password file entry in %s\n"), @@ -595,7 +612,7 @@ static void check_pw_file (int *errors, bool *changed) spw_locked = false; } } -#endif +#endif /* WITH_TCB */ } }