* src/pwck.c: Document the sections closed by #endif

* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
	given when USE_TCB is enabled.
This commit is contained in:
nekral-guest 2010-03-18 10:23:51 +00:00
parent 07c6e99725
commit 2db82460b1
4 changed files with 46 additions and 11 deletions

View File

@ -1,3 +1,9 @@
2010-03-18 Nicolas François <nicolas.francois@centraliens.net>
* src/pwck.c: Document the sections closed by #endif
* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
given when USE_TCB is enabled.
2010-03-18 Nicolas François <nicolas.francois@centraliens.net> 2010-03-18 Nicolas François <nicolas.francois@centraliens.net>
* src/pwck.c: Do not use pwd_file and spw_file. Always use the * src/pwck.c: Do not use pwd_file and spw_file. Always use the

1
TODO
View File

@ -115,6 +115,7 @@ ALL:
entry (with a password). entry (with a password).
- Add check to move passwd passwords to shadow if there is a shadow - Add check to move passwd passwords to shadow if there is a shadow
file. file.
- Support an alternative /etc/tcb directory as second parameter.
- su - su
- add a login.defs configuration parameter to add variables to keep in - add a login.defs configuration parameter to add variables to keep in

View File

@ -88,6 +88,9 @@
The <command>pwck</command> command verifies the integrity of the The <command>pwck</command> command verifies the integrity of the
users and authentication information. It checks that all entries in users and authentication information. It checks that all entries in
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename> <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
<phrase condition="tcb">(or the files in
<filename>/etc/tcb</filename>, when <option>USE_TCB</option> is
enabled)</phrase>
have the proper format and contain valid data. have the proper format and contain valid data.
The user is prompted to delete entries that are The user is prompted to delete entries that are
improperly formatted or which have other uncorrectable errors. improperly formatted or which have other uncorrectable errors.
@ -200,7 +203,7 @@
<filename>/etc/shadow</filename> by UID. <filename>/etc/shadow</filename> by UID.
</para> </para>
<para condition="tcb"> <para condition="tcb">
This option has no effect when TCB is enabled. This option has no effect when <option>USE_TCB</option> is enabled.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -208,10 +211,18 @@
<para> <para>
By default, <command>pwck</command> operates on the files By default, <command>pwck</command> operates on the files
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>. <filename>/etc/passwd</filename> and
The user may select alternate files with the <emphasis <filename>/etc/shadow</filename><phrase condition="tcb"> (or the
remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis> files in <filename>/etc/tcb</filename>)</phrase>.
parameters. The user may select alternate files with the
<replaceable>passwd</replaceable> and
<replaceable>shadow</replaceable> parameters.
</para>
<para condition="tcb">
Note that when <option>USE_TCB</option> is enabled, you cannot
specify an alternative <replaceable>shadow</replaceable> file. In
future releases, this paramater could be replaced by an alternate
TCB directory.
</para> </para>
</refsect1> </refsect1>

View File

@ -49,7 +49,7 @@
#include "nscd.h" #include "nscd.h"
#ifdef WITH_TCB #ifdef WITH_TCB
#include "tcbfuncs.h" #include "tcbfuncs.h"
#endif #endif /* WITH_TCB */
/* /*
* Exit codes * Exit codes
@ -123,8 +123,17 @@ static void fail_exit (int code)
*/ */
static void usage (void) static void usage (void)
{ {
fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"), #ifdef WITH_TCB
Prog); if (getdef_bool ("USE_TCB")) {
fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd]\n"),
Prog);
} else
#endif /* WITH_TCB */
{
fprintf (stderr,
_("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
Prog);
}
exit (E_USAGE); exit (E_USAGE);
} }
@ -178,6 +187,14 @@ static void process_flags (int argc, char **argv)
use_system_pw_file = false; use_system_pw_file = false;
} }
if ((optind + 2) == argc) { if ((optind + 2) == argc) {
#ifdef WITH_TCB
if (getdef_bool ("USE_TCB")) {
fprintf (stderr,
_("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"),
Prog);
usage ();
}
#endif /* WITH_TCB */
spw_setdbname (argv[optind + 1]); spw_setdbname (argv[optind + 1]);
is_shadow = true; is_shadow = true;
use_system_spw_file = false; use_system_spw_file = false;
@ -197,7 +214,7 @@ static void open_files (void)
bool use_tcb = false; bool use_tcb = false;
#ifdef WITH_TCB #ifdef WITH_TCB
use_tcb = getdef_bool ("USE_TCB"); use_tcb = getdef_bool ("USE_TCB");
#endif #endif /* WITH_TCB */
/* /*
* Lock the files if we aren't in "read-only" mode * Lock the files if we aren't in "read-only" mode
@ -513,7 +530,7 @@ static void check_pw_file (int *errors, bool *changed)
} }
spw_opened = true; spw_opened = true;
} }
#endif #endif /* WITH_TCB */
spw = (struct spwd *) spw_locate (pwd->pw_name); spw = (struct spwd *) spw_locate (pwd->pw_name);
if (NULL == spw) { if (NULL == spw) {
printf (_("no matching password file entry in %s\n"), printf (_("no matching password file entry in %s\n"),
@ -595,7 +612,7 @@ static void check_pw_file (int *errors, bool *changed)
spw_locked = false; spw_locked = false;
} }
} }
#endif #endif /* WITH_TCB */
} }
} }