Commit Graph

599 Commits

Author SHA1 Message Date
nekral-guest
2a267ca05f * NEWS, src/newusers.c: Implement the -r, --system option.
* src/newusers.c: Use a bool when possible instead of int
	integers.
	* src/newusers.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/newusers.c: Ignore the return value of pam_end() before
	exiting.
	* src/newusers.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newusers.c: Avoid multi-statements lines.
	* src/newusers.c: Add brackets and parenthesis.
2008-06-09 19:36:08 +00:00
nekral-guest
e41460cae5 * src/gpasswd.c: Use a bool when possible instead of int integers.
* src/gpasswd.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/gpasswd.c: Ignore the return value of putchar() and fflush()
	before exiting.
	* src/gpasswd.c: check_list() renamed is_valid_user_list(), and
	return a bool.
	* src/gpasswd.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:26:19 +00:00
nekral-guest
5e2b49dad4 * src/grpck.c: Use a bool when possible instead of int integers.
* src/grpck.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:20:00 +00:00
nekral-guest
5038f6687b * src/lastlog.c: Use a bool when possible instead of int integers.
* src/lastlog.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/lastlog.c: Add brackets and parenthesis.
	* src/lastlog.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
2008-06-09 19:15:27 +00:00
nekral-guest
8b98a2e829 * src/userdel.c: Use a bool for the is_shadow_pwd, is_shadow_grp,
deleted_user_group, was_member, was_admin, and the
	options' flags.
	* src/userdel.c: Change path_prefix() prototype to return a bool.
	* src/userdel.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/userdel.c: Ignore the return value from pam_end() since we
	are exiting anyway just afterwards.
	* src/userdel.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/userdel.c: Add brackets and parenthesis.
	* src/userdel.c: Avoid assignments in comparisons.
	* src/userdel.c: Do not ignore the return value of the *_unlock()
	functions.
2008-06-09 19:10:44 +00:00
nekral-guest
46466a8fcc * src/login_nopam.c: Do not use the YES and NO macros. Use the
booleans true and false instead. Change the prototypes of
	list_match(), user_match(), from_match(), and string_match()
	accordingly. Also use booleans internally.
	* src/login_nopam.c: Add brackets and parenthesis.
	* src/login_nopam.c: Avoid implicit conversion of pointers /
	integers / chars to booleans.
	* src/login_nopam.c: Avoid assignments in comparisons.
2008-06-09 18:35:32 +00:00
nekral-guest
4e0d734598 * src/newgrp.c: Use a bool for is_newgrp, notfound, needspasswd,
initflag, and cflag.
	* src/newgrp.c: Add brackets and parenthesis.
	* src/newgrp.c: Avoid implicit conversion of pointers / integers /
	chars to booleans.
	* src/newgrp.c: Avoid multi-statements lines.
	* src/newgrp.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newgrp.c: Avoid assignments in comparisons.
2008-06-09 18:23:23 +00:00
nekral-guest
623d9e2ab3 * libmisc/chkname.h, libmisc/chkname.c: check_group_name (resp.
check_user_name) renamed to is_valid_user_name (resp.
	is_valid_group_name). is_valid_user_name and is_valid_group_name
	return a bool.
	* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
	src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
	and is_valid_group_name, following above change.
	* libmisc/chkname.c: Avoid implicit conversion of chars to
	booleans. Add brackets and parenthesis.
2008-05-25 20:58:16 +00:00
nekral-guest
6124b59aff * libmisc/copydir.c (remove_tree): As we always use remove_tree
followed by rmdir to remove the directory itself, delete also the
	root directory in remove_tree.
	* src/userdel.c, src/usermod.c: Do not call rmdir after
	remove_tree.
2008-05-24 15:35:15 +00:00
nekral-guest
d99423405c Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
	of audit_help_open.
	* libmisc/salt.c: Use booleans instead of negating integers.
	* src/passwd.c: Declare the check_selinux_access prototype and
	avoid name clashes (change_user -> changed_user; change_uid ->
	changed_uid; access -> requested_access)
2008-05-24 13:08:58 +00:00
nekral-guest
537496c019 Fix formatting. 2008-05-19 20:31:48 +00:00
nekral-guest
243809af3a Fix typo. 2008-05-18 16:38:13 +00:00
nekral-guest
fb4271bdf9 Import Debian patch 434_login_stop_checking_args_after--
* NEWS, src/login.c (check_flags): Stop checking the arguments
	after --. The later options will be sent to the shell, and do not
	need to be checked.
2008-05-18 14:54:35 +00:00
nekral-guest
6a17c2b27f * src/vipw.c, src/su.c, src/newgrp.c: Harmonize the children's
SIGSTOP handling. Raise the signal which stopped the child instead
	of always SIGSTOP.

	Import Debian patch 406_vipw_resume_properly.
	Thanks to Dean Gaudet.
	* NEWS, src/vipw.c: Resume properly after ^Z.
2008-05-18 13:41:56 +00:00
nekral-guest
c7302b61ef Make sure every source files are distributed with a copyright and license.
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
2008-04-27 00:40:09 +00:00
nekral-guest
4196525702 Allow non-US-ASCII characters in the GECOS fields ("name", "room number",
and "other info" fields).
2008-04-27 00:24:49 +00:00
nekral-guest
4d7d6a1a9f Fix build failure when configured with audit support. Thanks to Mike
Frysinger for reporting it.
2008-04-16 22:04:46 +00:00
nekral-guest
7baffa5e74 Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
  getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
  group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
  is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
  src/groups.c: Make sure to close
  the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
  called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
2008-04-16 21:52:46 +00:00
nekral-guest
f7a256fc19 * src/passwd.c, NEWS: Make SE Linux tests more strict, when the
real UID is 0 SE Linux checks will be performed. Thanks to
 Russell Coker  <russell@coker.com.au>
* TODO: Added entries regarding SE Linux.
2008-03-26 22:00:50 +00:00
nekral-guest
32b424e507 Fix minor compilation warning (assignment used as a comparison). 2008-03-17 23:05:59 +00:00
nekral-guest
d94602add8 login_access() is used in src/login.c, and defined in src/login_nopam.c
(which lacks a prototype). Move its prototype from src/login.c to
lib/prototypes.h.
2008-03-17 23:04:46 +00:00
nekral-guest
e33e2b7d79 Compilation fix. gshadow_locked should only be used if SHADOWGRP is defined. 2008-03-17 23:02:23 +00:00
nekral-guest
78c59b7261 Fix some warnings. compare_members_lists() is only used if SHADOWGRP is defined. 2008-03-17 23:00:49 +00:00
nekral-guest
8377303981 Remove unused global variable. 2008-03-08 23:52:50 +00:00
nekral-guest
a8a614c515 * NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
  Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
  also the GID of the passwd entries of the users whose primary
  group is the group being modified.
2008-03-08 23:01:49 +00:00
nekral-guest
1b808e62df Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
2008-03-08 22:44:53 +00:00
nekral-guest
5af8a5d74d * NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
	instead of exit().
	* src/groupdel.c: Fail immediately instead of increasing errors.
	Better handling of error cases, like locked group or gshadow file.
2008-03-08 21:13:54 +00:00
nekral-guest
d1290c0d5d Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Add function fail_exit(). Use fail_exit() instead of exit().
2008-03-08 21:04:31 +00:00
nekral-guest
bded00fd11 Make sure the group and gshadow files are unlocked on exit. Add function fail_exit(). 2008-03-08 20:54:54 +00:00
nekral-guest
a2242f6f1b Do not rewrite the group and gshadow file in case of error. 2008-03-08 16:23:22 +00:00
nekral-guest
9e07fec6ba Do not log that the group was deleted if an error occurred. 2008-03-08 16:20:55 +00:00
nekral-guest
d44f1dfeca Do not raise an error if the group does not exist in the gshadow file. 2008-03-08 16:17:07 +00:00
nekral-guest
1b2618d688 * src/newgrp.c: Add missing end of line in message.
* src/newgrp.c: Add audit events for the authentication
  (AUDIT_GRP_AUTH). Thansk to Peter Vrabec.
2008-03-07 20:21:15 +00:00
nekral-guest
6ea65c8992 Only reset the entries of existing users with faillog -r (not all numeric
IDs starting from 0). Thanks to Peter Vrabec.
2008-03-05 00:10:25 +00:00
nekral-guest
52cfc3372b Fix typo. One "can't open" message is a "can't lock". 2008-03-04 23:53:00 +00:00
nekral-guest
528346cb3b When a password is moved to the gshadow file, use "x" instead of "x"
to indicate that the password is shadowed (consistency with grpconv).
2008-02-26 20:09:56 +00:00
nekral-guest
f43a4659c6 Re-indent. 2008-02-26 19:17:20 +00:00
nekral-guest
2a2b2b3aa4 * NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.
2008-02-26 19:09:10 +00:00
nekral-guest
db479122f3 * Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to
   where it belongs.
 * Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
   section.
2008-02-26 18:59:28 +00:00
nekral-guest
93e2f66a60 * NEWS, src/useradd.c, man/useradd.8.xml: Added options
-user-group (-U, Uflg) and --no-user-group (-N, Nflg) to replace
  nflg.
* man/login.defs.d/USERGROUPS_ENAB.xml: useradd now also uses
  USERGROUPS_ENAB.
2008-02-25 21:03:46 +00:00
nekral-guest
2a5c015cd1 Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:26:04 +00:00
nekral-guest
dc641054a1 Add missing -p, --password description to the Usage message. 2008-02-19 21:21:52 +00:00
nekral-guest
23ac189d48 Add missing space in comment. 2008-02-19 21:18:04 +00:00
nekral-guest
29e71bf1b3 Fix --non-unique's has_arg field to no_argument instead of required_argument. 2008-02-19 21:16:28 +00:00
nekral-guest
7ec4a64cdb Add missing 'p' to the getopt_long's optstring. 2008-02-19 21:10:17 +00:00
nekral-guest
18c914f086 Added new option -r, --system for system accounts in useradd, groupadd,
and newusers.
2008-02-19 21:01:38 +00:00
nekral-guest
ed52b88b92 Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. 2008-02-18 21:36:03 +00:00
nekral-guest
80ef1db3b3 One AUDIT_USER_START remained. Replace it with AUDIT_CHGRP_ID also. 2008-02-14 18:51:37 +00:00
nekral-guest
a8bc585e33 Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
2008-02-14 18:35:51 +00:00
nekral-guest
1599d3d128 * Reset oflg with uflg if the new UID is equal to
the old one.
* Reset mflg with dflg if the new home directory is
  the same as the old one.
2008-02-10 21:35:17 +00:00
nekral-guest
a5f949165a Fix the handling of -a when a user is being renamed (with -l). The new
name of the user was used for the new supplementary groups, but not in the
existing ones.
2008-02-10 20:25:39 +00:00
nekral-guest
ead95673a5 Set the shadow's password instead of the passwd's password.
Fix wrong cut&paste.
2008-02-10 19:14:20 +00:00
nekral-guest
132eb55983 Fix typo. 2008-02-03 21:53:30 +00:00
nekral-guest
f08833fba2 Fix typo. 2008-02-03 21:42:08 +00:00
nekral-guest
f8679b385a No need to check audit_fd, audit_logger() will take care of this. 2008-02-03 21:40:01 +00:00
nekral-guest
ae5db5d36b Really log the expiration date change as human readable strings instead of
integers.
2008-02-03 21:37:45 +00:00
nekral-guest
fdae41eb63 Use a function to convert the dates from /etc/shadow to human readable dates. 2008-02-03 21:30:47 +00:00
nekral-guest
feb2e41181 Do not translate the fromhost variable. It is always used for syslog messages. 2008-02-03 17:57:43 +00:00
nekral-guest
4e01ea6c33 * NEWS: newusers will behave more like useradd.
* src/newusers.c: The user's ID must be found before the group ID
	to mimic useradd's behavior choices of UID and GID.
	* src/newusers.c: Reuse the generic find_new_uid() and
	find_new_gid() functions. This permits to respect the
	UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should 
	* src/newusers.c: Check if the user or group exist using the
	external databases (with the libc getpwnam/getgrnam functions).
	Refuse to update an user which exist in an external database but
	does not exist in the local database.
	* src/newusers.c: Check the usernames and groupnames with
	check_user_name() and check_group_name()
	* src/newusers.c: Use isdigit() for readability.
	* src/newusers.c: Check if numerical IDs are valid (no remaining
	chars).

	* NEWS, src/newusers.c: Fix the support for the NONE crypt method.

	* src/newusers.c: Fix shadow group support (the list of admins was
	not defined; it is now set to an empty list).
2008-02-03 17:45:58 +00:00
nekral-guest
04190741e7 Use the find_new_uid() and find_new_gid() from the library instead of the
local functions.
2008-02-03 16:56:23 +00:00
nekral-guest
57f713e426 * libmisc/age.c, libmisc/yesno.c, src/lastlog.c, src/grpck.c,
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
   src/chsh.c: Fix call to puts (remove end of line, or use fputs).
 * po/*.po: Unfuzzy PO files according to above change.
2008-02-03 16:28:03 +00:00
nekral-guest
3755086645 Fix comment. find_new_fid is no more called is the user specified a group
ID.
2008-01-27 14:31:23 +00:00
nekral-guest
ae99674e9b Fix build failures with --disable-shadowgrp. Thanks to Jürgen
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
  functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
  printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
  SHADOWGRP is defined.
2008-01-26 17:41:20 +00:00
nekral-guest
8c229ea473 Re-indent. 2008-01-24 20:54:42 +00:00
nekral-guest
3dd5866244 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 20:42:12 +00:00
nekral-guest
96f7a7588f Re-indent. 2008-01-24 19:50:09 +00:00
nekral-guest
01f9705dd5 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 19:38:06 +00:00
nekral-guest
1b246725c5 Re-indent. 2008-01-24 19:24:03 +00:00
nekral-guest
de239d9b01 Replace printf by puts for fixed strings. This would avoid issues caused
by formats introduced in translated strings.
2008-01-24 18:39:05 +00:00
nekral-guest
926aeec06a Apply Christian's recommendation:
s/can't get unique/no more available/
2008-01-23 22:31:38 +00:00
nekral-guest
934ac07b06 Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
2008-01-23 21:50:27 +00:00
nekral-guest
0d1be15e0f Always define user_newcomment, user_newshell, user_newexpire, and
user_newinactive. It is more simple to always have user_<x> as the old
field, and user_new<x> as the new field (even if the field did not change)
instead of changing the algorithm depending on WITH_AUDIT.
2008-01-23 21:19:08 +00:00
nekral-guest
294e3a632e user_newname can only be used in WITH_AUDIT code or when lflg is set. This
issue was introduced in the code refactoring of usermod.
2008-01-23 20:08:16 +00:00
nekral-guest
229e6cbdd8 Fix typo in comment: s/find_new_uid/find_new_gid/ 2008-01-22 22:59:06 +00:00
nekral-guest
53561134a9 * s/gid/GID/ in message string.
* Set this string for translation.
2008-01-22 22:57:55 +00:00
nekral-guest
ae8cbbc34d * NEWS, src/newgrp.c: Fix segfault when an user returns to an
unknown GID (either the user was deleted during the user's newgrp
  session or the user's passwd entry referenced an invalid group).
  Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
  password.
2008-01-21 23:33:43 +00:00
nekral-guest
b082ebead2 * NEWS, src/useradd.c: Fix the handling of the --defaults option
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
  was already described in the useradd's Usage information.
2008-01-12 21:09:46 +00:00
nekral-guest
85febc5729 Avoid setting the password to a const empty string, but set the first char to \0. This avoids a warning. 2008-01-06 19:26:58 +00:00
nekral-guest
8a1abbe80b * lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
  required. skey and md are required for the binaries with
  authentication of the user (chfn, chsh, login, passwd, su). intl
  is required for all. mcrypt is required for user (chfn, chsh,
  login, passwd, su, sulogin) and group (newgrp, gpasswd)
  authentication and for the creation of passwords (chpasswd,
  chgpasswd, gpasswd, newusers, passwd).
2008-01-06 14:19:32 +00:00
nekral-guest
9104a7a4a4 * Remove prototype of check_su_auth(). It is redundant with prototypes.h.
* isgrp() is static.
2008-01-06 13:30:18 +00:00
nekral-guest
1520a0ae3e * libmisc/obscure.c: Tag the `old' parameter of palindrome(),
similar(), and simple() as unused.
* libmisc/loginprompt.c: Tag the `sig' parameter of login_exit()
  as unused.
* src/expiry.c: Tag the `sig' parameter of catch_signals() as
  unused.
* src/su.c: Tag the `sig' parameter of catch_signals() as unused.
* src/su.c: Add int parameter to the prototype of oldsig().
* src/login.c: Tag the `sig' parameter of alarm_handler() as
  unused.
* src/sulogin.c: Tag the `sig' parameter of catch_signals() as
  unused.
* libmisc/getdate.y: Tag the `string' parameter of yyerror() as
  unused.
* libmisc/getdate.y: The string provided to yyerror() is const.
* libmisc/getdate.y: Fix the prototypes of yylex() and yyerror().
2008-01-06 13:20:25 +00:00
nekral-guest
116a76e528 Remove prototypes for __pw_del_entry(), __pw_get_head(), __spw_del_entry(), and __spw_get_head(). 2008-01-06 13:00:17 +00:00
nekral-guest
93177a5615 Assume optarg and optind are declared in <getopt.h>. 2008-01-06 12:52:23 +00:00
nekral-guest
0c867d23ad Remove the pw_name argument of new_pw_passwd. Use the user_newname global
variable instead. This avoid using a parameter with the same name as a function.
2008-01-06 12:50:22 +00:00
nekral-guest
5c6f68cd8f * Removed unused gid parameter of syslog_sg().
* The loginname and tty buffers are never changed. Add the const qualifier.
2008-01-06 12:31:06 +00:00
nekral-guest
d85b926a14 The crypt_method string always points to a constant string. Add the const qualifier. 2008-01-06 12:26:20 +00:00
nekral-guest
8289eabc55 Remove prototype of l64a() (not used in pwunconv). 2008-01-06 12:12:30 +00:00
nekral-guest
58176a821d Remove prototypes for __gr_del_entry(), __gr_get_head(),
__sgr_del_entry(), and __sgr_get_head().
2008-01-06 12:09:38 +00:00
nekral-guest
4cdbd1fa1d * src/login_nopam.c: Use an ANSI prototype for resolve_hostname()
instead of K&R prototype.
* src/login_nopam.c: Fix the prototypes of list_match(),
  user_match(), from_match(), string_match(). There were no
  parameters in the prototypes.
* src/login_nopam.c: Fix the prototypes of the function parameter
  match_fn of list_match().
2008-01-06 12:07:42 +00:00
nekral-guest
ff49a02023 Fix find_new_gid() prototype. Add a void parameter. 2008-01-05 17:23:46 +00:00
nekral-guest
23e8564812 Fix typos. 2008-01-05 16:44:51 +00:00
nekral-guest
462be08456 * lib/prototypes.h: Add the dolastlog() prototype.
* lib/prototypes.h: Typo: login.c -> loginprompt.c
* src/login.c: Remove declaration of dolastlog().
* libmisc/log.c: dolastlog() should not have been changed to static.
  Include prototypes.h instead.
2008-01-05 16:44:28 +00:00
nekral-guest
db0dddc6e9 * libmisc/pwdcheck.c: Do not include <pwd.h>. Include <shadow.h>
and "pwauth.h" only when compiled without PAM support.
* src/chfn.c, src/chsh.c: Do not include <shadow.h>
* lib/commonio.c: Do not include <shadow.h>. Do not include
  <pwd.h>. Include "nscd.h" instead of <nscd.h>.
* configure.in: Do not check if shadow.h exist, but make sure it
  exists.
* libmisc/pwdcheck.c, src/chfn.c, src/chsh.c, lib/defines.h,
  lib/shadowmem.c, lib/shadowio.c, lib/commonio.c:
  HAVE_SHADOW_H is no more needed (shadow.h should always exist).
2008-01-05 16:33:43 +00:00
nekral-guest
f8a95f7ca1 Add option --password to groupadd and groupmod (similar to useradd and usermod). 2008-01-05 14:17:43 +00:00
nekral-guest
bbb9470661 loginsh is a global variable, use newshell for the update_shell()'s parameter. 2008-01-05 13:54:39 +00:00
nekral-guest
f11bbd3b70 login_prompt is the name of a function, use loginprompt for the internal variable. 2008-01-05 13:53:14 +00:00
nekral-guest
239b2d7bee Make a proper prototype for the main() function declaration. (add void) 2008-01-05 13:51:43 +00:00
nekral-guest
53b075a760 * libmisc/pam_pass.c: Define do_pam_passwd() as static and add its prototype.
* libmisc/log.c: Define dolastlog() as static and add its prototype.
* src/chage.c: Define isnum() as static and add its prototype.
2008-01-05 13:37:32 +00:00
nekral-guest
3c800f5880 Add the syslog_sg prototype. 2008-01-01 23:56:03 +00:00
nekral-guest
11864d22b4 Also split syslog_sg() out of main(). 2008-01-01 23:54:51 +00:00
nekral-guest
1ff4e28748 Remove duplicate logging to syslog. 2008-01-01 23:45:44 +00:00
nekral-guest
d590d0ccee Split check_perms() out of main(). 2008-01-01 23:35:55 +00:00
nekral-guest
94b3b98196 Avoid assignments in conditionals. 2008-01-01 23:07:55 +00:00
nekral-guest
e700196c17 Fix typo s/groupadd/chpasswd/ 2008-01-01 19:56:29 +00:00
nekral-guest
97d7df1ef4 Fix typo s/groupadd/chage/ 2008-01-01 19:53:33 +00:00
nekral-guest
376d990101 Fix typo s/groupadd/chgpasswd/. 2008-01-01 19:53:02 +00:00
nekral-guest
4c2f65d7d0 Avoid implicit conversions to booleans. 2008-01-01 18:27:40 +00:00
nekral-guest
92d8cbb26c Avoid implicit brackets. 2008-01-01 18:04:46 +00:00
nekral-guest
7080370042 Re-indent. 2008-01-01 17:56:33 +00:00
nekral-guest
a9ae2a8710 Avoid implicit conversions to booleans. 2008-01-01 17:51:54 +00:00
nekral-guest
94266e1360 use_system_pw_file and use_system_spw_file were not reset. 2008-01-01 17:43:18 +00:00
nekral-guest
f6e79f59be Re-indent. 2008-01-01 16:58:13 +00:00
nekral-guest
27ed5ec8b9 Avoid implicit brackets. 2008-01-01 16:54:18 +00:00
nekral-guest
42a5b75c5a * Fix open_files prototype (void argument).
* close_file documentation (s:password/shadow:group/gshadow:)
2008-01-01 16:28:01 +00:00
nekral-guest
6ac97a708c Fix typos in comments (gshadow/shadow). 2008-01-01 16:25:57 +00:00
nekral-guest
d022527b71 Simplify pwck's main(). Remove gotos. 2008-01-01 15:52:07 +00:00
nekral-guest
3ad9a439d5 Split also check_pw_file() and check_spw_file() out of main(). 2008-01-01 15:49:33 +00:00
nekral-guest
ef2c12e560 Also split open_files and close_files out of main().
New global variables use_system_pw_file and use_system_spw_file
2008-01-01 15:29:47 +00:00
nekral-guest
6912ac253a Split process_flags() out of main(). New global variables is_shadow,
sort_mode.
2008-01-01 15:07:41 +00:00
nekral-guest
09a95ed70a * src/lastlog.c: Remove statbuf, not used.
* src/lastlog.c: Fix types, cast umin and umax to uid_t.
* src/lastlog.c: (option -u) user needs to be a signed long, not
  uid_t (to accept rangees like -<uid>
2008-01-01 14:38:47 +00:00
nekral-guest
d0de685c7a Avoid ?: construct without the middle term. 2008-01-01 14:34:07 +00:00
nekral-guest
b681e50ff2 * libmisc/copydir.c, src/usermod.c, lib/prototypes.h: The uid and
gid parameters can be set to -1 to indicate that the original
  owners must be kept. Change the types from uid_t/gid_t to a
  long int (signed).
* libmisc/copydir.c: Change the copy_entry(), copy_dir(),
  copy_symlink(), copy_special(), and copy_file() prototypes
  accordingly.
* lib/prototypes.h: Add the parameters' name for the
  libmisc/copydir.c functions.
2008-01-01 14:31:00 +00:00
nekral-guest
bca732693b * libmisc/limits.c, libmisc/obscure.c, src/login_nopam.c,
lib/pwauth.c: Avoid empty file when USE_PAM is set.
* src/login_nopam.c: Fix warnings: resolve_hostname takes and
  returns a constant string.
2008-01-01 14:18:55 +00:00
nekral-guest
0dccafcd23 Remove inaccurate documentation.
The password file is no more opened in read only mode.
2008-01-01 14:12:34 +00:00
nekral-guest
b25feca14c Add missing prototype declarations.
Document the new functions.
2008-01-01 14:10:21 +00:00
nekral-guest
3d82d5e452 Split check_members() out of check_grp_file() and check_sgr_file(). 2008-01-01 13:50:06 +00:00
nekral-guest
612820cb9a Split check_grp_file() and check_sgr_file() out of main(). 2008-01-01 13:48:49 +00:00
nekral-guest
f6f6eeda8e Split process_flags(), open_files(), and close_files() out of main(). New
global variables is_shadow, sort_mode, use_system_grp_file, and
use_system_sgr_file.
2008-01-01 13:13:47 +00:00
nekral-guest
ca9fbc0d8e Compilation fix. pamh needs to be global since the split of check_perms(). 2007-12-31 20:15:15 +00:00
nekral-guest
1ec694eae7 Compilation fix. user was removed from the list of global variables. 2007-12-31 20:14:31 +00:00
nekral-guest
0cc661a2cf Re-indent. 2007-12-31 15:34:29 +00:00
nekral-guest
d6cabcde78 Re-indent. 2007-12-31 15:32:15 +00:00
nekral-guest
4c9686df0c Avoid assignments in comparisons. 2007-12-31 15:30:29 +00:00
nekral-guest
ce4e74c1b9 Avoid implicit brackets. 2007-12-31 15:27:23 +00:00
nekral-guest
3709183127 (compil fix) Use pw->pw_name instead of user. 2007-12-31 15:13:39 +00:00
nekral-guest
9a67b445b1 sflg needs to be global. 2007-12-31 15:07:59 +00:00
nekral-guest
ca035a53a0 Also split update_shell() out of main(). 2007-12-31 15:06:22 +00:00
nekral-guest
f031095d9f * Split also check_perms() out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 14:54:46 +00:00
nekral-guest
7ed7e14dee Split process_flags() out of main(). 2007-12-31 14:52:52 +00:00
nekral-guest
4af02cb083 Avoid assignments in comparisons. 2007-12-31 14:37:24 +00:00
nekral-guest
c086f6c931 Avoid implicit conversions to booleans. 2007-12-31 14:15:29 +00:00
nekral-guest
ca468cb988 Document may_change_field(). 2007-12-31 14:03:14 +00:00
nekral-guest
3d04ff4037 Avoid implicit brackets. 2007-12-31 13:48:48 +00:00
nekral-guest
7279ff37f3 * New function: process_flags() split out of main().
The flags variables are now global.
* New functions: check_perms(), update_gecos(),
  get_old_fields(), and check_fields() split out of main().
* Before pam_end(), the return value of the previous
  pam API was already checked. No need to validate it again.
2007-12-31 13:43:04 +00:00
nekral-guest
d0b984528a * src/newusers.c: Compilation fix for PAM support (pamh needs to be
global since the function split).
* src/chpasswd.c: Likewise.
* src/chgpasswd.c: Likewise.
* src/chpasswd.c: Avoid implicit conversions to booleans.
2007-12-31 04:57:54 +00:00
nekral-guest
db38d0b104 * src/chage.c: Fix typo: s/maximim/maximum/
* src/chage.c: New function: fail_exit(). Change most of the exit()
	to a fail_exit, which makes sure the files are unlocked (new global
	variables: pw_locked, spw_locked), the PAM transaction is ended, and
	the failure is logged to libaudit (use a global user_name and user_uid
	for logging).
	* src/chage.c: Compilation fix for PAM support (pamh needs to be
	global since the function split).
	* src/chage.c: Document process_flags(), check_flags(), check_perms(),
	open_files(), and close_files().
	* src/chage.c: Split update_age() and get_defaults() out of main()
	* src/chage.c: Drop the privileges just after opening the files.
	* src/chage.c: Do not log to audit only if the user has an entry in
	the shadow file.
	* NEWS, src/chage.c (open_files): Also open the password file for
	writing. This fix chage when the user only has a password entry (and
	no shadow entries).
	* src/chage.c (get_defaults): Use default values that don't change the
	behavior of the account for the fields that are not specified when the
	user has no shadow entry.
2007-12-31 04:29:30 +00:00
nekral-guest
3b7497b063 * Compilation fix for PAM support (pamh needs to be
global since the function split).
* End the PAM transaction in fail_exit().
* Document check_flags().
2007-12-30 21:48:55 +00:00
nekral-guest
d1bee8b593 Compilation fix for non-gshadow support. 2007-12-30 21:39:57 +00:00
nekral-guest
99230a30ad I forgot to open and close gshadow. 2007-12-29 17:34:02 +00:00
nekral-guest
623010396c Added support for gshadow. 2007-12-29 17:26:28 +00:00
nekral-guest
098173e1df Do not add the new user to the group's members, because the group is already
the primary group of the new user.
2007-12-29 17:05:13 +00:00
nekral-guest
67b9c423fe Avoid variables with the name of a type. 2007-12-29 14:52:35 +00:00
nekral-guest
b040f047fd Avoid assignments in comparisons. 2007-12-29 14:48:33 +00:00
nekral-guest
8c4efbb8ce Avoid implicit brackets and re-indent. 2007-12-29 14:34:39 +00:00
nekral-guest
9923513271 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-29 14:17:06 +00:00
nekral-guest
60a422b284 newusers cleanups
main() split in new functions: process_flags(), check_flags(), check_perms(),
open_files(), and close_files().
2007-12-29 14:11:54 +00:00
nekral-guest
3c890a55d8 Avoid assignments in comparisons. 2007-12-29 11:34:31 +00:00
nekral-guest
37ccc0a3d4 Re-indent. 2007-12-29 11:19:39 +00:00
nekral-guest
a7cbfedc85 * Avoid implicit brackets.
* Avoid implicit conversion to booleans.
2007-12-29 11:06:35 +00:00
nekral-guest
2d771a97b7 Remove dead code. It was probably put here to add more
information to the audit_logger.
2007-12-29 10:50:03 +00:00
nekral-guest
6ca79a36b0 Avoid using a variable with the same name as a type. 2007-12-29 10:47:04 +00:00
nekral-guest
388dcee3e4 chage cleanups
* src/chage.c: Before pam_end(), the return value of the previous
	pam API was already checked. No need to validate it again.
	* src/chage.c: main() split in new functions: process_flags(),
	check_flags(), check_perms(), open_files(), and close_files().
2007-12-29 10:42:25 +00:00
nekral-guest
8563319b8b * src/chgpasswd.c: Avoid assignments in comparisons.
* src/chgpasswd.c: Avoid implicit brackets.
	* src/chgpasswd.c: Fix comments to match chgpasswd (group instead of
	user's passwords are changed).

	Fix the previous ChangeLog entries regarding chgpasswd.
2007-12-28 23:14:59 +00:00
nekral-guest
9fe450e216 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:59:17 +00:00
nekral-guest
28cd038c35 Same changes as for chpasswd:
* src/chpasswd.c: main() split in process_flags(), check_flags(),
	check_perms(), open_files(), and close_files().
2007-12-28 22:54:35 +00:00
nekral-guest
8dc959ea1f Avoid implicit brackets. 2007-12-28 22:34:14 +00:00
nekral-guest
f54464bcf6 Re-indent. 2007-12-28 22:31:45 +00:00
nekral-guest
05651a338e Re-indent. 2007-12-28 22:30:02 +00:00
nekral-guest
908e2cbcc7 Avoid assignments in comparisons. 2007-12-28 22:24:02 +00:00
nekral-guest
b9eec1ea49 Other new functions: open_files(), close_files().
This force flushing the password database after the password file is unlocked.
2007-12-28 22:18:55 +00:00
nekral-guest
566b357f99 New functions: process_flags(), check_flags(),
check_perms(). Split out of main().
2007-12-28 22:05:51 +00:00
nekral-guest
dc1dccd9e2 Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
2007-12-28 21:29:06 +00:00
nekral-guest
8dc4ca297c New function check_flags(). Split the validation of
options and arguments out of process_flags.
2007-12-28 21:04:04 +00:00
nekral-guest
605a338216 (main, check_perms): New function check_perms().
Split the validation of the user's permissions out of main()
2007-12-28 20:46:24 +00:00
nekral-guest
6d09b4ce4d (main): Before pam_end(), the return value of the previous pam API was already
checked. No need to validate it again.
2007-12-28 20:40:59 +00:00
nekral-guest
147c37789a Re-indent. 2007-12-28 20:35:05 +00:00
nekral-guest
ffa34c5afd (process_flags): prefer fail_exit to exit. This avoid
an explicit call to audit_logger().
2007-12-28 19:15:14 +00:00
nekral-guest
da37da30e1 I forgot the initialization of group_id in find_new_gid(). 2007-12-28 19:08:33 +00:00
nekral-guest
b4f6b853f8 * process_args renamed process_flags
* Add the options checks in process_flags (group_name, group ID uniqueness)
 * Add the parameters' names in the prototypes.
2007-12-28 11:22:27 +00:00
nekral-guest
cc1f6c10be Split the processing of options out of main(). 2007-12-28 10:41:22 +00:00
nekral-guest
08e09354b2 find_new_gid is never called when an
GID is specified with -g. Simplify find_new_gid accordingly.
2007-12-28 10:30:39 +00:00
nekral-guest
83b546beef (find_new_gid): If oflg is set, gflg is also set.
Use (!gflg), which is cleared than (!gflg || !oflg).
2007-12-28 10:19:21 +00:00
nekral-guest
b4071939e0 A group with the specified name cannot exist at that time in find_new_gid.
Remove the check.
2007-12-28 10:15:42 +00:00
nekral-guest
0a4424ef00 Avoid implict brackets. 2007-12-28 10:12:09 +00:00
nekral-guest
18a654d13b When compiled without AUDIT support, if the return code was E_SUCCESS,
fail_exit() wouldn't have exited. Fix the scope of #idef WITH_AUDIT.
2007-12-28 09:39:22 +00:00
nekral-guest
bfa8ef3e75 Avoid implicit conversions to booleans. 2007-12-27 21:56:45 +00:00
nekral-guest
b58df6280d Avoid assignment in comparisons. 2007-12-27 21:43:29 +00:00
nekral-guest
641d73ab83 Document check_list's return value. 2007-12-27 21:30:12 +00:00
nekral-guest
a77eb6b49d Avoid implicit brackets. 2007-12-27 21:28:50 +00:00
nekral-guest
c919701466 Simplify gpasswd's main():
Also split check_flags() out of main().
2007-12-27 21:19:57 +00:00
nekral-guest
c81bf3e06f Simplify gpasswd's main():
Split also get_group() and change_passwd() out of main().
2007-12-27 21:04:22 +00:00
nekral-guest
586181bf71 Simplify gpasswd's main():
New function: check_perms(). Split out of main() to simplify main().
2007-12-27 19:08:31 +00:00
nekral-guest
55d581d041 Simplify gpasswd's main():
New functions: open_files(), close_files(), update_group(). Split out
	from main() to simplify this (too) big function.
2007-12-27 18:52:40 +00:00
nekral-guest
f429f3e38d Simplify gpasswd's main():
New function: process_flags(). Split the processing of options out of main().
2007-12-27 18:27:57 +00:00
nekral-guest
7b05484494 gpasswd cleanup
* src/gpasswd.c: Add argument name to the internal function
	prototypes.
	* src/gpasswd.c: Document global variables.
2007-12-27 17:36:08 +00:00
nekral-guest
5714adb090 Recommend editing the shadowed (resp. regular) file if the regular (resp.
shadowed) file was edited.
2007-12-26 23:43:55 +00:00
nekral-guest
b44a6c316d If started as init, login and sulogin need to start a new session. 2007-12-26 22:36:54 +00:00
nekral-guest
f5461ff01e Merge Debian's patch 408_passwd_check_arguments
* NEWS, src/passwd.c: Make sure that no more than one username
	argument was provided.
2007-12-26 22:17:13 +00:00
nekral-guest
b77cef01a9 Re-indent. 2007-12-26 21:56:47 +00:00
nekral-guest
3a48f0954c Merge Debian's patch 412_lastlog_-u_numerical_range
* NEWS, src/lastlog.c, man/lastlog.8.xml: Accept numerical user, or
  ranges with the -u option.
* TODO: The same change should be done on faillog.
2007-12-26 21:54:04 +00:00
nekral-guest
fd970ab62c Merge Debian's patch 466_fflush-prompt
* libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c,
	src/pwck.c: move yes_or_no() from grpck/pwck to a separate
	libmisc/yesno.c (with a read_only argument).
	* libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before
	reading the user's answer.
2007-12-26 16:50:38 +00:00
nekral-guest
e663c696c2 su's arguments are now reordered. If needed, use -- to separate su's
options from the shell's options.
2007-12-26 15:10:48 +00:00
nekral-guest
3935d32676 Mention RedHat's patches for previous commits.
Merge RedHat's patch shadow-4.0.18.1-findNewUidOnce.patch:
	* src/useradd.c (usr_update): Do not call find_new_uid(). The UID was
	already either specified or found by another call to find_new_uid().
	* src/useradd.c (find_new_uid): Always start with uid_min (find_new_uid()
	is never called when user_id was already specified).
	* src/useradd.c (find_new_uid): Fix the comments (find_new_uid() is not
	called when the UID is specified (uflg)).
	* src/useradd.c (main): Only call find_new_uid() if (!oflg) and (!uflg).
	If uflg is set (but not oflg), check the UID uniqueness.
	* src/useradd.c (find_new_uid): Don't check the uid and user name
	uniqueness in find_new_uid(). The user name uniqueness is already checked
	during the parameter validation. UID uniqueness is also checked (see
	above).
	* src/useradd.c (find_new_uid): Don't check uflg in find_new_uid().
	* src/useradd.c (find_new_uid): Make sure that find_new_uid() is not
	called when uflg is set (assert).

Cleanups in find_new_gid:
	* src/useradd.c (find_new_gid): Check that gflg is not set (assert).
	* src/useradd.c (find_new_gid): Do not check the group name uniqueness
	(already checked in main).
	* src/useradd.c (find_new_gid): Avoid a "continue" in the loop.
	* src/useradd.c (find_new_gid): Remove irrelevant comments.
	* src/useradd.c (find_new_gid): Fix the function definition's comment.
2007-12-26 13:18:27 +00:00
nekral-guest
c57e8983ff Add option -l to avoid adding the user to the lastlog and faillog databases
Fix the release numbers for the current NEWS entries.
2007-12-26 10:15:20 +00:00
nekral-guest
20dfe6ba98 NO_GETPWENT is no more supported. Remove associated chunks of code. 2007-12-26 09:28:02 +00:00
nekral-guest
34ed03d978 * NEWS, configure.in: Prepare the 4.1.0 release.
* NEWS, src/chgpasswd.c: Use chgpasswd PAM policy file instead of
  chpasswd's one.
* NEWS: The login.defs variables are documented.
2007-12-09 22:54:53 +00:00
nekral-guest
9ac8c65e37 Make sure is_console is only defined when USE_PAM is not defined. 2007-12-08 23:27:35 +00:00
nekral-guest
6831c45533 Do not use tabulations in Usage strings. 2007-11-24 22:41:24 +00:00
nekral-guest
4d606cc690 * configure.in: New configure option: --with-sha-crypt enabled by
default. Keeping the feature enabled is safe. Disabling it permits
  to disable the references to the SHA256 and SHA512 password
  encryption algorithms from the usage help and manuals (in addition
  to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
  always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
  preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
  src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
  SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
  subset of the ENCRYPTMETHOD_SELECT sections).
2007-11-24 13:08:08 +00:00
nekral-guest
afbf2094a8 * Provide the crypt method to all the
crypt_make_salt invocations.
* Tag the ENCRYPTMETHOD_SELECT dependent code
  accordingly.
2007-11-24 00:26:31 +00:00
nekral-guest
2e782e3d7d * libmisc/salt.c: Make sure method is not NULL, defaulting to DES.
Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
  the system default define in /Etc/login.defs. Thanks to Dan
  Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
  DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
  dependent code accordingly.
2007-11-24 00:16:41 +00:00
nekral-guest
43b10b311a Applied patch shadow-utils-4.0.18.2-salt.patch. Thanks to Dan Kopecek <dkopecek@redhat.com> 2007-11-23 20:51:43 +00:00
nekral-guest
1cc6fd0d16 News options -c/--crypt-method -s/--sha-rounds to newusers.
Document also new login.defs variables.
2007-11-23 20:24:42 +00:00
nekral-guest
add1c18b2e * src/chpasswd.c: Added crypt method: NONE.
* src/chpasswd.c: Added --sha-rounds to the usage().
* libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c,
  src/chpasswd.c: New getlong function. Replace chpasswd's and
  chgpasswd's getnumber.
2007-11-23 20:09:57 +00:00
nekral-guest
a0488ccac2 * NEWS, src/gpasswd.c: Read the group and shadow groups using
gr_locate and sgr_locate. gpasswd write in the file database. Thus
  it should read information from the file database, not using
  getgrnam. The change to sgr_locate is just for consistency. This
  requires opening the group databases (read only) using
  gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
  option are changed, due to conditions.
2007-11-22 21:55:12 +00:00
nekral-guest
46ae2113b6 * Try harder to get the GID equal to the UID.
This was not the case when the GID is not specified, and a GID
  exist with an ID higher than the all the UIDs.
* Typo in comment: contrained -> constrained.
2007-11-21 21:27:44 +00:00
nekral-guest
6f7ed628e2 Compile fix (related to last commit on src/chgpasswd.c). 2007-11-21 20:28:13 +00:00
nekral-guest
fd0b22cb55 If the shadow group file is not present, do not try to locate the group
entry from /etc/gshadow, and set the password in /etc/group.
2007-11-20 20:59:42 +00:00
nekral-guest
9aa40bb96d * libmisc/obscure.c, libmisc/salt.c, src/passwd.c: Match DES, MD5,
SHA256, and SHA512 exactly (not only the first 3/6 chars).
* libmisc/salt.c (SHA_salt_rounds): Set rounds to the specified
  prefered_rounds value, if specified.
* src/gpasswd.c, libmisc/salt.c: Fix compilation warnings (use
  size_t for lengths).
* src/chpasswd.c, src/chgpasswd.c: Add missing parenthesis.
2007-11-20 20:00:16 +00:00
nekral-guest
a30c0a8192 The -c, -e, and -m options are exclusives. 2007-11-20 13:09:55 +00:00
nekral-guest
5cb462d767 Increase the size of crypt_passwd from 128 to 256 to avoid overflow in
case of SHA512 (161 should be sufficient).
2007-11-20 12:18:36 +00:00
nekral-guest
63a4e65ca1 Fix typo s/method/crypt_method/ 2007-11-20 12:10:55 +00:00
nekral-guest
90de228897 passwd also use crypt_make_salt(). 2007-11-20 09:51:36 +00:00
nekral-guest
0b695f5a76 * lib/prototypes.h, libmisc/salt.c: Add parameters to
crypt_make_salt to force the crypt method and number of rounds.
* libmisc/salt.c: Add parameter to SHA_salt_rounds to force the
  number of rounds.
* libmisc/salt.c, lib/getdef.c: ENCRYPT_METHOD and MD5_CRYPT_ENAB
  are needed also when USE_PAM (e.g. for chpasswd).
* src/newusers.c, src/gpasswd.c: Use the new crypt_make_salt prototype.
* src/chpasswd.c, src/chgpasswd.c: Add option -c, --crypt-method
  and -s, --sha-rounds to specify the crypt method and number of
  rounds in case of one of the SHA methods. The new prototype of
  crypt_make_salt simplifies the handling of -m, --md5.
2007-11-20 09:33:52 +00:00
nekral-guest
b8d8d0de00 Add support for SHA256 and SHA512 encrypt methods. Apply RedHat's patch
shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes
except re-indent and changes related to recent modifications (max_salt_len
in crypt_make_salt). Changes in lib/defines.h not applied (definition of
ENCRYPTMETHOD_SELECT). I will add a configure check or flag.
2007-11-19 22:14:19 +00:00
nekral-guest
39e5c0a1ab Fix some compilation warnings:
* src/login.c: "dereferencing type-punned pointer will break
   strict-aliasing rules", add a variable indirection: ptr_pam_user.
 * lib/commonio.c: do not initialize the sb stat structure.
 * lib/pwio.c, lib/shadowio.c, lib/sgroupio.c, lib/groupio.c:
   initialize the security context if WITH_SELINUX.
 * lib/nscd.c: The service argument is not const (used in the exec*
   parameters). This matches with the prototype definition.
 * src/groupmems.c: Avoid ++i when i is also used in the same line.
 * src/newusers.c: i is positive every time it is compared. Add
   cast to unsigned int.
 * src/nologin.c: Use a main() prototype with no arguments.
 * libmisc/getdate.y: Initialize the type and value fields of the
   terminating entry for each TABLE.
 * libmisc/tz.c: Use "TZ=CST6CDT" as the default timezone.
2007-11-19 20:25:36 +00:00
nekral-guest
dcedc12f36 Add forgotten files in the previous ChangeLog entry. 2007-11-18 23:20:02 +00:00
nekral-guest
9adfc136b6 * lib/prototypes.h, configure.in, libmisc/Makefile.am,
libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
  libmisc/xgetgrnam.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c:
  Added functions xgetpwnam(), xgetpwuid(), xgetgrnam(),
  xgetgrgid(), and xgetspnam(). They allocate memory for the
  returned structure and are more robust to successive calls. They
  are implemented with the libc's getxxyyy_r() functions if
  available.
* libmisc/limits.c, libmisc/entry.c, libmisc/chowntty.c,
  libmisc/addgrps.c, libmisc/myname.c, libmisc/rlogin.c,
  libmisc/pwdcheck.c, src/newgrp.c, src/login_nopam.c,
  src/userdel.c, src/lastlog.c, src/grpck.c, src/gpasswd.c,
  src/newusers.c, src/chpasswd.c, src/chfn.c, src/groupmems.c,
  src/usermod.c, src/expiry.c, src/groupdel.c, src/chgpasswd.c,
  src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c, src/pwck.c,
  src/groupadd.c, src/chage.c, src/login.c, src/suauth.c,
  src/faillog.c, src/groups.c, src/chsh.c, src/id.c: Review all the
  usage of one of the getpwnam(), getpwuid(), getgrnam(),
  getgrgid(), and getspnam() functions. It was noticed on
  http://bugs.debian.org/341230 that chfn and chsh use a passwd
  structure after calling a pam function, which result in using
  information from the passwd structure requested by pam, not the
  original one. It is much easier to use the new xget... functions
  to avoid these issues. I've checked which call to the original
  get... functions could be left (reducing the scope of the
  structure if possible), and I've left comments to ease future
  reviews (e.g. /* local, no need for xgetpwnam */).
  Note: the getpwent/getgrent calls should probably be checked also.
* src/groupdel.c, src/expiry.c: Fix typos in comments.
* src/groupmod.c: Re-indent.
* libmisc/Makefile.am, lib/groupmem.c, lib/groupio.c, lib/pwmem.c,
  lib/pwio.c, lib/shadowmem.c, lib/shadowio.c: Move the __<xx>_dup
  functions (used by the xget... functions) from the <xx>io.c files
  to the new <xx>mem.c files. This avoid linking some utils against
  the SELinux library.
2007-11-18 23:15:26 +00:00
nekral-guest
69525890db Fix typo introduced while fixing http://bugs.debian.org/451521 (compile fix). 2007-11-18 22:52:56 +00:00
nekral-guest
cd1089e6f0 Fix a typo in a comment. 2007-11-18 01:20:10 +00:00
nekral-guest
311f4baa27 Do not document the behavior compared to old versions. 2007-11-17 23:11:02 +00:00
nekral-guest
0743a7236d Same fixes as applied to usermod: refuse to unlock an account when it
would result in a passwordless account.
2007-11-17 22:05:31 +00:00
nekral-guest
85463e754d Refuse to unlock an account when it would result in a passwordless
account.  Based on Openwall's patch shadow-4.0.4.1-owl-usermod-unlock.diff
2007-11-17 22:02:22 +00:00
nekral-guest
5e438aa46c Make sure that the prefix is the name of a directory (not only the
beginning of a directory).
Openwall patch shadow-4.0.4.1-owl-userdel-path_prefix.diff.
2007-11-17 21:24:06 +00:00
nekral-guest
1f4488f963 * src/newgrp.c: Do not give an indication that the group has no
password.
* src/newgrp.c: Do not only bail on syslog if the password is not
  valid. Also give an indication to the user on stderr.
2007-11-17 21:03:33 +00:00
nekral-guest
225b096838 Remove a comment which states that an user shall provide a password to
switch to her group.
2007-11-17 20:41:49 +00:00
nekral-guest
8e568ef697 Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
* src/chage.c: Make chage -l also drop the saved GID.
 * src/chage.c: Prefer setregid/setreuid to setgid/setuid.
2007-11-17 20:28:32 +00:00
nekral-guest
24cfb1c158 * src/chage.c: Remove cleanup(). pw_lock is never called. Replace
cleanup(2) by spw_unlock and remove the calls to cleanup(1).
* src/chage.c: Remove variable pwrw. It is always set to 0. The
  password database is always read only.
2007-11-17 20:09:54 +00:00
nekral-guest
0fd1ed4517 Avoid terminating the PAM library in the forked child. This is done later
in the parent after closing the PAM session.
This fixes http://bugs.debian.org/412061.
Debian patch 405_su_no_pam_end_before_exec.
2007-11-17 17:19:44 +00:00
nekral-guest
be972d7db3 Fix typo: the warndays option was called warning. This is now warndays,
as documented in the manpage and usage.  Debian patch 417_passwd_warndays.
2007-11-17 16:57:37 +00:00
nekral-guest
fb6cb07a60 Remove the preprocessor check SHADOWPWD. The variable is no more defined
(and always assumed).  Debian patch 493_pwck_no_SHADOWPWD.
2007-11-17 16:50:26 +00:00
nekral-guest
e47ee90033 -l/-u options: edit the shadow account expiry field *in addition* to
editing the password field.  Debian patch 494_passwd_lock.
2007-11-17 16:40:39 +00:00
nekral-guest
5d2ca8b240 Do not request a password when a user uses newgrp to switch to her primary
group.  Debian patch 497_newgrp_primary_group.
2007-11-17 16:19:00 +00:00
nekral-guest
90ef765c2e Log an error if the password entry could not be
found (respect LOG_UNKFAIL_ENAB to avoid logging a password). This
fixes the Debian bug http://bugs.debian.org/451521
2007-11-17 16:05:54 +00:00
nekral-guest
e39a941413 Allow the -b option even without the -D option. 2007-11-17 15:07:59 +00:00
nekral-guest
87b5ce3036 Use the same error message for the below errors.
(option working ONLY if another is specified).
2007-11-17 14:49:39 +00:00
nekral-guest
af045a0733 Make usermod -o and -u work independently of the argument order. 2007-11-17 14:40:54 +00:00
nekral-guest
488184394e Validate that two of the -L, -p, and -U options are not used at the same
time after the parsing of options. -U used to be allowed after -p or -L,
but not before.
2007-11-17 14:33:26 +00:00
nekral-guest
71392cdc8f Make usermod -d and -m work independant of the argument order. Thanks to
Justin Pryzby <jpryzby+d@quoininc.com> for the patch. This fixes Debian's
bug #451518.
2007-11-17 14:21:05 +00:00
nekral-guest
6c2e7c124f Remove remaining return value in update_group. 2007-11-17 13:48:56 +00:00
nekral-guest
24e742d202 * src/usermod.c (fail_exit): Add static variables pw_locked,
spw_locked, gr_locked, and sgr_locked to indicate which files must
  be unlocked.
* src/usermod.c (open_files, close_files): Open and close the
  group files as well as the passwd files. This permit to check if
  the group files modification are allowed before writing the passwd
  files.
* src/usermod.c (grp_update, update_gshadow, update_group): Do not
  return a status code, but call fail_exit() in case of error. The
  group files are no more opened and closed in update_gshadow() and
  update_group().
* src/usermod.c (main): move the call to grp_update between
  open_files and close_files.
* src/usermod.c: Differentiate failure to add a group entry and
  failure to add a shadow group entry.
2007-11-17 11:42:47 +00:00
nekral-guest
326074388c Differentiate failure to update a group entry and failure to update a shadow group entry. 2007-11-17 11:31:06 +00:00
nekral-guest
9afe59af3e Inform the user if out of memory while updating a group database. 2007-11-16 23:39:42 +00:00
nekral-guest
7ecdf9b71f Update the group database before flushing the nscd caches. 2007-11-16 23:29:41 +00:00
nekral-guest
0325483ee4 Abort if an error is found while updating the user or group database. No
changes will be written in the databases.
2007-11-16 23:26:56 +00:00
nekral-guest
b370e1502e It is no more needed to check that the user's groups are specified only
once in the group file. This is checked by gr_update().
2007-11-16 23:05:24 +00:00
nekral-guest
449f17385a * libmisc/salt.c: Make sure the salt string is terminated at the
right place (either 8th, or 11th position).
 * NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
   not need 15 chars. No need for a temporary buffer.
   This change the fix committed on 2007-11-10. The salt provided to
   pw_encrypt could have been too long.
2007-11-16 19:02:00 +00:00
nekral-guest
e0edb7db17 Add support for systems with no innetgr(). On those systems, username
with an @ will be treated like any other username (i.e. lookup in the
local database for an user with an @). Thanks to Mike Frysinger for the
patch.
2007-11-16 11:32:42 +00:00
nekral-guest
690f7aee2e Indentation fix. 2007-11-16 10:50:38 +00:00
nekral-guest
8d527f156d Declare the child and pid variable at the beginning of a block. This
fixes a compilation issue with gcc 2.95. The intent is the same as
Gentoo's patch shadow-4.0.12-gcc2.patch.
2007-11-14 13:46:15 +00:00
nekral-guest
15f43716c1 Add a variable to set the suid permissions. This should simplify Gentoo's
patch shadow-4.0.11.1-perms.patch.
2007-11-14 13:32:25 +00:00
nekral-guest
b2120265fd Added the subversion svn:keywords property (Id) for proper identification. 2007-11-10 23:46:11 +00:00
nekral-guest
f9de15fdcf Don't ask for a password if there are no group passwords. Just directly
give up. This comes from the Fedora's patch shadow-4.0.13-newgrpPwd.patch,
and seems to be the only part with an effect.
2007-11-10 18:54:40 +00:00
nekral-guest
1bdb92706e Fix chpasswd and chgpasswd stack overflow. Based on Fedora's shadow-4.0.18.1-overflow.patch. 2007-11-10 18:48:23 +00:00
nekral-guest
6a051e1544 Allow non numerical group identifier to be specified with useradd's -g
option. Applied Debian patch 397_non_numerical_identifier. Thanks also to
Greg Schafer <gschafer@zip.com.au>.
2007-11-10 15:51:38 +00:00
bubulle
3ada732dc0 Mention the GNU origin of some parts from su. Debian patch 438 2007-10-27 13:50:40 +00:00
bubulle
84b79dd20d Merge Debian patch 402: clarify usermod "-a" help 2007-10-27 13:01:19 +00:00
bubulle
d059ef6780 No longer apologize to users 2007-10-27 12:46:30 +00:00
nekral-guest
e3f303fdb5 If compiled without PAM support, enforce the limits from /etc/limits when
one of the -, -l, or --login options is set, even if called by root.
Thanks to Justin Bronder.
2007-10-12 22:36:26 +00:00
nekral-guest
79bf2081fe Commit the last version from the PLD CVS repository.
(last changelog entry: 2007-02-01)
This also adds the files which were present in the CVS repository, but not
present in the shadow archives.
2007-10-07 14:36:51 +00:00
nekral-guest
0d93a36930 Remove generated files present in the shadow archives but not in the CVS
repository.
2007-10-07 13:59:23 +00:00
nekral-guest
c187b2be78 [svn-upgrade] Integrating new upstream version, shadow (4.0.18.1) 2007-10-07 11:48:07 +00:00
nekral-guest
5e20c4359f [svn-upgrade] Integrating new upstream version, shadow (4.0.18) 2007-10-07 11:47:57 +00:00
nekral-guest
8a78a8d68c [svn-upgrade] Integrating new upstream version, shadow (4.0.17) 2007-10-07 11:47:45 +00:00
nekral-guest
0fa9083026 [svn-upgrade] Integrating new upstream version, shadow (4.0.16) 2007-10-07 11:47:33 +00:00
nekral-guest
591830e43b [svn-upgrade] Integrating new upstream version, shadow (4.0.15) 2007-10-07 11:47:22 +00:00
nekral-guest
24178ad677 [svn-upgrade] Integrating new upstream version, shadow (4.0.14) 2007-10-07 11:47:11 +00:00
nekral-guest
8451bed8b0 [svn-upgrade] Integrating new upstream version, shadow (4.0.13) 2007-10-07 11:47:01 +00:00
nekral-guest
e89f3546f2 [svn-upgrade] Integrating new upstream version, shadow (4.0.12) 2007-10-07 11:46:52 +00:00
nekral-guest
1de90a599c [svn-upgrade] Integrating new upstream version, shadow (4.0.11.1) 2007-10-07 11:46:43 +00:00
nekral-guest
b48129fcbb [svn-upgrade] Integrating new upstream version, shadow (4.0.11) 2007-10-07 11:46:34 +00:00
nekral-guest
8c50e06102 [svn-upgrade] Integrating new upstream version, shadow (4.0.10) 2007-10-07 11:46:25 +00:00
nekral-guest
7c47e0fde3 [svn-upgrade] Integrating new upstream version, shadow (4.0.9) 2007-10-07 11:46:16 +00:00
nekral-guest
8e167d28af [svn-upgrade] Integrating new upstream version, shadow (4.0.8) 2007-10-07 11:46:07 +00:00
nekral-guest
0ee095abd8 [svn-upgrade] Integrating new upstream version, shadow (4.0.7) 2007-10-07 11:45:58 +00:00
nekral-guest
164b557066 [svn-upgrade] Integrating new upstream version, shadow (4.0.6) 2007-10-07 11:45:49 +00:00
nekral-guest
b0e078d9c8 [svn-upgrade] Integrating new upstream version, shadow (4.0.5) 2007-10-07 11:45:40 +00:00
nekral-guest
effd479bff [svn-upgrade] Integrating new upstream version, shadow (4.0.4) 2007-10-07 11:45:23 +00:00
nekral-guest
4903ce068e [svn-upgrade] Integrating new upstream version, shadow (4.0.3) 2007-10-07 11:45:14 +00:00
nekral-guest
37dc61340b [svn-upgrade] Integrating new upstream version, shadow (4.0.2) 2007-10-07 11:45:07 +00:00
nekral-guest
9db6abfa42 [svn-upgrade] Integrating new upstream version, shadow (4.0.1) 2007-10-07 11:44:59 +00:00
nekral-guest
3bc4996775 [svn-upgrade] Integrating new upstream version, shadow (4.0.0) 2007-10-07 11:44:51 +00:00
nekral-guest
4e3fe42600 [svn-upgrade] Integrating new upstream version, shadow (20001012) 2007-10-07 11:44:38 +00:00
nekral-guest
d6e9891ad7 [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:32 +00:00
nekral-guest
be1f391d2a [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:26 +00:00
nekral-guest
5cd76a407a [svn-upgrade] Integrating new upstream version, shadow (20000902) 2007-10-07 11:44:20 +00:00
nekral-guest
efd7efa9f1 [svn-upgrade] Integrating new upstream version, shadow (20000826) 2007-10-07 11:44:14 +00:00
nekral-guest
446e664caa [svn-upgrade] Integrating new upstream version, shadow (19990827) 2007-10-07 11:44:08 +00:00
nekral-guest
45c6603cc8 [svn-upgrade] Integrating new upstream version, shadow (19990709) 2007-10-07 11:44:02 +00:00