Commit Graph

1045 Commits

Author SHA1 Message Date
nekral-guest
fca6aeeea2 * src/groupadd.c: Re-indent. 2008-12-22 22:03:34 +00:00
nekral-guest
5b8ff14caf * libmisc/audit_help.c: Added audit_logger_message() to log
messages not related to an account.
	* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
	libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
	cleanup functions to be executed on exit.
	* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
	report success to audit and syslog when the changes are committed
	to the system. Do not log failure for on-memory changes to audit
	or syslog. Make sure failures and inconsistencies will be reported
	in case of unexpected failures (e.g. malloc failures). Only
	specify an audit message if it is not implicitly implied by the
	type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
2008-12-22 21:52:43 +00:00
nekral-guest
a438c2f184 * NEWS, src/gpasswd.c: Added support usernames with arbitrary
length.
2008-12-15 21:54:53 +00:00
nekral-guest
66cb5b33ad * configure.in: Fix the "$enable_acct_tools_setuid" = "yes" test. 2008-11-30 01:32:38 +00:00
nekral-guest
c28c443d8f * NEWS, configure.in, libmisc/chkname.c: make group max length a
configure option.  The configure behavior encoded is:
	<no option> -> default of 16 (like today);
	--with-group-name-max-length -> default of 16;
	--without-group-name-max-length -> no max length;
	--with-group-name-max-length=n > max is set to n.
2008-11-30 01:29:40 +00:00
nekral-guest
93358ac3de * src/su.c: (!USE_PAM) Provide visible information indicating that
su was denied.
2008-11-23 12:10:21 +00:00
nekral-guest
0667aee3cc * man/ja/login.1: Fix the path of the utmp and wtmp files. 2008-11-23 00:16:53 +00:00
nekral-guest
2297508f13 * man/su.1.xml: Fix the su synopsis. username is referenced in the
manpage, not LOGIN.
2008-11-23 00:16:10 +00:00
nekral-guest
1a04bbb044 * libmisc/chowntty.c: Only closelog() when failure cause an exit. 2008-11-23 00:06:56 +00:00
nekral-guest
cf31f05cfb * libmisc/chowntty.c: Improve the logs for fchown and fchmod
failures.
2008-11-23 00:05:39 +00:00
nekral-guest
2b290e7abb * libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:51 +00:00
nekral-guest
a324a7f13f * NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:11 +00:00
nekral-guest
eb4097180b * NEWS, libmisc/chowntty.c: Fix a race condition that could lead to
gaining ownership or changing mode of arbitrary files.
2008-11-22 23:22:16 +00:00
nekral-guest
8d7e1faebf Added todo items for pwck. 2008-10-11 13:15:29 +00:00
nekral-guest
c0311206c8 * man/gshadow.5.xml, man/shadow.5.xml, man/passwd.5.xml,
man/grpck.8.xml: Sorted SEE ALSO references.
	* man/gshadow.5.xml: Added reference to grpck(8) and grpconv(8).
	* man/pwck.8.xml: Added reference to grpck(8).
	* man/shadow.5.xml: Added reference to pwck(8).
	* man/passwd.5.xml: Added reference to pwck(8).
	* man/grpck.8.xml: Added reference to pwck(8).
2008-10-11 12:59:02 +00:00
nekral-guest
4b2f537795 * man/*.xml, man/login.defs.d/*.xml: Added copyright and licence
header.
2008-10-11 11:44:43 +00:00
nekral-guest
4d49f543dd * src/login.c: Always check the return value of the pam_* APIs. 2008-09-20 21:17:26 +00:00
nekral-guest
d400af51fa * src/login.c, man/login.1.xml: the username is not an optional
parameter of -f. Fix the getopt optstring, remove the parsing of
	username in the -f processing block, and remove unnecessary checks
	(username cannot be parsed twice anymore), better documentation of
	the synopsis.
2008-09-20 20:20:19 +00:00
nekral-guest
c8d2175981 * src/login.c: Erase the username later since it it used for the
fake password check (in case of empty password).
2008-09-20 20:05:22 +00:00
nekral-guest
11c7543c76 * src/login.c: Explicitly tag the end of the #ifdef RLOGIN
sections.
2008-09-20 20:03:04 +00:00
nekral-guest
29d4533047 * src/login.c: Check that no username is specified with -r.
* src/login.c: Make sure a username is specified with -f.
2008-09-20 20:00:51 +00:00
nekral-guest
c813e692a2 * src/login.c: Copy the name of the user authenticated by PAM to
username. This simplify later logging (avoid USE_PAM
	conditional).
2008-09-20 19:54:35 +00:00
nekral-guest
65e32d850c * src/login.c: Use a dynamic buffer for usernames. 2008-09-20 19:44:12 +00:00
nekral-guest
9f2ce12b28 * src/login.c: Existence of pam_user was already checked. pwd was
already copied to pwent. Remove duplicated code.
2008-09-20 16:23:04 +00:00
nekral-guest
f4860274be * src/login.c: check_flags() renamed process_flags(). All flag
processing blocs moved to process_flags().
2008-09-20 16:21:46 +00:00
nekral-guest
6b17118e72 * src/logoutd.c, src/userdel.c: Re-indent. This helps pmccabe. 2008-09-20 14:56:10 +00:00
nekral-guest
54a0762bbb * src/login.c: Re-indent. 2008-09-20 14:39:09 +00:00
nekral-guest
1e3f19ad89 * src/login.c: Add missing closing }. This was probably never
noticed because UT_ADDR is never defined.
2008-09-20 14:21:51 +00:00
nekral-guest
5b73a0492d * src/login.c: Do not mix USE_PAM and !USE_PAM code. 2008-09-20 14:17:20 +00:00
nekral-guest
9fa519c983 * src/login.c: Use failent_user to log to audit. username is the
caller, not the user login tries to authenticate.
	* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
	be more precise (name must be unique, uid might not be).
2008-09-20 13:20:31 +00:00
nekral-guest
c71e7861ed * man/passwd.1.xml: passwd cannot change the full name of the
user, the user's login shell; but it can change the account or
	password validity period. Thanks to Reuben Thomas.
2008-09-20 10:53:00 +00:00
nekral-guest
f3df48ab4f * src/useradd.c: Added missing declaration of Mflg.
* src/pwck.c: Only unlock files if they were locked before (e.g.
	not in read-only mode).
	* src/pwck.c: Quote the username in error messages (harmonization
	with other messages).
	* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
	* libmisc/find_new_gid.c: Likewise.
2008-09-14 13:42:10 +00:00
nekral-guest
5df1f2f683 * libmisc/setugid.c, src/login_nopam.c, src/suauth.c,
lib/getdef.c: Replace the %m format string by strerror(). This
	avoids errno to be reset between the system call error and the
	report function.
2008-09-13 18:03:50 +00:00
nekral-guest
0833bc3cc0 * lib/commonio.c: Ignore the return value of umask() when the mask
is set to the old value.
2008-09-13 11:55:50 +00:00
nekral-guest
b18d46e68d * NEWS, etc/login.defs: New CREATE_HOME variable to tell useradd
to create a home directory for new users.
	* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
	and CREATE_HOME usage. System accounts are not impacted by
	CREATE_HOME.
	* man/useradd.8.xml: Indicate that a new group is created by
	default.
	* src/useradd.c: Removed TODO item (moved to the TODO file).
2008-09-13 11:55:41 +00:00
nekral-guest
d1f92a2225 * po/cs.po: Updated Czech translation.
Thanks to Miroslav Kuře
2008-09-13 11:55:30 +00:00
nekral-guest
a279244709 * man/login.defs.d/USERGROUPS_ENAB.xml: Fix typo: new <para> tag
before the previous one is closed. This caused a missng
	explanation for USERGROUPS_ENAB.
2008-09-13 11:55:20 +00:00
nekral-guest
b12db09e31 * man/groupadd.8.xml: Remove the list of (short) options from the
SYNOPSIS. Replaced with [options] for consistency with other tools
	and maintainability.
2008-09-13 11:55:08 +00:00
nekral-guest
4d6385633f New TODO item.
useradd:
  - Add support for -K in -D mode
2008-09-13 11:54:58 +00:00
nekral-guest
8c060833c8 From RedHat's patch shadow-4.1.2-sysAccountDownhill.patch
Thanks to Peter Vrabec.
	* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
	index of used IDs to avoid a database request for each id in the
	allowed range (when the highest allowed ID is already used).
	This speedups the addition of users or groups when the highest
	allowed ID is already used. The additional memory usage of the
	tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
	reasonable number.
2008-09-13 11:54:49 +00:00
nekral-guest
70c9eeff05 * configure.in: Fix the dependency of ACCT_TOOLS_SETUID on
USE_PAM. Build failed with --without-libpam.
2008-09-07 20:40:41 +00:00
nekral-guest
f91b828708 * libmisc/copydir.c: Call utimes() after closing the file. 2008-09-07 00:51:17 +00:00
nekral-guest
828e9d095e * libmisc/copydir.c, configure.in: Check for the presence of
st_mtim and st_mtimensec, as for st_atim and st_atimensec.
2008-09-07 00:05:38 +00:00
nekral-guest
bab84a13ff Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
	src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: If the username cannot be determined, report it as
	such (not a PAM authentication failure).
2008-09-06 23:46:44 +00:00
nekral-guest
49f0d8b680 Support for blowfish was requested twice.
Add link to a patch for libxcrypt.
2008-09-06 22:52:35 +00:00
nekral-guest
4976708c00 * src/gpasswd.c: Document the long options in the usage. 2008-09-06 22:20:19 +00:00
nekral-guest
761cdf5dfc Remove done item:
- groupmems: 
  - need some work on add PAM and i18n support.
- userdel:
  - add lookop and remove per user group.
2008-09-06 21:53:12 +00:00
nekral-guest
2fb1dbfcd1 Remove done item:
PAM: add support for customization of the PAM support (i.e.
	support the Debian PAM configuration)
2008-09-06 21:50:15 +00:00
nekral-guest
8b3029e430 * NEWS: Added configure --enable-account-tools-setuid (default) /
--disable-account-tools-setuid options. This permits to disable
	the PAM authentication of the caller for chage, chgpasswd,
	chpasswd, groupadd, groupdel, groupmod, newusers, useradd,
	userdel, and usermod.  This authentication is not necessary when
	these tools are not installed setuid root.
2008-09-06 21:42:26 +00:00
nekral-guest
f8aef607ae * configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
	account management tools: chage, chgpasswd, chpasswd, groupadd,
	groupdel, groupmod, useradd, userdel, usermod.
	* src/Makefile.am: Do not link the above tools with libpam if
	account-tools-setuid is disabled.
	* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
	src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
	src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
	(--enable-account-tools-setuid).
	* etc/pam.d/Makefile.am: Install the pam service file for the
	above tools only when needed.
	* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
	needed to initialize retval to PAM_SUCCESS.
2008-09-06 21:35:37 +00:00