Merge RedHat's patch shadow-4.0.18.1-findNewUidOnce.patch:
* src/useradd.c (usr_update): Do not call find_new_uid(). The UID was
already either specified or found by another call to find_new_uid().
* src/useradd.c (find_new_uid): Always start with uid_min (find_new_uid()
is never called when user_id was already specified).
* src/useradd.c (find_new_uid): Fix the comments (find_new_uid() is not
called when the UID is specified (uflg)).
* src/useradd.c (main): Only call find_new_uid() if (!oflg) and (!uflg).
If uflg is set (but not oflg), check the UID uniqueness.
* src/useradd.c (find_new_uid): Don't check the uid and user name
uniqueness in find_new_uid(). The user name uniqueness is already checked
during the parameter validation. UID uniqueness is also checked (see
above).
* src/useradd.c (find_new_uid): Don't check uflg in find_new_uid().
* src/useradd.c (find_new_uid): Make sure that find_new_uid() is not
called when uflg is set (assert).
Cleanups in find_new_gid:
* src/useradd.c (find_new_gid): Check that gflg is not set (assert).
* src/useradd.c (find_new_gid): Do not check the group name uniqueness
(already checked in main).
* src/useradd.c (find_new_gid): Avoid a "continue" in the loop.
* src/useradd.c (find_new_gid): Remove irrelevant comments.
* src/useradd.c (find_new_gid): Fix the function definition's comment.
* man/chpasswd.8.xml, man/chgpasswd.8.xml: Document the NONE crypt
method.
* man/login.defs.d/MAIL_DIR.xml: Add comment regarding useradd not
using MAIL_FILE.
* man/login.defs.d/ERASECHAR.xml, man/login.defs.d/KILLCHAR.xml,
man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/ENV_HZ.xml,
man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
These variables are also used by some tools when compiled with PAM
support.
* man/login.defs.d/ENV_HZ.xml: Add note that it is only used by
sulogin when compiled with PAM support.
* man/login.defs.d/ENV_SUPATH.xml: Typos: ENV_PATH -> ENV_SUPATH,
and mention sbin in the path.
* man/login.defs.d/LOGIN_STRING.xml: Fix typo: confition ->
condition.
* man/sg.1.xml: Add CONFIGURATION section (SYSLOG_SG_ENAB).
* man/su.1.xml: ENV_HZ, LOGIN_STRING, MAIL_DIR, USERGROUPS_ENAB
are only used when su is compiled without PAM support.
* man/login.defs.5.xml: Added variables: OBSCURE_CHECKS_ENAB
PASS_ALWAYS_WARN PASS_CHANGE_TRIES SULOG_FILE SU_NAME
SU_WHEEL_ONLY SYSLOG_SG_ENAB SYSLOG_SU_ENAB.
* man/login.defs.5.xml: ENVIRON_FILE is only used when compiled
without PAM support.
* man/login.defs.5.xml: sulogin uses variables even when compiled
with PAM support.
* man/login.1.xml: ENV_HZ ENV_PATH ENV_SUPATH MAIL_DIR UMASK are
only used when login is not compiled with PAM support.
man/po/POTFILES.in, man/Makefile.am: Generate the PO files for the
manpages in the man/po directory (instead of man/<lang>). Use a
Makefile.in.in based on gettext's one. This ensure that the PO are
generated before being used in the <lang> directories.
* man/generate_mans.mak, man/generate_translations.mak,
man/Makefile.am: New makefile for the generation of manpages from
XML (generate_mans.mak). This avoid duplicate chunks in
generate_translations.mak and Makefile.am
* man/de/de.po, man/fr/fr.po, man/it/it.po, man/pl/pl.po,
man/ru/ru.po, man/sv/sv.po: Moved to...
* man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po,
man/po/ru.po, man/po/sv.po: ... here.
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).
password longer than 13 chars. This protects against the GNU crypt() which
does not return NULL if the algorithm is not supported, and return a DES
encrypted password.
Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
the system default define in /Etc/login.defs. Thanks to Dan
Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
dependent code accordingly.
* src/chpasswd.c: Added --sha-rounds to the usage().
* libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c,
src/chpasswd.c: New getlong function. Replace chpasswd's and
chgpasswd's getnumber.
users. (was sometimes <emphasis remap='I'>)
* Use <option> vor the variable names. This
makes the manpage much more readable.
* (ENCRYPT_METHOD, MD5_CRYPT_ENAB,
SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS): Mention that command
line option may supersede the system setting.
* Document the variables used by chpasswd
and chgpasswd.
variable: MAX_MEMBERS_PER_GROUP. Used for the split groups support.
* lib/commonio.c, lib/commonio.h: Add an open_hook and close_hook
operation. They are called after the database is actually opened
and parse, or before it is closed.
* lib/groupio.c: Add an open_hook to merge split groups, and an
close group to split groups if MAX_MEMBERS_PER_GROUP is set.
This fixes gpasswd and chgpasswd when split groups are used.
* lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: No open or close
hooks for these databases. (unsure about what should be the gshadow
behavior for split groups)
gr_locate and sgr_locate. gpasswd write in the file database. Thus
it should read information from the file database, not using
getgrnam. The change to sgr_locate is just for consistency. This
requires opening the group databases (read only) using
gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
option are changed, due to conditions.
generation of manpages.
* man/generate_translations.mak: Added pam/no_pam condition (like
in man/Makefile.am).
* man/Makefile.am, man/generate_translations.mak: Added
gshadow/no_gshadow condition.
* man/gpasswd.1.xml: Use the gshadow/no_gshadow condition to
change the manpage depending on the shadow group support.
and /etc/passwd to section FILES.
* man/newusers.8.xml: Mentions that PAM is not used to set the
passwords.
* man/chpasswd.8.xml: Added section FILES (/etc/passwd,
/etc/shadow, /etc/login.defs).
* man/chpasswd.8.xml: Use the same paragraph as in newusers.8.xml
to indicate that PAM is not used.
* man/chgpasswd.8.xml: Added section FILES (/etc/group,
/etc/gshadow, /etc/login.defs).
This was not the case when the GID is not specified, and a GID
exist with an ID higher than the all the UIDs.
* Typo in comment: contrained -> constrained.
SHA256, and SHA512 exactly (not only the first 3/6 chars).
* libmisc/salt.c (SHA_salt_rounds): Set rounds to the specified
prefered_rounds value, if specified.
* src/gpasswd.c, libmisc/salt.c: Fix compilation warnings (use
size_t for lengths).
* src/chpasswd.c, src/chgpasswd.c: Add missing parenthesis.