Commit Graph

511 Commits

Author SHA1 Message Date
nekral-guest
5331930716 * src/usermod.c: Likewise for the faillog and lastlog file. 2009-03-21 19:25:02 +00:00
nekral-guest
96c7b12bc4 * src/useradd.c: Likewise for the default file, faillog, lastlog,
and mail spool.
2009-03-21 19:18:06 +00:00
nekral-guest
a8e9fc86eb * src/groupmod.c: Embed gshadow related cleanup in #ifdef
SHADOWGRP.
2009-03-15 21:38:08 +00:00
nekral-guest
a402c4db3b * src/usermod.c: get_number() replaced by getlong().
* src/usermod.c: When the user is renamed, make sure we do not
	override an user with the same name (in passwd or shadow).
2009-03-15 21:34:20 +00:00
nekral-guest
780af2653a * src/gpasswd.c: log_gpasswd_success_gshadow is in the cleanup
stack only when the shadow group file is present.
2009-03-15 21:32:26 +00:00
nekral-guest
9372111aaa * NEWS, src/userdel.c: Make sure the user exists in the shadow
database before calling spw_remove().
	* NEWS, src/userdel.c: When the user's group is removed, make sure
	the group is in the gshadow database before calling sgr_remove().
	* src/userdel.c: Improve warning's wording.
2009-03-15 21:29:16 +00:00
nekral-guest
730fc8fc33 * src/faillog.c: Added support for the specification of a range of
users with -u.
	* src/faillog.c: Do not call print_one() for users which do not
	exist.
	* src/faillog.c: Make sure the user's entry is not outside the
	faillog file and initialize the faillog structure in that case.
	* src/faillog.c: Move print_one() closer to print().
	* src/faillog.c: reset(), setmax(), set_locktime() can also change
	entries of user which do not exist.
	* src/faillog.c: reset(), setmax() and set_locktime() shall not
	create entries for users which have no entries if the value has to
	be set to 0.
	* src/faillog.c: reset(), setmax() and set_locktime(): better
	handling of users whose entry is outside the faillog file.
	* src/faillog.c: Improved option handling. Options can now be
	specified in any order.
	* src/faillog.c: Improved warnings when options are not
	compatible or when the faillog cannot be open with the right mode.
	* src/faillog.c: Only fstat the faillog file once.
	* man/faillog.8.xml: Improved documentation.
2009-03-13 22:49:20 +00:00
nekral-guest
fafe281d31 * src/useradd.c, man/useradd.8.xml: Added long name for the -l
option: --no-log-init.
2009-03-13 22:30:38 +00:00
nekral-guest
f98b47eb55 * src/chpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
	* src/chgpasswd.c: Make sure the SHA related variables is not
	compiled when disabled at configuration time.
	* src/chgpasswd.c: Fix the test for getlong() failure.
2009-03-13 22:28:27 +00:00
nekral-guest
e3e64317e8 * src/newusers.c: Make sure the SHA related variables are not
compiled when disabled at configuration time.
	* src/newusers.c: Added FIXME
2009-03-13 22:26:35 +00:00
nekral-guest
f2c8017df4 * src/gpasswd.c: Remove the documentation of options from the
main() documentation. It will always be outdated here.
2009-03-13 22:21:26 +00:00
nekral-guest
bf9036d27a * src/lastlog.c: lastlog variable renamed to ll to avoid name
clash with the structure.
	* src/lastlog.c: check the offset in print_one() so that it is
	used for the display of one entry or a set of entries.
	* src/lastlog.c: Do not loop over the whole user database when -u
	is used with a single user.
	* src/lastlog.c: Check the size of the lastlog file so that we
	can identify failures to read.
2009-03-13 22:20:20 +00:00
nekral-guest
1dc04372df Compile fixes. Fixes warnings. 2009-03-08 23:30:25 +00:00
nekral-guest
27153ae92b * src/gpasswd.c: log_gpasswd_success_gshadow only exists ifdef
SHADOWGRP.
2009-03-08 23:29:46 +00:00
nekral-guest
28d7f83c87 * NEWS, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/groupadd.c: Make sure no user or group are
	created with an ID set to -1.
2009-03-08 20:43:15 +00:00
nekral-guest
c9121d025f * NEWS, src/grpck.c, src/pwck.c: Issue a warning if an ID is set
to -1.
2009-03-08 20:28:55 +00:00
nekral-guest
f2d6449374 * NEWS, src/gpasswd.c: Only report success to audit and syslog
when the changes are committed to the system. Do not log failure
	for on-memory changes to audit or syslog. Make sure failures and
	inconsistencies will be reported in case of unexpected failures
	(e.g. malloc failures). Only specify an audit message if it is not
	implicitly implied by the type argument. Removed fail_exit
	(replaced by atexit(do_cleanups)). Log failures in case of
	permission denied.
2009-01-26 22:03:37 +00:00
nekral-guest
d8c9236a18 * NEWS, src/su.c: Preserve COLORTERM in addition to TERM when su
is called with the -l option.
2009-01-06 20:13:31 +00:00
nekral-guest
3cb730bcfe * src/Makefile.am: Only link with the needed library. When
compiled with PAM support, chfn, chsh, login, newgrp, passwd, and
	su do not need the libcrypt library.
2008-12-23 00:44:29 +00:00
nekral-guest
915ec6531a * src/groupdel.c: Remove the fail_exit () declaration. 2008-12-22 23:23:14 +00:00
nekral-guest
1df7433e44 Fix typo. 2008-12-22 22:13:50 +00:00
nekral-guest
0bd396011a * src/gpasswd.c: Fix the support for usernames with arbitrary
length.
2008-12-22 22:13:23 +00:00
nekral-guest
9d977dba8e * src/groupdel.c: Re-indent. 2008-12-22 22:07:12 +00:00
nekral-guest
ad7a108d60 * src/groupmod.c: Re-indent.
* src/groupmod.c: Do not add the command synopsis to the main ()
	documentation. This avoids outdated information.
2008-12-22 22:06:27 +00:00
nekral-guest
fca6aeeea2 * src/groupadd.c: Re-indent. 2008-12-22 22:03:34 +00:00
nekral-guest
5b8ff14caf * libmisc/audit_help.c: Added audit_logger_message() to log
messages not related to an account.
	* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
	libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
	cleanup functions to be executed on exit.
	* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
	report success to audit and syslog when the changes are committed
	to the system. Do not log failure for on-memory changes to audit
	or syslog. Make sure failures and inconsistencies will be reported
	in case of unexpected failures (e.g. malloc failures). Only
	specify an audit message if it is not implicitly implied by the
	type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
2008-12-22 21:52:43 +00:00
nekral-guest
a438c2f184 * NEWS, src/gpasswd.c: Added support usernames with arbitrary
length.
2008-12-15 21:54:53 +00:00
nekral-guest
93358ac3de * src/su.c: (!USE_PAM) Provide visible information indicating that
su was denied.
2008-11-23 12:10:21 +00:00
nekral-guest
a324a7f13f * NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
	entry if the pid matches and ut_line matches with the current tty.
	This fixes a possible DOS when entries can be forged in the utmp
	file.
	* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
	tty argument from chown_tty. chown_tty always changes stdin and
	does not need this argument anymore.
2008-11-22 23:56:11 +00:00
nekral-guest
4d49f543dd * src/login.c: Always check the return value of the pam_* APIs. 2008-09-20 21:17:26 +00:00
nekral-guest
d400af51fa * src/login.c, man/login.1.xml: the username is not an optional
parameter of -f. Fix the getopt optstring, remove the parsing of
	username in the -f processing block, and remove unnecessary checks
	(username cannot be parsed twice anymore), better documentation of
	the synopsis.
2008-09-20 20:20:19 +00:00
nekral-guest
c8d2175981 * src/login.c: Erase the username later since it it used for the
fake password check (in case of empty password).
2008-09-20 20:05:22 +00:00
nekral-guest
11c7543c76 * src/login.c: Explicitly tag the end of the #ifdef RLOGIN
sections.
2008-09-20 20:03:04 +00:00
nekral-guest
29d4533047 * src/login.c: Check that no username is specified with -r.
* src/login.c: Make sure a username is specified with -f.
2008-09-20 20:00:51 +00:00
nekral-guest
c813e692a2 * src/login.c: Copy the name of the user authenticated by PAM to
username. This simplify later logging (avoid USE_PAM
	conditional).
2008-09-20 19:54:35 +00:00
nekral-guest
65e32d850c * src/login.c: Use a dynamic buffer for usernames. 2008-09-20 19:44:12 +00:00
nekral-guest
9f2ce12b28 * src/login.c: Existence of pam_user was already checked. pwd was
already copied to pwent. Remove duplicated code.
2008-09-20 16:23:04 +00:00
nekral-guest
f4860274be * src/login.c: check_flags() renamed process_flags(). All flag
processing blocs moved to process_flags().
2008-09-20 16:21:46 +00:00
nekral-guest
6b17118e72 * src/logoutd.c, src/userdel.c: Re-indent. This helps pmccabe. 2008-09-20 14:56:10 +00:00
nekral-guest
54a0762bbb * src/login.c: Re-indent. 2008-09-20 14:39:09 +00:00
nekral-guest
1e3f19ad89 * src/login.c: Add missing closing }. This was probably never
noticed because UT_ADDR is never defined.
2008-09-20 14:21:51 +00:00
nekral-guest
5b73a0492d * src/login.c: Do not mix USE_PAM and !USE_PAM code. 2008-09-20 14:17:20 +00:00
nekral-guest
9fa519c983 * src/login.c: Use failent_user to log to audit. username is the
caller, not the user login tries to authenticate.
	* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
	be more precise (name must be unique, uid might not be).
2008-09-20 13:20:31 +00:00
nekral-guest
f3df48ab4f * src/useradd.c: Added missing declaration of Mflg.
* src/pwck.c: Only unlock files if they were locked before (e.g.
	not in read-only mode).
	* src/pwck.c: Quote the username in error messages (harmonization
	with other messages).
	* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
	* libmisc/find_new_gid.c: Likewise.
2008-09-14 13:42:10 +00:00
nekral-guest
5df1f2f683 * libmisc/setugid.c, src/login_nopam.c, src/suauth.c,
lib/getdef.c: Replace the %m format string by strerror(). This
	avoids errno to be reset between the system call error and the
	report function.
2008-09-13 18:03:50 +00:00
nekral-guest
b18d46e68d * NEWS, etc/login.defs: New CREATE_HOME variable to tell useradd
to create a home directory for new users.
	* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
	and CREATE_HOME usage. System accounts are not impacted by
	CREATE_HOME.
	* man/useradd.8.xml: Indicate that a new group is created by
	default.
	* src/useradd.c: Removed TODO item (moved to the TODO file).
2008-09-13 11:55:41 +00:00
nekral-guest
bab84a13ff Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
	src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
	src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
	src/chsh.c: If the username cannot be determined, report it as
	such (not a PAM authentication failure).
2008-09-06 23:46:44 +00:00
nekral-guest
4976708c00 * src/gpasswd.c: Document the long options in the usage. 2008-09-06 22:20:19 +00:00
nekral-guest
f8aef607ae * configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
	account management tools: chage, chgpasswd, chpasswd, groupadd,
	groupdel, groupmod, useradd, userdel, usermod.
	* src/Makefile.am: Do not link the above tools with libpam if
	account-tools-setuid is disabled.
	* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
	src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
	src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
	(--enable-account-tools-setuid).
	* etc/pam.d/Makefile.am: Install the pam service file for the
	above tools only when needed.
	* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
	needed to initialize retval to PAM_SUCCESS.
2008-09-06 21:35:37 +00:00
nekral-guest
70cf08329b * src/groupmems.c: Call open_files() and close_files().
* src/groupmems.c: Always call check_perms(), which takes care of
	checking if --list is used.
2008-09-06 16:27:21 +00:00