man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
man/groupmod.8.xml: Added warning: passwords set with these tools
may not respect the password policy.
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
running.
shell as a shell script when the direct execution of the user's
shell failed with ENOEXEC and the user's shell has a shebang. The
interpreter might not be the right one. Executing the user's
shell with sh -c might be better, but I'm not sure we should try
harder when there is a failure. Note: The removed code was only
included #ifndef __linux__.
with a NULL argument.
* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
was not meant as a storage for a path.
* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
of fgets errors. Lines shall end with a \n, unless we reached the
end of file.
* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
length. Added readlink_malloc().
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
man/login.defs.d/MD5_CRYPT_ENAB.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
enabled versions. These variables are only used for group
passwords in this case.
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
non_interactive_password and non_interactive_pam_conv do not need
to be externally visible.
* libmisc/pam_pass_non_interractive.c: Added declaration of
ni_conv.
* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
Added do_pam_passwd_non_interractive().
* src/chpasswd.c: Use do_pam_passwd_non_interractive().
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
* man/chpasswd.8.xml: Differentiate the files and configurations
needed for PAM and non PAM versions.
instead of only the username.
* src/chpasswd.c: PAM enabled chpasswd do may change the password
database (for the user where the password update succeeded) even
if there were a failure for one user. Do not indicate that changes
were ignored.
unlink() in case of failure of fopen_set_perms() or
create_backup().
* lib/commonio.c: Should the backup file be unlink'ed in case of
failure of create_backup()?
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
EXIT_SUCCESS instead of 0.
* libmisc/audit_help.c: Replace an fprintf() by fputs().
* libmisc/audit_help.c: Remove documentation of the audit_logger
returned values. The function returns void.
* libmisc/system.c: Only return status if waitpid succeeded.
Return -1 otherwise.
with PAM.
* src/chpasswd.c: Split the usage string in smaller parts to
allows enabling single parts.
* src/chpasswd.c: Do not set a global lock on the password files.
This is done by PAM each time a password is updated.
man/useradd.8.xml: Added note to warn about insecurity in using
--password.
* man/groupmod.8.xml: Removed not regarding default if --password
is not used. This was a cut&paste from groupadd.8.xml.
* man/passwd.1.xml: Split some paragraphs.
* man/passwd.1.xml: Recommend other encryption methods than DES.
* libmisc/copydir.c: Added assert to help splint.
* libmisc/copydir.c: Free allocated structures in cas of failure.
* libmisc/copydir.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/copydir.c: Use buffers of size PATH_MAX instead of 1024
for filenames.
* libmisc/copydir.c: Use fchmod and fchown to change the mode of
the opened file.
* libmisc/copydir.c: Indicate the mode to open(), even if we chmod
later.
* src/useradd.c: Replace peror by an strerror and avoid an
intermediate buffer.
* src/useradd.c: Save errno between the failure and the report by
perror/strerror.
* src/useradd.c: Prefer xmalloc to malloc.
limit with getlog() / getulong(). This also means, in case of
non-PAM enabled systems, that the umask specified on the GECOS
fields should start with a 0 if specified in octal. (it used to be
force to octal). Do the appropriate cast and range checking.
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
splint annotations. The *_locate() and *_next() functions
currently return an observer. As the structure are often modified
by the caller, it could maybe be changed to exposed later. (and
non-const).
* src/newgrp.c: audit_buf is only used in newgrp. Make it static.
* src/newgrp.c: Ignore the return value of fputs().
* src/newgrp.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/setupenv.c: Added brackets and parenthesis.
* libmisc/setupenv.c: Ignore the return value of fclose (file
opened read-only)
* libmisc/setupenv.c: Ignore the return value of puts().
* libmisc/setupenv.c:Avoid implicit conversion of pointers to
booleans.
* libmisc/age.c: Added brackets and parenthesis.
* libmisc/age.c: Ignore the return value of fclose (file opened
read-only)
* libmisc/age.c: Ignore puts() return value.
* libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/age.c: Avoid assignments in comparisons.
* src/lastlog.c: Added splint annotations.
* src/lastlog.c: Avoid global pwent.
* src/lastlog.c: Cast ID to ulongs and use ulong formats for IDs.
* src/lastlog.c: Avoid assignment in comparisons.
* src/lastlog.c: Ignore fclose() return value since the file is
only opened for reading.
used_gids.
* libmisc/find_new_gid.c: Use getdef_ulong and cast to git_t to
get GID values.
* libmisc/find_new_gid.c: Use UL as a prefix for ulong values.
* libmisc/find_new_uid.c: Likewise.
default to 32.
* libmisc/chkname.c: Use USER_NAME_MAX_LENGTH.
* src/login.c: Use USER_NAME_MAX_LENGTH instead of the default 32.
username also needs to be bigger than USER_NAME_MAX_LENGTH because
it has to be nul-terminated.
change the terminal configuration. setup_tty() is just a best
effort configuration of the terminal.
* src/login.c: Ignore failures when setting the terminal
configuration.
* src/login.c: Fail if the ERASECHAR or KILLCHAR configurations
are not compatible with a cc_t type.
* lib/shadowio.c: Use spw_free() for shadow_free().
* lib/groupmem.c: Added gr_free().
* lib/groupio.c: Use gr_free() for group_free().
* lib/pwmem.c: Include define.h before prototypes.h
* lib/pwmem.c: Added pw_free().
* lib/pwio.c: Use pw_free() for passwd_free().
* lib/sgroupio.c: Added sgr_free().
* lib/sgroupio.c: Use sgr_free() for gshadow_free().
* lib/prototypes.h: Added gr_free(), pw_free(), sgr_free(),
spw_free().
is always coming from xgetpwnam. There is no need to copy pwd to
pwent, this was not a good idea anyway as the strings from pwd
were not duplicated.
* src/login.c: Always free the pwd and spwd structure when we
retrieve a new one. This will clear the password of the previous
user from the memory.
* src/login.c: user_passwd is used to keep point to the password
of the user being authenticated.
* src/login.c: (non PAM) Fail if the user's entry cannot be found
after the user updated her password (if expire() requested an
update).
* src/login.c: If the user does not exist on the system, there is
no need to build a pwd structure (with shell).
username as first parameter of failtmp to avoid issues with
non-null terminated ut_user, unavailability of ut_user, incomplete
username (that should not happen currently).
terminal termio flags. Reset echoprt, noflsh, tostop. This
behavior seems to have change by mistake in earlier releases
(4.0.8, for no obvious reason).
SELinux user for user's login.
* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
safe_system(). Used to run semanage.
* lib/prototypes.h, libmisc/copydir.c: Make a
selinux_file_context() an extern function.
* libmisc/copydir.c: Reset SELinux to create files with default
contexts at the end of copy_tree().
* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
login.
never set ifndef USE_PAM. Change the prototype of setup_uid_gid()
when USE_PAM is not defined. This permits to remove add_groups
from PAM builds. setup_uid_gid is already subject to
HAVE_INITGROUPS.
ifndef USE_PAM.
* lib/prototypes.h: Remove the declaration of add_cons_grps(). The
function does not exist.
* libmisc/age.c (setup_uid_gid): is_console is never set ifndef
USE_PAM. Change the prototype of setup_uid_gid() when USE_PAM is
not defined. This permits to remove add_groups from PAM builds.
setup_uid_gid is already subject to HAVE_INITGROUPS.
* libmisc/pwd2spwd.c (pwd_to_spwd): pwd_to_spwd() is not used in
PAM builds.
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c,
src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to
0 (which means that the password shall be changed during the next
login), but use -1 (password aging disabled).
* src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
value should be -1 (no aging) rather than 0 (password must be
changed).
* src/chage.c: For password expiration and inactivity, indicate
that the password must be changed when sp_lstchg is null rather
than indicating that expiration and inactivity are not enabled.
database before calling spw_remove().
* NEWS, src/userdel.c: When the user's group is removed, make sure
the group is in the gshadow database before calling sgr_remove().
* src/userdel.c: Improve warning's wording.
expansion. Make sure config.xml does not exist when the POT file
is created in order to keep the configurations in the POT file
* man/generate_translations.mak: make sure config.xml does not
exist neither when the translated XML is generated. Add the
missing %config; (strip out by xml2po). and make sure config.xml
is present when the translated manpage is generated.
* man/generate_mans.mak: config.xml is needed for the generation
of manpages (already in the .deps for the English manpages, but
needed for the translations).
* man/Makefile.am: Added missing CREATE_HOME.xml.
as newgrp.
* man/login.defs.5.xml: vipw does not use any variable.
* man/login.defs.5.xml: In PAM enabled configurations, login still
uses some login.defs variables.
users with -u.
* src/faillog.c: Do not call print_one() for users which do not
exist.
* src/faillog.c: Make sure the user's entry is not outside the
faillog file and initialize the faillog structure in that case.
* src/faillog.c: Move print_one() closer to print().
* src/faillog.c: reset(), setmax(), set_locktime() can also change
entries of user which do not exist.
* src/faillog.c: reset(), setmax() and set_locktime() shall not
create entries for users which have no entries if the value has to
be set to 0.
* src/faillog.c: reset(), setmax() and set_locktime(): better
handling of users whose entry is outside the faillog file.
* src/faillog.c: Improved option handling. Options can now be
specified in any order.
* src/faillog.c: Improved warnings when options are not
compatible or when the faillog cannot be open with the right mode.
* src/faillog.c: Only fstat the faillog file once.
* man/faillog.8.xml: Improved documentation.
compiled when disabled at configuration time.
* src/chgpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
* src/chgpasswd.c: Fix the test for getlong() failure.
clash with the structure.
* src/lastlog.c: check the offset in print_one() so that it is
used for the display of one entry or a set of entries.
* src/lastlog.c: Do not loop over the whole user database when -u
is used with a single user.
* src/lastlog.c: Check the size of the lastlog file so that we
can identify failures to read.
when the changes are committed to the system. Do not log failure
for on-memory changes to audit or syslog. Make sure failures and
inconsistencies will be reported in case of unexpected failures
(e.g. malloc failures). Only specify an audit message if it is not
implicitly implied by the type argument. Removed fail_exit
(replaced by atexit(do_cleanups)). Log failures in case of
permission denied.
messages not related to an account.
* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
cleanup functions to be executed on exit.
* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
report success to audit and syslog when the changes are committed
to the system. Do not log failure for on-memory changes to audit
or syslog. Make sure failures and inconsistencies will be reported
in case of unexpected failures (e.g. malloc failures). Only
specify an audit message if it is not implicitly implied by the
type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
configure option. The configure behavior encoded is:
<no option> -> default of 16 (like today);
--with-group-name-max-length -> default of 16;
--without-group-name-max-length -> no max length;
--with-group-name-max-length=n > max is set to n.
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
entry if the pid matches and ut_line matches with the current tty.
This fixes a possible DOS when entries can be forged in the utmp
file.
* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
does not need this argument anymore.
man/grpck.8.xml: Sorted SEE ALSO references.
* man/gshadow.5.xml: Added reference to grpck(8) and grpconv(8).
* man/pwck.8.xml: Added reference to grpck(8).
* man/shadow.5.xml: Added reference to pwck(8).
* man/passwd.5.xml: Added reference to pwck(8).
* man/grpck.8.xml: Added reference to pwck(8).
parameter of -f. Fix the getopt optstring, remove the parsing of
username in the -f processing block, and remove unnecessary checks
(username cannot be parsed twice anymore), better documentation of
the synopsis.
caller, not the user login tries to authenticate.
* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
be more precise (name must be unique, uid might not be).
* src/pwck.c: Only unlock files if they were locked before (e.g.
not in read-only mode).
* src/pwck.c: Quote the username in error messages (harmonization
with other messages).
* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
* libmisc/find_new_gid.c: Likewise.
to create a home directory for new users.
* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
and CREATE_HOME usage. System accounts are not impacted by
CREATE_HOME.
* man/useradd.8.xml: Indicate that a new group is created by
default.
* src/useradd.c: Removed TODO item (moved to the TODO file).
Thanks to Peter Vrabec.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
index of used IDs to avoid a database request for each id in the
allowed range (when the highest allowed ID is already used).
This speedups the addition of users or groups when the highest
allowed ID is already used. The additional memory usage of the
tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
reasonable number.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).
--disable-account-tools-setuid options. This permits to disable
the PAM authentication of the caller for chage, chgpasswd,
chpasswd, groupadd, groupdel, groupmod, newusers, useradd,
userdel, and usermod. This authentication is not necessary when
these tools are not installed setuid root.
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
undefining some configuration macros when the file is included
multiple times.
* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrgid.c, libmisc/xgetgrnam.c, libmisc/xgetspnam.c:
Include <config.h> from teh compiled C file, not the included
getXXbyYY.c.
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
shadow_audit_result for the result argument of audit_logger().
This permits stronger type checking and a better readability of
the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
of 0 or 1 in audit_logger().
audit.
* src/userdel.c: Log successful removal of home directory to audit
only in case of success.
* src/userdel.c: Move the audit log of failure to remove the home
directory before the call to function that may exit.
* src/userdel.c: Document that errors is only used to count errors
during the removal of the home directory.
changes have started to be reported to syslog.
* src/userdel.c: Fix some result parameters sent to
audit_logger().
* NEWS: Following changes from a patch contributed by Steve Grubb
<sgrubb@redhat.com>
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Add missing logs to audit.
* src/userdel.c: Log to audit with type AUDIT_DEL_USER /
AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK.
* src/userdel.c: Add missing logs to audit.
const. Duplicate this structure before working on it.
* src/groupmems.c: Do not fail and do not display warnings if a
close failure happens with the --list option. (Files are opened
read-only).
prototypes of the static functions.
* src/grpconv.c: Fail if unexpected parameters are provided.
* src/grpconv.c: Indicate that argc is not used in the no
SHADOWGRP version.
Include <sys/types.h> before <pwd.h> and <grp.h>. It is necessary
for the definition of uid_t and gid_t.
* lib/pwmem.c: do not include <pwd.h>, "pwio.h" is sufficient
here.
* configure.in, libmisc/copydir.c: futimes() and lutimes() are not
standard. Check if they are implemented before using them. Do not
set the time of links if lutimes() does not exist, and use
utimes() as a replacement for futimes().
the list, not adduser. This fixes a segmentation fault for every
call of groupmems -d.
* libmisc/list.c: Add assertions to help identifying these issues.
* libmisc/list.c: Avoid implicit conversion of pointers to
booleans.
* src/userdel.c: Add log to syslog when the mail file could not be
removed.
* src/userdel.c: Give more context an error message (merge with
perror()).
* src/usermod.c: Harmonize some error messages.
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
src/newgrp.c, src/passwd.c, src/su.c: Use the same stderr and
syslog warnings when the username cannot be determined.
* src/newgrp.c: Reuse the same stderr message for groups which do
not exist in the system.
* src/grpconv.c, src/grpunconv.c, src/pwconv.c, src/pwunconv.c,
src/vipw.c: Open syslog with the right identification name.
* src/vipw.c: Log unlock errors to syslog.
* src/vipw.c: Log edits to syslog.
* src/chage.c, src/chfn.c, src/chsh.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpconv.c,
src/grpunconv.c, src/passwd.c, src/pwck.c, src/pwunconv.c,
src/useradd.c, src/usermod.c: Harmonize the syslog levels. Failure
to close or unlock are errors. Failure to open files are warnings.
support for long options --add (-a), --delete (-d),
--remove-password (-r), --restrict (-R), --administrators (-A),
and --members (-M)
* man/gpasswd.1.xml: Document the new long options.
* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
defined.
files. Report errors to stderr and syslog, but continue.
* src/grpconv.c: Check failure to unlock files. Report errors to
stderr and syslog, but continue.
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
the --lock an --unlock options do not lock or unlock the user
account anymore. They only lock or unlock the user's password.
* man/passwd.1.xml: Document above change. Document how an account
can be locked and what a password lock means.
* src/pwck.c: Report failure to unlock files to stderr and
syslog.
* src/pwck.c: Report failure to sort to stderr, and exit with
E_CANTSORT.
* man/pwck.8.xml: Document return code 6 (E_CANTSORT).
* src/groupmems.c: members() renamed display_members() to
avoid name clash with its members argument.
* src/groupmems.c: Report failure to unlock to syslog.
* src/groupmems.c: Harmonize error messages.
* src/groupmems.c: Report failures to write the new group file to
syslog (gr_close() failure).
* src/groupmems.c: Don't use fail_exit for non-failure exit.
* src/chsh.c: Use fail_exit() instead of exit(), this avoid
calling closelog() every times.
* src/chsh.c: Ignore the return value or pam_end().
* src/chsh.c: Simplify the PAM error handling.
* src/chsh.c: Report failure to unlock files to stderr and
syslog.
* src/chpasswd.c: Added support for syslog.
* src/chpasswd.c: Report failure to unlock files to stderr and
syslog.
* src/chpasswd.c: Simplify the PAM error handling.
* src/chpasswd.c: Report failure during *_close() to syslog.
* src/chpasswd.c: Ignore the return value or pam_end().
* src/chgpasswd.c: Added support for syslog.
* src/chgpasswd.c: Report failure to unlock files to stderr and
syslog.
* src/chgpasswd.c: Simplify the PAM error handling.
* src/chgpasswd.c: Report failure during *_close() to syslog.
* src/chgpasswd.c: Ignore the return value or pam_end().
gshadow to stderr.
* src/userdel.c: Fail in case of failure during the write of a
user or group database. Report errors to syslog.
* src/userdel.c: Do not unlock non locked files.
* src/userdel.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
file to stderr and syslog.
* src/newusers.c: In case of error when files are open or closed,
indicate the failing file.
* src/newusers.c: Do not try to unlock the files manually since
this is done in fail_exit.
locked. Report failures to unlock to stderr and syslog.
* src/chfn.c: Is case of failure, use fail_exit() rather than
exit().
* src/chfn.c: Ignore the return value of pam_end().
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
group or gshadow files were previously locked.
* src/groupadd.c: Make sure failures are reported to syslog/audit
after the change is mentioned.
* src/groupmod.c: Add logging to syslog & audit on lock/unlock
failures.
* src/groupmod.c: Make sure issues are reported to syslog or audit
after the change is mentioned.
* src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the
group or gshadow files were previously locked.
* src/groupdel.c: Simplify the handling of PAM errors.
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
* src/groupmems.c: Added Prog global variable to indicate the name
of the program in error messages.
2008-07-22 Lukáš Kuklínek <lkukline@redhat.com>
* NEWS, src/groupmems.c: Check if the user added to group actually
exist. RedHat bug #455603
* NEWS, src/groupmems.c: Check if the group exists in the group
local database (/etc/group). RedHat bug #456088
effects. This avoid checking if the user exists in the local passwd
file if not necessary, and thus allow to add LDAP users to local
groups. (The user is already checked against the system
configuration with getpwnam()). Thanks to Dan Kopecek.
update_faillog(). Report errors (but don't fail) if the file
exist, but open(), lseek(), read(), write(), or close() fails.
* src/usermod.c: Add brackets and parenthesis.
* src/usermod.c: Ignore the return value of pam_end() before
exiting.
* src/usermod.c: Ignore the return value of strftime(),
snprintf(), and puts().
* src/usermod.c: Check the return value of gmtime() and asctime(),
and output the raw time_t on failures.
booleans.
* libmisc/env.c: Add brackets and parenthesis.
* libmisc/env.c: Ignore the return value of puts() and fputs().
* libmisc/env.c: Avoid multi-statements lines.
booleans.
* libmisc/utmp.c: Add brackets and parenthesis.
* libmisc/utmp.c: Exit with the EXIT_FAILURE status code in case
of failure.
* libmisc/utmp.c: Avoid assignments in comparisons.
* lib/prototypes.h, libmisc/utmp.c: Change setutmp()'s prototype
to return an int because pututline() and pututxline() may fail.
* libmisc/limits.c: Avoid implicit conversion of pointers /
integers to booleans.
* libmisc/limits.c: Ignore the return value of umask(). We will
never return to the original umask.
* libmisc/limits.c: Avoid multi-statements lines.
* libmisc/limits.c: Added default to a switch(). Report invalid
limit strings to syslog.
* libmisc/limits.c: Ignore the return value of fclose().
/etc/limits is open read-only.
* libmisc/limits.c: Ignore the return value of fputs() and
sleep().
* libmisc/limits.c: Check the return value of nice() and
set_filesize_limit(), and report errors to syslog.
* libmisc/ulimit.c, lib/prototypes.h: Return failures of
set_filesize_limit(). Change the prototype to return an int
instead of void.
libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h:
Split find_new_ids.c into find_new_gid.c and find_new_uid.c to
ease the description of login.defs variables in the different
tools.
booleans.
* lib/defines.h: Ignore return values of setlocale() except the
first call.
* lib/defines.h: Fix a splint observer warning by using an
intermediate variable (old_locale).
reading or writing at an unspecified location. Log to syslog in
case of failure when reading a faillog entry or writing in
faillog or btmp.
* libmisc/failure.c: Check if the file exist before opening it.
* libmisc/failure.c: Log failures of open() and close() when
necessary.
* src/lastlog.c: umin and umax do not need to be signed long. Use
an unsigned long which might be needed to parse a GID or UID. Add
the has_umin and has_umax to replace the -1 values.
* src/lastlog.c: Cast dates to time_t.
* src/lastlog.c: Prefix lastlog errors with "lastlog: ".
value of spwd.sp_flag.
* lib/shadow.c: Add brackets.
* lib/shadow.c: Avoid implicit conversion of pointers to
booleans.
* lib/shadow.c: The size argument of fgets is an int, not a
size_t.
* lib/gshadow.c: Remove __setsgNIS() -never used).
* lib/gshadow.c: Avoid multi-statements lines.
* lib/gshadow.c: Avoid assignments in comparisons.
* lib/gshadow.c: ptr[nelem] is a string. Initialize it to NULL
instead of '\0'.
* lib/gshadow.c: Add brackets and parenthesis.
* lib/gshadow.c: The size argument of strncpy is a size_t and the
size argument of fgets is an int.
* lib/getdef.c: Added TODOs because of lack of error checking.
* lib/getdef.c: The size argument of fgets is an int, not a
size_t.
* lib/getdef.c: Avoid multi-statements lines.
* src/login.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/login.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
prototypes.
* src/chage.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
* src/chage.c: print_date() received a time_t.
* src/chage.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwent.sp_flag.
unsigned long integers.
* src/pwck.c: Cast number of days to a long integer.
* src/pwck.c: Use the SCALE macro instead of (24L * 3600L)
for the values to be set in /etc/shadow.
* src/pwck.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
int. Use AUDIT_NO_ID instead of -1.
* src/groupmod.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/groupmod.c: Cast the parsed GID/UID to a gid_t/uid_t.
int. Use AUDIT_NO_ID instead of -1.
* src/useradd.c: Cast the parsed GID/UID to a gid_t/uid_t.
* src/useradd.c: The size argument of fgets is an int, not a
size_t.
* src/useradd.c: Cast number of days to a long integer.
* src/useradd.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
* src/useradd.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/newusers.c: Comment why we use both getgrgid() and
gr_locate_gid().
* src/newusers.c: Cast the parsed GID/UID to a gid_t/uid_t.
* src/newusers.c: Cast the number of days to a long integer.
* src/newusers.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
* src/newusers.c: The size argument of fgets is an int, not a
size_t.
long integer.
* src/usermod.c: Cast UIDs and GIDs to uid_t and gid_t after
checking the ranges.
* src/usermod.c: The ID argument of audit_logger is an unsigned
int.
* src/usermod.c: read() returns a ssize_t.
* src/usermod.c: Cast the return value of malloc and make sure it
receives a size_t.
int.
* src/gpasswd.c: Ignore the return value of signal(). The signal
handlers are only changed for the last steps of gpasswd, and there
is no need to restore them.
unsigned long integers.
* src/newgrp.c: The ID argument of audit_logger is an unsigned
int.
* src/newgrp.c: Ignore the return value of signal() (the signal
handlers are assumed to be the default one and are restored
later).
* src/newgrp.c: Do not checl if a pid_t is < 0, check if equal
to (pid_t)-1.
prototypes.
* libmisc/copydir.c: Use a size_t for the length of strings.
* libmisc/copydir.c: Cast the return value of malloc().
* libmisc/copydir.c: The size argument of write() is a size_t.
might be defined in this header file.
* lib/defines.h: Prefer checking if HAVE_LOCALE_H or ENABLE_NLS
are defined (rather than set to non 0).
* lib/defines.h: The dummy implementations of bindtextdomain() and
textdomain() should return a pointer. Return NULL instead of
/* empty */
* lib/defines.h: Define SHADOW_SP_FLAG_UNSET, to be used for the
initialization of sp_flag field of the shadow structures.
* lib/defines.h: Define LC_ALL, needed even if HAVE_LOCALE_H is
not defined.
* libmisc/log.c: Add brackets and parenthesis.
* libmisc/log.c: read() returns a ssize_t (note size_t).
* libmisc/log.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/log.c: Ignore return value of time() when use with a
non NULL argument.
* libmisc/age.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/age.c: Avoid assignments in comparisons.
* libmisc/age.c: Ignore the return value of printf(), puts(),
fputs() and fflush().
* libmisc/age.c: Add brackets and parenthesis.
* libmisc/age.c: Cast the return value of time() to long and
converted to a date.
Propagate this time to the callers (the get_remote_string() and
do_rlogin() functions).
* libmisc/rlogin.c: Add brackets and parenthesis.
* libmisc/rlogin.c: Avoid multi-statements lines.
* libmisc/rlogin.c: Avoid assignments in comparisons.
* libmisc/rlogin.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/failure.c: read() returns a ssize_t.
* libmisc/failure.c: Add brackets and parenthesis.
* libmisc/failure.c: Ignore return value of time() when use with a
non NULL argument.
* src/su.c: Add brackets and parenthesis.
* src/su.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/su.c: Ignore the return value of pam_end() before
exiting.
* src/su.c: Avoid assignments in comparisons.
* src/su.c: Avoid multi-statements lines.
* lib/nscd.c: Always warn when the nscd cache cannot be flushed.
* lib/nscd.c: Avoid assignments in comparisons.
* lib/nscd.c: Ignore the return value of fputs() when printing
errors.
* lib/port.c: Change isttytime() prototype to return a bool.
* lib/port.c: Ignore the return value of fclose () (file open
read-only).
* lib/port.c: Avoid multi-statements lines.
and printf().
* src/id.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/id.c: Add brackets and parenthesis.
* src/id.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/chsh.c: restricted_shell() renamed is_restricted_shell().
check_shell() renamed shell_is_listed().
* src/chsh.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/chsh.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/chsh.c: Ignore the return value of pam_end() before
exiting.
integers.
* src/grpunconv.c: Add brackets and parenthesis.
* src/grpunconv.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpunconv.c: Avoid implicit conversion of pointers / integers
to booleans.
bindtextdomain(), and textdomain().
* src/sulogin.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/sulogin.c: Avoid assignments in comparisons.
* src/sulogin.c: Ignore the return value of alarm().
* src/groups.c: Add brackets and parenthesis.
* src/groups.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/groups.c: Avoid assignments in comparisons.
* src/groups.c: Ignore the return value of putchar(), printf()
* src/groups.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpconv.c: Add brackets and parenthesis.
* src/grpconv.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpconv.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/faillog.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/faillog.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/faillog.c: Add brackets and parenthesis.
* src/login.c: Ignore the return value of pam_end() before
exiting.
* src/login.c: Use a bool when possible instead of int integers.
* src/login.c: Add brackets and parenthesis.
* src/login.c: Ignore the return values of fflush(), putchar(), puts().
* src/login.c: Ignore the return value of fclose() for read-only
files.
* src/login.c: Avoid assignments in comparisons.
* src/login.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
integers.
* src/groupadd.c: Add brackets and parenthesis.
* src/groupadd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/groupadd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/groupadd.c: Ignore the return value of pam_end() before
exiting.
* src/passwd.c: Avoid assignments in comparisons.
* src/passwd.c: Add brackets and parenthesis.
* src/passwd.c: Avoid implicit conversion of pointers / integers /
chars to booleans.
* src/passwd.c: Move the "context_t c" declaration at the
beginning check_selinux_access.
* src/passwd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
integers.
* src/groupmod.c: Avoid assignments in comparisons.
* src/groupmod.c: Add brackets and parenthesis.
* src/groupmod.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/groupmod.c: Use a %lu format to print GIDs, and cast the GID
to (unsigned long int).
* src/groupmod.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/groupmod.c: Ignore the return value of pam_end() before
exiting.
* src/useradd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/useradd.c: Add brackets and parenthesis.
* src/useradd.c: Avoid assignments in comparisons.
* src/useradd.c: Ignore the return value of fclose() for read-only
files.
* src/useradd.c: Ignore the return value of fflush() before
closing the files.
* src/useradd.c: Avoid multi-statements lines.
* src/useradd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/useradd.c: Ignore the return value of pam_end() before
exiting.
* src/vipw.c: Ignore the return value of umask(), when the mask is
set again to the old value.
* src/vipw.c: Avoid implicit conversion of pointers / integers to
booleans.
* src/vipw.c: Add brackets and parenthesis.
* src/vipw.c: Avoid assignments in comparisons.
* src/vipw.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/vipw.c: Add missing termination of the longopts parameter
for getopt_long().
integers.
* src/chgpasswd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/chgpasswd.c: Avoid implicit conversion of integers to
booleans.
integers.
* src/groupdel.c: Avoid implicit conversion of pointers / integers to
booleans.
* src/groupdel.c: Avoid assignments in comparisons.
* src/groupdel.c: Ignore the return value of pam_end() before
exiting.
* src/groupdel.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
bindtextdomain(), and textdomain().
* src/expiry.c: Add brackets and parenthesis.
* src/expiry.c: Avoid assignments in comparisons.
* src/expiry.c: Avoid implicit conversion of pointers to booleans.
