caller, not the user login tries to authenticate.
* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
be more precise (name must be unique, uid might not be).
* src/pwck.c: Only unlock files if they were locked before (e.g.
not in read-only mode).
* src/pwck.c: Quote the username in error messages (harmonization
with other messages).
* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
* libmisc/find_new_gid.c: Likewise.
to create a home directory for new users.
* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
and CREATE_HOME usage. System accounts are not impacted by
CREATE_HOME.
* man/useradd.8.xml: Indicate that a new group is created by
default.
* src/useradd.c: Removed TODO item (moved to the TODO file).
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
shadow_audit_result for the result argument of audit_logger().
This permits stronger type checking and a better readability of
the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
of 0 or 1 in audit_logger().
audit.
* src/userdel.c: Log successful removal of home directory to audit
only in case of success.
* src/userdel.c: Move the audit log of failure to remove the home
directory before the call to function that may exit.
* src/userdel.c: Document that errors is only used to count errors
during the removal of the home directory.
changes have started to be reported to syslog.
* src/userdel.c: Fix some result parameters sent to
audit_logger().
* NEWS: Following changes from a patch contributed by Steve Grubb
<sgrubb@redhat.com>
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Add missing logs to audit.
* src/userdel.c: Log to audit with type AUDIT_DEL_USER /
AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK.
* src/userdel.c: Add missing logs to audit.
const. Duplicate this structure before working on it.
* src/groupmems.c: Do not fail and do not display warnings if a
close failure happens with the --list option. (Files are opened
read-only).
prototypes of the static functions.
* src/grpconv.c: Fail if unexpected parameters are provided.
* src/grpconv.c: Indicate that argc is not used in the no
SHADOWGRP version.
the list, not adduser. This fixes a segmentation fault for every
call of groupmems -d.
* libmisc/list.c: Add assertions to help identifying these issues.
* libmisc/list.c: Avoid implicit conversion of pointers to
booleans.
* src/userdel.c: Add log to syslog when the mail file could not be
removed.
* src/userdel.c: Give more context an error message (merge with
perror()).
* src/usermod.c: Harmonize some error messages.
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
src/newgrp.c, src/passwd.c, src/su.c: Use the same stderr and
syslog warnings when the username cannot be determined.
* src/newgrp.c: Reuse the same stderr message for groups which do
not exist in the system.