* libmisc/ttytype.c: Avoid assignments in comparisons.
* libmisc/ttytype.c: Add brackets and parenthesis.
* libmisc/ttytype.c: The return values of fclose is not checked on purpose.
* libmisc/loginprompt.c: Add brackets.
* libmisc/loginprompt.c: Avoid assignments in comparisons.
* libmisc/loginprompt.c: The return values of fclose and fflush are not checked on purpose.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
the file. Do not check the first character of the line first. This
is simpler and match better with the HUSHLOGIN_FILE documentation.
check_user_name) renamed to is_valid_user_name (resp.
is_valid_group_name). is_valid_user_name and is_valid_group_name
return a bool.
* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
and is_valid_group_name, following above change.
* libmisc/chkname.c: Avoid implicit conversion of chars to
booleans. Add brackets and parenthesis.
followed by rmdir to remove the directory itself, delete also the
root directory in remove_tree.
* src/userdel.c, src/usermod.c: Do not call rmdir after
remove_tree.
with post increments (x++), use of integers as booleans, and
explicitly mark blocks with brackets.
* libmisc/copydir.c: Likewise.
* libmisc/fields.c: Add comments.
* libmisc/copydir.c: Mark function whose return value is not
checked as such.
* libmisc/copydir.c (remove_tree): Make sure unlink is successful
when removing files.
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
* libmisc/pam_pass.c: Be more verbose and indicate that the
password was not changed when pam_chauthtok fails (in addition to
the PAM error, which may not be comprehensible for the users).
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
src/chsh.c: Fix call to puts (remove end of line, or use fputs).
* po/*.po: Unfuzzy PO files according to above change.
