Commit Graph

133 Commits

Author SHA1 Message Date
nekral-guest
77f81fa0b6 * NEWS, src/groupmems.c: Use the "groupmems" PAM service name
instead of "groupmod".
2008-08-30 18:28:45 +00:00
nekral-guest
cfeacc4d67 * NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
support for long options --add (-a), --delete (-d),
	--remove-password (-r), --restrict (-R), --administrators (-A),
	and --members (-M)
	* man/gpasswd.1.xml: Document the new long options.
	* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
	defined.
2008-08-22 02:28:15 +00:00
nekral-guest
130553a578 Sort the NEWS entry alphabetically (per program name). 2008-08-22 02:18:48 +00:00
nekral-guest
1355d5d3eb * NEWS, src/passwd.c: For compatibility with other passwd version,
the --lock an --unlock options do not lock or unlock the user
	account anymore.  They only lock or unlock the user's password.
	* man/passwd.1.xml: Document above change. Document how an account
	can be locked and what a password lock means.
2008-08-22 02:16:21 +00:00
nekral-guest
e3e99974f8 * NEWS, src/groupmems.c: Added syslog support.
* src/groupmems.c: members() renamed display_members() to
	avoid name clash with its members argument.
	* src/groupmems.c: Report failure to unlock to syslog.
	* src/groupmems.c: Harmonize error messages.
	* src/groupmems.c: Report failures to write the new group file to
	syslog (gr_close() failure).
	* src/groupmems.c: Don't use fail_exit for non-failure exit.
2008-08-09 23:28:30 +00:00
nekral-guest
d5c6257ac2 * NEWS, src/groupmems.c: Allow everybody to list the users of a group.
This information is publicly available in /etc/group.
	* NEWS, src/groupmems.c: Open /etc/group read only for the -l option.
2008-07-27 02:33:37 +00:00
nekral-guest
b684ea837d 2008-07-26 Nicolas François <nicolas.francois@centraliens.net>
* src/groupmems.c: Added Prog global variable to indicate the name
	of the program in error messages.

2008-07-22  Lukáš Kuklínek  <lkukline@redhat.com>

	* NEWS, src/groupmems.c: Check if the user added to group actually
	exist. RedHat bug #455603
	* NEWS, src/groupmems.c: Check if the group exists in the group
	local database (/etc/group). RedHat bug #456088
2008-07-26 16:11:49 +00:00
nekral-guest
276e406c0f * README, NEWS, configure.in, lib/pam_defs.h, src/login.c: Add
support for OpenPAM.
2008-07-21 21:14:06 +00:00
nekral-guest
21c692d23f Re-inject the changes from 4.1.2.1. 2008-07-11 22:20:43 +00:00
nekral-guest
5b194e290c Fix typo. 2008-07-11 22:04:02 +00:00
nekral-guest
22fb4fe019 * src/usermod.c: Do not call usr_update() if it will have no
effects. This avoid checking if the user exists in the local passwd
	file if not necessary, and thus allow to add LDAP users to local
	groups. (The user is already checked against the system
	configuration with getpwnam()). Thanks to Dan Kopecek.
2008-07-11 21:50:05 +00:00
nekral-guest
2a267ca05f * NEWS, src/newusers.c: Implement the -r, --system option.
* src/newusers.c: Use a bool when possible instead of int
	integers.
	* src/newusers.c: Avoid implicit conversion of pointers / integers
	/ chars to booleans.
	* src/newusers.c: Ignore the return value of pam_end() before
	exiting.
	* src/newusers.c: Ignore return value of setlocale(),
	bindtextdomain(), and textdomain().
	* src/newusers.c: Avoid multi-statements lines.
	* src/newusers.c: Add brackets and parenthesis.
2008-06-09 19:36:08 +00:00
nekral-guest
b5b636b8b7 Prepare the 4.1.2 release
* NEWS: set the release date.
	* man/po/*.po, po/*.po: Updated PO files.
2008-05-24 23:03:24 +00:00
nekral-guest
a917ba4fb9 *** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
  chgpasswd; and also passwd if configured without PAM support).
  The number of rounds and number of salt bytes was fixed to their lower
  allowed values (resp. configurable and 8), hence voiding some of the
  advantages of this encryption method. Dictionary attacks with
  precomputed tables were easier than expected, but still harder than with
  the MD5 (or DES) methods.

	* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
	overflow. These caused the SHA salt size to always be 8 bytes,
	instead of being in the 8-16 range. Thanks to Peter Vrabec
	pvrabec@redhat.com for noticing.
	* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
	seedRNG instead of srand, and fix the same overflow. This caused
	the number of rounds to always be the smallest one.
2008-05-20 13:34:06 +00:00
nekral-guest
9c69fe73b1 Tag the section which require --enable-shadowgrp or --with-sha-crypt
accordingly.
2008-05-19 22:18:14 +00:00
nekral-guest
a071d72e48 Document the -k, --skel option, and update the -m, --create-home documentation. 2008-05-19 21:32:19 +00:00
nekral-guest
461d69522f * NEWS, man/groupadd.8.xml: Document the -r, --system option.
* NEWS, man/newusers.8.xml: Document the -r, --system option.
	* NEWS, man/newusers.8.xml: Document the -c, --crypt-method and
	-s, --sha-rounds options.
2008-05-19 20:53:12 +00:00
nekral-guest
300f7416c4 Document the -r, --system option. 2008-05-19 19:43:24 +00:00
nekral-guest
fb4271bdf9 Import Debian patch 434_login_stop_checking_args_after--
* NEWS, src/login.c (check_flags): Stop checking the arguments
	after --. The later options will be sent to the shell, and do not
	need to be checked.
2008-05-18 14:54:35 +00:00
nekral-guest
6a17c2b27f * src/vipw.c, src/su.c, src/newgrp.c: Harmonize the children's
SIGSTOP handling. Raise the signal which stopped the child instead
	of always SIGSTOP.

	Import Debian patch 406_vipw_resume_properly.
	Thanks to Dean Gaudet.
	* NEWS, src/vipw.c: Resume properly after ^Z.
2008-05-18 13:41:56 +00:00
nekral-guest
8a8072a563 If the SULOG_FILE does not exist when an su session is logged, make sure
the file is created with group root, instead of using the group of the
caller.
2008-04-27 00:27:59 +00:00
nekral-guest
4196525702 Allow non-US-ASCII characters in the GECOS fields ("name", "room number",
and "other info" fields).
2008-04-27 00:24:49 +00:00
nekral-guest
4d7d6a1a9f Fix build failure when configured with audit support. Thanks to Mike
Frysinger for reporting it.
2008-04-16 22:04:46 +00:00
nekral-guest
8e82ae234e Also fix the detection of the pam and selinux features:
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
2008-04-16 21:18:20 +00:00
nekral-guest
70bf7cca33 Fix the detection of the audit library and header file. 2008-04-16 20:09:03 +00:00
nekral-guest
f89cf0cf20 * NEWS, etc/pam.d/Makefile.am: Add chfn, chsh, and userdel to
$(pamd_files). Remove the duplicate useradd. And sort
  alphabetically. Thanks to Mark Rosenstand  <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
2008-04-04 18:50:22 +00:00
nekral-guest
1de80f9457 * NEWS, configure.in: Prepare release 4.1.1
* NEWS: Fix the release date of 4.1.0. Was in 2007, not 2008.
2008-04-02 21:55:27 +00:00
nekral-guest
f7a256fc19 * src/passwd.c, NEWS: Make SE Linux tests more strict, when the
real UID is 0 SE Linux checks will be performed. Thanks to
 Russell Coker  <russell@coker.com.au>
* TODO: Added entries regarding SE Linux.
2008-03-26 22:00:50 +00:00
nekral-guest
a8a614c515 * NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
  Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
  also the GID of the passwd entries of the users whose primary
  group is the group being modified.
2008-03-08 23:01:49 +00:00
nekral-guest
b1a0769d3d * lib/commonio.c (commonio_remove): Fail when the name to be
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
  configured to support split group but different group entries
  have the name of the group to be deleted.
2008-03-08 22:52:44 +00:00
nekral-guest
1b808e62df Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Unlock locked files in fail_exit(). Prefer fail_exit() over exit().
2008-03-08 22:44:53 +00:00
nekral-guest
5af8a5d74d * NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
	instead of exit().
	* src/groupdel.c: Fail immediately instead of increasing errors.
	Better handling of error cases, like locked group or gshadow file.
2008-03-08 21:13:54 +00:00
nekral-guest
d1290c0d5d Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit. Add function fail_exit(). Use fail_exit() instead of exit().
2008-03-08 21:04:31 +00:00
nekral-guest
bded00fd11 Make sure the group and gshadow files are unlocked on exit. Add function fail_exit(). 2008-03-08 20:54:54 +00:00
nekral-guest
a2242f6f1b Do not rewrite the group and gshadow file in case of error. 2008-03-08 16:23:22 +00:00
nekral-guest
d44f1dfeca Do not raise an error if the group does not exist in the gshadow file. 2008-03-08 16:17:07 +00:00
nekral-guest
6ea65c8992 Only reset the entries of existing users with faillog -r (not all numeric
IDs starting from 0). Thanks to Peter Vrabec.
2008-03-05 00:10:25 +00:00
nekral-guest
528346cb3b When a password is moved to the gshadow file, use "x" instead of "x"
to indicate that the password is shadowed (consistency with grpconv).
2008-02-26 20:09:56 +00:00
nekral-guest
2a2b2b3aa4 * NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
 * src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
   the group file and set the grent structure
 * src/gpasswd.c (check_perms): The permissions should be checked
   using both the gshadow and group file. Add a <struct group *>
   parameter, and check if the gshadow file exists (is_shadowgrp).
 * src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
   the gshadow file is not present (sgent is not initialized in that
   case). The fields of sgent can be set, but not used.
2008-02-26 19:09:10 +00:00
nekral-guest
93e2f66a60 * NEWS, src/useradd.c, man/useradd.8.xml: Added options
-user-group (-U, Uflg) and --no-user-group (-N, Nflg) to replace
  nflg.
* man/login.defs.d/USERGROUPS_ENAB.xml: useradd now also uses
  USERGROUPS_ENAB.
2008-02-25 21:03:46 +00:00
nekral-guest
c81db0b178 Fix alphabetical order. 2008-02-19 21:05:44 +00:00
nekral-guest
bb824221a4 This entry was for login, not su:
* If started as init, start a new session.
2008-02-19 21:04:55 +00:00
nekral-guest
18c914f086 Added new option -r, --system for system accounts in useradd, groupadd,
and newusers.
2008-02-19 21:01:38 +00:00
nekral-guest
ed52b88b92 Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. 2008-02-18 21:36:03 +00:00
nekral-guest
280fcebae8 Change the default HOME directory in /etc/default/useradd according FHS
(/home instead of /home/users).  This fixes Alioth's bug #310559.
Thanks to Dale E. Edmons.
2008-02-17 15:29:41 +00:00
nekral-guest
a8bc585e33 Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
2008-02-14 18:35:51 +00:00
nekral-guest
a5f949165a Fix the handling of -a when a user is being renamed (with -l). The new
name of the user was used for the new supplementary groups, but not in the
existing ones.
2008-02-10 20:25:39 +00:00
nekral-guest
6e9078f16c Switch to the C locale before sending messages to syslog. The messages
sent by shadow were not translated, but error messages from PAM returned
by pam_strerror() were translated in the users's locale.
2008-02-03 17:53:21 +00:00
nekral-guest
4e01ea6c33 * NEWS: newusers will behave more like useradd.
* src/newusers.c: The user's ID must be found before the group ID
	to mimic useradd's behavior choices of UID and GID.
	* src/newusers.c: Reuse the generic find_new_uid() and
	find_new_gid() functions. This permits to respect the
	UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should 
	* src/newusers.c: Check if the user or group exist using the
	external databases (with the libc getpwnam/getgrnam functions).
	Refuse to update an user which exist in an external database but
	does not exist in the local database.
	* src/newusers.c: Check the usernames and groupnames with
	check_user_name() and check_group_name()
	* src/newusers.c: Use isdigit() for readability.
	* src/newusers.c: Check if numerical IDs are valid (no remaining
	chars).

	* NEWS, src/newusers.c: Fix the support for the NONE crypt method.

	* src/newusers.c: Fix shadow group support (the list of admins was
	not defined; it is now set to an empty list).
2008-02-03 17:45:58 +00:00
nekral-guest
65ed10d75c Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.  This permits to avoid using the same salt
for different passwords in newusers.
2008-02-03 17:23:58 +00:00