audit after the potential chroot.
* src/groupadd.c: Check atexit failures.
* src/groupadd.c: Return E_SUCCESS instead of exit'ing at the end
of main().
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
indicate why locking failed.
* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
entries were dropped.
* lib/commonio.c: NIS entries can start by '+' or '-'.
exists but there are no shadow entries, an entry has to be created
if the password is changed and passwd requires a shadow entry, or
if aging features are used (-e or -f). Document this and also that
-e and -f require a shadow file.
* src/su.c: Added function prototypes.
* src/su.c: Rename shellstr parameter to shellname to avoid
collision with static variable.
* NEWS, src/su.c: Added support for PAM modules which change
PAM_USER.
child and listening for signal in the parent from run_shell().
prepare_pam_close_session() is now executed before the creation of
the pam session and before the UID is changed. This allows to
close the session as root.
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for
infinite limits.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for @group
syntax.
-a option.
* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
the non-display mode. This changes the default behavior of the -l,
-m, -r, -t options when -a is not specified (restrict to existing
users).
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
terminate (after sending a SIGTERM), and kill it only if it did
not terminate by itself. No delay will be enforced if the child
cooperates. See http://bugs.gentoo.org/282094
* NEWS, man/su.1.xml: Document su's exit values.
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if
SYS_?ID_MIN is already used but there are still dome gaps.
getpwent / getgrent for system accounts. Trying the low-IDs with
getpwuid / getgrgid should be more efficient on LDAP configured
systems with many accounts.
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
not limit the size of the buffer to hold the group or user
structure. It used to be limited to 16k, which caused issues with
groups having many users.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
* man/passwd.1.xml: passwd -u does not reset the expiry field.
* NEWS, src/userdel.c: When USERGROUPS_ENAB is enabled, remove the
user's group when the user was the only member. This is still not
complete, as the user could have been specified twice in the
members.
* NEWS, src/userdel.c: Do not fail when -r is used and the home
directory does not exist.
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
running.
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
with PAM.
* src/chpasswd.c: Split the usage string in smaller parts to
allows enabling single parts.
* src/chpasswd.c: Do not set a global lock on the password files.
This is done by PAM each time a password is updated.
terminal termio flags. Reset echoprt, noflsh, tostop. This
behavior seems to have change by mistake in earlier releases
(4.0.8, for no obvious reason).
SELinux user for user's login.
* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
safe_system(). Used to run semanage.
* lib/prototypes.h, libmisc/copydir.c: Make a
selinux_file_context() an extern function.
* libmisc/copydir.c: Reset SELinux to create files with default
contexts at the end of copy_tree().
* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
login.
database before calling spw_remove().
* NEWS, src/userdel.c: When the user's group is removed, make sure
the group is in the gshadow database before calling sgr_remove().
* src/userdel.c: Improve warning's wording.
users with -u.
* src/faillog.c: Do not call print_one() for users which do not
exist.
* src/faillog.c: Make sure the user's entry is not outside the
faillog file and initialize the faillog structure in that case.
* src/faillog.c: Move print_one() closer to print().
* src/faillog.c: reset(), setmax(), set_locktime() can also change
entries of user which do not exist.
* src/faillog.c: reset(), setmax() and set_locktime() shall not
create entries for users which have no entries if the value has to
be set to 0.
* src/faillog.c: reset(), setmax() and set_locktime(): better
handling of users whose entry is outside the faillog file.
* src/faillog.c: Improved option handling. Options can now be
specified in any order.
* src/faillog.c: Improved warnings when options are not
compatible or when the faillog cannot be open with the right mode.
* src/faillog.c: Only fstat the faillog file once.
* man/faillog.8.xml: Improved documentation.
when the changes are committed to the system. Do not log failure
for on-memory changes to audit or syslog. Make sure failures and
inconsistencies will be reported in case of unexpected failures
(e.g. malloc failures). Only specify an audit message if it is not
implicitly implied by the type argument. Removed fail_exit
(replaced by atexit(do_cleanups)). Log failures in case of
permission denied.
messages not related to an account.
* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
cleanup functions to be executed on exit.
* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
report success to audit and syslog when the changes are committed
to the system. Do not log failure for on-memory changes to audit
or syslog. Make sure failures and inconsistencies will be reported
in case of unexpected failures (e.g. malloc failures). Only
specify an audit message if it is not implicitly implied by the
type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
configure option. The configure behavior encoded is:
<no option> -> default of 16 (like today);
--with-group-name-max-length -> default of 16;
--without-group-name-max-length -> no max length;
--with-group-name-max-length=n > max is set to n.