* src/usermod.c (date_to_str): buf needs to be unique (e.g.
independent from negativ), and is an out buffer.
* src/usermod.c: Ignore return value from snprintf, and force
nul-termination of buffer.
* src/usermod.c: Improve memory management.
* src/usermod.c: An audit bloc was not reachable, moved above on
success to move the home directory.
* src/usermod.c: Ignore close() return value for the mailbox
(opened read only).
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
options are provided.
* src/pwunconv.c: Re-indent.
* src/pwunconv.c: Open the shadow file read only.
* src/grpunconv.c: Exit after printing usage when arguments or
options are provided.
* src/grpunconv.c: Open the gshadow file read only.
not return.
* src/chpasswd.c: Reindent.
* src/chpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
return.
* src/faillog.c: Fix message: this is faillog, not lastlog.
* src/faillog.c: Check that there are no extra arguments after
parsing the options.
not return.
* src/chgpasswd.c: Split usage in smaller parts. Those parts are
already translated for chpasswd. Usage is now closer to
chpasswd's.
* src/chgpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
* src/grpck.c: Avoid implicit conversion of pointer to boolean.
* src/grpck.c: Remove dead code. argc cannot be lower than optind.
Avoid checking twice in a row for NULL != list[i].
exists but there are no shadow entries, an entry has to be created
if the password is changed and passwd requires a shadow entry, or
if aging features are used (-e or -f). Document this and also that
-e and -f require a shadow file.
provided. Update the error message.
* src/usermod.c (process_flags): Check option compatibility and
dependency before options are discarded when no changes are
requested.
* src/su.c: Added function prototypes.
* src/su.c: Rename shellstr parameter to shellname to avoid
collision with static variable.
* NEWS, src/su.c: Added support for PAM modules which change
PAM_USER.
child and listening for signal in the parent from run_shell().
prepare_pam_close_session() is now executed before the creation of
the pam session and before the UID is changed. This allows to
close the session as root.
use the pwent global variable to communicate between APIs of
different files. Added boolean parameter su_to_root to
check_su_auth().
* src/su.c (check_perms): Return the passwd entry of the finally
authenticated user. Remove usage of the pwent variable.
* src/su.c: The password of the caller is the one from the
spwd structure only if the passwd's password is 'x'.
after the switch to the final subsystem. The previous architecture
forced to always change the environment (the shell starts with a
'*' and was thus restricted, and change_environment could not be
reset to false).
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
does not overwrite those definitions. This will ease an extraction
from the big main() function.
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
selinux_file_context renamed set_selinux_file_context.
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
Added reset_selinux_file_context.
* src/useradd.c: Check the return value of
set_selinux_file_context and reset_selinux_file_context.
* libmisc/copydir.c: Check the return value of
reset_selinux_file_context.
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
instead of an int.
* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
* libmisc/tz.c: Fix some const issues.
* libmisc/tz.c: Avoid multi-statements lines.
* libmisc/tz.c: Add brackets.
* libmisc/copydir.c: Do not check *printf/*puts return value.
* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
fscreate context.
* libmisc/copydir.c: Use xmalloc instead of malloc.
* libmisc/copydir.c: Do not check lutimes return value
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c (iswheel): Return a bool instead of an int.
* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
* src/passwd.c: Return constant strings when sufficient.
* src/passwd.c: Do not check *printf/*puts return value.
* src/passwd.c: Avoid implicit conversion of character to boolean.
* src/passwd.c: Do not check sleep return value.
* src/sulogin.c: Do not check *printf/*puts return value.
* lib/encrypt.c: Do not check fprintf return value.
copy the extended attributes (the SELinux context is hence reset)
* src/usermod.c: Copy the extended attributes.
* src/useradd.c: Only reset the SELinux context.
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
* src/useradd.c: spool is a constant string.
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* src/usermod.c: move_home() is only called if mflg is set.
* src/usermod.c: Fail is -m is provided but the old home directory
is not a directory.
* src/usermod.c: Use the previous improvement of copy_tree to
provide better error diagnosis.
* src/usermod.c: When rename() is used, also change the ownership.
* src/usermod.c: Do not change the ownership of the root directory
twice.
* src/usermod.c: When -u is provided, only change the ownership of
the home directory if it is a directory.
* src/usermod.c: Also change ownerships when -g is used.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* lib/prototypes.h, libmisc/copydir.c: Add the old UID and GID to
copy_tree to detect when ownership shall be changed.
* libmisc/copydir.c: Document the behavior when the IDs are set to
-1.
* lib/prototypes.h, libmisc/copydir.c (copy_tree): Add parameter
copy_root.
* libmisc/copydir.c: error() and ctx can be static.
* libmisc/copydir.c (copy_hardlink): Remove parameter src.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/chowndir.c: Dynamically allocate memory to support
path longer than 1024 characters.
* libmisc/chowndir.c: Fix typos in documentation.
* libmisc/chowndir.c: Support and document the behavior when a old
or new ID is set to -1.
* libmisc/chowndir.c: Improved error detection when chown fails.
* libmisc/chowndir.c: Harmonize error handling strategy when an
error occurs: stop changing ownership as soon as an error was
detected.
* src/login_nopam.c: Limit the scope of variables end, lineno, i,
str_len.
* src/logoutd.c: Limit the scope of variable c.
* src/vipw.c: Re-indent.
* src/vipw.c: Close the file after the creation of the backup.
* src/useradd.c (set_default): Close input file on failure.
* src/useradd.c: Limit the scope of variables spool, file, fd, gr,
gid, mode.
* src/passwd.c: Limit the scope of variables last and ok.
* src/chage.c: Fix typo (non breaking space).
* src/login.c: Limit the scope of variables erasechar killchar, c,
failed.
* src/groups.c: Limit the scope of variable ngroups, pri_grp, i.
* src/id.c: Limit the scope of variable i.
they are already specified in number of days since Epoch. Return
-2 in case of errors to support the specification of -1.
* src/usermod.c, src/useradd.c: Adapt to the new error value of
strtoday().
* src/chage.c: Remove isnum(). Adapt to the new error value of
strtoday(). Support for numerical dates is moved to strtoday().
* src/pwck.c: Add support for TCB.
* src/pwck.c: Use spw_dbname() instead of spw_file since TCB
changes from a file to another depending on the user. Also use
pw_dbname() for consistency.
