* src/chgpasswd.c: Added support for syslog.
* src/chgpasswd.c: Report failure to unlock files to stderr and
syslog.
* src/chgpasswd.c: Simplify the PAM error handling.
* src/chgpasswd.c: Report failure during *_close() to syslog.
* src/chgpasswd.c: Ignore the return value or pam_end().
gshadow to stderr.
* src/userdel.c: Fail in case of failure during the write of a
user or group database. Report errors to syslog.
* src/userdel.c: Do not unlock non locked files.
* src/userdel.c: Report failure to unlock the passwd or shadow
file to stderr and syslog.
file to stderr and syslog.
* src/newusers.c: In case of error when files are open or closed,
indicate the failing file.
* src/newusers.c: Do not try to unlock the files manually since
this is done in fail_exit.
locked. Report failures to unlock to stderr and syslog.
* src/chfn.c: Is case of failure, use fail_exit() rather than
exit().
* src/chfn.c: Ignore the return value of pam_end().
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
Added *_dbname() functions to retrieve the name of the databases.
* lib/groupio.c, lib/groupio.h, lib/pwio.c, lib/pwio.h,
lib/sgroupio.c, lib/sgroupio.h, lib/shadowio.c, lib/shadowio.h:
*_name() functions renamed *setname().
* src/grpck.c, src/pwck.c: Likewise.
* lib/groupio.h, lib/pwio.h, lib/sgroupio.h, lib/shadowio.h: Added
the name of the arguments to the prototypes.
* src/chage, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c:
Harmonize the erro & syslog messages in case of failure of the
*_lock(), *_open(), *_close(), *_unlock(), *_remove() functions.
* src/chgpasswd.c, src/chpasswd.c, src/usermod.c: Avoid
capitalized messages.
* src/chpasswd.c, src/useradd.c, src/usermod.c: Harmonize messages
in case of inexistent entries.
* src/usermod.c: Harmonize messages in case of already existing
entries.
* src/newusers.c, src/useradd.c: Simplify PAM error handling.
* src/useradd.c: Report failures to unlock files (stderr, syslog,
and audit). But do not fail (continue).
* src/useradd.c (open_files): Do not report to syslog & audit
failures to lock or open the databases. This might be harmless,
and the logs were not already informed that a change was
requested.
* src/usermod.c: It's not the account which is unlocked, but its
password.
group or gshadow files were previously locked.
* src/groupadd.c: Make sure failures are reported to syslog/audit
after the change is mentioned.
* src/groupmod.c: Add logging to syslog & audit on lock/unlock
failures.
* src/groupmod.c: Make sure issues are reported to syslog or audit
after the change is mentioned.
* src/groupdel.c: Only call gr_unlock() and sgr_unlock() in the
group or gshadow files were previously locked.
* src/groupdel.c: Simplify the handling of PAM errors.
src/groupmod.c, src/grpck.c, src/login.c, src/logoutd.c,
src/newgrp.c, src/newusers.c, src/passwd.c, src/pwck.c,
src/suauth.c, src/useradd.c, src/userdel.c, src/usermod.c,
src/vipw.c: Complete the switch from the `' quotation style to ''.
Do it also in SYSLOG messages. Quote some parameters. All this
permits to merge some messages.
* src/groupmems.c: Added Prog global variable to indicate the name
of the program in error messages.
2008-07-22 Lukáš Kuklínek <lkukline@redhat.com>
* NEWS, src/groupmems.c: Check if the user added to group actually
exist. RedHat bug #455603
* NEWS, src/groupmems.c: Check if the group exists in the group
local database (/etc/group). RedHat bug #456088
effects. This avoid checking if the user exists in the local passwd
file if not necessary, and thus allow to add LDAP users to local
groups. (The user is already checked against the system
configuration with getpwnam()). Thanks to Dan Kopecek.
update_faillog(). Report errors (but don't fail) if the file
exist, but open(), lseek(), read(), write(), or close() fails.
* src/usermod.c: Add brackets and parenthesis.
* src/usermod.c: Ignore the return value of pam_end() before
exiting.
* src/usermod.c: Ignore the return value of strftime(),
snprintf(), and puts().
* src/usermod.c: Check the return value of gmtime() and asctime(),
and output the raw time_t on failures.
booleans.
* libmisc/env.c: Add brackets and parenthesis.
* libmisc/env.c: Ignore the return value of puts() and fputs().
* libmisc/env.c: Avoid multi-statements lines.
booleans.
* libmisc/utmp.c: Add brackets and parenthesis.
* libmisc/utmp.c: Exit with the EXIT_FAILURE status code in case
of failure.
* libmisc/utmp.c: Avoid assignments in comparisons.
* lib/prototypes.h, libmisc/utmp.c: Change setutmp()'s prototype
to return an int because pututline() and pututxline() may fail.
* libmisc/limits.c: Avoid implicit conversion of pointers /
integers to booleans.
* libmisc/limits.c: Ignore the return value of umask(). We will
never return to the original umask.
* libmisc/limits.c: Avoid multi-statements lines.
* libmisc/limits.c: Added default to a switch(). Report invalid
limit strings to syslog.
* libmisc/limits.c: Ignore the return value of fclose().
/etc/limits is open read-only.
* libmisc/limits.c: Ignore the return value of fputs() and
sleep().
* libmisc/limits.c: Check the return value of nice() and
set_filesize_limit(), and report errors to syslog.
* libmisc/ulimit.c, lib/prototypes.h: Return failures of
set_filesize_limit(). Change the prototype to return an int
instead of void.
libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h:
Split find_new_ids.c into find_new_gid.c and find_new_uid.c to
ease the description of login.defs variables in the different
tools.
booleans.
* lib/defines.h: Ignore return values of setlocale() except the
first call.
* lib/defines.h: Fix a splint observer warning by using an
intermediate variable (old_locale).
reading or writing at an unspecified location. Log to syslog in
case of failure when reading a faillog entry or writing in
faillog or btmp.
* libmisc/failure.c: Check if the file exist before opening it.
* libmisc/failure.c: Log failures of open() and close() when
necessary.
* src/lastlog.c: umin and umax do not need to be signed long. Use
an unsigned long which might be needed to parse a GID or UID. Add
the has_umin and has_umax to replace the -1 values.
* src/lastlog.c: Cast dates to time_t.
* src/lastlog.c: Prefix lastlog errors with "lastlog: ".
value of spwd.sp_flag.
* lib/shadow.c: Add brackets.
* lib/shadow.c: Avoid implicit conversion of pointers to
booleans.
* lib/shadow.c: The size argument of fgets is an int, not a
size_t.
* lib/gshadow.c: Remove __setsgNIS() -never used).
* lib/gshadow.c: Avoid multi-statements lines.
* lib/gshadow.c: Avoid assignments in comparisons.
* lib/gshadow.c: ptr[nelem] is a string. Initialize it to NULL
instead of '\0'.
* lib/gshadow.c: Add brackets and parenthesis.
* lib/gshadow.c: The size argument of strncpy is a size_t and the
size argument of fgets is an int.
* lib/getdef.c: Added TODOs because of lack of error checking.
* lib/getdef.c: The size argument of fgets is an int, not a
size_t.
* lib/getdef.c: Avoid multi-statements lines.
* src/login.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/login.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
prototypes.
* src/chage.c: The ID argument of audit_logger is an unsigned
int. Use AUDIT_NO_ID instead of -1.
* src/chage.c: print_date() received a time_t.
* src/chage.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spwent.sp_flag.
unsigned long integers.
* src/pwck.c: Cast number of days to a long integer.
* src/pwck.c: Use the SCALE macro instead of (24L * 3600L)
for the values to be set in /etc/shadow.
* src/pwck.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
int. Use AUDIT_NO_ID instead of -1.
* src/groupmod.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/groupmod.c: Cast the parsed GID/UID to a gid_t/uid_t.
int. Use AUDIT_NO_ID instead of -1.
* src/useradd.c: Cast the parsed GID/UID to a gid_t/uid_t.
* src/useradd.c: The size argument of fgets is an int, not a
size_t.
* src/useradd.c: Cast number of days to a long integer.
* src/useradd.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
* src/useradd.c: Use a %lu format and cast group and user IDs to
unsigned long integers.
* src/newusers.c: Comment why we use both getgrgid() and
gr_locate_gid().
* src/newusers.c: Cast the parsed GID/UID to a gid_t/uid_t.
* src/newusers.c: Cast the number of days to a long integer.
* src/newusers.c: Use SHADOW_SP_FLAG_UNSET for the initial
value of spent.sp_flag.
* src/newusers.c: The size argument of fgets is an int, not a
size_t.
long integer.
* src/usermod.c: Cast UIDs and GIDs to uid_t and gid_t after
checking the ranges.
* src/usermod.c: The ID argument of audit_logger is an unsigned
int.
* src/usermod.c: read() returns a ssize_t.
* src/usermod.c: Cast the return value of malloc and make sure it
receives a size_t.
int.
* src/gpasswd.c: Ignore the return value of signal(). The signal
handlers are only changed for the last steps of gpasswd, and there
is no need to restore them.
unsigned long integers.
* src/newgrp.c: The ID argument of audit_logger is an unsigned
int.
* src/newgrp.c: Ignore the return value of signal() (the signal
handlers are assumed to be the default one and are restored
later).
* src/newgrp.c: Do not checl if a pid_t is < 0, check if equal
to (pid_t)-1.
prototypes.
* libmisc/copydir.c: Use a size_t for the length of strings.
* libmisc/copydir.c: Cast the return value of malloc().
* libmisc/copydir.c: The size argument of write() is a size_t.
might be defined in this header file.
* lib/defines.h: Prefer checking if HAVE_LOCALE_H or ENABLE_NLS
are defined (rather than set to non 0).
* lib/defines.h: The dummy implementations of bindtextdomain() and
textdomain() should return a pointer. Return NULL instead of
/* empty */
* lib/defines.h: Define SHADOW_SP_FLAG_UNSET, to be used for the
initialization of sp_flag field of the shadow structures.
* lib/defines.h: Define LC_ALL, needed even if HAVE_LOCALE_H is
not defined.
* libmisc/log.c: Add brackets and parenthesis.
* libmisc/log.c: read() returns a ssize_t (note size_t).
* libmisc/log.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/log.c: Ignore return value of time() when use with a
non NULL argument.
* libmisc/age.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/age.c: Avoid assignments in comparisons.
* libmisc/age.c: Ignore the return value of printf(), puts(),
fputs() and fflush().
* libmisc/age.c: Add brackets and parenthesis.
* libmisc/age.c: Cast the return value of time() to long and
converted to a date.
Propagate this time to the callers (the get_remote_string() and
do_rlogin() functions).
* libmisc/rlogin.c: Add brackets and parenthesis.
* libmisc/rlogin.c: Avoid multi-statements lines.
* libmisc/rlogin.c: Avoid assignments in comparisons.
* libmisc/rlogin.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/failure.c: read() returns a ssize_t.
* libmisc/failure.c: Add brackets and parenthesis.
* libmisc/failure.c: Ignore return value of time() when use with a
non NULL argument.
* src/su.c: Add brackets and parenthesis.
* src/su.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/su.c: Ignore the return value of pam_end() before
exiting.
* src/su.c: Avoid assignments in comparisons.
* src/su.c: Avoid multi-statements lines.
* lib/nscd.c: Always warn when the nscd cache cannot be flushed.
* lib/nscd.c: Avoid assignments in comparisons.
* lib/nscd.c: Ignore the return value of fputs() when printing
errors.
* lib/port.c: Change isttytime() prototype to return a bool.
* lib/port.c: Ignore the return value of fclose () (file open
read-only).
* lib/port.c: Avoid multi-statements lines.
and printf().
* src/id.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/id.c: Add brackets and parenthesis.
* src/id.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/chsh.c: restricted_shell() renamed is_restricted_shell().
check_shell() renamed shell_is_listed().
* src/chsh.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/chsh.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/chsh.c: Ignore the return value of pam_end() before
exiting.
integers.
* src/grpunconv.c: Add brackets and parenthesis.
* src/grpunconv.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpunconv.c: Avoid implicit conversion of pointers / integers
to booleans.
bindtextdomain(), and textdomain().
* src/sulogin.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/sulogin.c: Avoid assignments in comparisons.
* src/sulogin.c: Ignore the return value of alarm().
* src/groups.c: Add brackets and parenthesis.
* src/groups.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/groups.c: Avoid assignments in comparisons.
* src/groups.c: Ignore the return value of putchar(), printf()
* src/groups.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpconv.c: Add brackets and parenthesis.
* src/grpconv.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/grpconv.c: Avoid implicit conversion of pointers / integers
to booleans.
* src/faillog.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/faillog.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/faillog.c: Add brackets and parenthesis.
* src/login.c: Ignore the return value of pam_end() before
exiting.
* src/login.c: Use a bool when possible instead of int integers.
* src/login.c: Add brackets and parenthesis.
* src/login.c: Ignore the return values of fflush(), putchar(), puts().
* src/login.c: Ignore the return value of fclose() for read-only
files.
* src/login.c: Avoid assignments in comparisons.
* src/login.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
integers.
* src/groupadd.c: Add brackets and parenthesis.
* src/groupadd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/groupadd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/groupadd.c: Ignore the return value of pam_end() before
exiting.
* src/passwd.c: Avoid assignments in comparisons.
* src/passwd.c: Add brackets and parenthesis.
* src/passwd.c: Avoid implicit conversion of pointers / integers /
chars to booleans.
* src/passwd.c: Move the "context_t c" declaration at the
beginning check_selinux_access.
* src/passwd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
integers.
* src/groupmod.c: Avoid assignments in comparisons.
* src/groupmod.c: Add brackets and parenthesis.
* src/groupmod.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/groupmod.c: Use a %lu format to print GIDs, and cast the GID
to (unsigned long int).
* src/groupmod.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/groupmod.c: Ignore the return value of pam_end() before
exiting.
* src/useradd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/useradd.c: Add brackets and parenthesis.
* src/useradd.c: Avoid assignments in comparisons.
* src/useradd.c: Ignore the return value of fclose() for read-only
files.
* src/useradd.c: Ignore the return value of fflush() before
closing the files.
* src/useradd.c: Avoid multi-statements lines.
* src/useradd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/useradd.c: Ignore the return value of pam_end() before
exiting.
* src/vipw.c: Ignore the return value of umask(), when the mask is
set again to the old value.
* src/vipw.c: Avoid implicit conversion of pointers / integers to
booleans.
* src/vipw.c: Add brackets and parenthesis.
* src/vipw.c: Avoid assignments in comparisons.
* src/vipw.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/vipw.c: Add missing termination of the longopts parameter
for getopt_long().
integers.
* src/chgpasswd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/chgpasswd.c: Avoid implicit conversion of integers to
booleans.
integers.
* src/groupdel.c: Avoid implicit conversion of pointers / integers to
booleans.
* src/groupdel.c: Avoid assignments in comparisons.
* src/groupdel.c: Ignore the return value of pam_end() before
exiting.
* src/groupdel.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
bindtextdomain(), and textdomain().
* src/expiry.c: Add brackets and parenthesis.
* src/expiry.c: Avoid assignments in comparisons.
* src/expiry.c: Avoid implicit conversion of pointers to booleans.
* src/usermod.c: Add brackets and parenthesis.
* src/usermod.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/usermod.c: Avoid assignments in comparisons.
* src/usermod.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/usermod.c: Ignore the return value of pam_end() before
exiting.
long_options before the blocks of code.
* src/groupmems.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/groupmems.c: Ignore the return value of pam_end() before
exiting.
* src/chfn.c: Avoid implicit conversion of integers / chars to
booleans.
* src/chfn.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/logoutd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/logoutd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/logoutd.c: Add brackets and parenthesis.
integers.
* src/chpasswd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/chpasswd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/pwconv.c: Add brackets and parenthesis.
* src/pwconv.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/pwconv.c: Avoid implicit conversion of pointers / integers /
chars to booleans.
* src/newusers.c: Use a bool when possible instead of int
integers.
* src/newusers.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/newusers.c: Ignore the return value of pam_end() before
exiting.
* src/newusers.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/newusers.c: Avoid multi-statements lines.
* src/newusers.c: Add brackets and parenthesis.
* src/gpasswd.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/gpasswd.c: Ignore the return value of putchar() and fflush()
before exiting.
* src/gpasswd.c: check_list() renamed is_valid_user_list(), and
return a bool.
* src/gpasswd.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/lastlog.c: Avoid implicit conversion of pointers / integers
/ chars to booleans.
* src/lastlog.c: Add brackets and parenthesis.
* src/lastlog.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
deleted_user_group, was_member, was_admin, and the
options' flags.
* src/userdel.c: Change path_prefix() prototype to return a bool.
* src/userdel.c: Ignore return value of setlocale(),
bindtextdomain(), and textdomain().
* src/userdel.c: Ignore the return value from pam_end() since we
are exiting anyway just afterwards.
* src/userdel.c: Avoid implicit conversion of pointers /
integers / chars to booleans.
* src/userdel.c: Add brackets and parenthesis.
* src/userdel.c: Avoid assignments in comparisons.
* src/userdel.c: Do not ignore the return value of the *_unlock()
functions.
booleans true and false instead. Change the prototypes of
list_match(), user_match(), from_match(), and string_match()
accordingly. Also use booleans internally.
* src/login_nopam.c: Add brackets and parenthesis.
* src/login_nopam.c: Avoid implicit conversion of pointers /
integers / chars to booleans.
* src/login_nopam.c: Avoid assignments in comparisons.
The default parameter should also be a bool.
* libmisc/console.c: Add brackets and parenthesis.
* libmisc/console.c: Avoid assignments in comparisons.
* libmisc/console.c: Change console() prototype to return a bool.
* lib/sgroupio.c: Add brackets.
* lib/sgroupio.c: Avoid implicit conversion of pointers / integers to booleans.
* lib/sgroupio.c: The changed, isopen, locked, and readonly fields of the db are booleans.
* lib/sgroupio.h, lib/sgroupio.c: sgr_file_present returns a bool.
* lib/sgroupio.h: Add protection against multiple inclusions.
* lib/port.c: Avoid multiple statement on the same line.
* lib/port.c: Add brackets and parenthesis.
* lib/port.c: Avoid assignments in comparisons.
* lib/port.c: Fix typo comparision -> comparison (in comment).
* lib/commonio.h: Include defines.h to get the definition of bool.
* lib/commonio.h: commonio_present returns a bool
* lib/commonio.c: Implement above changes.
* lib/commonio.c: add argument names in prototypes.
* lib/commonio.c: name_is_nis returns a bool.
* lib/commonio.c: nscd_need_reload is a bool.
* lib/commonio.c: Improve types (use size_t / pid_t when needed instead of int).
* lib/commonio.c: Avoid assignments in comparisons.
* lib/commonio.c: Add brackets and parenthesis.
* lib/commonio.c: Avoid implicit conversion of pointers / integers to booleans
* lib/commonio.c: The return values of utime is not checked on purpose.
* libmisc/ttytype.c: Avoid assignments in comparisons.
* libmisc/ttytype.c: Add brackets and parenthesis.
* libmisc/ttytype.c: The return values of fclose is not checked on purpose.
* libmisc/loginprompt.c: Add brackets.
* libmisc/loginprompt.c: Avoid assignments in comparisons.
* libmisc/loginprompt.c: The return values of fclose and fflush are not checked on purpose.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
the file. Do not check the first character of the line first. This
is simpler and match better with the HUSHLOGIN_FILE documentation.
check_user_name) renamed to is_valid_user_name (resp.
is_valid_group_name). is_valid_user_name and is_valid_group_name
return a bool.
* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
and is_valid_group_name, following above change.
* libmisc/chkname.c: Avoid implicit conversion of chars to
booleans. Add brackets and parenthesis.
followed by rmdir to remove the directory itself, delete also the
root directory in remove_tree.
* src/userdel.c, src/usermod.c: Do not call rmdir after
remove_tree.
with post increments (x++), use of integers as booleans, and
explicitly mark blocks with brackets.
* libmisc/copydir.c: Likewise.
* libmisc/fields.c: Add comments.
* libmisc/copydir.c: Mark function whose return value is not
checked as such.
* libmisc/copydir.c (remove_tree): Make sure unlink is successful
when removing files.
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
* libmisc/pam_pass.c: Be more verbose and indicate that the
password was not changed when pam_chauthtok fails (in addition to
the PAM error, which may not be comprehensible for the users).
SIGSTOP handling. Raise the signal which stopped the child instead
of always SIGSTOP.
Import Debian patch 406_vipw_resume_properly.
Thanks to Dean Gaudet.
* NEWS, src/vipw.c: Resume properly after ^Z.
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
$(pamd_files). Remove the duplicate useradd. And sort
alphabetically. Thanks to Mark Rosenstand <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
files are unlocked on exit. Unlock locked files in fail_exit().
Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
also the GID of the passwd entries of the users whose primary
group is the group being modified.
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
configured to support split group but different group entries
have the name of the group to be deleted.
unlocked on exit. Add function fail_exit(). Use fail_exit()
instead of exit().
* src/groupdel.c: Fail immediately instead of increasing errors.
Better handling of error cases, like locked group or gshadow file.
to Christian Henz (http://bugs.debian.org/467488)
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
the group file and set the grent structure
* src/gpasswd.c (check_perms): The permissions should be checked
using both the gshadow and group file. Add a <struct group *>
parameter, and check if the gshadow file exists (is_shadowgrp).
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
the gshadow file is not present (sgent is not initialized in that
case). The fields of sgent can be set, but not used.
Document new variables.
* man/newusers.8.xml, man/login.defs.5.xml,
man/login.defs.d/GID_MAX.xml, man/login.defs.d/UID_MAX.xml:
newusers uses now the GID_MAX, GID_MIN, UID_MAX, UID_MIN,
SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
* man/groupadd.8.xml, man/login.defs.5.xml: groupadd uses now the
SYS_GID_MAX, and SYS_GID_MIN variables.
* man/login.defs.5.xml: useradd uses now the SYS_GID_MAX,
SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
* src/newusers.c: The user's ID must be found before the group ID
to mimic useradd's behavior choices of UID and GID.
* src/newusers.c: Reuse the generic find_new_uid() and
find_new_gid() functions. This permits to respect the
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
* src/newusers.c: Check if the user or group exist using the
external databases (with the libc getpwnam/getgrnam functions).
Refuse to update an user which exist in an external database but
does not exist in the local database.
* src/newusers.c: Check the usernames and groupnames with
check_user_name() and check_group_name()
* src/newusers.c: Use isdigit() for readability.
* src/newusers.c: Check if numerical IDs are valid (no remaining
chars).
* NEWS, src/newusers.c: Fix the support for the NONE crypt method.
* src/newusers.c: Fix shadow group support (the list of admins was
not defined; it is now set to an empty list).
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
src/chsh.c: Fix call to puts (remove end of line, or use fputs).
* po/*.po: Unfuzzy PO files according to above change.
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
SHADOWGRP is defined.
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
user_newinactive. It is more simple to always have user_<x> as the old
field, and user_new<x> as the new field (even if the field did not change)
instead of changing the algorithm depending on WITH_AUDIT.
unknown GID (either the user was deleted during the user's newgrp
session or the user's passwd entry referenced an invalid group).
Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
password.
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
was already described in the useradd's Usage information.
SHA_salt_size(), and SHA_salt_rounds().
* libmisc/salt.c: l64a() and gensalt() are static.
* libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a
const. (ditto for the method variable).
* libmisc/salt.c: SHA_salt_rounds returns a const string.
* libmisc/salt.c: Avoid warnings with cast of random() to double.
* libmisc/salt.c: Replace rand() by random().
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
similar(), and simple() as unused.
* libmisc/loginprompt.c: Tag the `sig' parameter of login_exit()
as unused.
* src/expiry.c: Tag the `sig' parameter of catch_signals() as
unused.
* src/su.c: Tag the `sig' parameter of catch_signals() as unused.
* src/su.c: Add int parameter to the prototype of oldsig().
* src/login.c: Tag the `sig' parameter of alarm_handler() as
unused.
* src/sulogin.c: Tag the `sig' parameter of catch_signals() as
unused.
* libmisc/getdate.y: Tag the `string' parameter of yyerror() as
unused.
* libmisc/getdate.y: The string provided to yyerror() is const.
* libmisc/getdate.y: Fix the prototypes of yylex() and yyerror().
SETXXENT_RET, and SETXXENT_TEST. They were used by the now
removed pwent.c and grent.c.
* Remove the definition of PASSWD_PAG_FILE,
GROUP_PAG_FILE, SHADOW_PAG_FILE, and SGROUP_PAG_FILE. They are
never used.
* Don't include "snprintf.h". The file does not
exist in shadow.
* Add new macro unused to tag unused parameters.
instead of K&R prototype.
* src/login_nopam.c: Fix the prototypes of list_match(),
user_match(), from_match(), string_match(). There were no
parameters in the prototypes.
* src/login_nopam.c: Fix the prototypes of the function parameter
match_fn of list_match().
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
* lib/prototypes.h: Typo: login.c -> loginprompt.c
* src/login.c: Remove declaration of dolastlog().
* libmisc/log.c: dolastlog() should not have been changed to static.
Include prototypes.h instead.
and "pwauth.h" only when compiled without PAM support.
* src/chfn.c, src/chsh.c: Do not include <shadow.h>
* lib/commonio.c: Do not include <shadow.h>. Do not include
<pwd.h>. Include "nscd.h" instead of <nscd.h>.
* configure.in: Do not check if shadow.h exist, but make sure it
exists.
* libmisc/pwdcheck.c, src/chfn.c, src/chsh.c, lib/defines.h,
lib/shadowmem.c, lib/shadowio.c, lib/commonio.c:
HAVE_SHADOW_H is no more needed (shadow.h should always exist).
changes, except for the following bug fix: no syslog logging if a passwd
or group file was specified on the command line without a shadowed
database file, even if the system shadowed database was changed).
* src/lastlog.c: Fix types, cast umin and umax to uid_t.
* src/lastlog.c: (option -u) user needs to be a signed long, not
uid_t (to accept rangees like -<uid>
gid parameters can be set to -1 to indicate that the original
owners must be kept. Change the types from uid_t/gid_t to a
long int (signed).
* libmisc/copydir.c: Change the copy_entry(), copy_dir(),
copy_symlink(), copy_special(), and copy_file() prototypes
accordingly.
* lib/prototypes.h: Add the parameters' name for the
libmisc/copydir.c functions.
The flags variables are now global.
* New functions: check_perms(), update_gecos(),
get_old_fields(), and check_fields() split out of main().
* Before pam_end(), the return value of the previous
pam API was already checked. No need to validate it again.
* src/chage.c: New function: fail_exit(). Change most of the exit()
to a fail_exit, which makes sure the files are unlocked (new global
variables: pw_locked, spw_locked), the PAM transaction is ended, and
the failure is logged to libaudit (use a global user_name and user_uid
for logging).
* src/chage.c: Compilation fix for PAM support (pamh needs to be
global since the function split).
* src/chage.c: Document process_flags(), check_flags(), check_perms(),
open_files(), and close_files().
* src/chage.c: Split update_age() and get_defaults() out of main()
* src/chage.c: Drop the privileges just after opening the files.
* src/chage.c: Do not log to audit only if the user has an entry in
the shadow file.
* NEWS, src/chage.c (open_files): Also open the password file for
writing. This fix chage when the user only has a password entry (and
no shadow entries).
* src/chage.c (get_defaults): Use default values that don't change the
behavior of the account for the fields that are not specified when the
user has no shadow entry.