* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
--preserve-environment. This sanitation was disabled on Debian
since quite some time with no reported issues, and sanitize_env()
documentation agrees that it should be useless as all modern
Unixes will handle setuid executables properly. This Fixes
Alioth#312287.
* src/su.c: Add more messages for translation.
* src/su.c: Ignore kill() return value when sending the TERM
signal. If it fails, a KILL should be sent anyway.
terminate (after sending a SIGTERM), and kill it only if it did
not terminate by itself. No delay will be enforced if the child
cooperates. See http://bugs.gentoo.org/282094
* NEWS, man/su.1.xml: Document su's exit values.
po/Makefile.in.in: Removing and restoring the config.xml file
broke parallel builds. Build the manpages based on *.xml-config
files instead of *.xml files. The *.xml do not include config.xml
anymore, which permits to run xml2po without needing to remove
config.xml. The config.xml is restored in the *.xml-config files.
* man/groupadd.8.xml: Implementation of the above.
* man/generate_mans.deps: Updated dependencies
spwd. (start with the primitive types)
* lib/shadowmem.c: Avoid memzero() on a possibly NULL pointer.
* lib/groupmem.c: Only copy the required fields of the struct
group. (start with the primitive types)
* lib/groupmem.c: Avoid memzero() on a possibly NULL pointer.
* lib/groupmem.c: Free gr_mem in addition to its elements.
* lib/sgroupio.c: The struct sgrp has no primitive types to be
copied initially.
* lib/sgroupio.c: Avoid memzero() on a possibly NULL pointer.
* lib/sgroupio.c: Free sg_mem and sg_add in addition to their
elements.
* lib/pwmem.c: Only copy the required fields of the struct
passwd. (start with the primitive types)
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
booleans for tests.
* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
src/groupmod.c, src/passwd.c: Use a break even after usage().
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if
SYS_?ID_MIN is already used but there are still dome gaps.
getpwent / getgrent for system accounts. Trying the low-IDs with
getpwuid / getgrgid should be more efficient on LDAP configured
systems with many accounts.
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
not limit the size of the buffer to hold the group or user
structure. It used to be limited to 16k, which caused issues with
groups having many users.
* man/su.1.xml: Improve the documentation of the su behavior
regarding environment variables.
* man/su.1.xml: Document that the login.defs file is used.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
* man/passwd.1.xml: passwd -u does not reset the expiry field.
* NEWS, src/userdel.c: When USERGROUPS_ENAB is enabled, remove the
user's group when the user was the only member. This is still not
complete, as the user could have been specified twice in the
members.
* NEWS, src/userdel.c: Do not fail when -r is used and the home
directory does not exist.
Harmonize formatting of login.defs and default/useradd variables.
Use an <option> tag.
* man/usermod.8.xml: Added reference to gshadow(5).
* man/login.defs.d/USERDEL_CMD.xml: Shorten the lines of the
USERDEL_CMD example.
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
man/groupmod.8.xml: Added warning: passwords set with these tools
may not respect the password policy.
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
running.
shell as a shell script when the direct execution of the user's
shell failed with ENOEXEC and the user's shell has a shebang. The
interpreter might not be the right one. Executing the user's
shell with sh -c might be better, but I'm not sure we should try
harder when there is a failure. Note: The removed code was only
included #ifndef __linux__.
with a NULL argument.
* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
was not meant as a storage for a path.
* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
of fgets errors. Lines shall end with a \n, unless we reached the
end of file.
* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
length. Added readlink_malloc().
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
man/login.defs.d/MD5_CRYPT_ENAB.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
enabled versions. These variables are only used for group
passwords in this case.
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
non_interactive_password and non_interactive_pam_conv do not need
to be externally visible.
* libmisc/pam_pass_non_interractive.c: Added declaration of
ni_conv.
* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
Added do_pam_passwd_non_interractive().
* src/chpasswd.c: Use do_pam_passwd_non_interractive().
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
* man/chpasswd.8.xml: Differentiate the files and configurations
needed for PAM and non PAM versions.
instead of only the username.
* src/chpasswd.c: PAM enabled chpasswd do may change the password
database (for the user where the password update succeeded) even
if there were a failure for one user. Do not indicate that changes
were ignored.
unlink() in case of failure of fopen_set_perms() or
create_backup().
* lib/commonio.c: Should the backup file be unlink'ed in case of
failure of create_backup()?
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
EXIT_SUCCESS instead of 0.
* libmisc/audit_help.c: Replace an fprintf() by fputs().
* libmisc/audit_help.c: Remove documentation of the audit_logger
returned values. The function returns void.
* libmisc/system.c: Only return status if waitpid succeeded.
Return -1 otherwise.
with PAM.
* src/chpasswd.c: Split the usage string in smaller parts to
allows enabling single parts.
* src/chpasswd.c: Do not set a global lock on the password files.
This is done by PAM each time a password is updated.