po/POTFILES.in: Add process_root_flag() to process the --root
option and chroot so that the chroot config is used and changes
are applied to the chroot.
* lib/prototypes, libmisc/basename.c (Basename): Input is a
constant string.
* lib/prototypes.h, lib/spawn.h, lib/spawn.c, src/userdel.c,
lib/nscd.c, lib/Makefile.am: Delete spawn.h. Move from spawn.h to
prototypes.h.
* src/userdel.c: Remove unused variables.
* lib/nscd.c: Remove unused header files.
* lib/nscd.c: Add the program name to error messages.
* lib/nscd.c: Indicate when nscd does not terminate normally (signal).
* lib/spawn.c: Updated header.
* lib/spawn.c: Flush stdout and stderr to avoid inheriting from
ongoing buffers.
* lib/spawn.c: Avoid implicit conversion of pointer to boolean.
* lib/spawn.c: Replace perror by a complete message.
* lib/spawn.c: Continue to wait for the child if another child
terminates.
* lib/prototypes.h: The name field from cleanup_info_mod is a
constant string. (username).
invalid configuration.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
comments.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
on the loop stop conditions. Stop if we passed the limit, even if
the limit itself was never noticed.
entry validity before commits to databases.
* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
lib.
* libmisc/copydir.c: Missing parenthesis in comment.
* libmisc/chowndir.c: Fixed memory leak on failed realloc().
* libmisc/chowndir.c: Make sure the buffer for the path is large
enough.
* libmisc/remove_tree.c: Remove check for NULL before free().
selinux_file_context renamed set_selinux_file_context.
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
Added reset_selinux_file_context.
* src/useradd.c: Check the return value of
set_selinux_file_context and reset_selinux_file_context.
* libmisc/copydir.c: Check the return value of
reset_selinux_file_context.
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
instead of an int.
* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
* libmisc/tz.c: Fix some const issues.
* libmisc/tz.c: Avoid multi-statements lines.
* libmisc/tz.c: Add brackets.
* libmisc/copydir.c: Do not check *printf/*puts return value.
* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
fscreate context.
* libmisc/copydir.c: Use xmalloc instead of malloc.
* libmisc/copydir.c: Do not check lutimes return value
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c (iswheel): Return a bool instead of an int.
* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
* src/passwd.c: Return constant strings when sufficient.
* src/passwd.c: Do not check *printf/*puts return value.
* src/passwd.c: Avoid implicit conversion of character to boolean.
* src/passwd.c: Do not check sleep return value.
* src/sulogin.c: Do not check *printf/*puts return value.
* lib/encrypt.c: Do not check fprintf return value.
copy the extended attributes (the SELinux context is hence reset)
* src/usermod.c: Copy the extended attributes.
* src/useradd.c: Only reset the SELinux context.
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
* src/useradd.c: spool is a constant string.
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* src/usermod.c: move_home() is only called if mflg is set.
* src/usermod.c: Fail is -m is provided but the old home directory
is not a directory.
* src/usermod.c: Use the previous improvement of copy_tree to
provide better error diagnosis.
* src/usermod.c: When rename() is used, also change the ownership.
* src/usermod.c: Do not change the ownership of the root directory
twice.
* src/usermod.c: When -u is provided, only change the ownership of
the home directory if it is a directory.
* src/usermod.c: Also change ownerships when -g is used.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* lib/prototypes.h, libmisc/copydir.c: Add the old UID and GID to
copy_tree to detect when ownership shall be changed.
* libmisc/copydir.c: Document the behavior when the IDs are set to
-1.
* lib/prototypes.h, libmisc/copydir.c (copy_tree): Add parameter
copy_root.
* libmisc/copydir.c: error() and ctx can be static.
* libmisc/copydir.c (copy_hardlink): Remove parameter src.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/chowndir.c: Dynamically allocate memory to support
path longer than 1024 characters.
* libmisc/chowndir.c: Fix typos in documentation.
* libmisc/chowndir.c: Support and document the behavior when a old
or new ID is set to -1.
* libmisc/chowndir.c: Improved error detection when chown fails.
* libmisc/chowndir.c: Harmonize error handling strategy when an
error occurs: stop changing ownership as soon as an error was
detected.
no more used.
* lib/groupmem.c: Limit the scope of variable i.
* lib/shadow.c: Avoid implicit conversion of pointers and integers
to booleans.
* lib/shadow.c: Added brackets.
* libmisc/limits.c: Limit the scope of variable tmpmask.
* libmisc/copydir.c: Close opened file on failure.
* libmisc/loginprompt.c: Limit the scope of variable envc.
* libmisc/find_new_uid.c, libmisc/find_new_gid.c: Limit the scope
of variable id.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for
infinite limits.
* NEWS, libmisc/limits.c, man/limits.5.xml: Add support for @group
syntax.
they are already specified in number of days since Epoch. Return
-2 in case of errors to support the specification of -1.
* src/usermod.c, src/useradd.c: Adapt to the new error value of
strtoday().
* src/chage.c: Remove isnum(). Adapt to the new error value of
strtoday(). Support for numerical dates is moved to strtoday().
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if
SYS_?ID_MIN is already used but there are still dome gaps.
getpwent / getgrent for system accounts. Trying the low-IDs with
getpwuid / getgrgid should be more efficient on LDAP configured
systems with many accounts.
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
not limit the size of the buffer to hold the group or user
structure. It used to be limited to 16k, which caused issues with
groups having many users.
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
running.
shell as a shell script when the direct execution of the user's
shell failed with ENOEXEC and the user's shell has a shebang. The
interpreter might not be the right one. Executing the user's
shell with sh -c might be better, but I'm not sure we should try
harder when there is a failure. Note: The removed code was only
included #ifndef __linux__.
with a NULL argument.
* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
was not meant as a storage for a path.
* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
of fgets errors. Lines shall end with a \n, unless we reached the
end of file.
* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
length. Added readlink_malloc().
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
non_interactive_password and non_interactive_pam_conv do not need
to be externally visible.
* libmisc/pam_pass_non_interractive.c: Added declaration of
ni_conv.
* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
Added do_pam_passwd_non_interractive().
* src/chpasswd.c: Use do_pam_passwd_non_interractive().
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
EXIT_SUCCESS instead of 0.
* libmisc/audit_help.c: Replace an fprintf() by fputs().
* libmisc/audit_help.c: Remove documentation of the audit_logger
returned values. The function returns void.
* libmisc/system.c: Only return status if waitpid succeeded.
Return -1 otherwise.
* libmisc/copydir.c: Added assert to help splint.
* libmisc/copydir.c: Free allocated structures in cas of failure.
* libmisc/copydir.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/copydir.c: Use buffers of size PATH_MAX instead of 1024
for filenames.
* libmisc/copydir.c: Use fchmod and fchown to change the mode of
the opened file.
* libmisc/copydir.c: Indicate the mode to open(), even if we chmod
later.
limit with getlog() / getulong(). This also means, in case of
non-PAM enabled systems, that the umask specified on the GECOS
fields should start with a 0 if specified in octal. (it used to be
force to octal). Do the appropriate cast and range checking.
* libmisc/setupenv.c: Added brackets and parenthesis.
* libmisc/setupenv.c: Ignore the return value of fclose (file
opened read-only)
* libmisc/setupenv.c: Ignore the return value of puts().
* libmisc/setupenv.c:Avoid implicit conversion of pointers to
booleans.
* libmisc/age.c: Added brackets and parenthesis.
* libmisc/age.c: Ignore the return value of fclose (file opened
read-only)
* libmisc/age.c: Ignore puts() return value.
* libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/age.c: Avoid assignments in comparisons.
used_gids.
* libmisc/find_new_gid.c: Use getdef_ulong and cast to git_t to
get GID values.
* libmisc/find_new_gid.c: Use UL as a prefix for ulong values.
* libmisc/find_new_uid.c: Likewise.
default to 32.
* libmisc/chkname.c: Use USER_NAME_MAX_LENGTH.
* src/login.c: Use USER_NAME_MAX_LENGTH instead of the default 32.
username also needs to be bigger than USER_NAME_MAX_LENGTH because
it has to be nul-terminated.
of global utent/utxent variables. Only reuse the ut_id and maybe
the ut_host fields from utmp.
* lib/prototypes.h, libmisc/utmp.c: Removed checkutmp(),
setutmp(), setutmpx().
* lib/prototypes.h, libmisc/utmp.c: Added get_current_utmp(),
prepare_utmp(), prepare_utmpx(), setutmp(), setutmpx().
* libmisc/utmp.c (is_my_tty): Only compare the name of the utmp
line with ttyname(). (No stat of the two terminals to compare the
devices).
* libmisc/utmp.c: Use getaddrinfo() to get the address of the
host.
* configure.in: Check for getaddrinfo().
* configure.in: Use AC_CHECK_MEMBERS to check for the existence of
fields in the utmp/utmpx structures.
* configure.in: Reject systems with utmpx support but no ut_id
field in utmp. This could be fixed later if needed.
* src/login.c: Use the new utmp functions. This also simplifies
the failtmp() handling.
* src/login.c: passwd_free() renamed to pw_free() and
shadow_free() renamed to spw_free()
username as first parameter of failtmp to avoid issues with
non-null terminated ut_user, unavailability of ut_user, incomplete
username (that should not happen currently).
SELinux user for user's login.
* NEWS, src/usermod.c, man/usermod.8.xml: Likewise.
* libmisc/system.c, libmisc/Makefile.am, lib/prototypes.h: Added
safe_system(). Used to run semanage.
* lib/prototypes.h, libmisc/copydir.c: Make a
selinux_file_context() an extern function.
* libmisc/copydir.c: Reset SELinux to create files with default
contexts at the end of copy_tree().
* NEWS, src/userdel.c: Delete the SELinux user mapping for user's
login.
never set ifndef USE_PAM. Change the prototype of setup_uid_gid()
when USE_PAM is not defined. This permits to remove add_groups
from PAM builds. setup_uid_gid is already subject to
HAVE_INITGROUPS.
ifndef USE_PAM.
* lib/prototypes.h: Remove the declaration of add_cons_grps(). The
function does not exist.
* libmisc/age.c (setup_uid_gid): is_console is never set ifndef
USE_PAM. Change the prototype of setup_uid_gid() when USE_PAM is
not defined. This permits to remove add_groups from PAM builds.
setup_uid_gid is already subject to HAVE_INITGROUPS.
* libmisc/pwd2spwd.c (pwd_to_spwd): pwd_to_spwd() is not used in
PAM builds.
src/passwd.c, src/pwck.c, src/pwconv.c, src/useradd.c,
src/usermod.c: On Jan 01, 1970, do not set the sp_lstchg field to
0 (which means that the password shall be changed during the next
login), but use -1 (password aging disabled).
* src/passwd.c: Do not check sp_min if sp_lstchg is null or -1.
messages not related to an account.
* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
cleanup functions to be executed on exit.
* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
report success to audit and syslog when the changes are committed
to the system. Do not log failure for on-memory changes to audit
or syslog. Make sure failures and inconsistencies will be reported
in case of unexpected failures (e.g. malloc failures). Only
specify an audit message if it is not implicitly implied by the
type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
configure option. The configure behavior encoded is:
<no option> -> default of 16 (like today);
--with-group-name-max-length -> default of 16;
--without-group-name-max-length -> no max length;
--with-group-name-max-length=n > max is set to n.
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
entry if the pid matches and ut_line matches with the current tty.
This fixes a possible DOS when entries can be forged in the utmp
file.
* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
does not need this argument anymore.
* src/pwck.c: Only unlock files if they were locked before (e.g.
not in read-only mode).
* src/pwck.c: Quote the username in error messages (harmonization
with other messages).
* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
* libmisc/find_new_gid.c: Likewise.
Thanks to Peter Vrabec.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
index of used IDs to avoid a database request for each id in the
allowed range (when the highest allowed ID is already used).
This speedups the addition of users or groups when the highest
allowed ID is already used. The additional memory usage of the
tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
reasonable number.
undefining some configuration macros when the file is included
multiple times.
* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrgid.c, libmisc/xgetgrnam.c, libmisc/xgetspnam.c:
Include <config.h> from teh compiled C file, not the included
getXXbyYY.c.
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
shadow_audit_result for the result argument of audit_logger().
This permits stronger type checking and a better readability of
the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
of 0 or 1 in audit_logger().
* configure.in, libmisc/copydir.c: futimes() and lutimes() are not
standard. Check if they are implemented before using them. Do not
set the time of links if lutimes() does not exist, and use
utimes() as a replacement for futimes().
the list, not adduser. This fixes a segmentation fault for every
call of groupmems -d.
* libmisc/list.c: Add assertions to help identifying these issues.
* libmisc/list.c: Avoid implicit conversion of pointers to
booleans.
booleans.
* libmisc/env.c: Add brackets and parenthesis.
* libmisc/env.c: Ignore the return value of puts() and fputs().
* libmisc/env.c: Avoid multi-statements lines.
booleans.
* libmisc/utmp.c: Add brackets and parenthesis.
* libmisc/utmp.c: Exit with the EXIT_FAILURE status code in case
of failure.
* libmisc/utmp.c: Avoid assignments in comparisons.
* lib/prototypes.h, libmisc/utmp.c: Change setutmp()'s prototype
to return an int because pututline() and pututxline() may fail.
* libmisc/limits.c: Avoid implicit conversion of pointers /
integers to booleans.
* libmisc/limits.c: Ignore the return value of umask(). We will
never return to the original umask.
* libmisc/limits.c: Avoid multi-statements lines.
* libmisc/limits.c: Added default to a switch(). Report invalid
limit strings to syslog.
* libmisc/limits.c: Ignore the return value of fclose().
/etc/limits is open read-only.
* libmisc/limits.c: Ignore the return value of fputs() and
sleep().
* libmisc/limits.c: Check the return value of nice() and
set_filesize_limit(), and report errors to syslog.
* libmisc/ulimit.c, lib/prototypes.h: Return failures of
set_filesize_limit(). Change the prototype to return an int
instead of void.
libmisc/find_new_uid.c, libmisc/Makefile.am, lib/prototypes.h:
Split find_new_ids.c into find_new_gid.c and find_new_uid.c to
ease the description of login.defs variables in the different
tools.
reading or writing at an unspecified location. Log to syslog in
case of failure when reading a faillog entry or writing in
faillog or btmp.
* libmisc/failure.c: Check if the file exist before opening it.
* libmisc/failure.c: Log failures of open() and close() when
necessary.
prototypes.
* libmisc/copydir.c: Use a size_t for the length of strings.
* libmisc/copydir.c: Cast the return value of malloc().
* libmisc/copydir.c: The size argument of write() is a size_t.
* libmisc/log.c: Add brackets and parenthesis.
* libmisc/log.c: read() returns a ssize_t (note size_t).
* libmisc/log.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/log.c: Ignore return value of time() when use with a
non NULL argument.
* libmisc/age.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/age.c: Avoid assignments in comparisons.
* libmisc/age.c: Ignore the return value of printf(), puts(),
fputs() and fflush().
* libmisc/age.c: Add brackets and parenthesis.
* libmisc/age.c: Cast the return value of time() to long and
converted to a date.
Propagate this time to the callers (the get_remote_string() and
do_rlogin() functions).
* libmisc/rlogin.c: Add brackets and parenthesis.
* libmisc/rlogin.c: Avoid multi-statements lines.
* libmisc/rlogin.c: Avoid assignments in comparisons.
* libmisc/rlogin.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/failure.c: read() returns a ssize_t.
* libmisc/failure.c: Add brackets and parenthesis.
* libmisc/failure.c: Ignore return value of time() when use with a
non NULL argument.
libmisc/loginprompt.c, libmisc/ttytype.c, libmisc/tz.c,
src/login_nopam.c, src/chpasswd.c, src/chgpasswd.c, lib/port.c:
The size argument of fgets is an int, not a size_t.
* libmisc/loginprompt.c: Ignore the return value from signal()
when the signal handlers are restored.
* src/chpasswd.c: Cast the return value of time() to a long
integer.
* src/chpasswd.c: Use the SCALE macro instead of (24L * 3600L)
for the values to be set in /etc/shadow.
The default parameter should also be a bool.
* libmisc/console.c: Add brackets and parenthesis.
* libmisc/console.c: Avoid assignments in comparisons.
* libmisc/console.c: Change console() prototype to return a bool.
* libmisc/ttytype.c: Avoid assignments in comparisons.
* libmisc/ttytype.c: Add brackets and parenthesis.
* libmisc/ttytype.c: The return values of fclose is not checked on purpose.
* libmisc/loginprompt.c: Add brackets.
* libmisc/loginprompt.c: Avoid assignments in comparisons.
* libmisc/loginprompt.c: The return values of fclose and fflush are not checked on purpose.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
the file. Do not check the first character of the line first. This
is simpler and match better with the HUSHLOGIN_FILE documentation.
check_user_name) renamed to is_valid_user_name (resp.
is_valid_group_name). is_valid_user_name and is_valid_group_name
return a bool.
* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
and is_valid_group_name, following above change.
* libmisc/chkname.c: Avoid implicit conversion of chars to
booleans. Add brackets and parenthesis.
followed by rmdir to remove the directory itself, delete also the
root directory in remove_tree.
* src/userdel.c, src/usermod.c: Do not call rmdir after
remove_tree.
with post increments (x++), use of integers as booleans, and
explicitly mark blocks with brackets.
* libmisc/copydir.c: Likewise.
* libmisc/fields.c: Add comments.
* libmisc/copydir.c: Mark function whose return value is not
checked as such.
* libmisc/copydir.c (remove_tree): Make sure unlink is successful
when removing files.
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
* libmisc/pam_pass.c: Be more verbose and indicate that the
password was not changed when pam_chauthtok fails (in addition to
the PAM error, which may not be comprehensible for the users).
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
src/chsh.c: Fix call to puts (remove end of line, or use fputs).
* po/*.po: Unfuzzy PO files according to above change.
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
SHADOWGRP is defined.
SHA_salt_size(), and SHA_salt_rounds().
* libmisc/salt.c: l64a() and gensalt() are static.
* libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a
const. (ditto for the method variable).
* libmisc/salt.c: SHA_salt_rounds returns a const string.
* libmisc/salt.c: Avoid warnings with cast of random() to double.
* libmisc/salt.c: Replace rand() by random().
similar(), and simple() as unused.
* libmisc/loginprompt.c: Tag the `sig' parameter of login_exit()
as unused.
* src/expiry.c: Tag the `sig' parameter of catch_signals() as
unused.
* src/su.c: Tag the `sig' parameter of catch_signals() as unused.
* src/su.c: Add int parameter to the prototype of oldsig().
* src/login.c: Tag the `sig' parameter of alarm_handler() as
unused.
* src/sulogin.c: Tag the `sig' parameter of catch_signals() as
unused.
* libmisc/getdate.y: Tag the `string' parameter of yyerror() as
unused.
* libmisc/getdate.y: The string provided to yyerror() is const.
* libmisc/getdate.y: Fix the prototypes of yylex() and yyerror().
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
* lib/prototypes.h: Typo: login.c -> loginprompt.c
* src/login.c: Remove declaration of dolastlog().
* libmisc/log.c: dolastlog() should not have been changed to static.
Include prototypes.h instead.
and "pwauth.h" only when compiled without PAM support.
* src/chfn.c, src/chsh.c: Do not include <shadow.h>
* lib/commonio.c: Do not include <shadow.h>. Do not include
<pwd.h>. Include "nscd.h" instead of <nscd.h>.
* configure.in: Do not check if shadow.h exist, but make sure it
exists.
* libmisc/pwdcheck.c, src/chfn.c, src/chsh.c, lib/defines.h,
lib/shadowmem.c, lib/shadowio.c, lib/commonio.c:
HAVE_SHADOW_H is no more needed (shadow.h should always exist).
gid parameters can be set to -1 to indicate that the original
owners must be kept. Change the types from uid_t/gid_t to a
long int (signed).
* libmisc/copydir.c: Change the copy_entry(), copy_dir(),
copy_symlink(), copy_special(), and copy_file() prototypes
accordingly.
* lib/prototypes.h: Add the parameters' name for the
libmisc/copydir.c functions.
* libmisc/copydir.c: Split copy_tree() in more maintainable functions:
copy_entry(), copy_dir(), copy_symlink(), copy_hardlink(),
copy_special(), and copy_file().
* libmisc/copydir.c: -1 is used to indicate an error, directly set err
to -1, instead of incrementing it, and checking if not nul at the
end.
* NEWS, libmisc/setupenv.c: Export PATH according to ENV_PATH and
ENV_SUPATH, as for su. This impacts login.
* man/login.1.xml: PATH and SUPATH are now used both when PAM support
is disabled and enabled.
* libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c,
src/pwck.c: move yes_or_no() from grpck/pwck to a separate
libmisc/yesno.c (with a read_only argument).
* libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before
reading the user's answer.
* NEWS: Document that usermod will now preserve user's file modification
and access time.
* libmisc/copydir.c: Preserve the access and modification time of copied
files. This is important for usermod. This will also impact useradd, for
the skeleton files, but this is not important.
* libmisc/copydir.c: Stop and return an error if a file could not be
closed after during a copy.
default. Keeping the feature enabled is safe. Disabling it permits
to disable the references to the SHA256 and SHA512 password
encryption algorithms from the usage help and manuals (in addition
to the support for these algorithms in the code).
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is
always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT
preprocessor condition.
* libmisc/obscure.c, libmisc/salt.c, src/newusers.c,
src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and
SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a
subset of the ENCRYPTMETHOD_SELECT sections).