- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
SIGSTOP handling. Raise the signal which stopped the child instead
of always SIGSTOP.
Import Debian patch 406_vipw_resume_properly.
Thanks to Dean Gaudet.
* NEWS, src/vipw.c: Resume properly after ^Z.
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
$(pamd_files). Remove the duplicate useradd. And sort
alphabetically. Thanks to Mark Rosenstand <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
files are unlocked on exit. Unlock locked files in fail_exit().
Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
also the GID of the passwd entries of the users whose primary
group is the group being modified.
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
configured to support split group but different group entries
have the name of the group to be deleted.
unlocked on exit. Add function fail_exit(). Use fail_exit()
instead of exit().
* src/groupdel.c: Fail immediately instead of increasing errors.
Better handling of error cases, like locked group or gshadow file.
to Christian Henz (http://bugs.debian.org/467488)
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
the group file and set the grent structure
* src/gpasswd.c (check_perms): The permissions should be checked
using both the gshadow and group file. Add a <struct group *>
parameter, and check if the gshadow file exists (is_shadowgrp).
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
the gshadow file is not present (sgent is not initialized in that
case). The fields of sgent can be set, but not used.
* src/newusers.c: The user's ID must be found before the group ID
to mimic useradd's behavior choices of UID and GID.
* src/newusers.c: Reuse the generic find_new_uid() and
find_new_gid() functions. This permits to respect the
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
* src/newusers.c: Check if the user or group exist using the
external databases (with the libc getpwnam/getgrnam functions).
Refuse to update an user which exist in an external database but
does not exist in the local database.
* src/newusers.c: Check the usernames and groupnames with
check_user_name() and check_group_name()
* src/newusers.c: Use isdigit() for readability.
* src/newusers.c: Check if numerical IDs are valid (no remaining
chars).
* NEWS, src/newusers.c: Fix the support for the NONE crypt method.
* src/newusers.c: Fix shadow group support (the list of admins was
not defined; it is now set to an empty list).
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
unknown GID (either the user was deleted during the user's newgrp
session or the user's passwd entry referenced an invalid group).
Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
password.
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
was already described in the useradd's Usage information.
changes, except for the following bug fix: no syslog logging if a passwd
or group file was specified on the command line without a shadowed
database file, even if the system shadowed database was changed).
* src/chage.c: New function: fail_exit(). Change most of the exit()
to a fail_exit, which makes sure the files are unlocked (new global
variables: pw_locked, spw_locked), the PAM transaction is ended, and
the failure is logged to libaudit (use a global user_name and user_uid
for logging).
* src/chage.c: Compilation fix for PAM support (pamh needs to be
global since the function split).
* src/chage.c: Document process_flags(), check_flags(), check_perms(),
open_files(), and close_files().
* src/chage.c: Split update_age() and get_defaults() out of main()
* src/chage.c: Drop the privileges just after opening the files.
* src/chage.c: Do not log to audit only if the user has an entry in
the shadow file.
* NEWS, src/chage.c (open_files): Also open the password file for
writing. This fix chage when the user only has a password entry (and
no shadow entries).
* src/chage.c (get_defaults): Use default values that don't change the
behavior of the account for the fields that are not specified when the
user has no shadow entry.
* NEWS, libmisc/setupenv.c: Export PATH according to ENV_PATH and
ENV_SUPATH, as for su. This impacts login.
* man/login.1.xml: PATH and SUPATH are now used both when PAM support
is disabled and enabled.
* NEWS: Document that usermod will now preserve user's file modification
and access time.
* libmisc/copydir.c: Preserve the access and modification time of copied
files. This is important for usermod. This will also impact useradd, for
the skeleton files, but this is not important.
* libmisc/copydir.c: Stop and return an error if a file could not be
closed after during a copy.
Thanks to Dan Kopecek <dkopecek@redhat.com>.
* src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but
the system default define in /Etc/login.defs. Thanks to Dan
Kopecek <dkopecek@redhat.com>.
* NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention
DES as the default algorithm.
* src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT
dependent code accordingly.
variable: MAX_MEMBERS_PER_GROUP. Used for the split groups support.
* lib/commonio.c, lib/commonio.h: Add an open_hook and close_hook
operation. They are called after the database is actually opened
and parse, or before it is closed.
* lib/groupio.c: Add an open_hook to merge split groups, and an
close group to split groups if MAX_MEMBERS_PER_GROUP is set.
This fixes gpasswd and chgpasswd when split groups are used.
* lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: No open or close
hooks for these databases. (unsure about what should be the gshadow
behavior for split groups)
gr_locate and sgr_locate. gpasswd write in the file database. Thus
it should read information from the file database, not using
getgrnam. The change to sgr_locate is just for consistency. This
requires opening the group databases (read only) using
gr_open/sgr_open.
* NEWS: Indicate that manpages should be re-generated if configure
option are changed, due to conditions.
shadow-4.0.18.1-sha256.patch. Thanks to Peter Vrabec. Hardly no changes
except re-indent and changes related to recent modifications (max_salt_len
in crypt_make_salt). Changes in lib/defines.h not applied (definition of
ENCRYPTMETHOD_SELECT). I will add a configure check or flag.
* NEWS: Applied Debian patch 409_man_generate_from_PO to
automatically generate the translated manpages from the POs.
* man/Makefile.am: Replace the individual rules for the generation
of the manpages (from XML) by a generic Makefile rule an
dependencies for the linked manpages.
glibc socket to flush the nscd tables. This comes from the RedHat
patch shadow-4.0.16-nscd.c.
* lib/commonio.c: Forbid inheritance of the passwd and group files
to the spawed processes (like nscd). This comes from the RedHat
patch shadow-4.0.17-notInheritFd.patch.
* lib/nscd.h: Update header.
spw_locked, gr_locked, and sgr_locked to indicate which files must
be unlocked.
* src/usermod.c (open_files, close_files): Open and close the
group files as well as the passwd files. This permit to check if
the group files modification are allowed before writing the passwd
files.
* src/usermod.c (grp_update, update_gshadow, update_group): Do not
return a status code, but call fail_exit() in case of error. The
group files are no more opened and closed in update_gshadow() and
update_group().
* src/usermod.c (main): move the call to grp_update between
open_files and close_files.
* src/usermod.c: Differentiate failure to add a group entry and
failure to add a shadow group entry.
* NEWS, lib/commonio.c (commonio_update): When an entry is updated, make
sure that there are no other entry with the same name. This fixes
an infinite loop in userdel and usermod when an (erroneous) group
file contains two entries with the same name.
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
right place (either 8th, or 11th position).
* NEWS, src/chgpasswd.c, src/chpasswd.c: The protocol + salt does
not need 15 chars. No need for a temporary buffer.
This change the fix committed on 2007-11-10. The salt provided to
pw_encrypt could have been too long.