2007-12-29 Nicolas François chage cleanups * src/chage.c: Before pam_end(), the return value of the previous pam API was already checked. No need to validate it again. * src/chage.c: main() split in new functions: process_flags(), check_flags(), check_perms(), open_files(), and close_files(). * src/chage.c: Avoid using a variable with the same name as a type. * src/chage.c: Remove dead code. It was probably put here to add more information to the audit_logger. * src/chage.c: Avoid implicit brackets. * src/chage.c: Avoid implicit conversion to booleans. 2007-12-28 Nicolas François Same changes for chgpasswd: * src/chgpasswd.c: Before pam_end(), the return value of the previous pam API was already checked. No need to validate it again. * src/chgpasswd.c: main() split in process_flags(), check_flags(), check_perms(), open_files(), and close_files(). * src/chgpasswd.c: Avoid assignments in comparisons. * src/chgpasswd.c: Avoid implicit brackets. * src/chgpasswd.c: Fix comments to match chgpasswd (group instead of user's passwords are changed). 2007-12-28 Nicolas François * src/chpasswd.c: Before pam_end(), the return value of the previous pam API was already checked. No need to validate it again. * src/chpasswd.c: New functions: process_flags(), check_flags(), check_perms(). Split out of main(). * src/chpasswd.c: Other new functions: open_files(), close_files(). This force flushing the password database after the password file is unlocked. * src/chpasswd.c: Avoid assignments in comparisons. * src/chpasswd.c: Avoid implicit brackets. 2007-12-28 Nicolas François * src/groupadd.c (find_new_gid): A group with the specified name cannot exist at that time. Remove the check. * src/groupadd.c (find_new_gid): If oflg is set, gflg is also set. Use (!gflg), which is clearer than (!gflg || !oflg). * src/groupadd.c (find_new_gid): find_new_gid is never called when an GID is specified with -g. Simplify find_new_gid accordingly. * src/groupadd.c (process_flags): prefer fail_exit to exit. This avoid an explicit call to audit_logger(). * src/groupadd.c (main): Before pam_end(), the return value of the previous pam API was already checked. No need to validate it again. * src/groupadd.c (main, check_perms): New function check_perms(). Split the validation of the user's permissions out of main() 2007-12-28 Nicolas François src/groupadd.c cleanup * src/groupadd.c (fail_exit): When compiled without AUDIT support, if the return code was E_SUCCESS, fail_exit() wouldn't have exited. Fix the scope of #idef WITH_AUDIT. * src/groupadd.c: Avoid implicit brackets. * src/groupadd.c: Split the processing and checking of options out of main() (process_flags). * src/groupadd.c: New function check_flags(). Split the validation of options and arguments out of process_flags. * src/groupadd.c: Add the parameters' names in the prototypes. 2007-12-27 Nicolas François libmisc/copydir.c cleanup * libmisc/copydir.c: Split copy_tree() in more maintainable functions: copy_entry(), copy_dir(), copy_symlink(), copy_hardlink(), copy_special(), and copy_file(). * libmisc/copydir.c: -1 is used to indicate an error, directly set err to -1, instead of incrementing it, and checking if not nul at the end. * libmisc/copydir.c: Avoid assignments in comparisons. * libmisc/copydir.c: Document selinux_file_context. * libmisc/copydir.c: Avoid implicit brackets. * libmisc/copydir.c: Avoid implicit conversions to booleans. 2007-12-27 Nicolas François gpasswd cleanup * src/gpasswd.c: Add argument name to the internal function prototypes. * src/gpasswd.c: Document global variables. * src/gpasswd.c: New function: process_flags(). Split the processing of options out of main(). * src/gpasswd.c: New functions: open_files(), close_files(), update_group(). Split out from main() to simplify this (too) big function. * src/gpasswd.c: New functions: check_perms(), get_group(), change_passwd(), check_flags(). Split out of main() to simplify main(). * src/gpasswd.c: Avoid implicit brackets. * src/gpasswd.c: Avoid assignments in comparisons. * src/gpasswd.c: Avoid implicit conversions to booleans. 2007-12-27 Nicolas François Merge Debian's patch 462_warn_to_edit_shadow * NEW, src/vipw.c: Recommend editing the shadowed (resp. regular) file if the regular (resp. shadowed) file was edited. 2007-12-26 Nicolas François Merge Debian's patch 451_login_PATH * NEWS, libmisc/setupenv.c: Export PATH according to ENV_PATH and ENV_SUPATH, as for su. This impacts login. * man/login.1.xml: PATH and SUPATH are now used both when PAM support is disabled and enabled. 2007-12-26 Nicolas François Merge Debian's patch 496_login_init_session * src/login.c, src/sulogin.c: If started as init, start a new session. 2007-12-26 Nicolas François Merge Debian's patch 408_passwd_check_arguments * NEWS, src/passwd.c: Make sure that no more than one username argument was provided. 2007-12-26 Nicolas François Merge Debian's patch 412_lastlog_-u_numerical_range * NEWS, src/lastlog.c, man/lastlog.8.xml: Accept numerical user, or ranges with the -u option. 2007-12-26 Nicolas François Merge Debian's patch 466_fflush-prompt * libmisc/Makefile.am, lib/prototypes.h, libmisc/yesno.c, src/grpck.c, src/pwck.c: move yes_or_no() from grpck/pwck to a separate libmisc/yesno.c (with a read_only argument). * libmisc/fields.c, libmisc/yesno.c: Make sure stdout is flushed before reading the user's answer. 2007-12-26 Nicolas François Merge Debian's patch 480_getopt_args_reorder * NEWS, src/su.c: su's arguments are now reordered. 2007-12-26 Nicolas François Merge RedHat's patch shadow-4.0.18.1-mtime.patch: * NEWS: Document that usermod will now preserve user's file modification and access time. * libmisc/copydir.c: Preserve the access and modification time of copied files. This is important for usermod. This will also impact useradd, for the skeleton files, but this is not important. * libmisc/copydir.c: Stop and return an error if a file could not be closed after during a copy. 2007-12-26 Nicolas François Cleanups: * src/useradd.c (find_new_gid): Check that gflg is not set (assert). * src/useradd.c (find_new_gid): Do not check the group name uniqueness (already checked in main). * src/useradd.c (find_new_gid): Avoid a "continue" in the loop. * src/useradd.c (find_new_gid): Remove irrelevant comments. * src/useradd.c (find_new_gid): Fix the function definition's comment. 2007-12-26 Nicolas François Merge RedHat's patch shadow-4.0.18.1-findNewUidOnce.patch: * src/useradd.c (usr_update): Do not call find_new_uid(). The UID was already either specified or found by another call to find_new_uid(). * src/useradd.c (find_new_uid): Always start with uid_min (find_new_uid() is never called when user_id was already specified). * src/useradd.c (find_new_uid): Fix the comments (find_new_uid() is not called when the UID is specified (uflg)). * src/useradd.c (main): Only call find_new_uid() if (!oflg) and (!uflg). If uflg is set (but not oflg), check the UID uniqueness. * src/useradd.c (find_new_uid): Don't check the uid and user name uniqueness in find_new_uid(). The user name uniqueness is already checked during the parameter validation. UID uniqueness is also checked (see above). * src/useradd.c (find_new_uid): Don't check uflg in find_new_uid(). * src/useradd.c (find_new_uid): Make sure that find_new_uid() is not called when uflg is set (assert). 2007-12-26 Nicolas François Merge RedHat's patch shadow-4.1.0-lOption.patch * NEWS, src/useradd.c, man/useradd.8.xml: Add option -l to avoid adding the user to the lastlog and faillog databases. 2007-12-26 Nicolas François * src/useradd.c, src/groupadd.c: NO_GETPWENT is no more supported. Remove associated chunks of code. 2007-12-26 Nicolas François * man/groupadd.8.xml: Document the long options (--force, --gid, --key, --non-unique). 2007-12-26 Nicolas François Merge RedHat's patch shadow-4.0.3-noinst.patch * NEWS, lib/Makefile.am: Do not install the shadow library per default. lib_LTLIBRARIES changed to noinst_LTLIBRARIES. 2007-12-09 Nicolas François * NEWS, configure.in: Prepare the 4.1.0 release. 2007-12-09 Nicolas François * NEWS, src/chgpasswd.c: Use chgpasswd PAM policy file instead of chpasswd's one. 2007-12-09 Nicolas François * man/pwconv.8.xml: Fix typos. * man/chpasswd.8.xml, man/chgpasswd.8.xml: Document the NONE crypt method. * man/login.defs.d/MAIL_DIR.xml: Add comment regarding useradd not using MAIL_FILE. * man/login.defs.d/ERASECHAR.xml, man/login.defs.d/KILLCHAR.xml, man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml: These variables are also used by some tools when compiled with PAM support. * man/login.defs.d/ENV_HZ.xml: Add note that it is only used by sulogin when compiled with PAM support. * man/login.defs.d/ENV_SUPATH.xml: Typos: ENV_PATH -> ENV_SUPATH, and mention sbin in the path. * man/login.defs.d/LOGIN_STRING.xml: Fix typo: confition -> condition. * man/sg.1.xml: Add CONFIGURATION section (SYSLOG_SG_ENAB). * man/su.1.xml: ENV_HZ, LOGIN_STRING, MAIL_DIR, USERGROUPS_ENAB are only used when su is compiled without PAM support. * man/login.defs.5.xml: Added variables: OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES SULOG_FILE SU_NAME SU_WHEEL_ONLY SYSLOG_SG_ENAB SYSLOG_SU_ENAB. * man/login.defs.5.xml: ENVIRON_FILE is only used when compiled without PAM support. * man/login.defs.5.xml: sulogin uses variables even when compiled with PAM support. * man/login.1.xml: ENV_HZ ENV_PATH ENV_SUPATH MAIL_DIR UMASK are only used when login is not compiled with PAM support. 2007-12-09 Nicolas François * src/login.c: Make sure is_console is only defined when USE_PAM is not defined. 2007-12-09 Nicolas François * libmisc/pwd2spwd.c: Fix time() prototype. 2007-12-08 Nicolas François * man/login.defs.d/CONSOLE_GROUPS.xml, man/login.defs.d/CONSOLE.xml, man/login.defs.d/DEFAULT_HOME.xml, man/login.defs.d/ENV_HZ.xml, man/login.defs.d/ENVIRON_FILE.xml, man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml, man/login.defs.d/ENV_TZ.xml, man/login.defs.d/ERASECHAR.xml, man/login.defs.d/FAIL_DELAY.xml, man/login.defs.d/FAILLOG_ENAB.xml, man/login.defs.d/FAKE_SHELL.xml, man/login.defs.d/FTMP_FILE.xml, man/login.defs.d/HUSHLOGIN_FILE.xml, man/login.defs.d/ISSUE_FILE.xml, man/login.defs.d/KILLCHAR.xml, man/login.defs.d/LASTLOG_ENAB.xml, man/login.defs.d/LOGIN_RETRIES.xml, man/login.defs.d/LOGIN_TIMEOUT.xml, man/login.defs.d/LOG_OK_LOGINS.xml, man/login.defs.d/LOG_UNKFAIL_ENAB.xml, man/login.defs.d/MAIL_CHECK_ENAB.xml, man/login.defs.d/MOTD_FILE.xml, man/login.defs.d/NOLOGINS_FILE.xml, man/login.defs.d/OBSCURE_CHECKS_ENAB.xml, man/login.defs.d/PASS_ALWAYS_WARN.xml, man/login.defs.d/PASS_CHANGE_TRIES.xml, man/login.defs.d/PASS_MAX_LEN.xml, man/login.defs.d/PORTTIME_CHECKS_ENAB.xml, man/login.defs.d/QUOTAS_ENAB.xml, man/login.defs.d/SULOG_FILE.xml, man/login.defs.d/SU_NAME.xml, man/login.defs.d/SU_WHEEL_ONLY.xml, man/login.defs.d/SYSLOG_SG_ENAB.xml, man/login.defs.d/SYSLOG_SU_ENAB.xml, man/login.defs.d/TTYGROUP.xml, man/login.defs.d/TTYTYPE_FILE.xml, man/login.defs.d/ULIMIT.xml, man/login.defs.d/USERGROUPS_ENAB.xml: New documentation of login.defs variables. * man/login.defs.d/MAIL_DIR.xml: Updated. It now contains the MAIL_FILE documentation. * man/login.defs.d/LOGIN_STRING.xml: Updated. Mentions %s. * man/pwconv.8.xml, man/groupmems.8.xml, man/groupdel.8.xml, man/useradd.8.xml, man/pwck.8.xml, man/groupadd.8.xml, man/sulogin.8.xml, man/newgrp.1.xml, man/usermod.8.xml, man/su.1.xml, man/vipw.8.xml, man/passwd.1.xml, man/groupmod.8.xml, man/login.1.xml, man/userdel.8.xml, man/grpck.8.xml: Added CONFIGURATION section. * man/generate_mans.mak: The generations of manpages depends on the variables from the Makefiles. Add the dependency on Makefile. * man/login.defs.5.xml: New login.defs variable documented. * man/Makefile.am: Added XML variable documentation to the distributed files. 2007-12-05 Nicolas François * man/gshadow.5.xml: Fix the newgrp section in the gshadow.5 manpage. Thanks to Andre Majorel . 2007-11-27 Nicolas François * man/Makefile.am: Added the login.defs variables description to the man's EXTRA_DIST. 2007-11-27 Nicolas François * man/chfn.1.xml: Uses CHFN_AUTH, CHFN_RESTRICT, LOGIN_STRING. * man/chgpasswd.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS). * man/chpasswd.8.xml: Switch to using entities for ENCRYPT_METHOD, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS (SHA_CRYPT_MAX_ROUNDS). * man/chsh.1.xml: Uses CHSH_AUTH, LOGIN_STRING. * man/expiry.1.xml: Does not use any login.defs parameter. * man/gpasswd.1.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, SHA_CRYPT_MIN_ROUNDS. * man/login.defs.5.xml: Added CHSH_AUTH. * man/login.defs.5.xml: Cross reference -> cross references. * man/login.defs.5.xml: chfn only uses CHFN_AUTH when no_pam. * man/login.defs.5.xml: chsh uses CHSH_AUTH, not CHFN_AUTH. * man/login.defs.d/CHSH_AUTH.xml: Added. * man/login.defs.5.xml: chsh uses parameters only when no_pam. * man/login.defs.5.xml: expiry does not use CONSOLE_GROUPS, even if linked in the binary. * man/newusers.8.xml: Uses ENCRYPT_METHOD, MAX_MEMBERS_PER_GROUP, MD5_CRYPT_ENAB, PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_AGE, SHA_CRYPT_MIN_ROUNDS, UMASK. 2007-11-26 Nicolas François * man/generate_translations.mak, man/po/Makefile.in.in: Add --expand-all-entities to the call to xml2po to avoid translating the external entities separately. 2007-11-26 Nicolas François * man/login.defs.d/, man/login.defs.d/CHFN_RESTRICT.xml, man/login.defs.d/MAIL_DIR.xml, man/login.defs.d/PASS_MAX_DAYS.xml, man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml, man/login.defs.d/CHFN_AUTH.xml, man/login.defs.d/MD5_CRYPT_ENAB.xml, man/login.defs.d/PASS_WARN_AGE.xml, ·man/login.defs.d/UMASK.xml, man/login.defs.d/PASS_MIN_DAYS.xml, man/login.defs.d/UID_MAX.xml, man/login.defs.d/LOGIN_STRING.xml, man/login.defs.d/GID_MAX.xml, man/login.defs.d/ENCRYPT_METHOD.xml, man/login.defs.d/USERDEL_CMD.xml, man/login.defs.d/MAX_MEMBERS_PER_GROUP.xml, man/login.defs.5.xml: Put each variable description in an external entities. This will permit to reference them in the various utils manpages. * man/login.defs.5.xml: Describe the usage of variables by each tools when compiled without PAM support. 2007-11-26 Nicolas François * po/stats: Do not generate gmo files. 2007-11-25 Nicolas François * man/po/LINGUAS: Added missing LINGUAS. * man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po, man/po/ru.po, man/po/sv.po: Updated. 2007-11-25 Nicolas François * configure.in, man/po/Makefile.in.in, man/po/Makevars, man/po/POTFILES.in, man/Makefile.am: Generate the PO files for the manpages in the man/po directory (instead of man/). Use a Makefile.in.in based on gettext's one. This ensure that the PO are generated before being used in the directories. * man/generate_mans.mak, man/generate_translations.mak, man/Makefile.am: New makefile for the generation of manpages from XML (generate_mans.mak). This avoid duplicate chunks in generate_translations.mak and Makefile.am * man/de/de.po, man/fr/fr.po, man/it/it.po, man/pl/pl.po, man/ru/ru.po, man/sv/sv.po: Moved to... * man/po/de.po, man/po/fr.po, man/po/it.po, man/po/pl.po, man/po/ru.po, man/po/sv.po: ... here. 2007-11-24 Nicolas François * src/userdel.c, src/lastlog.c, src/newusers.c, src/chpasswd.c, src/usermod.c, src/chgpasswd.c, src/vipw.c, src/useradd.c, src/su.c, src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Do not use tabulations in Usage strings. * po/ca.po, po/cs.po, po/da.po, po/de.po, po/el.po, po/es.po, po/eu.po, po/fi.po, po/fr.po, po/gl.po, po/hu.po, po/id.po, po/it.po, po/ja.po, po/nb.po, po/pl.po, po/pt_BR.po, po/pt.po, po/ro.po, po/ru.po, po/sk.po, po/sv.po, po/tl.po, po/tr.po, po/uk.po, po/vi.po: Unfuzzy previous changes. * po/bs.po, po/he.po, po/nn.po, po/sq.po: No Usage string translated. Just updated PO. * po/dz.po, po/km.po, po/ko.po, po/ne.po, po/nl.po, po/zh_CN.po, po/zh_TW.po: It would be too error prone for me to unfuzzy these ones. Updated PO. (km and ne should be reviewed: options are translated). 2007-11-24 Nicolas François * po/ne.po, po/bs.po, po/cs.po, po/pt_BR.po, po/km.po, po/es.po, po/eu.po, po/ko.po, po/hu.po, po/sk.po, po/vi.po, po/uk.po, po/ro.po, po/sq.po, po/ru.po, po/id.po, po/nb.po, po/el.po, po/gl.po, po/fr.po, po/nl.po, po/pl.po, po/nn.po, po/it.po, po/dz.po, po/tl.po, po/pt.po, po/ca.po, po/da.po, po/tr.po, po/sv.po, po/de.po, po/ja.po, po/zh_TW.po, po/he.po, po/fi.po, po/zh_CN.po: Run "make update-po" in the po directory. 2007-11-24 Nicolas François * configure.in: New configure option: --with-sha-crypt enabled by default. Keeping the feature enabled is safe. Disabling it permits to disable the references to the SHA256 and SHA512 password encryption algorithms from the usage help and manuals (in addition to the support for these algorithms in the code). * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: ENCRYPT_METHOD is always supported in login.defs. Remove the ENCRYPTMETHOD_SELECT preprocessor condition. * libmisc/obscure.c, libmisc/salt.c, src/newusers.c, src/chpasswd.c, src/chgpasswd.c, src/passwd.c: Disable SHA256 and SHA512 if USE_SHA_CRYPT is not defined (this corresponds to a subset of the ENCRYPTMETHOD_SELECT sections). 2007-11-24 Nicolas François * lib/encrypt.c: If we requested a non DES encryption, make sure crypt returned a encrypted password longer than 13 chars. This protects against the GNU crypt() which does not return NULL if the algorithm is not supported, and return a DES encrypted password. 2007-11-24 Nicolas François * lib/groupio.c: Add missing #include "getdef.h" 2007-11-24 Nicolas François * src/newusers.c: Provide the crypt method to all the crypt_make_salt invocations. * src/newusers.c: Tag the ENCRYPTMETHOD_SELECT dependent code accordingly. 2007-11-24 Nicolas François * libmisc/salt.c: Make sure method is not NULL, defaulting to DES. Thanks to Dan Kopecek . * src/chpasswd.c, src/chgpasswd.c: Do not use DES by default, but the system default define in /Etc/login.defs. Thanks to Dan Kopecek . * NEWS, man/chpasswd.8.xml, man/chgpasswd.8.xml: Do not mention DES as the default algorithm. * src/chpasswd.c, src/chgpasswd.c: Tag the ENCRYPTMETHOD_SELECT dependent code accordingly. 2007-11-23 Nicolas François * libmisc/salt.c: Move the srandom call to gensalt. * libmisc/salt.c (gensalt): Replace the test on salt_size by an assert. 2007-11-23 Nicolas François Patch contributed by Dan Kopecek * src/chpasswd.c, src/chgpasswd.c, src/newusers.c: Fix compilation when ENCRYPTMETHOD_SELECT is not defined. * libmisc/salt.c (MAGNUM): The nul char was put on (array)[2] instead of (array)[3]. * libmisc/salt.c: MAGNUM should be defined even if ENCRYPTMETHOD_SELECT is not defined. * libmisc/salt.c: Use random instead of rand. * libmisc/salt.c (gensalt): New function to generate a salt (instead of using gettimeofday). 2007-11-23 Nicolas François * NEWS, src/newusers.c: New options -c/--crypt-method -s/--sha-rounds. 2007-11-23 Nicolas François * src/chpasswd.c: Added crypt method: NONE. * src/chpasswd.c: Added --sha-rounds to the usage(). * libmisc/Makefile.am, libmisc/getlong.c, src/chgpasswd.c, src/chpasswd.c, lib/prototypes.h: New getlong function. Replace chpasswd's and chgpasswd's getnumber. 2007-11-23 Nicolas François * lib/groupio.c: Removed unused variable 'member'. 2007-11-23 Nicolas François * man/chpasswd.8.xml: Document the variables used by chpasswd. The definitions are copied from login.defs. I should try to use a less error prone process for this. 2007-11-23 Nicolas François * man/login.defs.5.xml: Use for the values set by users. (was sometimes ) * man/login.defs.5.xml: Use