* src/pwck.c: Document the sections closed by #endif

	* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
	given when USE_TCB is enabled.

diff --git a/ChangeLog b/ChangeLog
index 5caa93d8cd2a99f46cadc1a8293d0f37d43064e4..85ac19d946b6632bfd0b3a4bdd7998752a9ce9d8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2010-03-18  Nicolas François  <nicolas.francois@centraliens.net>
+
+       * src/pwck.c: Document the sections closed by #endif
+       * src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
+       given when USE_TCB is enabled.
+
 2010-03-18  Nicolas François  <nicolas.francois@centraliens.net>
 
        * src/pwck.c: Do not use pwd_file and spw_file. Always use the

diff --git a/TODO b/TODO
index 292b723d76b43cd8b4e7cbfb1ffa0f1df652c882..32266b153fd439a1d4c7f28d9d32933099988f35 100644 (file)
--- a/TODO
+++ b/TODO
@@ -115,6 +115,7 @@ ALL:
     entry (with a password).
   - Add check to move passwd passwords to shadow if there is a shadow
     file.
+  - Support an alternative /etc/tcb directory as second parameter.
 
 - su
   - add a login.defs configuration parameter to add variables to keep in

diff --git a/man/pwck.8.xml b/man/pwck.8.xml
index 92976d92abfc9625735e93371e9bc04a77d06e8d..7acd7e30d0d2b6e4a272e92adc08da7fec5198a0 100644 (file)
--- a/man/pwck.8.xml
+++ b/man/pwck.8.xml
@@ -88,6 +88,9 @@
       The <command>pwck</command> command verifies the integrity of the
       users and authentication information. It checks that all entries in
       <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
+      <phrase condition="tcb">(or the files in
+      <filename>/etc/tcb</filename>, when <option>USE_TCB</option> is
+      enabled)</phrase>
       have the proper format and contain valid data.
       The user is prompted to delete entries that are
       improperly formatted or which have other uncorrectable errors.
@@ -200,7 +203,7 @@
            <filename>/etc/shadow</filename> by UID.
          </para>
          <para condition="tcb">
-           This option has no effect when TCB is enabled.
+           This option has no effect when <option>USE_TCB</option> is enabled.
          </para>
        </listitem>
       </varlistentry>
@@ -208,10 +211,18 @@
 
     <para>
       By default, <command>pwck</command> operates on the files
-      <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>.
-      The user may select alternate files with the <emphasis
-      remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis>
-      parameters.
+      <filename>/etc/passwd</filename> and
+      <filename>/etc/shadow</filename><phrase condition="tcb"> (or the
+      files in <filename>/etc/tcb</filename>)</phrase>.
+      The user may select alternate files with the
+      <replaceable>passwd</replaceable> and
+      <replaceable>shadow</replaceable> parameters.
+    </para>
+    <para condition="tcb">
+      Note that when <option>USE_TCB</option> is enabled, you cannot
+      specify an alternative <replaceable>shadow</replaceable> file. In
+      future releases, this paramater could be replaced by an alternate
+      TCB directory.
     </para>
   </refsect1>
 

diff --git a/src/pwck.c b/src/pwck.c
index 0b8d2a3a08ea3d164d6749bd3edc11df873f73d6..f42e16af91ce8f44f411f68139bf376a8bb66b1c 100644 (file)
--- a/src/pwck.c
+++ b/src/pwck.c
@@ -49,7 +49,7 @@
 #include "nscd.h"
 #ifdef WITH_TCB
 #include "tcbfuncs.h"
-#endif
+#endif                         /* WITH_TCB */
 
 /*
  * Exit codes
@@ -123,8 +123,17 @@ static void fail_exit (int code)
  */
 static void usage (void)
 {
-       fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
-                Prog);
+#ifdef WITH_TCB
+       if (getdef_bool ("USE_TCB")) {
+               fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd]\n"),
+                        Prog);
+       } else
+#endif                         /* WITH_TCB */
+       {
+               fprintf (stderr,
+                        _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
+                        Prog);
+       }
        exit (E_USAGE);
 }
 
@@ -178,6 +187,14 @@ static void process_flags (int argc, char **argv)
                use_system_pw_file = false;
        }
        if ((optind + 2) == argc) {
+#ifdef WITH_TCB
+               if (getdef_bool ("USE_TCB")) {
+                       fprintf (stderr,
+                                _("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"),
+                                Prog);
+                       usage ();
+               }
+#endif                         /* WITH_TCB */
                spw_setdbname (argv[optind + 1]);
                is_shadow = true;
                use_system_spw_file = false;
@@ -197,7 +214,7 @@ static void open_files (void)
        bool use_tcb = false;
 #ifdef WITH_TCB
        use_tcb = getdef_bool ("USE_TCB");
-#endif
+#endif                         /* WITH_TCB */
 
        /*
         * Lock the files if we aren't in "read-only" mode
@@ -513,7 +530,7 @@ static void check_pw_file (int *errors, bool *changed)
                                }
                                spw_opened = true;
                        }
-#endif
+#endif                         /* WITH_TCB */
                        spw = (struct spwd *) spw_locate (pwd->pw_name);
                        if (NULL == spw) {
                                printf (_("no matching password file entry in %s\n"),
@@ -595,7 +612,7 @@ static void check_pw_file (int *errors, bool *changed)
                                spw_locked = false;
                        }
                }
-#endif
+#endif                         /* WITH_TCB */
        }
 }