nekral-guest [Sun, 25 May 2008 23:01:14 +0000 (23:01 +0000)]
* libmisc/yesno.c: yes_or_no returns a bool instead of int.
* libmisc/yesno.c: Avoid implicit conversion of pointers to booleans.
* libmisc/yesno.c: The return value of fflush is not checked on purpose.
nekral-guest [Sun, 25 May 2008 22:11:12 +0000 (22:11 +0000)]
* libmisc/utmp.c (checkutmp): Change picky argument's type to
bool.
* libmisc/utmp.c: Use bool when possible (found_utmpx,
found_utmp).
* libmisc/utmp.c: Add note about unchecked return values.
nekral-guest [Sun, 25 May 2008 21:52:14 +0000 (21:52 +0000)]
* hushed returns a bool instead of int.
* Avoid assignments in comparisons.
* (hushed) Change type of found to bool.
* Add brackets.
* Always check if the user or the shell is in
the file. Do not check the first character of the line first. This
is simpler and match better with the HUSHLOGIN_FILE documentation.
nekral-guest [Sun, 25 May 2008 21:23:28 +0000 (21:23 +0000)]
* Avoid assignment in comparisons, implicit comparison of integers to booleans.
* The return value of closedir is not checked on purpose.
* Add brackets.
nekral-guest [Sun, 25 May 2008 20:58:16 +0000 (20:58 +0000)]
* libmisc/chkname.h, libmisc/chkname.c: check_group_name (resp.
check_user_name) renamed to is_valid_user_name (resp.
is_valid_group_name). is_valid_user_name and is_valid_group_name
return a bool.
* src/grpck.c, src/newusers.c, src/usermod.c, src/useradd.c,
src/groupmod.c, src/pwck.c, src/groupadd.c: Use is_valid_user_name
and is_valid_group_name, following above change.
* libmisc/chkname.c: Avoid implicit conversion of chars to
booleans. Add brackets and parenthesis.
nekral-guest [Sat, 24 May 2008 15:35:15 +0000 (15:35 +0000)]
* libmisc/copydir.c (remove_tree): As we always use remove_tree
followed by rmdir to remove the directory itself, delete also the
root directory in remove_tree.
* src/userdel.c, src/usermod.c: Do not call rmdir after
remove_tree.
nekral-guest [Sat, 24 May 2008 15:19:02 +0000 (15:19 +0000)]
* libmisc/fields.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
explicitly mark blocks with brackets.
* libmisc/copydir.c: Likewise.
* libmisc/fields.c: Add comments.
* libmisc/copydir.c: Mark function whose return value is not
checked as such.
* libmisc/copydir.c (remove_tree): Make sure unlink is successful
when removing files.
nekral-guest [Sat, 24 May 2008 14:09:35 +0000 (14:09 +0000)]
* libmisc/list.c: Avoid assignments in comparisons, assignments
with post increments (x++), use of integers as booleans, and
explicitly mark blocks with brackets.
nekral-guest [Sat, 24 May 2008 13:08:58 +0000 (13:08 +0000)]
Fix compiler warnings:
* libmisc/audit_help.c: Include prototypes.h to get the prototype
of audit_help_open.
* libmisc/salt.c: Use booleans instead of negating integers.
* src/passwd.c: Declare the check_selinux_access prototype and
avoid name clashes (change_user -> changed_user; change_uid ->
changed_uid; access -> requested_access)
nekral-guest [Tue, 20 May 2008 13:34:06 +0000 (13:34 +0000)]
*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
* NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
overflow. These caused the SHA salt size to always be 8 bytes,
instead of being in the 8-16 range. Thanks to Peter Vrabec
pvrabec@redhat.com for noticing.
* NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
seedRNG instead of srand, and fix the same overflow. This caused
the number of rounds to always be the smallest one.
nekral-guest [Sun, 18 May 2008 15:06:51 +0000 (15:06 +0000)]
Import Debian patch 487_passwd_chauthtok_failed_message
* libmisc/pam_pass.c: Be more verbose and indicate that the
password was not changed when pam_chauthtok fails (in addition to
the PAM error, which may not be comprehensible for the users).
nekral-guest [Sun, 18 May 2008 14:54:35 +0000 (14:54 +0000)]
Import Debian patch 434_login_stop_checking_args_after--
* NEWS, src/login.c (check_flags): Stop checking the arguments
after --. The later options will be sent to the shell, and do not
need to be checked.
Make sure every source files are distributed with a copyright and license.
Files with no license use the default 3-clauses BSD license. The copyright
were mostly not recorded; they were updated according to the Changelog.
"Julianne Frances Haugh and contributors" changed to "copyright holders
and contributors".
If the SULOG_FILE does not exist when an su session is logged, make sure
the file is created with group root, instead of using the group of the
caller.
Ensure that getpwent() is used in setpwent(), getpwent(),
endpwend() sequences (ditto for getgrent(), getspent(), and
getsgent()). The only real (minor) issue was in login, which kept
the passwd file open.
* libmisc/entry.c: Remove unneeded setspent() and endspent() (only
getspnam is called in the middle).
* libmisc/find_new_ids.c: Make sure to close the password and
group files with endpwent() and endgrent().
* libmisc/pwdcheck.c: Remove unneeded endspent() (only getspnam()
is called before).
* src/lastlog.c, src/passwd.c, src/groupmod.c, src/faillog.c,
src/groups.c: Make sure to close
the password file with endpwent().
* src/login.c: Remove unneeded setpwent() (only xgetpwnam is
called before).
* src/login.c, src/newgrp.c: Fix typos in comments.
Also fix the detection of the pam and selinux features:
Fail if the feature is requested but the library (or
header file) could not be found. If nothing is specified, enable
the feature only if we can find the library (or header file).
* NEWS, etc/pam.d/Makefile.am: Add chfn, chsh, and userdel to
$(pamd_files). Remove the duplicate useradd. And sort
alphabetically. Thanks to Mark Rosenstand <mark@borkware.net>.
* NEWS: Prepare next release, 4.1.2.
nekral-guest [Wed, 26 Mar 2008 22:00:50 +0000 (22:00 +0000)]
* src/passwd.c, NEWS: Make SE Linux tests more strict, when the
real UID is 0 SE Linux checks will be performed. Thanks to
Russell Coker <russell@coker.com.au>
* TODO: Added entries regarding SE Linux.
nekral-guest [Mon, 17 Mar 2008 23:04:46 +0000 (23:04 +0000)]
login_access() is used in src/login.c, and defined in src/login_nopam.c
(which lacks a prototype). Move its prototype from src/login.c to
lib/prototypes.h.
nekral-guest [Sat, 8 Mar 2008 23:01:49 +0000 (23:01 +0000)]
* NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
also the GID of the passwd entries of the users whose primary
group is the group being modified.
nekral-guest [Sat, 8 Mar 2008 22:52:44 +0000 (22:52 +0000)]
* lib/commonio.c (commonio_remove): Fail when the name to be
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
configured to support split group but different group entries
have the name of the group to be deleted.
nekral-guest [Sat, 8 Mar 2008 21:13:54 +0000 (21:13 +0000)]
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
instead of exit().
* src/groupdel.c: Fail immediately instead of increasing errors.
Better handling of error cases, like locked group or gshadow file.
nekral-guest [Tue, 26 Feb 2008 19:09:10 +0000 (19:09 +0000)]
* NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
the group file and set the grent structure
* src/gpasswd.c (check_perms): The permissions should be checked
using both the gshadow and group file. Add a <struct group *>
parameter, and check if the gshadow file exists (is_shadowgrp).
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
the gshadow file is not present (sgent is not initialized in that
case). The fields of sgent can be set, but not used.
nekral-guest [Tue, 26 Feb 2008 18:59:28 +0000 (18:59 +0000)]
* Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to
where it belongs.
* Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
section.