* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
* src/pwunconv.c: Exit after printing usage when arguments or
options are provided.
* src/pwunconv.c: Re-indent.
* src/pwunconv.c: Open the shadow file read only.
* src/grpunconv.c: Exit after printing usage when arguments or
options are provided.
* src/grpunconv.c: Open the gshadow file read only.
* src/chpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chpasswd.c: Reindent.
* src/chpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
* src/faillog.c: Add annotations to indicate that usage() does not
return.
* src/faillog.c: Fix message: this is faillog, not lastlog.
* src/faillog.c: Check that there are no extra arguments after
parsing the options.
* src/chgpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chgpasswd.c: Split usage in smaller parts. Those parts are
already translated for chpasswd. Usage is now closer to
chpasswd's.
* src/chgpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
* src/grpck.c: Added comments.
* src/grpck.c: Avoid implicit conversion of pointer to boolean.
* src/grpck.c: Remove dead code. argc cannot be lower than optind.
Avoid checking twice in a row for NULL != list[i].
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
invalid configuration.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
comments.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
on the loop stop conditions. Stop if we passed the limit, even if
the limit itself was never noticed.
* NEWS, lib/commonio.h, lib/commonio.c: Additional messages to
indicate why locking failed.
* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
entries were dropped.
* lib/commonio.c: NIS entries can start by '+' or '-'.
* NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
and group requires a shadow entry.
* man/usermod.8.xml: Document behavior of an empty EXPIRE_DATE.
* man/usermod.8.xml: Document that the mail spool might have to be
renamed (as for the homedir)
* NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
exists but there are no shadow entries, an entry has to be created
if the password is changed and passwd requires a shadow entry, or
if aging features are used (-e or -f). Document this and also that
-e and -f require a shadow file.
* src/usermod.c (process_flags): Report usage if no options are
provided. Update the error message.
* src/usermod.c (process_flags): Check option compatibility and
dependency before options are discarded when no changes are
requested.
* src/usermod.c (move_home): It is always an error to use -m if
the new home directory already exist (independently from the
existence of the old home directory did not exist)
* src/groupmod.c: Avoid implicit conversion of pointer to boolean.
* src/groupmod.c: osgrp can be set only if pflg || nflg. No need
to check for pflg || nflg again
* lib/fields.c: Fixed typo from 2010-02-15. field insteadof cp
ought to be checked.
* src/vipw.c: Use Prog instead of progname. This is needed since
Prog is used in the library.
nekral-guest [Thu, 16 Jun 2011 21:21:29 +0000 (21:21 +0000)]
* src/su.c: environ is provided by <unistd.h>.
* src/su.c: Added function prototypes.
* src/su.c: Rename shellstr parameter to shellname to avoid
collision with static variable.
* NEWS, src/su.c: Added support for PAM modules which change
PAM_USER.
nekral-guest [Mon, 13 Jun 2011 18:27:34 +0000 (18:27 +0000)]
* src/su.c (prepare_pam_close_session): Extract the creation of a
child and listening for signal in the parent from run_shell().
prepare_pam_close_session() is now executed before the creation of
the pam session and before the UID is changed. This allows to
close the session as root.
nekral-guest [Mon, 13 Jun 2011 18:26:26 +0000 (18:26 +0000)]
* lib/prototypes.h, src/suauth.c, src/su.c (check_su_auth): Do not
use the pwent global variable to communicate between APIs of
different files. Added boolean parameter su_to_root to
check_su_auth().
* src/su.c (check_perms): Return the passwd entry of the finally
authenticated user. Remove usage of the pwent variable.
* src/su.c: The password of the caller is the one from the
spwd structure only if the passwd's password is 'x'.
nekral-guest [Mon, 13 Jun 2011 18:26:10 +0000 (18:26 +0000)]
* src/su.c: Define shellstr before the environment so that
restricted_shell is called only once. This will allow moving the
environment definition after the switch to the new user.
nekral-guest [Mon, 13 Jun 2011 18:25:57 +0000 (18:25 +0000)]
* src/su.c: Move definition of change_environment and shellstr
after the switch to the final subsystem. The previous architecture
forced to always change the environment (the shell starts with a
'*' and was thus restricted, and change_environment could not be
reset to false).
nekral-guest [Mon, 13 Jun 2011 18:25:45 +0000 (18:25 +0000)]
* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
does not overwrite those definitions. This will ease an extraction
from the big main() function.
nekral-guest [Sun, 5 Jun 2011 14:41:15 +0000 (14:41 +0000)]
* NEWS, src/su.c: Do not forward the controlling terminal to
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
nekral-guest [Sat, 4 Jun 2011 22:38:57 +0000 (22:38 +0000)]
* NEWS, src/userdel.c: Check the existence of the user's mail
spool before trying to remove it. If it does not exist, a warning
is issued, but no failure.
nekral-guest [Fri, 3 Jun 2011 21:07:58 +0000 (21:07 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
nekral-guest [Fri, 3 Jun 2011 21:06:23 +0000 (21:06 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
nekral-guest [Wed, 16 Feb 2011 20:46:27 +0000 (20:46 +0000)]
* libmisc/user_busy.c, src/userdel.c, src/usermod.c: Warn in
user_busy() rather than in src/userdel.c or src/usermod.c to
provide more accurate failure cause (user is logged in or user
still executes processes).
nekral-guest [Wed, 16 Feb 2011 20:32:16 +0000 (20:32 +0000)]
* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
lib.