nekral-guest [Tue, 19 May 2009 21:29:26 +0000 (21:29 +0000)]
* man/newusers.8.xml, man/chpasswd.8.xml, man/useradd.8.xml,
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
man/groupmod.8.xml: Added warning: passwords set with these tools
may not respect the password policy.
nekral-guest [Mon, 18 May 2009 18:32:17 +0000 (18:32 +0000)]
* src/userdel.c, libmisc/user_busy.c, libmisc/Makefile.am,
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
running.
nekral-guest [Sun, 17 May 2009 16:27:29 +0000 (16:27 +0000)]
* src/userdel.c (user_busy): Check if the process registered in
utmp is still running. This avoids rejecting the removal of an
user when UTMP was not updated and indicate that the user is still
logged in.
nekral-guest [Sat, 16 May 2009 18:27:13 +0000 (18:27 +0000)]
Document the changes in 4.1.4.1:
- login
* Fix failures with empty usernames on non PAM versions.
* Fix CONSOLE (securetty) support on non PAM versions.
nekral-guest [Sat, 16 May 2009 18:19:24 +0000 (18:19 +0000)]
* libmisc/console.c (console): Remove the leading /dev/ from the
tty before comparing with the lines specified by CONSOLE.
* src/su.c: Do not remove the /dev/ prefix since it is done by
console().
nekral-guest [Tue, 12 May 2009 20:01:41 +0000 (20:01 +0000)]
* libmisc/shell.c: Removed invalid code that executed the user's
shell as a shell script when the direct execution of the user's
shell failed with ENOEXEC and the user's shell has a shebang. The
interpreter might not be the right one. Executing the user's
shell with sh -c might be better, but I'm not sure we should try
harder when there is a failure. Note: The removed code was only
included #ifndef __linux__.
nekral-guest [Sun, 10 May 2009 13:49:03 +0000 (13:49 +0000)]
* lib/commonio.c: Avoid PATH_MAX. On glibc, we can use realpath
with a NULL argument.
* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
was not meant as a storage for a path.
* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
of fgets errors. Lines shall end with a \n, unless we reached the
end of file.
* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
length. Added readlink_malloc().
nekral-guest [Sat, 9 May 2009 21:20:54 +0000 (21:20 +0000)]
* src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
nekral-guest [Sat, 9 May 2009 13:16:10 +0000 (13:16 +0000)]
* man/login.defs.d/ENCRYPT_METHOD.xml,
man/login.defs.d/MD5_CRYPT_ENAB.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
enabled versions. These variables are only used for group
passwords in this case.
nekral-guest [Sat, 9 May 2009 13:15:57 +0000 (13:15 +0000)]
* NEWS, src/newusers.c, src/Makefile.am: Added support for
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
nekral-guest [Sat, 9 May 2009 13:15:25 +0000 (13:15 +0000)]
* libmisc/non_interactive_pam_conv.c,
libmisc/pam_pass_non_interractive.c, libmisc/Makefile.am: Renamed.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
non_interactive_password and non_interactive_pam_conv do not need
to be externally visible.
* libmisc/pam_pass_non_interractive.c: Added declaration of
ni_conv.
* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
Added do_pam_passwd_non_interractive().
* src/chpasswd.c: Use do_pam_passwd_non_interractive().
nekral-guest [Sat, 9 May 2009 13:14:56 +0000 (13:14 +0000)]
* man/chpasswd.8.xml: Describe how chpasswd in case of error.
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
* man/chpasswd.8.xml: Differentiate the files and configurations
needed for PAM and non PAM versions.
nekral-guest [Sat, 9 May 2009 13:14:37 +0000 (13:14 +0000)]
* src/chpasswd.c: Added the line number when an error is reported
instead of only the username.
* src/chpasswd.c: PAM enabled chpasswd do may change the password
database (for the user where the password update succeeded) even
if there were a failure for one user. Do not indicate that changes
were ignored.
nekral-guest [Sat, 9 May 2009 13:14:31 +0000 (13:14 +0000)]
* src/passwd.c: Exit immediately when unlocking a password would
result in a passwordless account. This avoid printing a success
message after the warning.
* lib/commonio.c: Ignore teh return values of fclose() and
unlink() in case of failure of fopen_set_perms() or
create_backup().
* lib/commonio.c: Should the backup file be unlink'ed in case of
failure of create_backup()?
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs.
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
EXIT_SUCCESS instead of 0.
* libmisc/audit_help.c: Replace an fprintf() by fputs().
* libmisc/audit_help.c: Remove documentation of the audit_logger
returned values. The function returns void.
* libmisc/system.c: Only return status if waitpid succeeded.
Return -1 otherwise.
* NEWS, src/chpasswd.c: Added support for changing the passwords
with PAM.
* src/chpasswd.c: Split the usage string in smaller parts to
allows enabling single parts.
* src/chpasswd.c: Do not set a global lock on the password files.
This is done by PAM each time a password is updated.
* src/passwd.c: Harmonize status report at the end of passwd.
Prefix the messages with "passwd: ", only indicate a password
change if the password was actually changed, and password
properties changed otherwise.
* man/groupmod.8.xml, man/usermod.8.xml, man/groupadd.8.xml,
man/useradd.8.xml: Added note to warn about insecurity in using
--password.
* man/groupmod.8.xml: Removed not regarding default if --password
is not used. This was a cut&paste from groupadd.8.xml.
* man/passwd.1.xml: Split some paragraphs.
* man/passwd.1.xml: Recommend other encryption methods than DES.
* src/login.c: Move update_utmp() after the PID or session ID
changed in order to get more accurate data in UTMP. This also
fixes "exec login" when login in installed setuid.