* src/newusers.c: Initially set the passwd's password to '*'
instead of 'x'. Only when it is confirmed that a shadow entry is
(will be) added, set the passwd's password to 'x'.
* src/newusers.c: An invalid line is an error. A failure needs to
be reported.
* src/chsh.c: No needto remove lines tarting with '#' from
/etc/shells. This is already done by getusershell() and these
shell would fail the access(X_OK) test.
* man/generate_mans.mak: Fix the generation of translated man
pages. xml2po removed the comment from empty headers and the
config was no more inserted.
nekral-guest [Sat, 20 Aug 2011 13:33:38 +0000 (13:33 +0000)]
2011-08-20 Jonathan Nieder <jrnieder@gmail.com>
* lib/Makefile.am: Added lib/spawn.c and lib/spawn.h.
* lib/nscd.c, lib/spawn.c, lib/spawn.h: It is not possible to
differentiate between an nscd failure, and a failure to execute
due to no nscd with posix_spawn. Use our own run_command routine.
* src/userdel.c: Use run_command()
nekral-guest [Mon, 15 Aug 2011 09:56:43 +0000 (09:56 +0000)]
* src/usermod.c: Do not assign static to NULL.
* src/usermod.c (date_to_str): buf needs to be unique (e.g.
independent from negativ), and is an out buffer.
* src/usermod.c: Ignore return value from snprintf, and force
nul-termination of buffer.
* src/usermod.c: Improve memory management.
* src/usermod.c: An audit bloc was not reachable, moved above on
success to move the home directory.
* src/usermod.c: Ignore close() return value for the mailbox
(opened read only).
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
user.
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
group.
* src/pwunconv.c: Exit after printing usage when arguments or
options are provided.
* src/pwunconv.c: Re-indent.
* src/pwunconv.c: Open the shadow file read only.
* src/grpunconv.c: Exit after printing usage when arguments or
options are provided.
* src/grpunconv.c: Open the gshadow file read only.
* src/chpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chpasswd.c: Reindent.
* src/chpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
* src/faillog.c: Add annotations to indicate that usage() does not
return.
* src/faillog.c: Fix message: this is faillog, not lastlog.
* src/faillog.c: Check that there are no extra arguments after
parsing the options.
* src/chgpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chgpasswd.c: Split usage in smaller parts. Those parts are
already translated for chpasswd. Usage is now closer to
chpasswd's.
* src/chgpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
* src/grpck.c: Added comments.
* src/grpck.c: Avoid implicit conversion of pointer to boolean.
* src/grpck.c: Remove dead code. argc cannot be lower than optind.
Avoid checking twice in a row for NULL != list[i].
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
invalid configuration.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
comments.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
on the loop stop conditions. Stop if we passed the limit, even if
the limit itself was never noticed.
* NEWS, lib/commonio.h, lib/commonio.c: Additional messages to
indicate why locking failed.
* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
entries were dropped.
* lib/commonio.c: NIS entries can start by '+' or '-'.
* NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
and group requires a shadow entry.
* man/usermod.8.xml: Document behavior of an empty EXPIRE_DATE.
* man/usermod.8.xml: Document that the mail spool might have to be
renamed (as for the homedir)
* NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
exists but there are no shadow entries, an entry has to be created
if the password is changed and passwd requires a shadow entry, or
if aging features are used (-e or -f). Document this and also that
-e and -f require a shadow file.
* src/usermod.c (process_flags): Report usage if no options are
provided. Update the error message.
* src/usermod.c (process_flags): Check option compatibility and
dependency before options are discarded when no changes are
requested.
* src/usermod.c (move_home): It is always an error to use -m if
the new home directory already exist (independently from the
existence of the old home directory did not exist)
* src/groupmod.c: Avoid implicit conversion of pointer to boolean.
* src/groupmod.c: osgrp can be set only if pflg || nflg. No need
to check for pflg || nflg again
* lib/fields.c: Fixed typo from 2010-02-15. field insteadof cp
ought to be checked.
* src/vipw.c: Use Prog instead of progname. This is needed since
Prog is used in the library.
nekral-guest [Thu, 16 Jun 2011 21:21:29 +0000 (21:21 +0000)]
* src/su.c: environ is provided by <unistd.h>.
* src/su.c: Added function prototypes.
* src/su.c: Rename shellstr parameter to shellname to avoid
collision with static variable.
* NEWS, src/su.c: Added support for PAM modules which change
PAM_USER.
nekral-guest [Mon, 13 Jun 2011 18:27:34 +0000 (18:27 +0000)]
* src/su.c (prepare_pam_close_session): Extract the creation of a
child and listening for signal in the parent from run_shell().
prepare_pam_close_session() is now executed before the creation of
the pam session and before the UID is changed. This allows to
close the session as root.
nekral-guest [Mon, 13 Jun 2011 18:26:26 +0000 (18:26 +0000)]
* lib/prototypes.h, src/suauth.c, src/su.c (check_su_auth): Do not
use the pwent global variable to communicate between APIs of
different files. Added boolean parameter su_to_root to
check_su_auth().
* src/su.c (check_perms): Return the passwd entry of the finally
authenticated user. Remove usage of the pwent variable.
* src/su.c: The password of the caller is the one from the
spwd structure only if the passwd's password is 'x'.
nekral-guest [Mon, 13 Jun 2011 18:26:10 +0000 (18:26 +0000)]
* src/su.c: Define shellstr before the environment so that
restricted_shell is called only once. This will allow moving the
environment definition after the switch to the new user.
nekral-guest [Mon, 13 Jun 2011 18:25:57 +0000 (18:25 +0000)]
* src/su.c: Move definition of change_environment and shellstr
after the switch to the final subsystem. The previous architecture
forced to always change the environment (the shell starts with a
'*' and was thus restricted, and change_environment could not be
reset to false).
nekral-guest [Mon, 13 Jun 2011 18:25:45 +0000 (18:25 +0000)]
* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
does not overwrite those definitions. This will ease an extraction
from the big main() function.
nekral-guest [Sun, 5 Jun 2011 14:41:15 +0000 (14:41 +0000)]
* NEWS, src/su.c: Do not forward the controlling terminal to
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
nekral-guest [Sat, 4 Jun 2011 22:38:57 +0000 (22:38 +0000)]
* NEWS, src/userdel.c: Check the existence of the user's mail
spool before trying to remove it. If it does not exist, a warning
is issued, but no failure.
nekral-guest [Fri, 3 Jun 2011 21:07:58 +0000 (21:07 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
nekral-guest [Fri, 3 Jun 2011 21:06:23 +0000 (21:06 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.