nekral-guest [Mon, 13 Jun 2011 18:26:26 +0000 (18:26 +0000)]
* lib/prototypes.h, src/suauth.c, src/su.c (check_su_auth): Do not
use the pwent global variable to communicate between APIs of
different files. Added boolean parameter su_to_root to
check_su_auth().
* src/su.c (check_perms): Return the passwd entry of the finally
authenticated user. Remove usage of the pwent variable.
* src/su.c: The password of the caller is the one from the
spwd structure only if the passwd's password is 'x'.
nekral-guest [Mon, 13 Jun 2011 18:26:10 +0000 (18:26 +0000)]
* src/su.c: Define shellstr before the environment so that
restricted_shell is called only once. This will allow moving the
environment definition after the switch to the new user.
nekral-guest [Mon, 13 Jun 2011 18:25:57 +0000 (18:25 +0000)]
* src/su.c: Move definition of change_environment and shellstr
after the switch to the final subsystem. The previous architecture
forced to always change the environment (the shell starts with a
'*' and was thus restricted, and change_environment could not be
reset to false).
nekral-guest [Mon, 13 Jun 2011 18:25:45 +0000 (18:25 +0000)]
* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
does not overwrite those definitions. This will ease an extraction
from the big main() function.
nekral-guest [Sun, 5 Jun 2011 14:41:15 +0000 (14:41 +0000)]
* NEWS, src/su.c: Do not forward the controlling terminal to
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
nekral-guest [Sat, 4 Jun 2011 22:38:57 +0000 (22:38 +0000)]
* NEWS, src/userdel.c: Check the existence of the user's mail
spool before trying to remove it. If it does not exist, a warning
is issued, but no failure.
nekral-guest [Fri, 3 Jun 2011 21:07:58 +0000 (21:07 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
nekral-guest [Fri, 3 Jun 2011 21:06:23 +0000 (21:06 +0000)]
* man/zh_CN/, man/zh_CN/Makefile.am: Added directory, and zh_CN
Makefile.
* man/Makefile.am: Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
nekral-guest [Wed, 16 Feb 2011 20:46:27 +0000 (20:46 +0000)]
* libmisc/user_busy.c, src/userdel.c, src/usermod.c: Warn in
user_busy() rather than in src/userdel.c or src/usermod.c to
provide more accurate failure cause (user is logged in or user
still executes processes).
nekral-guest [Wed, 16 Feb 2011 20:32:16 +0000 (20:32 +0000)]
* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
* libmisc/fields.c, libmisc/Makefile.am, lib/fields.c,
lib/Makefile.am, po/POTFILES.in: fields.c moved from libmisc to
lib.
nekral-guest [Sat, 12 Feb 2011 14:57:37 +0000 (14:57 +0000)]
* autogen.sh: Restore original autoreconf (see 2010-08-29's change
for autogen.sh)
* configure.in, man/po/Makefile.in.in, man/po/Makefile.in:
Makefile.in.in replaced by Makefile.in to avoid config.status
issues when there are multiple po directories.
* man/po/LINGUAS: Adapted to above change.
* man/po/POTFILES.in, man/po/XMLFILES: POTFILES.in replaced by
XMLFILES.
* man/Makefile.am: generate_mans.deps shall be included by make,
not automake.
nekral-guest [Fri, 19 Nov 2010 21:54:41 +0000 (21:54 +0000)]
* NEWS, libmisc/console.c: Fix CONSOLE parser. This caused login
to hang when CONSOLE was configured with a colon separated list of
TTYs. See http://bugs.gentoo.org/show_bug.cgi?id=324419
Integrate review comments from Julien Cristau
* libmisc/copydir.c: Missing parenthesis in comment.
* libmisc/chowndir.c: Fixed memory leak on failed realloc().
* libmisc/chowndir.c: Make sure the buffer for the path is large
enough.
* libmisc/remove_tree.c: Remove check for NULL before free().
nekral-guest [Sat, 28 Aug 2010 19:58:00 +0000 (19:58 +0000)]
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
selinux_file_context renamed set_selinux_file_context.
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
Added reset_selinux_file_context.
* src/useradd.c: Check the return value of
set_selinux_file_context and reset_selinux_file_context.
* libmisc/copydir.c: Check the return value of
reset_selinux_file_context.
nekral-guest [Sat, 28 Aug 2010 19:55:31 +0000 (19:55 +0000)]
* src/su.c: Fix handling of environment variables when
the environment is not changed. In particular, this makes su
behave as documented regarding PATH and IFS (i.e. they are reset)
when -p is provided.
nekral-guest [Sun, 22 Aug 2010 19:13:53 +0000 (19:13 +0000)]
* libmisc/limits.c: Avoid implicit conversion of integer to
boolean.
* libmisc/basename.c: Avoid implicit conversion of pointer to
boolean.
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
types.
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
types.
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
nekral-guest [Sun, 22 Aug 2010 12:49:07 +0000 (12:49 +0000)]
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
instead of an int.
* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
* libmisc/tz.c: Fix some const issues.
* libmisc/tz.c: Avoid multi-statements lines.
* libmisc/tz.c: Add brackets.
* libmisc/copydir.c: Do not check *printf/*puts return value.
* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
fscreate context.
* libmisc/copydir.c: Use xmalloc instead of malloc.
* libmisc/copydir.c: Do not check lutimes return value
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c (iswheel): Return a bool instead of an int.
* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
* src/passwd.c: Return constant strings when sufficient.
* src/passwd.c: Do not check *printf/*puts return value.
* src/passwd.c: Avoid implicit conversion of character to boolean.
* src/passwd.c: Do not check sleep return value.
* src/sulogin.c: Do not check *printf/*puts return value.
* lib/encrypt.c: Do not check fprintf return value.
nekral-guest [Sat, 21 Aug 2010 17:31:45 +0000 (17:31 +0000)]
* libmisc/copydir.c, lib/prototypes.h: Caller can choose not to
copy the extended attributes (the SELinux context is hence reset)
* src/usermod.c: Copy the extended attributes.
* src/useradd.c: Only reset the SELinux context.
nekral-guest [Sat, 21 Aug 2010 15:32:53 +0000 (15:32 +0000)]
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* src/useradd.c: spool is a constant string.
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* src/usermod.c: move_home() is only called if mflg is set.
* src/usermod.c: Fail is -m is provided but the old home directory
is not a directory.
* src/usermod.c: Use the previous improvement of copy_tree to
provide better error diagnosis.
* src/usermod.c: When rename() is used, also change the ownership.
* src/usermod.c: Do not change the ownership of the root directory
twice.
* src/usermod.c: When -u is provided, only change the ownership of
the home directory if it is a directory.
* src/usermod.c: Also change ownerships when -g is used.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* lib/prototypes.h, libmisc/copydir.c: Add the old UID and GID to
copy_tree to detect when ownership shall be changed.
* libmisc/copydir.c: Document the behavior when the IDs are set to
-1.
* lib/prototypes.h, libmisc/copydir.c (copy_tree): Add parameter
copy_root.
* libmisc/copydir.c: error() and ctx can be static.
* libmisc/copydir.c (copy_hardlink): Remove parameter src.
2010-04-04 Nicolas François <nicolas.francois@centraliens.net>
* libmisc/chowndir.c: Dynamically allocate memory to support
path longer than 1024 characters.
* libmisc/chowndir.c: Fix typos in documentation.
* libmisc/chowndir.c: Support and document the behavior when a old
or new ID is set to -1.
* libmisc/chowndir.c: Improved error detection when chown fails.
* libmisc/chowndir.c: Harmonize error handling strategy when an
error occurs: stop changing ownership as soon as an error was
detected.
nekral-guest [Tue, 30 Mar 2010 21:54:29 +0000 (21:54 +0000)]
* po/POTFILES.in, libmisc/Makefile.am, lib/prototypes.h,
libmisc/remove_tree.c, libmisc/copydir.c: Split remove_tree()
outside of copydir.c to avoid linking against libacl or libattr.
nekral-guest [Thu, 25 Mar 2010 20:35:59 +0000 (20:35 +0000)]
* NEWS, src/chpasswd.c, man/chpasswd.8.xml, man/login.defs.5.xml:
PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options.
nekral-guest [Tue, 23 Mar 2010 11:26:34 +0000 (11:26 +0000)]
* src/newgrp.c: Limit the scope of variable pid.
* src/login_nopam.c: Limit the scope of variables end, lineno, i,
str_len.
* src/logoutd.c: Limit the scope of variable c.
* src/vipw.c: Re-indent.
* src/vipw.c: Close the file after the creation of the backup.
* src/useradd.c (set_default): Close input file on failure.
* src/useradd.c: Limit the scope of variables spool, file, fd, gr,
gid, mode.
* src/passwd.c: Limit the scope of variables last and ok.
* src/chage.c: Fix typo (non breaking space).
* src/login.c: Limit the scope of variables erasechar killchar, c,
failed.
* src/groups.c: Limit the scope of variable ngroups, pri_grp, i.
* src/id.c: Limit the scope of variable i.
nekral-guest [Tue, 23 Mar 2010 08:56:52 +0000 (08:56 +0000)]
* lib/utent.c (getutline): Remove getutline(). This function is
no more used.
* lib/groupmem.c: Limit the scope of variable i.
* lib/shadow.c: Avoid implicit conversion of pointers and integers
to booleans.
* lib/shadow.c: Added brackets.
* libmisc/limits.c: Limit the scope of variable tmpmask.
* libmisc/copydir.c: Close opened file on failure.
* libmisc/loginprompt.c: Limit the scope of variable envc.
* libmisc/find_new_uid.c, libmisc/find_new_gid.c: Limit the scope
of variable id.
nekral-guest [Sun, 21 Mar 2010 01:20:50 +0000 (01:20 +0000)]
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Detect some
misconfigurations of UID_MIN, UID_MAX, SYS_UID_MIN, SYS_UID_MAX (and
the GID equivalents)