nekral-guest [Sun, 15 Mar 2009 21:29:16 +0000 (21:29 +0000)]
* NEWS, src/userdel.c: Make sure the user exists in the shadow
database before calling spw_remove().
* NEWS, src/userdel.c: When the user's group is removed, make sure
the group is in the gshadow database before calling sgr_remove().
* src/userdel.c: Improve warning's wording.
nekral-guest [Sun, 15 Mar 2009 21:15:48 +0000 (21:15 +0000)]
* libmisc/cleanup.c: Fix del_cleanup. The arguments were not
desynchronized with the cleanup functions.
* libmisc/cleanup.c: cleanup_function_args is an array of void
pointer, not strings.
nekral-guest [Sat, 14 Mar 2009 16:18:06 +0000 (16:18 +0000)]
* man/po/Makefile.in.in: xml2po cannot exclude one entity for
expansion. Make sure config.xml does not exist when the POT file
is created in order to keep the configurations in the POT file
* man/generate_translations.mak: make sure config.xml does not
exist neither when the translated XML is generated. Add the
missing %config; (strip out by xml2po). and make sure config.xml
is present when the translated manpage is generated.
* man/generate_mans.mak: config.xml is needed for the generation
of manpages (already in the .deps for the English manpages, but
needed for the translations).
* man/Makefile.am: Added missing CREATE_HOME.xml.
nekral-guest [Fri, 13 Mar 2009 23:17:43 +0000 (23:17 +0000)]
* man/login.defs.5.xml: Indicate that sg uses the same variables
as newgrp.
* man/login.defs.5.xml: vipw does not use any variable.
* man/login.defs.5.xml: In PAM enabled configurations, login still
uses some login.defs variables.
nekral-guest [Fri, 13 Mar 2009 23:12:06 +0000 (23:12 +0000)]
* man/newusers.8.xml: Document the behavior of newusers for each
field.
* man/newusers.8.xml: Do not add the note on PAM on non-PAM
enabled configurations.
nekral-guest [Fri, 13 Mar 2009 22:49:20 +0000 (22:49 +0000)]
* src/faillog.c: Added support for the specification of a range of
users with -u.
* src/faillog.c: Do not call print_one() for users which do not
exist.
* src/faillog.c: Make sure the user's entry is not outside the
faillog file and initialize the faillog structure in that case.
* src/faillog.c: Move print_one() closer to print().
* src/faillog.c: reset(), setmax(), set_locktime() can also change
entries of user which do not exist.
* src/faillog.c: reset(), setmax() and set_locktime() shall not
create entries for users which have no entries if the value has to
be set to 0.
* src/faillog.c: reset(), setmax() and set_locktime(): better
handling of users whose entry is outside the faillog file.
* src/faillog.c: Improved option handling. Options can now be
specified in any order.
* src/faillog.c: Improved warnings when options are not
compatible or when the faillog cannot be open with the right mode.
* src/faillog.c: Only fstat the faillog file once.
* man/faillog.8.xml: Improved documentation.
nekral-guest [Fri, 13 Mar 2009 22:28:27 +0000 (22:28 +0000)]
* src/chpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
* src/chgpasswd.c: Make sure the SHA related variables is not
compiled when disabled at configuration time.
* src/chgpasswd.c: Fix the test for getlong() failure.
nekral-guest [Fri, 13 Mar 2009 22:20:20 +0000 (22:20 +0000)]
* src/lastlog.c: lastlog variable renamed to ll to avoid name
clash with the structure.
* src/lastlog.c: check the offset in print_one() so that it is
used for the display of one entry or a set of entries.
* src/lastlog.c: Do not loop over the whole user database when -u
is used with a single user.
* src/lastlog.c: Check the size of the lastlog file so that we
can identify failures to read.
nekral-guest [Sun, 22 Feb 2009 23:23:15 +0000 (23:23 +0000)]
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Avoid calling
getgrent()/getpwent() after they return NULL. This caused LDAP to
return at the beginning of the group/user entries.
nekral-guest [Mon, 26 Jan 2009 22:03:37 +0000 (22:03 +0000)]
* NEWS, src/gpasswd.c: Only report success to audit and syslog
when the changes are committed to the system. Do not log failure
for on-memory changes to audit or syslog. Make sure failures and
inconsistencies will be reported in case of unexpected failures
(e.g. malloc failures). Only specify an audit message if it is not
implicitly implied by the type argument. Removed fail_exit
(replaced by atexit(do_cleanups)). Log failures in case of
permission denied.
nekral-guest [Tue, 23 Dec 2008 00:44:29 +0000 (00:44 +0000)]
* src/Makefile.am: Only link with the needed library. When
compiled with PAM support, chfn, chsh, login, newgrp, passwd, and
su do not need the libcrypt library.
nekral-guest [Mon, 22 Dec 2008 21:52:43 +0000 (21:52 +0000)]
* libmisc/audit_help.c: Added audit_logger_message() to log
messages not related to an account.
* lib/prototypes.h, libmisc/cleanup.c, libmisc/cleanup_group.c,
libmisc/cleanup_user.c, libmisc/Makefile.am: Added stack of
cleanup functions to be executed on exit.
* NEWS, src/groupadd.c, src/groupdel.c, src/groupmod.c: Only
report success to audit and syslog when the changes are committed
to the system. Do not log failure for on-memory changes to audit
or syslog. Make sure failures and inconsistencies will be reported
in case of unexpected failures (e.g. malloc failures). Only
specify an audit message if it is not implicitly implied by the
type argument. Removed fail_exit (replaced by atexit(do_cleanups)).
nekral-guest [Sun, 30 Nov 2008 01:29:40 +0000 (01:29 +0000)]
* NEWS, configure.in, libmisc/chkname.c: make group max length a
configure option. The configure behavior encoded is:
<no option> -> default of 16 (like today);
--with-group-name-max-length -> default of 16;
--without-group-name-max-length -> no max length;
--with-group-name-max-length=n > max is set to n.
nekral-guest [Sat, 22 Nov 2008 23:56:51 +0000 (23:56 +0000)]
* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
does not need this argument anymore.
nekral-guest [Sat, 22 Nov 2008 23:56:11 +0000 (23:56 +0000)]
* NEWS, libmisc/chowntty.c, libmisc/utmp.c: is_my_tty() moved from
utmp.c to chowntty.c. checkutmp() now only uses an existing utmp
entry if the pid matches and ut_line matches with the current tty.
This fixes a possible DOS when entries can be forged in the utmp
file.
* libmisc/chowntty.c, src/login.c, lib/prototypes.h: Remove the
tty argument from chown_tty. chown_tty always changes stdin and
does not need this argument anymore.
* src/login.c, man/login.1.xml: the username is not an optional
parameter of -f. Fix the getopt optstring, remove the parsing of
username in the -f processing block, and remove unnecessary checks
(username cannot be parsed twice anymore), better documentation of
the synopsis.
* src/login.c: Use failent_user to log to audit. username is the
caller, not the user login tries to authenticate.
* src/login.c: Use pwd->pw_name instead of pwd->pw_uid. This might
be more precise (name must be unique, uid might not be).
* man/passwd.1.xml: passwd cannot change the full name of the
user, the user's login shell; but it can change the account or
password validity period. Thanks to Reuben Thomas.
* src/useradd.c: Added missing declaration of Mflg.
* src/pwck.c: Only unlock files if they were locked before (e.g.
not in read-only mode).
* src/pwck.c: Quote the username in error messages (harmonization
with other messages).
* libmisc/find_new_gid.c: Fixed typo (s/grp->gr_gid/group_id/).
* libmisc/find_new_gid.c: Likewise.
* libmisc/setugid.c, src/login_nopam.c, src/suauth.c,
lib/getdef.c: Replace the %m format string by strerror(). This
avoids errno to be reset between the system call error and the
report function.
* NEWS, etc/login.defs: New CREATE_HOME variable to tell useradd
to create a home directory for new users.
* src/useradd.c, man/useradd.8.xml: New -M/--no-create-home option
and CREATE_HOME usage. System accounts are not impacted by
CREATE_HOME.
* man/useradd.8.xml: Indicate that a new group is created by
default.
* src/useradd.c: Removed TODO item (moved to the TODO file).
* man/login.defs.d/USERGROUPS_ENAB.xml: Fix typo: new <para> tag
before the previous one is closed. This caused a missng
explanation for USERGROUPS_ENAB.
* man/groupadd.8.xml: Remove the list of (short) options from the
SYNOPSIS. Replaced with [options] for consistency with other tools
and maintainability.
From RedHat's patch shadow-4.1.2-sysAccountDownhill.patch
Thanks to Peter Vrabec.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Build an
index of used IDs to avoid a database request for each id in the
allowed range (when the highest allowed ID is already used).
This speedups the addition of users or groups when the highest
allowed ID is already used. The additional memory usage of the
tools should be acceptable when UID_MAX/SYS_UID_MAX are set to a
reasonable number.
Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).