* src/useradd.c: Check assumptions on snprintf().
* src/useradd.c: Replace peror by an strerror and avoid an
intermediate buffer.
* src/useradd.c: Save errno between the failure and the report by
perror/strerror.
* src/useradd.c: Prefer xmalloc to malloc.
* libmisc/limits.c: Parse the limits, umask, nice, maxlogin, file
limit with getlog() / getulong(). This also means, in case of
non-PAM enabled systems, that the umask specified on the GECOS
fields should start with a 0 if specified in octal. (it used to be
force to octal). Do the appropriate cast and range checking.
* libmisc/setupenv.c: Prefer snprintf to sprintf, even if a small
context indicates no issues.
* libmisc/setupenv.c: Avoid implicit conversion of pointers to
booleans.
* lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h,
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
splint annotations. The *_locate() and *_next() functions
currently return an observer. As the structure are often modified
by the caller, it could maybe be changed to exposed later. (and
non-const).
* lib/pwauth.c: Use a boolean for wipe_clear_pass and use_skey.
* lib/pwauth.c: Added splint annotations.
* lib/pwauth.c: Added brackets and parenthesis.
* lib/pwauth.c: Avoid assignments in comparisons.
* lib/pwauth.c: Avoid implicit conversion of pointers or
characters to booleans.
* src/newgrp.c: Added splint annotations.
* src/newgrp.c: audit_buf is only used in newgrp. Make it static.
* src/newgrp.c: Ignore the return value of fputs().
* src/newgrp.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/pwdcheck.c (passwd_check): The progname is not used.
* libmisc/pwdcheck.c: Ignore the return value of sleep().
* libmisc/pwdcheck.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/setupenv.c: Avoid assignments in comparisons.
* libmisc/setupenv.c: Added brackets and parenthesis.
* libmisc/setupenv.c: Ignore the return value of fclose (file
opened read-only)
* libmisc/setupenv.c: Ignore the return value of puts().
* libmisc/setupenv.c:Avoid implicit conversion of pointers to
booleans.
* libmisc/loginprompt.c: Use exit(EXIT_FAILURE) instead of
exit(1).
* libmisc/loginprompt.c: Avoid implicit conversion of pointers to
booleans.
* libmisc/loginprompt.c: Ignore return value of putc().
* src/lastlog.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
* src/lastlog.c: Added splint annotations.
* src/lastlog.c: Avoid global pwent.
* src/lastlog.c: Cast ID to ulongs and use ulong formats for IDs.
* src/lastlog.c: Avoid assignment in comparisons.
* src/lastlog.c: Ignore fclose() return value since the file is
only opened for reading.
* libmisc/find_new_gid.c: Use booleans instead of char fo
used_gids.
* libmisc/find_new_gid.c: Use getdef_ulong and cast to git_t to
get GID values.
* libmisc/find_new_gid.c: Use UL as a prefix for ulong values.
* libmisc/find_new_uid.c: Likewise.
* lib/defines.h: Define USER_NAME_MAX_LENGTH, based on utmp and
default to 32.
* libmisc/chkname.c: Use USER_NAME_MAX_LENGTH.
* src/login.c: Use USER_NAME_MAX_LENGTH instead of the default 32.
username also needs to be bigger than USER_NAME_MAX_LENGTH because
it has to be nul-terminated.
* src/login.c: If we cannot get the terminal configuration, do not
change the terminal configuration. setup_tty() is just a best
effort configuration of the terminal.
* src/login.c: Ignore failures when setting the terminal
configuration.
* src/login.c: Fail if the ERASECHAR or KILLCHAR configurations
are not compatible with a cc_t type.
* src/login.c: Removed temp_shell. No more used.
* src/login.c: lastlog is only used #ifndef USE_PAM
* src/login.c: Rename lastlog to ll to avoid name clash with the
lastlog type.
* src/login.c: Check if login is run with effective root
privileges. This should be more helpful to users than a failure to
find an utmp entry or failure to access a file.
* libmisc/utmp.c: Reworked. Get rid of Linux specific stuff. Get rid
of global utent/utxent variables. Only reuse the ut_id and maybe
the ut_host fields from utmp.
* lib/prototypes.h, libmisc/utmp.c: Removed checkutmp(),
setutmp(), setutmpx().
* lib/prototypes.h, libmisc/utmp.c: Added get_current_utmp(),
prepare_utmp(), prepare_utmpx(), setutmp(), setutmpx().
* libmisc/utmp.c (is_my_tty): Only compare the name of the utmp
line with ttyname(). (No stat of the two terminals to compare the
devices).
* libmisc/utmp.c: Use getaddrinfo() to get the address of the
host.
* configure.in: Check for getaddrinfo().
* configure.in: Use AC_CHECK_MEMBERS to check for the existence of
fields in the utmp/utmpx structures.
* configure.in: Reject systems with utmpx support but no ut_id
field in utmp. This could be fixed later if needed.
* src/login.c: Use the new utmp functions. This also simplifies
the failtmp() handling.
* src/login.c: passwd_free() renamed to pw_free() and
shadow_free() renamed to spw_free()
* src/login.c: Get rid of pwent. pwd is sufficient as long as it
is always coming from xgetpwnam. There is no need to copy pwd to
pwent, this was not a good idea anyway as the strings from pwd
were not duplicated.
* src/login.c: Always free the pwd and spwd structure when we
retrieve a new one. This will clear the password of the previous
user from the memory.
* src/login.c: user_passwd is used to keep point to the password
of the user being authenticated.
* src/login.c: (non PAM) Fail if the user's entry cannot be found
after the user updated her password (if expire() requested an
update).
* src/login.c: If the user does not exist on the system, there is
no need to build a pwd structure (with shell).
* libmisc/hushed.c, lib/prototypes.h, src/login.c: Change the
hushed() prototype to take a username instead of a passwd
structure in argument. The passwd entry is retrieved withing
hushed().
* libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
non-null terminated ut_user, unavailability of ut_user, incomplete
username (that should not happen currently).
* libmisc/failure.h, libmisc/failure.c, src/login.c: Added
username as first parameter of failtmp to avoid issues with
non-null terminated ut_user, unavailability of ut_user, incomplete
username (that should not happen currently).
* NEWS, src/userdel.c: Fixed SE Linux support. semanage should be
called at the end.
* src/useradd.c: Always call selinux_update_mapping() (i.e.
semanage), not only when -Z is used.
* NEW, src/vipw.c: SE Linux: Set the default context to the
context of the file being edited. This ensures that the backup
file inherit from the file's context.