nekral-guest [Mon, 17 Mar 2008 23:04:46 +0000 (23:04 +0000)]
login_access() is used in src/login.c, and defined in src/login_nopam.c
(which lacks a prototype). Move its prototype from src/login.c to
lib/prototypes.h.
nekral-guest [Sat, 8 Mar 2008 23:01:49 +0000 (23:01 +0000)]
* NEWS, src/groupmod.c: Make sure the passwd, group, and gshadow
files are unlocked on exit. Unlock locked files in fail_exit().
Prefer fail_exit() over exit().
* NEWS, src/groupmod.c: When the GID of a group is changed, update
also the GID of the passwd entries of the users whose primary
group is the group being modified.
nekral-guest [Sat, 8 Mar 2008 22:52:44 +0000 (22:52 +0000)]
* lib/commonio.c (commonio_remove): Fail when the name to be
removed is used by different entries (like commonio_update does).
* NEWS: This fix the behavior of groupdel when the system is not
configured to support split group but different group entries
have the name of the group to be deleted.
nekral-guest [Sat, 8 Mar 2008 21:13:54 +0000 (21:13 +0000)]
* NEWS, src/groupdel.c: Make sure the group, and gshadow files are
unlocked on exit. Add function fail_exit(). Use fail_exit()
instead of exit().
* src/groupdel.c: Fail immediately instead of increasing errors.
Better handling of error cases, like locked group or gshadow file.
nekral-guest [Tue, 26 Feb 2008 19:09:10 +0000 (19:09 +0000)]
* NEWS: Fix failures when the gshadow file is not present. Thanks
to Christian Henz (http://bugs.debian.org/467488)
* src/gpasswd.c (get_group): Do not fail if gshadow is not present. Just use
the group file and set the grent structure
* src/gpasswd.c (check_perms): The permissions should be checked
using both the gshadow and group file. Add a <struct group *>
parameter, and check if the gshadow file exists (is_shadowgrp).
* src/gpasswd.c (main): Do not use sgent.sg_mem or sgent.sg_adm if
the gshadow file is not present (sgent is not initialized in that
case). The fields of sgent can be set, but not used.
nekral-guest [Tue, 26 Feb 2008 18:59:28 +0000 (18:59 +0000)]
* Fix typo in comment.
* Move comment regarding FIRST_MEMBER_IS_ADMIN to
where it belongs.
* Indicate the end of the #ifdef FIRST_MEMBER_IS_ADMIN
section.
nekral-guest [Mon, 25 Feb 2008 21:17:18 +0000 (21:17 +0000)]
* man/login.defs.d/SYS_UID_MAX.xml, man/login.defs.d/SYS_GID_MAX.xml:
Document new variables.
* man/newusers.8.xml, man/login.defs.5.xml,
man/login.defs.d/GID_MAX.xml, man/login.defs.d/UID_MAX.xml:
newusers uses now the GID_MAX, GID_MIN, UID_MAX, UID_MIN,
SYS_GID_MAX, SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
* man/groupadd.8.xml, man/login.defs.5.xml: groupadd uses now the
SYS_GID_MAX, and SYS_GID_MIN variables.
* man/login.defs.5.xml: useradd uses now the SYS_GID_MAX,
SYS_GID_MIN, SYS_UID_MAX, and SYS_UID_MIN variables.
nekral-guest [Sun, 17 Feb 2008 15:29:41 +0000 (15:29 +0000)]
Change the default HOME directory in /etc/default/useradd according FHS
(/home instead of /home/users). This fixes Alioth's bug #310559.
Thanks to Dale E. Edmons.
nekral-guest [Thu, 14 Feb 2008 18:35:51 +0000 (18:35 +0000)]
Use the correct AUDIT_CHGRP_ID event instead of
AUDIT_USER_START, when changing the user space group ID with
newgrp or sg. Thanks to sgrubb@redhat.com for the patch.
nekral-guest [Sun, 10 Feb 2008 20:25:39 +0000 (20:25 +0000)]
Fix the handling of -a when a user is being renamed (with -l). The new
name of the user was used for the new supplementary groups, but not in the
existing ones.
nekral-guest [Sun, 3 Feb 2008 18:51:11 +0000 (18:51 +0000)]
TODO cleanup
- newusers: i = 100; not a nice initial value, use login.defs
This is done. newusers now uses (UID|GID)_(MIN|MAX)
- remove the entries regarding outdated translation of documentation.
The manpages translation should use the PO.
- the manpages should mention when the options were added.
This should help user to choose option for portable scripts
nekral-guest [Sun, 3 Feb 2008 17:53:21 +0000 (17:53 +0000)]
Switch to the C locale before sending messages to syslog. The messages
sent by shadow were not translated, but error messages from PAM returned
by pam_strerror() were translated in the users's locale.
nekral-guest [Sun, 3 Feb 2008 17:45:58 +0000 (17:45 +0000)]
* NEWS: newusers will behave more like useradd.
* src/newusers.c: The user's ID must be found before the group ID
to mimic useradd's behavior choices of UID and GID.
* src/newusers.c: Reuse the generic find_new_uid() and
find_new_gid() functions. This permits to respect the
UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should
* src/newusers.c: Check if the user or group exist using the
external databases (with the libc getpwnam/getgrnam functions).
Refuse to update an user which exist in an external database but
does not exist in the local database.
* src/newusers.c: Check the usernames and groupnames with
check_user_name() and check_group_name()
* src/newusers.c: Use isdigit() for readability.
* src/newusers.c: Check if numerical IDs are valid (no remaining
chars).
* NEWS, src/newusers.c: Fix the support for the NONE crypt method.
* src/newusers.c: Fix shadow group support (the list of admins was
not defined; it is now set to an empty list).
nekral-guest [Sun, 3 Feb 2008 17:23:58 +0000 (17:23 +0000)]
Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second. This permits to avoid using the same salt
for different passwords in newusers.
nekral-guest [Sun, 3 Feb 2008 16:53:07 +0000 (16:53 +0000)]
Add new generic functions to find the next user or group ID available:
find_new_uid() and find_new_gid(). They work the same way as the functions
with the same name of useradd or groupadd, except that they check in the
local database to make sure an ID was not reserved in an uncommitted
change (this is needed to be used in newusers), they report a status
instead of calling exit(), and they can receive a preferred ID. They
should later support system IDs. This should be a little bit slower, but
not too much (if the database is not open the checks against the local
database will exit immediately, and if it is already open, all the checks
will be done regarding the data in memory).
nekral-guest [Sun, 3 Feb 2008 16:28:03 +0000 (16:28 +0000)]
* libmisc/age.c, libmisc/yesno.c, src/lastlog.c, src/grpck.c,
src/chfn.c, src/passwd.c, src/chage.c, src/login.c, src/sulogin.c,
src/chsh.c: Fix call to puts (remove end of line, or use fputs).
* po/*.po: Unfuzzy PO files according to above change.
nekral-guest [Sat, 26 Jan 2008 17:41:20 +0000 (17:41 +0000)]
Fix build failures with --disable-shadowgrp. Thanks to Jürgen
Daubert for the patch.
* libmisc/salt.c: Include <stdio.h>, needed for stderr and printf
functions.
* lib/encrypt.c: Include <stdio.h>, needed for perror, stderr and
printf functions
* src/usermod.c: sgr_locked exists only if SHADOWGRP is defined.
* src/chgpasswd.c: Only check is the gshadow file exists if
SHADOWGRP is defined.
nekral-guest [Wed, 23 Jan 2008 21:50:27 +0000 (21:50 +0000)]
Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
nekral-guest [Wed, 23 Jan 2008 21:19:08 +0000 (21:19 +0000)]
Always define user_newcomment, user_newshell, user_newexpire, and
user_newinactive. It is more simple to always have user_<x> as the old
field, and user_new<x> as the new field (even if the field did not change)
instead of changing the algorithm depending on WITH_AUDIT.
nekral-guest [Tue, 22 Jan 2008 21:42:48 +0000 (21:42 +0000)]
* man/grpck.8.xml: Conditionally include the parts mentioning the
gshadow file (based on SHADOWGRP).
* man/grpck.8.xml: Add reference to the gshadow(5) manpage
(conditionally included).
nekral-guest [Tue, 22 Jan 2008 21:13:43 +0000 (21:13 +0000)]
Indicate that the shadow parameter is optional (i.e. a passwd file can be
specified without a shadow file, and the group file can be specified
without the gshadow file).
nekral-guest [Mon, 21 Jan 2008 23:33:43 +0000 (23:33 +0000)]
* NEWS, src/newgrp.c: Fix segfault when an user returns to an
unknown GID (either the user was deleted during the user's newgrp
session or the user's passwd entry referenced an invalid group).
Add a syslog warning in that case.
* src/newgrp.c: Add an end of line when reporting an invalid
password.
nekral-guest [Sat, 12 Jan 2008 21:09:46 +0000 (21:09 +0000)]
* NEWS, src/useradd.c: Fix the handling of the --defaults option
(it required an argument, but should behave as -D)
* NEWS, man/useradd.8.xml: Document the --defaults option, which
was already described in the useradd's Usage information.
nekral-guest [Sun, 6 Jan 2008 14:50:26 +0000 (14:50 +0000)]
* libmisc/salt.c: Add prototype for l64a(), gensalt(),
SHA_salt_size(), and SHA_salt_rounds().
* libmisc/salt.c: l64a() and gensalt() are static.
* libmisc/salt.c: The `meth' parameter of crypt_make_salt() is a
const. (ditto for the method variable).
* libmisc/salt.c: SHA_salt_rounds returns a const string.
* libmisc/salt.c: Avoid warnings with cast of random() to double.
* libmisc/salt.c: Replace rand() by random().
nekral-guest [Sun, 6 Jan 2008 14:19:32 +0000 (14:19 +0000)]
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
nekral-guest [Sun, 6 Jan 2008 13:57:17 +0000 (13:57 +0000)]
* lib/nscd.c, lib/nscd.h: Set the service parameter of
nscd_flush_cache() to const. This avoids a lot of warnings.
* lib/nscd.c: Include "nscd.h" to avoid inconsistent prototypes.