Additional PAM cleanup:
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: If the username cannot be determined, report it as
such (not a PAM authentication failure).
* NEWS: Added configure --enable-account-tools-setuid (default) /
--disable-account-tools-setuid options. This permits to disable
the PAM authentication of the caller for chage, chgpasswd,
chpasswd, groupadd, groupdel, groupmod, newusers, useradd,
userdel, and usermod. This authentication is not necessary when
these tools are not installed setuid root.
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
* lib/defines.h: Do not include <config.h>. This complicate
undefining some configuration macros when the file is included
multiple times.
* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetpwuid.c,
libmisc/xgetgrgid.c, libmisc/xgetgrnam.c, libmisc/xgetspnam.c:
Include <config.h> from teh compiled C file, not the included
getXXbyYY.c.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/chfn.c,
src/groupmems.c, src/usermod.c, src/groupdel.c, src/chgpasswd.c,
src/useradd.c, src/groupmod.c, src/groupadd.c, src/chage.c,
src/chsh.c: Simplify the PAM error handling. Do not keep the pamh
handle, but terminate the PAM transaction as soon as possible if
there are no PAM session opened.
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/grpconv.c,
src/groups.c, src/grpunconv.c, src/chsh.c: Prog is now global (not
static to the file) so that it can be used by the helper functions
of libmisc.
* lib/prototypes.h: Added extern char *Prog.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Indicate the
program name with the warning.
* lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
This permits stronger type checking and a better readability of
the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
of 0 or 1 in audit_logger().
* lib/prototypes.h, libmisc/audit_help.c: Define new type
shadow_audit_result for the result argument of audit_logger().
This permits stronger type checking and a better readability of
the results (SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS constants).
* src/groupadd.c, src/groupdel.c, src/useradd.c, src/userdel.c:
Use the SHADOW_AUDIT_FAILURE/SHADOW_AUDIT_SUCCESS results instead
of 0 or 1 in audit_logger().
* src/userdel.c: Log failures to remove the mailbox to syslog and
audit.
* src/userdel.c: Log successful removal of home directory to audit
only in case of success.
* src/userdel.c: Move the audit log of failure to remove the home
directory before the call to function that may exit.
* src/userdel.c: Document that errors is only used to count errors
during the removal of the home directory.
* src/useradd.c: Log errors to syslog in grp_update() since
changes have started to be reported to syslog.
* src/userdel.c: Fix some result parameters sent to
audit_logger().
* NEWS: Following changes from a patch contributed by Steve Grubb
<sgrubb@redhat.com>
* src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead
of AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Log to audit with type AUDIT_ADD_USER /
AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of
AUDIT_USER_CHAUTHTOK.
* src/useradd.c: Add missing logs to audit.
* src/userdel.c: Log to audit with type AUDIT_DEL_USER /
AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK.
* src/userdel.c: Add missing logs to audit.
nekral-guest [Sun, 31 Aug 2008 17:31:00 +0000 (17:31 +0000)]
* man/useradd.8.xml: Document the /etc/default/useradd variables.
* man/useradd.8.xml: Fix the documentation of the GROUP variable
(and -g/--gid option).
nekral-guest [Sun, 31 Aug 2008 17:29:08 +0000 (17:29 +0000)]
* src/groupmems.c: The grp structure returned by gr_locate is a
const. Duplicate this structure before working on it.
* src/groupmems.c: Do not fail and do not display warnings if a
close failure happens with the --list option. (Files are opened
read-only).
nekral-guest [Sun, 31 Aug 2008 17:28:49 +0000 (17:28 +0000)]
* libmisc/obscure.c: Add brackets and parenthesis.
* libmisc/obscure.c: Avoid implicit conversion of pointers / chars to
booleans.
* libmisc/obscure.c: Simplify the list of if.
nekral-guest [Sun, 31 Aug 2008 17:28:12 +0000 (17:28 +0000)]
* src/grpconv.c, src/groups.c: Name the parameters in the
prototypes of the static functions.
* src/grpconv.c: Fail if unexpected parameters are provided.
* src/grpconv.c: Indicate that argc is not used in the no
SHADOWGRP version.
nekral-guest [Sat, 30 Aug 2008 18:34:43 +0000 (18:34 +0000)]
* src/groupmems.c: Added function open_°files and close_files to
ease the support of gshadow.
* src/groupmems.c: Always call check_perms(). This function now
succeed when the requested action is to list the members.
nekral-guest [Sat, 30 Aug 2008 18:32:43 +0000 (18:32 +0000)]
* configure.in: Remove the USE_NSCD AM_CONDITIONAL (USE_NSCD is
not used in any Makefile.am).
* configure.in: Make sure posix_spawn is present when configured
with nscd support.
nekral-guest [Sat, 30 Aug 2008 18:31:21 +0000 (18:31 +0000)]
* configure.in: Check if the stat structure has a st_atim or
st_atimensec field.
* libmisc/copydir.c: Conditionally use the stat's st_atim and
st_atimensec fields.
nekral-guest [Sat, 30 Aug 2008 18:30:58 +0000 (18:30 +0000)]
* lib/groupio.h, lib/prototypes.h, lib/pwio.h, lib/sgetgrent.c:
Include <sys/types.h> before <pwd.h> and <grp.h>. It is necessary
for the definition of uid_t and gid_t.
* lib/pwmem.c: do not include <pwd.h>, "pwio.h" is sufficient
here.
nekral-guest [Sat, 30 Aug 2008 18:29:55 +0000 (18:29 +0000)]
* NEWS: Added support for uclibc.
* configure.in, libmisc/copydir.c: futimes() and lutimes() are not
standard. Check if they are implemented before using them. Do not
set the time of links if lutimes() does not exist, and use
utimes() as a replacement for futimes().
nekral-guest [Sat, 30 Aug 2008 18:29:08 +0000 (18:29 +0000)]
* src/groupmems.c: When removing an user, check if deluser is on
the list, not adduser. This fixes a segmentation fault for every
call of groupmems -d.
* libmisc/list.c: Add assertions to help identifying these issues.
* libmisc/list.c: Avoid implicit conversion of pointers to
booleans.
nekral-guest [Sat, 30 Aug 2008 18:27:59 +0000 (18:27 +0000)]
* src/useradd.c: Harmonize some error messages.
* src/userdel.c: Add log to syslog when the mail file could not be
removed.
* src/userdel.c: Give more context an error message (merge with
perror()).
* src/usermod.c: Harmonize some error messages.
nekral-guest [Sat, 30 Aug 2008 18:27:34 +0000 (18:27 +0000)]
* src/groupmems.c: Check the return value of gr_update().
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/gpasswd.c, src/groupadd.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/passwd.c, src/pwck.c, src/pwconv.c, src/pwunconv.c,
src/useradd.c, src/userdel.c, src/usermod.c: Harmonize the error
message sent to stderr in case of *_update () failure.
* src/chage.c, src/chsh.c, src/groupadd.c, src/passwd.c: Do not
log to syslog when pw_update() or spw_update() fail.
* src/newusers.c: Do not log specific error message to stderr when
sgr_update() fails.
* src/pwconv.c: Remove duplicated definition of Prog.
nekral-guest [Sat, 30 Aug 2008 18:27:07 +0000 (18:27 +0000)]
* src/chfn.c, src/chsh.c, src/expiry.c, src/gpasswd.c,
src/newgrp.c, src/passwd.c, src/su.c: Use the same stderr and
syslog warnings when the username cannot be determined.
* src/newgrp.c: Reuse the same stderr message for groups which do
not exist in the system.
nekral-guest [Fri, 22 Aug 2008 02:30:33 +0000 (02:30 +0000)]
* src/chfn.c: Do not exit on pw_unlock failures.
* src/grpconv.c, src/grpunconv.c, src/pwconv.c, src/pwunconv.c,
src/vipw.c: Open syslog with the right identification name.
* src/vipw.c: Log unlock errors to syslog.
* src/vipw.c: Log edits to syslog.
* src/chage.c, src/chfn.c, src/chsh.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmod.c, src/grpconv.c,
src/grpunconv.c, src/passwd.c, src/pwck.c, src/pwunconv.c,
src/useradd.c, src/usermod.c: Harmonize the syslog levels. Failure
to close or unlock are errors. Failure to open files are warnings.
nekral-guest [Fri, 22 Aug 2008 02:29:31 +0000 (02:29 +0000)]
* src/newusers.c: Open syslog with the right identification name.
* src/newusers.c: Mark the files as locked only if they are really
locked (i.e. if shadow is not enabled, the files are not locked).
nekral-guest [Fri, 22 Aug 2008 02:28:15 +0000 (02:28 +0000)]
* NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added
support for long options --add (-a), --delete (-d),
--remove-password (-r), --restrict (-R), --administrators (-A),
and --members (-M)
* man/gpasswd.1.xml: Document the new long options.
* src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is
defined.
nekral-guest [Fri, 22 Aug 2008 02:26:46 +0000 (02:26 +0000)]
* src/grpck.c: Added function fail_exit(). Check failure to unlock
files. Report errors to stderr and syslog, but continue.
* src/grpconv.c: Check failure to unlock files. Report errors to
stderr and syslog, but continue.
nekral-guest [Fri, 22 Aug 2008 02:22:34 +0000 (02:22 +0000)]
* src/chfn.c, src/chgpasswd.c, src/chpasswd.c, src/gpasswd.c,
src/groupadd.c, src/groupdel.c, src/groupmems.c, src/groupmod.c,
src/grpconv.c, src/grpunconv.c, src/newusers.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c: Harmonize the name
of the variables keeping the lock status, to match the shadow
library prefixes.
nekral-guest [Fri, 22 Aug 2008 02:20:53 +0000 (02:20 +0000)]
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/gpasswd.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/grpck.c, src/grpconv.c, src/grpunconv.c,
src/newusers.c, src/passwd.c, src/pwck.c, src/pwconv.c,
src/pwunconv.c, src/useradd.c, src/userdel.c, src/usermod.c: In
case of a lock failure, indicate to the user that she can try
again later. Do not log to syslog.
nekral-guest [Fri, 22 Aug 2008 02:16:21 +0000 (02:16 +0000)]
* NEWS, src/passwd.c: For compatibility with other passwd version,
the --lock an --unlock options do not lock or unlock the user
account anymore. They only lock or unlock the user's password.
* man/passwd.1.xml: Document above change. Document how an account
can be locked and what a password lock means.
nekral-guest [Fri, 15 Aug 2008 15:25:53 +0000 (15:25 +0000)]
* man/groupadd.8.xml: Fix the regular expression for group policy.
The final $ character is optional.
* man/groupadd.8.xml: Likewise.
* man/groupadd.8.xml: Indicate the maximum size of usernames.
nekral-guest [Sat, 9 Aug 2008 23:33:26 +0000 (23:33 +0000)]
* src/pwck.c: Added fail_exit().
* src/pwck.c: Report failure to unlock files to stderr and
syslog.
* src/pwck.c: Report failure to sort to stderr, and exit with
E_CANTSORT.
* man/pwck.8.xml: Document return code 6 (E_CANTSORT).