* src/pwck.c: Document the sections closed by #endif

* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be given when USE_TCB is enabled.
2010-03-18 10:23:51 +00:00 · 2010-03-18 10:23:51 +00:00 · 2db82460b1
commit 2db82460b1
parent 07c6e99725
4 changed files with 46 additions and 11 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+2010-03-18  Nicolas François  <nicolas.francois@centraliens.net>
+
+	* src/pwck.c: Document the sections closed by #endif
+	* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
+	given when USE_TCB is enabled.
+
 2010-03-18  Nicolas François  <nicolas.francois@centraliens.net>

 	* src/pwck.c: Do not use pwd_file and spw_file. Always use the
--- a/1
+++ b/1
@ -115,6 +115,7 @@ ALL:
    entry (with a password).
  - Add check to move passwd passwords to shadow if there is a shadow
    file.
+  - Support an alternative /etc/tcb directory as second parameter.

 - su
  - add a login.defs configuration parameter to add variables to keep in
--- a/man/pwck.8.xml
+++ b/man/pwck.8.xml
@ -88,6 +88,9 @@
      The <command>pwck</command> command verifies the integrity of the
      users and authentication information. It checks that all entries in
      <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
+      <phrase condition="tcb">(or the files in
+      <filename>/etc/tcb</filename>, when <option>USE_TCB</option> is
+      enabled)</phrase>
      have the proper format and contain valid data.
      The user is prompted to delete entries that are
      improperly formatted or which have other uncorrectable errors.
@ -200,7 +203,7 @@
 	    <filename>/etc/shadow</filename> by UID.
 	  </para>
 	  <para condition="tcb">
-	    This option has no effect when TCB is enabled.
+	    This option has no effect when <option>USE_TCB</option> is enabled.
 	  </para>
 	</listitem>
      </varlistentry>
@ -208,10 +211,18 @@

    <para>
      By default, <command>pwck</command> operates on the files
-      <filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>.
-      The user may select alternate files with the <emphasis
-      remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis>
-      parameters.
+      <filename>/etc/passwd</filename> and
+      <filename>/etc/shadow</filename><phrase condition="tcb"> (or the
+      files in <filename>/etc/tcb</filename>)</phrase>.
+      The user may select alternate files with the
+      <replaceable>passwd</replaceable> and
+      <replaceable>shadow</replaceable> parameters.
+    </para>
+    <para condition="tcb">
+      Note that when <option>USE_TCB</option> is enabled, you cannot
+      specify an alternative <replaceable>shadow</replaceable> file. In
+      future releases, this paramater could be replaced by an alternate
+      TCB directory.
    </para>
  </refsect1>

--- a/src/pwck.c
+++ b/src/pwck.c
@ -49,7 +49,7 @@
 #include "nscd.h"
 #ifdef WITH_TCB
 #include "tcbfuncs.h"
-#endif
+#endif				/* WITH_TCB */

 /*
 * Exit codes
@ -123,8 +123,17 @@ static void fail_exit (int code)
 */
 static void usage (void)
 {
-	fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
-	         Prog);
+#ifdef WITH_TCB
+	if (getdef_bool ("USE_TCB")) {
+		fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd]\n"),
+		         Prog);
+	} else
+#endif				/* WITH_TCB */
+	{
+		fprintf (stderr,
+		         _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
+		         Prog);
+	}
 	exit (E_USAGE);
 }

@ -178,6 +187,14 @@ static void process_flags (int argc, char **argv)
 		use_system_pw_file = false;
 	}
 	if ((optind + 2) == argc) {
+#ifdef WITH_TCB
+		if (getdef_bool ("USE_TCB")) {
+			fprintf (stderr,
+			         _("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"),
+			         Prog);
+			usage ();
+		}
+#endif				/* WITH_TCB */
 		spw_setdbname (argv[optind + 1]);
 		is_shadow = true;
 		use_system_spw_file = false;
@ -197,7 +214,7 @@ static void open_files (void)
 	bool use_tcb = false;
 #ifdef WITH_TCB
 	use_tcb = getdef_bool ("USE_TCB");
-#endif
+#endif				/* WITH_TCB */

 	/*
 	 * Lock the files if we aren't in "read-only" mode
@ -513,7 +530,7 @@ static void check_pw_file (int *errors, bool *changed)
 				}
 				spw_opened = true;
 			}
-#endif
+#endif				/* WITH_TCB */
 			spw = (struct spwd *) spw_locate (pwd->pw_name);
 			if (NULL == spw) {
 				printf (_("no matching password file entry in %s\n"),
@ -595,7 +612,7 @@ static void check_pw_file (int *errors, bool *changed)
 				spw_locked = false;
 			}
 		}
-#endif
+#endif				/* WITH_TCB */
 	}
 }