* src/pwck.c: Document the sections closed by #endif
* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be given when USE_TCB is enabled.
This commit is contained in:
parent
07c6e99725
commit
2db82460b1
@ -1,3 +1,9 @@
|
|||||||
|
2010-03-18 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* src/pwck.c: Document the sections closed by #endif
|
||||||
|
* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
|
||||||
|
given when USE_TCB is enabled.
|
||||||
|
|
||||||
2010-03-18 Nicolas François <nicolas.francois@centraliens.net>
|
2010-03-18 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/pwck.c: Do not use pwd_file and spw_file. Always use the
|
* src/pwck.c: Do not use pwd_file and spw_file. Always use the
|
||||||
|
1
TODO
1
TODO
@ -115,6 +115,7 @@ ALL:
|
|||||||
entry (with a password).
|
entry (with a password).
|
||||||
- Add check to move passwd passwords to shadow if there is a shadow
|
- Add check to move passwd passwords to shadow if there is a shadow
|
||||||
file.
|
file.
|
||||||
|
- Support an alternative /etc/tcb directory as second parameter.
|
||||||
|
|
||||||
- su
|
- su
|
||||||
- add a login.defs configuration parameter to add variables to keep in
|
- add a login.defs configuration parameter to add variables to keep in
|
||||||
|
@ -88,6 +88,9 @@
|
|||||||
The <command>pwck</command> command verifies the integrity of the
|
The <command>pwck</command> command verifies the integrity of the
|
||||||
users and authentication information. It checks that all entries in
|
users and authentication information. It checks that all entries in
|
||||||
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
|
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>
|
||||||
|
<phrase condition="tcb">(or the files in
|
||||||
|
<filename>/etc/tcb</filename>, when <option>USE_TCB</option> is
|
||||||
|
enabled)</phrase>
|
||||||
have the proper format and contain valid data.
|
have the proper format and contain valid data.
|
||||||
The user is prompted to delete entries that are
|
The user is prompted to delete entries that are
|
||||||
improperly formatted or which have other uncorrectable errors.
|
improperly formatted or which have other uncorrectable errors.
|
||||||
@ -200,7 +203,7 @@
|
|||||||
<filename>/etc/shadow</filename> by UID.
|
<filename>/etc/shadow</filename> by UID.
|
||||||
</para>
|
</para>
|
||||||
<para condition="tcb">
|
<para condition="tcb">
|
||||||
This option has no effect when TCB is enabled.
|
This option has no effect when <option>USE_TCB</option> is enabled.
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
@ -208,10 +211,18 @@
|
|||||||
|
|
||||||
<para>
|
<para>
|
||||||
By default, <command>pwck</command> operates on the files
|
By default, <command>pwck</command> operates on the files
|
||||||
<filename>/etc/passwd</filename> and <filename>/etc/shadow</filename>.
|
<filename>/etc/passwd</filename> and
|
||||||
The user may select alternate files with the <emphasis
|
<filename>/etc/shadow</filename><phrase condition="tcb"> (or the
|
||||||
remap='I'>passwd</emphasis> and <emphasis remap='I'>shadow</emphasis>
|
files in <filename>/etc/tcb</filename>)</phrase>.
|
||||||
parameters.
|
The user may select alternate files with the
|
||||||
|
<replaceable>passwd</replaceable> and
|
||||||
|
<replaceable>shadow</replaceable> parameters.
|
||||||
|
</para>
|
||||||
|
<para condition="tcb">
|
||||||
|
Note that when <option>USE_TCB</option> is enabled, you cannot
|
||||||
|
specify an alternative <replaceable>shadow</replaceable> file. In
|
||||||
|
future releases, this paramater could be replaced by an alternate
|
||||||
|
TCB directory.
|
||||||
</para>
|
</para>
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
|
29
src/pwck.c
29
src/pwck.c
@ -49,7 +49,7 @@
|
|||||||
#include "nscd.h"
|
#include "nscd.h"
|
||||||
#ifdef WITH_TCB
|
#ifdef WITH_TCB
|
||||||
#include "tcbfuncs.h"
|
#include "tcbfuncs.h"
|
||||||
#endif
|
#endif /* WITH_TCB */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Exit codes
|
* Exit codes
|
||||||
@ -123,8 +123,17 @@ static void fail_exit (int code)
|
|||||||
*/
|
*/
|
||||||
static void usage (void)
|
static void usage (void)
|
||||||
{
|
{
|
||||||
fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
|
#ifdef WITH_TCB
|
||||||
Prog);
|
if (getdef_bool ("USE_TCB")) {
|
||||||
|
fprintf (stderr, _("Usage: %s [-q] [-r] [-s] [passwd]\n"),
|
||||||
|
Prog);
|
||||||
|
} else
|
||||||
|
#endif /* WITH_TCB */
|
||||||
|
{
|
||||||
|
fprintf (stderr,
|
||||||
|
_("Usage: %s [-q] [-r] [-s] [passwd [shadow]]\n"),
|
||||||
|
Prog);
|
||||||
|
}
|
||||||
exit (E_USAGE);
|
exit (E_USAGE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -178,6 +187,14 @@ static void process_flags (int argc, char **argv)
|
|||||||
use_system_pw_file = false;
|
use_system_pw_file = false;
|
||||||
}
|
}
|
||||||
if ((optind + 2) == argc) {
|
if ((optind + 2) == argc) {
|
||||||
|
#ifdef WITH_TCB
|
||||||
|
if (getdef_bool ("USE_TCB")) {
|
||||||
|
fprintf (stderr,
|
||||||
|
_("%s: no alternative shadow file allowed when USE_TCB is enabled.\n"),
|
||||||
|
Prog);
|
||||||
|
usage ();
|
||||||
|
}
|
||||||
|
#endif /* WITH_TCB */
|
||||||
spw_setdbname (argv[optind + 1]);
|
spw_setdbname (argv[optind + 1]);
|
||||||
is_shadow = true;
|
is_shadow = true;
|
||||||
use_system_spw_file = false;
|
use_system_spw_file = false;
|
||||||
@ -197,7 +214,7 @@ static void open_files (void)
|
|||||||
bool use_tcb = false;
|
bool use_tcb = false;
|
||||||
#ifdef WITH_TCB
|
#ifdef WITH_TCB
|
||||||
use_tcb = getdef_bool ("USE_TCB");
|
use_tcb = getdef_bool ("USE_TCB");
|
||||||
#endif
|
#endif /* WITH_TCB */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Lock the files if we aren't in "read-only" mode
|
* Lock the files if we aren't in "read-only" mode
|
||||||
@ -513,7 +530,7 @@ static void check_pw_file (int *errors, bool *changed)
|
|||||||
}
|
}
|
||||||
spw_opened = true;
|
spw_opened = true;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* WITH_TCB */
|
||||||
spw = (struct spwd *) spw_locate (pwd->pw_name);
|
spw = (struct spwd *) spw_locate (pwd->pw_name);
|
||||||
if (NULL == spw) {
|
if (NULL == spw) {
|
||||||
printf (_("no matching password file entry in %s\n"),
|
printf (_("no matching password file entry in %s\n"),
|
||||||
@ -595,7 +612,7 @@ static void check_pw_file (int *errors, bool *changed)
|
|||||||
spw_locked = false;
|
spw_locked = false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* WITH_TCB */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user