* man/faillog.8.xml: Document the behavior in display mode of the

-a option.
	* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
	the non-display mode. This changes the default behavior of the -l,
	-m, -r, -t options when -a is not specified (restrict to existing
	users).
This commit is contained in:
nekral-guest 2010-03-16 19:15:22 +00:00
parent 5d6c314304
commit c0e7dcd2fd
4 changed files with 125 additions and 29 deletions

View File

@ -1,3 +1,12 @@
2010-03-16 Nicolas François <nicolas.francois@centraliens.net>
* man/faillog.8.xml: Document the behavior in display mode of the
-a option.
* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
the non-display mode. This changes the default behavior of the -l,
-m, -r, -t options when -a is not specified (restrict to existing
users).
2010-03-15 Nicolas François <nicolas.francois@centraliens.net> 2010-03-15 Nicolas François <nicolas.francois@centraliens.net>
* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml, * man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,

3
NEWS
View File

@ -7,6 +7,9 @@ shadow-4.1.4.2 -> shadow-4.1.4.3 UNRELEASED
zero) when explicitly requested (e.g. with --help). zero) when explicitly requested (e.g. with --help).
* initial support for tcb (http://openwall.com/tcb/). * initial support for tcb (http://openwall.com/tcb/).
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.
- groupmod - groupmod
* Fixed groupmod when configured with --enable-account-tools-setuid. * Fixed groupmod when configured with --enable-account-tools-setuid.
- su - su

View File

@ -74,6 +74,23 @@
Display (or act on) faillog records for all users having an Display (or act on) faillog records for all users having an
entry in the <filename>faillog</filename> database. entry in the <filename>faillog</filename> database.
</para> </para>
<para>
The range of users can be restricted with the
<option>-u</option> option.
</para>
<para>
In display mode, this is still restricted to existing users
but forces the display of the faillog entries even if they
are empty.
</para>
<para>
With the <option>-l</option>, <option>-m</option>,
<option>-r</option>, <option>-t</option> options, the users'
records are changed, even if the user does not exist on the
system. This is useful to reset records of users that have
been deleted or to set a policy in advance for a range of
users.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
@ -176,15 +193,6 @@
<option>-r</option> options are used, <command>faillog</command> <option>-r</option> options are used, <command>faillog</command>
displays the faillog record of the specified user(s). displays the faillog record of the specified user(s).
</para> </para>
<para>
NOTE: in display mode, only the records of users which currently
exist in the system are displayed. In the other modes (when the
<option>-l</option>, <option>-m</option>, or <option>-r</option>
options are used), the records of the user, or the range of users,
or all the users that may have an entry in the faillog database will
be changed. This is useful to reset records of users that have been
deleted or set a policy in advance for a range of users.
</para>
</refsect1> </refsect1>
<refsect1 id='caveats'> <refsect1 id='caveats'>

View File

@ -271,27 +271,54 @@ static void reset (void)
errors = true; errors = true;
} }
} else { } else {
/* Reset all entries in the specified range. /* There is no need to reset outside of the faillog
* Non existing entries will not be touched. * database.
* Entries for non existing users are also reset.
*/ */
uid_t uid = 0;
uid_t uidmax = statbuf.st_size / sizeof (struct faillog); uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
if (uidmax > 1) {
/* Make sure we stay in the umin-umax range if specified */ uidmax--;
if (has_umin) {
uid = (uid_t)umin;
} }
if (has_umax && (uid_t)umax < uidmax) { if (has_umax && (uid_t)umax < uidmax) {
uidmax = (uid_t)umax; uidmax = (uid_t)umax;
} }
while (uid < uidmax) { /* Reset all entries in the specified range.
* Non existing entries will not be touched.
*/
if (aflg) {
/* Entries for non existing users are also reset.
*/
uid_t uid = 0;
/* Make sure we stay in the umin-umax range if specified */
if (has_umin) {
uid = (uid_t)umin;
}
while (uid <= uidmax) {
if (reset_one (uid)) { if (reset_one (uid)) {
errors = true; errors = true;
} }
uid++; uid++;
} }
} else {
/* Only reset records for existing users.
*/
struct passwd *pwent;
setpwent ();
while ( (pwent = getpwent ()) != NULL ) {
if ( uflg
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|| (pwent->pw_uid > (uid_t)uidmax))) {
continue;
}
if (reset_one (pwent->pw_uid)) {
errors = true;
}
}
endpwent ();
}
} }
} }
@ -359,30 +386,56 @@ static void setmax (int max)
errors = true; errors = true;
} }
} else { } else {
/* Set max for all entries in the specified range. /* Set max for entries in the specified range.
* If max is unchanged for an entry, the entry is not touched. * If max is unchanged for an entry, the entry is not touched.
* If max is null, and no entries exist for this user, no * If max is null, and no entries exist for this user, no
* entries will be created. * entries will be created.
* Entries for non existing user are also taken into */
if (aflg) {
/* Entries for non existing user are also taken into
* account (in order to define policy for future users). * account (in order to define policy for future users).
*/ */
uid_t uid = 0; uid_t uid = 0;
/* The default umax value is based on the size of the
* faillog database.
*/
uid_t uidmax = statbuf.st_size / sizeof (struct faillog); uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
if (uidmax > 1) {
uidmax--;
}
/* Make sure we stay in the umin-umax range if specified */ /* Make sure we stay in the umin-umax range if specified */
if (has_umin) { if (has_umin) {
uid = (uid_t)umin; uid = (uid_t)umin;
} }
if (has_umax && (uid_t)umax < uidmax) { if (has_umax) {
uidmax = (uid_t)umax; uidmax = (uid_t)umax;
} }
while (uid < uidmax) { while (uid <= uidmax) {
if (setmax_one (uid, max)) { if (setmax_one (uid, max)) {
errors = true; errors = true;
} }
uid++; uid++;
} }
} else {
/* Only change records for existing users.
*/
struct passwd *pwent;
setpwent ();
while ( (pwent = getpwent ()) != NULL ) {
if ( uflg
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
continue;
}
if (setmax_one (pwent->pw_uid, max)) {
errors = true;
}
}
endpwent ();
}
} }
} }
@ -450,30 +503,56 @@ static void set_locktime (long locktime)
errors = true; errors = true;
} }
} else { } else {
/* Set locktime for all entries in the specified range. /* Set locktime for entries in the specified range.
* If locktime is unchanged for an entry, the entry is not touched. * If locktime is unchanged for an entry, the entry is not touched.
* If locktime is null, and no entries exist for this user, no * If locktime is null, and no entries exist for this user, no
* entries will be created. * entries will be created.
* Entries for non existing user are also taken into */
if (aflg) {
/* Entries for non existing user are also taken into
* account (in order to define policy for future users). * account (in order to define policy for future users).
*/ */
uid_t uid = 0; uid_t uid = 0;
/* The default umax value is based on the size of the
* faillog database.
*/
uid_t uidmax = statbuf.st_size / sizeof (struct faillog); uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
if (uidmax > 1) {
uidmax--;
}
/* Make sure we stay in the umin-umax range if specified */ /* Make sure we stay in the umin-umax range if specified */
if (has_umin) { if (has_umin) {
uid = (uid_t)umin; uid = (uid_t)umin;
} }
if (has_umax && (uid_t)umax < uidmax) { if (has_umax) {
uidmax = (uid_t)umax; uidmax = (uid_t)umax;
} }
while (uid < uidmax) { while (uid <= uidmax) {
if (set_locktime_one (uid, locktime)) { if (set_locktime_one (uid, locktime)) {
errors = true; errors = true;
} }
uid++; uid++;
} }
} else {
/* Only change records for existing users.
*/
struct passwd *pwent;
setpwent ();
while ( (pwent = getpwent ()) != NULL ) {
if ( uflg
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
continue;
}
if (set_locktime_one (pwent->pw_uid, locktime)) {
errors = true;
}
}
endpwent ();
}
} }
} }
@ -578,9 +657,6 @@ int main (int argc, char **argv)
} }
} }
if (aflg && uflg) {
usage (E_USAGE);
}
if (tflg && (lflg || mflg || rflg)) { if (tflg && (lflg || mflg || rflg)) {
usage (E_USAGE); usage (E_USAGE);
} }