* man/faillog.8.xml: Document the behavior in display mode of the
-a option. * NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to the non-display mode. This changes the default behavior of the -l, -m, -r, -t options when -a is not specified (restrict to existing users).
This commit is contained in:
parent
5d6c314304
commit
c0e7dcd2fd
@ -1,3 +1,12 @@
|
|||||||
|
2010-03-16 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
|
* man/faillog.8.xml: Document the behavior in display mode of the
|
||||||
|
-a option.
|
||||||
|
* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
|
||||||
|
the non-display mode. This changes the default behavior of the -l,
|
||||||
|
-m, -r, -t options when -a is not specified (restrict to existing
|
||||||
|
users).
|
||||||
|
|
||||||
2010-03-15 Nicolas François <nicolas.francois@centraliens.net>
|
2010-03-15 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
|
* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
|
||||||
|
3
NEWS
3
NEWS
@ -7,6 +7,9 @@ shadow-4.1.4.2 -> shadow-4.1.4.3 UNRELEASED
|
|||||||
zero) when explicitly requested (e.g. with --help).
|
zero) when explicitly requested (e.g. with --help).
|
||||||
* initial support for tcb (http://openwall.com/tcb/).
|
* initial support for tcb (http://openwall.com/tcb/).
|
||||||
|
|
||||||
|
- faillog
|
||||||
|
* The -l, -m, -r, -t options only act on the existing users, unless -a is
|
||||||
|
specified.
|
||||||
- groupmod
|
- groupmod
|
||||||
* Fixed groupmod when configured with --enable-account-tools-setuid.
|
* Fixed groupmod when configured with --enable-account-tools-setuid.
|
||||||
- su
|
- su
|
||||||
|
@ -74,6 +74,23 @@
|
|||||||
Display (or act on) faillog records for all users having an
|
Display (or act on) faillog records for all users having an
|
||||||
entry in the <filename>faillog</filename> database.
|
entry in the <filename>faillog</filename> database.
|
||||||
</para>
|
</para>
|
||||||
|
<para>
|
||||||
|
The range of users can be restricted with the
|
||||||
|
<option>-u</option> option.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
In display mode, this is still restricted to existing users
|
||||||
|
but forces the display of the faillog entries even if they
|
||||||
|
are empty.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
With the <option>-l</option>, <option>-m</option>,
|
||||||
|
<option>-r</option>, <option>-t</option> options, the users'
|
||||||
|
records are changed, even if the user does not exist on the
|
||||||
|
system. This is useful to reset records of users that have
|
||||||
|
been deleted or to set a policy in advance for a range of
|
||||||
|
users.
|
||||||
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
@ -176,15 +193,6 @@
|
|||||||
<option>-r</option> options are used, <command>faillog</command>
|
<option>-r</option> options are used, <command>faillog</command>
|
||||||
displays the faillog record of the specified user(s).
|
displays the faillog record of the specified user(s).
|
||||||
</para>
|
</para>
|
||||||
<para>
|
|
||||||
NOTE: in display mode, only the records of users which currently
|
|
||||||
exist in the system are displayed. In the other modes (when the
|
|
||||||
<option>-l</option>, <option>-m</option>, or <option>-r</option>
|
|
||||||
options are used), the records of the user, or the range of users,
|
|
||||||
or all the users that may have an entry in the faillog database will
|
|
||||||
be changed. This is useful to reset records of users that have been
|
|
||||||
deleted or set a policy in advance for a range of users.
|
|
||||||
</para>
|
|
||||||
</refsect1>
|
</refsect1>
|
||||||
|
|
||||||
<refsect1 id='caveats'>
|
<refsect1 id='caveats'>
|
||||||
|
116
src/faillog.c
116
src/faillog.c
@ -271,27 +271,54 @@ static void reset (void)
|
|||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* Reset all entries in the specified range.
|
/* There is no need to reset outside of the faillog
|
||||||
* Non existing entries will not be touched.
|
* database.
|
||||||
* Entries for non existing users are also reset.
|
|
||||||
*/
|
*/
|
||||||
uid_t uid = 0;
|
|
||||||
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
||||||
|
if (uidmax > 1) {
|
||||||
/* Make sure we stay in the umin-umax range if specified */
|
uidmax--;
|
||||||
if (has_umin) {
|
|
||||||
uid = (uid_t)umin;
|
|
||||||
}
|
}
|
||||||
if (has_umax && (uid_t)umax < uidmax) {
|
if (has_umax && (uid_t)umax < uidmax) {
|
||||||
uidmax = (uid_t)umax;
|
uidmax = (uid_t)umax;
|
||||||
}
|
}
|
||||||
|
|
||||||
while (uid < uidmax) {
|
/* Reset all entries in the specified range.
|
||||||
|
* Non existing entries will not be touched.
|
||||||
|
*/
|
||||||
|
if (aflg) {
|
||||||
|
/* Entries for non existing users are also reset.
|
||||||
|
*/
|
||||||
|
uid_t uid = 0;
|
||||||
|
|
||||||
|
/* Make sure we stay in the umin-umax range if specified */
|
||||||
|
if (has_umin) {
|
||||||
|
uid = (uid_t)umin;
|
||||||
|
}
|
||||||
|
|
||||||
|
while (uid <= uidmax) {
|
||||||
if (reset_one (uid)) {
|
if (reset_one (uid)) {
|
||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
uid++;
|
uid++;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
/* Only reset records for existing users.
|
||||||
|
*/
|
||||||
|
struct passwd *pwent;
|
||||||
|
|
||||||
|
setpwent ();
|
||||||
|
while ( (pwent = getpwent ()) != NULL ) {
|
||||||
|
if ( uflg
|
||||||
|
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||||
|
|| (pwent->pw_uid > (uid_t)uidmax))) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (reset_one (pwent->pw_uid)) {
|
||||||
|
errors = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endpwent ();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -359,30 +386,56 @@ static void setmax (int max)
|
|||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* Set max for all entries in the specified range.
|
/* Set max for entries in the specified range.
|
||||||
* If max is unchanged for an entry, the entry is not touched.
|
* If max is unchanged for an entry, the entry is not touched.
|
||||||
* If max is null, and no entries exist for this user, no
|
* If max is null, and no entries exist for this user, no
|
||||||
* entries will be created.
|
* entries will be created.
|
||||||
* Entries for non existing user are also taken into
|
*/
|
||||||
|
if (aflg) {
|
||||||
|
/* Entries for non existing user are also taken into
|
||||||
* account (in order to define policy for future users).
|
* account (in order to define policy for future users).
|
||||||
*/
|
*/
|
||||||
uid_t uid = 0;
|
uid_t uid = 0;
|
||||||
|
/* The default umax value is based on the size of the
|
||||||
|
* faillog database.
|
||||||
|
*/
|
||||||
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
||||||
|
if (uidmax > 1) {
|
||||||
|
uidmax--;
|
||||||
|
}
|
||||||
|
|
||||||
/* Make sure we stay in the umin-umax range if specified */
|
/* Make sure we stay in the umin-umax range if specified */
|
||||||
if (has_umin) {
|
if (has_umin) {
|
||||||
uid = (uid_t)umin;
|
uid = (uid_t)umin;
|
||||||
}
|
}
|
||||||
if (has_umax && (uid_t)umax < uidmax) {
|
if (has_umax) {
|
||||||
uidmax = (uid_t)umax;
|
uidmax = (uid_t)umax;
|
||||||
}
|
}
|
||||||
|
|
||||||
while (uid < uidmax) {
|
while (uid <= uidmax) {
|
||||||
if (setmax_one (uid, max)) {
|
if (setmax_one (uid, max)) {
|
||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
uid++;
|
uid++;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
/* Only change records for existing users.
|
||||||
|
*/
|
||||||
|
struct passwd *pwent;
|
||||||
|
|
||||||
|
setpwent ();
|
||||||
|
while ( (pwent = getpwent ()) != NULL ) {
|
||||||
|
if ( uflg
|
||||||
|
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||||
|
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (setmax_one (pwent->pw_uid, max)) {
|
||||||
|
errors = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endpwent ();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -450,30 +503,56 @@ static void set_locktime (long locktime)
|
|||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
/* Set locktime for all entries in the specified range.
|
/* Set locktime for entries in the specified range.
|
||||||
* If locktime is unchanged for an entry, the entry is not touched.
|
* If locktime is unchanged for an entry, the entry is not touched.
|
||||||
* If locktime is null, and no entries exist for this user, no
|
* If locktime is null, and no entries exist for this user, no
|
||||||
* entries will be created.
|
* entries will be created.
|
||||||
* Entries for non existing user are also taken into
|
*/
|
||||||
|
if (aflg) {
|
||||||
|
/* Entries for non existing user are also taken into
|
||||||
* account (in order to define policy for future users).
|
* account (in order to define policy for future users).
|
||||||
*/
|
*/
|
||||||
uid_t uid = 0;
|
uid_t uid = 0;
|
||||||
|
/* The default umax value is based on the size of the
|
||||||
|
* faillog database.
|
||||||
|
*/
|
||||||
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
uid_t uidmax = statbuf.st_size / sizeof (struct faillog);
|
||||||
|
if (uidmax > 1) {
|
||||||
|
uidmax--;
|
||||||
|
}
|
||||||
|
|
||||||
/* Make sure we stay in the umin-umax range if specified */
|
/* Make sure we stay in the umin-umax range if specified */
|
||||||
if (has_umin) {
|
if (has_umin) {
|
||||||
uid = (uid_t)umin;
|
uid = (uid_t)umin;
|
||||||
}
|
}
|
||||||
if (has_umax && (uid_t)umax < uidmax) {
|
if (has_umax) {
|
||||||
uidmax = (uid_t)umax;
|
uidmax = (uid_t)umax;
|
||||||
}
|
}
|
||||||
|
|
||||||
while (uid < uidmax) {
|
while (uid <= uidmax) {
|
||||||
if (set_locktime_one (uid, locktime)) {
|
if (set_locktime_one (uid, locktime)) {
|
||||||
errors = true;
|
errors = true;
|
||||||
}
|
}
|
||||||
uid++;
|
uid++;
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
/* Only change records for existing users.
|
||||||
|
*/
|
||||||
|
struct passwd *pwent;
|
||||||
|
|
||||||
|
setpwent ();
|
||||||
|
while ( (pwent = getpwent ()) != NULL ) {
|
||||||
|
if ( uflg
|
||||||
|
&& ( (has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||||
|
|| (has_umax && (pwent->pw_uid > (uid_t)umax)))) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (set_locktime_one (pwent->pw_uid, locktime)) {
|
||||||
|
errors = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
endpwent ();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -578,9 +657,6 @@ int main (int argc, char **argv)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (aflg && uflg) {
|
|
||||||
usage (E_USAGE);
|
|
||||||
}
|
|
||||||
if (tflg && (lflg || mflg || rflg)) {
|
if (tflg && (lflg || mflg || rflg)) {
|
||||||
usage (E_USAGE);
|
usage (E_USAGE);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user