1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
|
$Id$
shadow-4.1.5.1 -> shadow-4.2 UNRELEASED
*** general
* Handle libc whose crypt() returns NULL when passed a salt that
violates specs or system requirements (e.g. FIPS140). This is needed
with glibc/eglibc 2.17 for tools checking passwords (passwd (non PAM
enabled) or newgrp), and for tools generating encrypted passwords
(chgpasswd, chpasswd, or gpasswd when non PAM enabled or when a fixed
crypt method is requested on the command line, and newusers, or passwd
in their non PAM enabled versions)
* Fix segfault when reading groups split on multiple lines. This impacts
most user/group management tools when MAX_MEMBERS_PER_GROUP is set.
- su
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
interactive mode), kill the child process group, rather than just the
immediate child.
* Fix segmentation faults for users without a proper home or shell in
their passwd entries.
- login
* Fix segmentation faults for users without a proper home or shell in
their passwd entries.
*** documentation
* Fixed useradd man page (--home-dir option, instead of --home).
*** translation
* Updated Russian translation.
* Updated German man pages translation.
* Fixed gshadow Japanese man page translation.
shadow-4.1.5 -> shadow-4.1.5.1 2012-05-25
- login
* Log into utmp(x) when PAM is enabled, but do not log into wtmp.
This complete pam_lastlog which logs into wtmp and in into utmp(x).
- su
* non PAM enabled versions: do not fail if su is called without a
controlling terminal.
- userdel
* Fix segfault when userdel removes the user's group.
*** documentation
* .so links now point to paths relative to the top-level manual hierarchy
*** translation
* Updated French man pages translation.
* Updated German man pages translation.
* Updated Polish man pages translation. (logoutd.8)
shadow-4.1.4.3 -> shadow-4.1.5 2012-02-12
*** security
* su -c could be abused by the executed command to invoke commands with
the caller privileges. See below. (CVE-2005-4890)
*** general
* report usage error to stderr, but report usage help to stdout (and return
zero) when explicitly requested (e.g. with --help).
* initial support for tcb (http://openwall.com/tcb/) for useradd,
userdel, usermod, chage, pwck, vipw.
* Added support for ACLs and Extended Attributes in useradd and usermod.
Support shall be enabled with the new --with-acl or --with-attr
configure options.
* Added diagnosis for lock failures.
* use libsemanage instead of the semanage tool.
- chage
* Add --root option.
- chfn
* Add --root option.
- chgpasswd
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
* Add --root option.
- chpasswd
* PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options. (These options were removed in shadow-4.1.4 on PAM
enabled versions)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry.
* Add --root option.
- chsh
* Add --root option.
- faillog
* The -l, -m, -r, -t options only act on the existing users, unless -a is
specified.
* Add --root option.
- gpasswd
* Add --root option.
- groupadd
* Add --root option.
- groupdel
* Add --root option.
- groupmems
* Fix parsing of gshadow entries.
* Add --root option.
- groupmod
* Fixed groupmod when configured with --enable-account-tools-setuid.
* When the gshadow file exists but there are no gshadow entries, an entry
is created if the password is changed and group requires a
shadow entry.
* Add --root option.
- grpck
* Add --root option.
* NIS entries were dropped by -s (sort).
- grpconv
* Add --root option.
- grpunconv
* Add --root option.
- lastlog
* Add --root option.
- login
* Fixed limits support (non PAM enabled versions only)
* Added support for infinite limits and group based limits (non PAM
enabled versions only)
* Fixed infinite loop when CONSOLE is configured with a colon-separated
list of TTYs.
* Fixed warning and support for CONSOLE_GROUPS for users member of more
than 16 groups.
* Do not log into utmp(x) or wtmp when PAM is enabled. This is done by
pam_lastlog.
- newgrp, sg
* Fix parsing of gshadow entries.
- newusers
* Add --root option.
- passwd
* Add --root option.
- pwpck
* NIS entries were dropped by -s (sort).
* Add --root option.
- pwconv
* Add --root option.
- pwunconv
* Add --root option.
- useradd
* If the skeleton directory contained hardlinked files, copies of the
hardlink were removed from the skeleton directory.
* Add --root option.
- userdel
* Check the existence of the user's mail spool before trying to remove
it. If it does not exist, a warning is issued, but no failure.
* Do not remove a group with the same name as the user (usergroup) if
this group isn't the user's primary group.
* Add --root option.
* Add --selinux-user option.
- usermod
* Accept options in any order (username not necessarily at the end)
* When the shadow file exists but there are no shadow entries, an entry
is created if the password is changed and passwd requires a
shadow entry, or if aging features are used (-e or -f).
* Add --root option.
- su
* Document the su exit values.
* When su receives a signal, wait for the child to terminate (after
sending a SIGTERM), and kill it only if it did not terminate by itself.
No delay will be enforced if the child cooperates.
* Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin
* Fixed infinite loop when CONSOLE is configured with a colon-separated
list of TTYs.
* Fixed warning and support for CONSOLE_GROUPS for users member of more
than 16 groups.
* Do not forward the controlling terminal to commands executed with -c.
This prevents tty hijacking which could lead to execution with the
caller's privileges.
* Close PAM sessions as root. This will be more friendly to PAM modules
like pam_mount or pam_systemd.
* Added support for PAM modules which change PAM_USER.
*** translation
* Updated Brazilian Portuguese translation.
* Updated Catalan translation.
* Updated Czech translation.
* Updated Danish translation.
* New Danish man pages translation.
* Updated French translation.
* Updated French man pages translation.
* Updated German translation.
* Updated German man pages translation.
* Updated Greek translation.
* Updated Italian man pages translation.
* Updated Japanese translation.
* Updated Kazakh translation.
* Updated Norwegian Bokmål translation.
* Updated Portuguese translation.
* Updated Russian translation.
* Updated Simplified Chinese translation.
* Updated Simplified Chinese man pages translation.
* Updated Swedish translation.
* Updated Vietnamese translation.
shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15
*** security
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
to create users or groups in a NIS environment.
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
- general
* Improved support for large groups (impacts most user/group management
tools).
- addition of system users or groups
* Speed improvement. This should be noticeable in case of LDAP configured
systems. This should impact useradd, groupadd, and newusers
* Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN
is already used but there are still dome gaps.
- login
* Add support for shells being a shell script without a shebang.
- su
* Preserve the DISPLAY and XAUTHORITY environment variables. This was
only the case in the non PAM enabled versions.
* Add support for shells being a shell script without a shebang.
*** translation
* The Finnish translation of passwd(1) was outdated and is no more
distributed.
shadow-4.1.4 -> shadow-4.1.4.1 2009-05-22
- login
* Fix failures with empty usernames on non PAM versions.
* Fix CONSOLE (securetty) support on non PAM versions.
- newgrp
* Return the exit status of the child.
- userdel
* On Linux, do not check if an user is logged in with utmp, but check if
the user is running some processes.
* If not on Linux, continue to search for an utmp record, but make sure
the process recorded in the utmp entry is still running.
* Report failures to remove the user's mailbox
* When USERGROUPS_ENAB is enabled, remove the user's group when the
user was the only member.
* Do not fail when -r is used and the home directory does not exist.
- usermod
* Check if the user is busy when the user's UID, name or home directory
is changed.
shadow-4.1.3.1 -> shadow-4.1.4 2009-05-10
- packaging
* Enable --enable-account-tools-setuid by default for PAM builds.
* Add configure option --enable-utmpx, disabled by default to mimic
the previous behavior on Linux (where utmp and utmpx are identical).
* Fix build failure on non-PAM systems when --without-pam is not
specified.
- chpasswd
* Change the passwords using PAM. This permits to define the password
policy in a central place. The -c/--crypt-method, -e/--encrypted,
-m/--md5 and -s/--sha-rounds options are no more supported on PAM
enabled systems.
- grpck
* Warn if a group has an entry in group and gshadow, and the password
field in group is not 'x'.
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
* (PAM) Even if the user was already authenticated (-f flag), ask the
user to update his authentication token if needed.
- lastlog
* Fix regression causing empty reports.
- newusers
* Change the passwords using PAM. This permits to define the password
policy in a central place. The -c/--crypt-method and -s/--sha-rounds
options are no more supported on PAM enabled systems.
- pwck
* Warn if an user has an entry in passwd and shadow, and the password
field in passwd is not 'x'.
*** translation
- Updated Czech translation
- Updated French translation
- Updated German translation
- Updated Japanese translation
- Updated Korean translation
- Updated Portuguese translation
- Updated Russian translation
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15
*** security:
- Due to bad parsing of octal permissions, the permissions on tty (login)
but also UMASK were set wrongly (and weirdly). Only shadow-4.1.3 was
affected.
*** general
- login
* Fix regression when no user is specified on the command line.
- userdel
* Fixed SE Linux support
- vipw
* SE Linux: Set the default context to the context of the file being
edited. This ensures that the backup file inherit from the file's
context.
*** translation
- Updated Norwegian Bokmål translation
shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12
*** general:
- packaging
* Fixed support for OpenPAM.
* Fixed support for uclibc.
* Added configure --enable-account-tools-setuid (default) /
--disable-account-tools-setuid options. This permits to disable the
PAM authentication of the caller for chage, chgpasswd, chpasswd,
groupadd, groupdel, groupmod, newusers, useradd, userdel, and usermod.
This authentication is not necessary when these tools are not
installed setuid root.
* Added configure --with-group-name-max-length (default) /
--without-group-name-max-length options. This permits to configure the maximum length allowed for group names:
<no option> -> default of 16 (like today)
--with-group-name-max-length -> default of 16
--without-group-name-max-length -> no max length
--with-group-name-max-length=n > max is set to n
No sanity checking is performed on n so people could do
something neat like --with-group-name-max-length=MAX_INT
- addition of users or groups
* Speed improvement in case UID_MAX/SYS_UID_MAX/GID_MAX/SYS_GID_MAX is
used for an user/group. This should be noticeable in case of LDAP
configured systems. This should impact useradd, groupadd, and newusers
- error handling improvement
* Make sure errors and incomplete changes are reported to syslog and
audit in case of unexpected failures.
* Report system inconsistencies to syslog and audit.
* Only report success to syslog and audit if the changes are really
performed in the system databases.
This is still not complete.
- /etc/login.defs
* New CREATE_HOME variable to tell useradd to create a home directory by
default.
- Translations
* New Kazakh translation.
* Spanish manpages are no more distributed. They are outdated. Please
contact pkg-shadow-devel@lists.alioth.debian.org if you wish to
provide updates.
- faillog
* Accept users specified as a numerical UID, or ranges of users (-user,
user-, user1-user2).
* -l, -m, and -r now apply not only to existing users, but to all the
specified UIDs.
* Options can be specified in any order.
- gpasswd
* Added support for long options --add (-a), --delete (-d),
--remove-password (-r), --restrict (-R), --administrators (-A), and
--members (-M).
* Added support for usernames with arbitrary length.
* audit logging improvements.
* error handling improvement (see above).
* Log permission denied to syslog and audit.
- groupadd
* audit logging improvements.
* error handling improvement (see above).
* Speedup (see "addition of users or groups" above).
* do not create groups with GID set to (gid_t)-1.
* Allocate system group GIDs in reverse order. This could be useful
later to increase the static IDs range.
- groupdel
* audit logging improvements.
* error handling improvement (see above).
- groupmems
* Check if user exist before they are added to groups.
* Avoid segfault in case the specified group does not exist in /etc/group.
* Everybody is allowed to list the users of a group.
* /etc/group is open readonly when one just wants to list the users of a
group.
* Added syslog support.
* Use the groupmems PAM service name instead of groupmod.
* Fix segmentation faults when adding or removing users from a group.
* Added support for shadow groups.
* Added support long options --add (-a), --delete (-d), --purge (-p),
--list (-l), --group (-g).
- groupmod
* audit logging improvements.
* error handling improvement (see above).
* do not create groups with GID set to (gid_t)-1.
- grpck
* warn for groups with GID set to (gid_t)-1.
- login
* Restore the echoctl, echoke, onclr flags to the terminal termio flags.
Reset echoprt, noflsh, tostop. This behavior seems to have change by
mistake in earlier releases (4.0.8, for no obvious reason).
- newusers
* Implement the -r, --system option.
* Speedup (see "addition of users or groups" above).
* do not create users with UID set to (gid_t)-1.
* do not create groups with GID set to (gid_t)-1.
* Allocate system account UIDs/GIDs in reverse order. This could be useful
later to increase the static IDs range.
- passwd
* For compatibility with other passwd version, the --lock an --unlock
options do not lock or unlock the user account anymore. They only
lock or unlock the user's password.
- pwck
* warn for users with UID set to (uid_t)-1.
- su
* Preserve COLORTERM in addition to TERM when su is called with the -l
option.
- useradd
* audit logging improvements.
* Speedup (see "addition of users or groups" above).
* See CREATE_HOME above.
* New -M/--no-create-home option to disable CREATE_HOME.
* do not create users with UID set to (gid_t)-1.
* Added -Z option to map SELinux user for user's login.
* Allocate system user UIDs in reverse order. This could be useful
later to increase the static IDs range.
- userdel
* audit logging improvements.
* Do not fail if the removed user is not in the shadow database.
* When the user's group shall be removed, do not fail if this group is
not in the gshadow file.
* Delete the SELinux user mapping for user's login.
- usermod
* Allow adding LDAP users (or any user not present in the local passwd
file) to local groups
* do not create users with UID set to (gid_t)-1.
* Added -Z option to map SELinux user for user's login.
shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008
*** security
- Fix a race condition in login that could lead to gaining ownership or
changing mode of arbitrary files.
- Fix a possible login DOS, which could be caused by injecting forged
entries in utmp.
shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008
*** security
- Fix an "audit log injection" vulnerability in login.
This vulnerability makes it easier for attackers to hide activities by
modifying portions of log events, e.g. by appending an addr= statement
to the login name.
shadow-4.1.1 -> shadow-4.1.2 25-05-2008
*** security:
- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
chgpasswd; and also passwd if configured without PAM support).
The number of rounds and number of salt bytes was fixed to their lower
allowed values (resp. configurable and 8), hence voiding some of the
advantages of this encryption method. Dictionary attacks with
precomputed tables were easier than expected, but still harder than with
the MD5 (or DES) methods.
*** general:
- packaging
* Distribute the chfn, chsh, and userdel PAM configuration file.
* Fix the detection of the audit, pam, and selinux library and header
file; and fail if the feature is requested but not present on the
system.
* Fix build failure when configured with audit support.
- chfn
* Allow non-US-ASCII characters in the GECOS fields ("name", "room
number", and "other info" fields).
- login
* Do not fail if a shell option, specified after --, has more than 2
letters.
- su
* If the SULOG_FILE does not exist when an su session is logged, make
sure the file is created with group root, instead of using the group
of the caller.
- vipw
* Resume properly after ^Z.
*** documentation:
- Document the -r, --system option in the useradd, groupadd, and newusers
manpages.
- Document the -c, --crypt-method and -s, --sha-rounds options in the
newusers manpage.
- Document the -k, --skel option in the useradd manpage.
- Tag the section which require --enable-shadowgrp or --with-sha-crypt
accordingly.
shadow-4.1.0 -> shadow-4.1.1 02-04-2008
*** general:
- security
* Do not seed the random number generator each time, and use the time in
microseconds to avoid having the same salt for different passwords
generated in the same second.
- packaging
* Do not install the shadow library per default.
- general
* Do not translate the messages sent to syslog. This avoids logging
PAM error messages in the users's locale.
- etc/login.defs
* Set GID_MIN to the same value as UID_MIN by default (1000).
* Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100),
SYS_GID_MAX (999) for system accounts.
- etc/useradd
* /etc/default/useradd now defines HOME as /home to match FHS.
- chage
* Fix bug which forbid to set the aging information of an account with a
passwd entry, but no shadow entry.
- faillog
* faillog -r now only reset the entries of existing users. This makes
faillog faster.
- gpasswd
* Fix failures when the gshadow file is not present.
* When a password is moved to the gshadow file, use "x" instead of "!"
to indicate that the password is shadowed (consistency with grpconv).
* Make sure the group and gshadow files are unlocked on exit.
- groupadd
* New option -p/--password to specify an encrypted password.
* New option -r, --system for system accounts.
- groupdel
* Do not fail if the group does not exist in the gshadow file.
* Do not rewrite the group or gshadow file in case of error.
* Make sure the group and gshadow files are unlocked on exit.
* Fail if the system is not configured to support split groups and
different group entries have the name of the group to be deleted.
- groupmems
* Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec.
- groupmod
* New option -p/--password to specify an encrypted password.
* Make sure the group and gshadow files are unlocked on exit.
* When the GID of a group is changed, update also the GID of the passwd
entries of the users whose primary group is the group being modified.
- grpck
* Fix logging of changes to syslog when a group file is provided,
without a gshadow file.
- lastlog
* Accept users specified as a numerical UID, or ranges of users (-user,
user-, user1-user2).
- login
* Use PATH and SUPATH to set the PATH environment variable, even when
support for PAM is enabled.
* If started as init, start a new session.
- newgrp
* Fix segfault when an user returns to an unknown GID (either the user
was deleted during the user's newgrp session or the user's passwd
entry referenced an invalid group). Add a syslog warning in that case.
* Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when
changing the user space group ID with newgrp or sg.
- newusers
* The new users are no more added to the list of members of their groups
because the membership is already set by their primary group.
* Added support for gshadow.
* Avoid using the same salt for different passwords.
* Fix support for the NONE crypt method.
* newusers will behave more like useradd regarding the choice of UID or
GID or regarding the validity of user and group names.
* New option -r, --system for system accounts.
* Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit.
- passwd
* Make sure that no more than one username argument was provided.
* Make SE Linux tests more strict, when the real UID is 0 SE Linux
checks will be performed.
- pwck
* Fix logging of changes to syslog when a passwd file is provided,
without a shadow file.
- su
* su's arguments are now reordered. If needed, use -- to separate su's
options from the shell's options.
- sulogin
* If started as init, start a new session.
- useradd
* New option -l to avoid adding the user to the lastlog and faillog databases.
* Fix the handling of the --defaults option (it required an argument,
but should behave as -D)
* Document the --defaults option, which was already described in the
useradd's Usage information.
* New option -r, --system for system accounts.
* New options -U, --user-group and -N, --no-user-group. These options
should replace nflg from the previous versions. Please set any -n
option to deprecated because its meaning differs from one distribution
to the other.
* Make sure the passwd, group, shadow, and gshadow files are unlocked on
exit.
- usermod
* Keep the access and modification time of files when moving an user's home
directory.
* Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
differ from the old ones. If a requested new value is equal to the old
one, no changes will be performed for that field. If no fields are
changed, usermod will exist successfully with a warning. This avoids
logging changes to syslog when there are actually no changes.
* Fix the handling of -a when a user is being renamed (with -l)
- vipw/vigr
* Recommend editing the shadowed (resp. regular) file if the regular (resp.
shadowed) file was edited.
shadow-4.0.18.2 -> shadow-4.1.0 09-12-2007
*** security:
- chgpasswd
When compiled with PAM support, it used the chpasswd policy file instead
of the chgpasswd policy file. If an administrator added some restriction
to the chgpasswd policy file, they were not taken into account.
*** general:
- Add support for SHA256 and SHA512 encrypt methods (supported by new
libc).
- useradd: Allow non numerical group identifier to be specified with
useradd's -g option.
- chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow.
- newgrp: Do not give an indication that the group has no password. Ask
for the password, as if there were a password.
- The permissions of the suid binaries is now configurable in
src/Makefile.am. Note that changing the permissions is not recommended.
- newgrp.c: Declare the child and pid variable at the beginning of a block.
This fixes a compilation issue with gcc 2.95.
- login_nopam: Add support for systems with no innetgr(). On those
systems, username with an @ will be treated like any other username
(i.e. lookup in the local database for an user with an @). Thanks to
Mike Frysinger for the patch.
- Add support for uClibc with no l64a().
- userdel, usermod: Fix infinite loop caused by erroneous group file
containing two entries with the same name. (The fix strategy differs
from
(https://bugzilla.redhat.com/show_bug.cgi?id=240915)
- userdel: Abort if an error is detected while updating the passwd or group
databases. The passwd or group files will not be written.
- usermod: Update the group database before flushing the nscd caches.
- usermod: Make sure the group modifications will be allowed before
writing the passwd files.
- Flush the nscd tables using nscd -i instead of the private glibc socket.
- usermod: Make usermod options independent of the argument order.
- newgrp: Do not request a password when a user uses newgrp to switch to
her primary group.
- passwd: -l/-u options: edit the shadow account expiry field *in
addition* to editing the password field.
- pwck: Remove the SHADOWPWD preprocessor check. Some check for /etc/shadow
were always missing.
- su: Avoid terminating the PAM library in the forked child. This is done
later in the parent after closing the PAM session.
- userdel: Fix the homedir prefix checking.
- passwd, usermod: Refuse to unlock an account when it would result in a
passwordless account.
- Full review of the usage of getpwnam(), getpwuid(), getgrnam(),
getgrgid(), and getspnam(). There should be no functional changes.
- gpasswd: Only read information from the local file group database. It
writes the changes in /etc/group and/or /etc/gshadow, but used to read
information from getgrnam (hence possibly from another group database).
- New login.defs variable: MAX_MEMBERS_PER_GROUP. It should provide a
better support for split groups. Be careful when using this variable:
not all tools support well split groups (in or out of the shadow
tool suite). It fixes gpasswd and chgpasswd when split groups are used.
- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
passwords.
- chpasswd, chgpasswd, newusers: New options -c/--crypt-method and
-s/--sha-rounds to supersede the system default encryption algorithm.
- chpasswd, chgpasswd, newusers: DES is no more the default algorithm. They
will respect the system default configured in /etc/login.defs
*** documentation:
- Generate the translated manpages from PO at build time.
- The generated manpages will change depending on the configure options.
If you use different options than the one used for the distributed
archive, you should re-generate the manpages.
- login.defs should now describe all the variables.
- The tools' documentation details the login.defs variables they use.
shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007
*** general:
- usermod: fixed handle -a option (by Benno Schulenberg
<bensberg@justemail.net>),
- useradd: improved auditing support
(https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211659),
- groupadd, groupdel, groupmod, useradd, userdel, usermod: flush nscd cashes
after close /etc/{group,passwd} files,
- su: If compiled without PAM support, enforce the limits from /etc/limits
when one of the -, -l, or --login options is set, even if called by root.
- limits: Support for 2 new resource limits: max nice value, and max real
time priority. The resource limits are not used when compiled with PAM.
*** documentation:
- updated translations: fi, ja, nl, tl, zh_CN.
- groupadd.8, groupmod.8, login.1, useradd.8, userdel.8, usermod.8: grammar
mistakes and other corrections (by Schulenberg <bensberg@justemail.net>),
shadow-4.0.18 -> shadow-4.0.18.1 03-08-2006
*** general:
- groupmems: fixed compilation when PAM is disabled
(by Johannes Winkelmann <jw@smts.ch>),
- fixed missing man pages in dist tar ball necessary on build when
PAM is disabled.
shadow-4.0.17 -> shadow-4.0.18 01-08-2006
*** general:
- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM
(patch submitted by Mike Frysinger <vapier@gentoo.org>),
- groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
- passwd, useradd, usermod: fixed inactive/mindays/warndays/maxdays overflow
(similar to RH#198920),
- groupmems: rewritten for use PAM and getopt_long() and now it is enabled
for build and install (patch by George Kraft <gk4@swbell.net>),
- S/Key: removed assign getpass() to libshadow_getpass() on autoconf level
(patch by Ulrich Mueller <ulm@kph.uni-mainz.de>; http://bugs.gentoo.org/139966),
- usermod: back to previous -a option semantics and clarify -a behavior
on documentation level (by Greg Schafer <gschafer@zip.com.au>),
- chsh, groupmod: rewritten for use getopt_long().
- updated translations: ca, cs, da, eu, fr, gl, hu, ko, pl, pt, ru, sv, tr, uk, vi.
*** documentation:
- fr and ru man pages are up to date,
- partially translated sv man pages set added
(by Daniel Nylander <info@danielnylander.se>),
- pl chage(1), chsh(1), groupmod(8): translation finished.
shadow-4.0.16 -> shadow-4.0.17 10-07-2006
*** general:
- userdel, usermod: fixed segfault on remove home directory when it can't
be removed; for example when it is /dev/null (fixed http://bugs.gentoo.org/139148),
- improved SELinux detection on autoconf level (based on patch by
Dan Yefimov <dan@D00M.lightwave.net.ru>),
- removed using private implementation getpass() libc function
(now getpass() is used also when S/KEY support is enabled),
- move nologin do $(sbindir),
- useradd: fixed mail spool file creation (bug cached by Frans Pop
<elendil@planet.nl>;
fixed http://bugs.debian.org/374705),
- updated translations: cs, da, de, ko, nb, nl, pt, ro, ru, sk, sv, vi,
- new translations: dz, km, ne.
*** documentation:
- ru man pages up to date,
- lastlog(8): updated pl translation,
- faillog(5): added missing information about fail_locktime element of
faillog struct (by Thorsten Kukuk <kukuk@suse.de>),
- updated translations: eu, fr, pl.
- reverted using docbook.sourceforge.net in XSL url.
shadow-4.0.15 -> shadow-4.0.16 05-06-2006
*** general:
- userdel: better fix for old CERT VU#312962 (which was fixed in shadow 4.0.8):
fixed forgotten checking of the return value from fchown() before
proceeding with the fchmod() (based on Owl patch prepared by
Rafal Wojtczuk <nergal@owl.openwall.com>),
- userdel: use login.defs::MAIL_DIR instead hardcoded /var/mail in created
mailbox path (based on Owl fixes submited
by Solar Designer <solar@openwall.com>),
- by default do not use libshadow_getpass() as getpass() replacemement.
Use libshadow_getpass() only when S/KEY support is enabled.
Current glibc getpass() handles correctly longer than 8 characters
passwords and libshadow_getpass() is used only because libc getpass()
do not handles password prompting with echo enabled,
- move login.defs::MD5_CRYPT_ENAB to non-PAM part,
- userdel: rewritten for use getopt_log(),
- install default/template configuration files:
-- if shadow is configured with use PAM install /etc/pam.d/* files,
-- if shadow do not uses PAM install /etc/{limits,login.acces} files,
-- install /etc/login.defs and /etc/default/useradd files,
- fixed handle relative symlinks too in lib/commonio.c
(merge patch from Fedora),
- properly notify nscd to flush its cache
(https://bugzilla.redhat.com/bugzilla/186803),
- useradd, usermod: fixes for verify return values mkdir() and chown()
on copy files (merge 482_libmisc_copydir_check_return_values Debian
patch),
- login, su (non-PAM variant): export MAIL only when MAIL_CHECK_ENAB
is enabled (Mike Frysinger <vapier@gentoo.org>),
- pgck, grpck: warn when the members of a group differ in /etc/groups
and /etc/gshadow (fixed http://bugs.debian.org/75181),
- su: fixed exit with a status 0 when the invoked command is terminated
by a signal which was not catched
(fixed by Eero Häkkinen <eero17@bigfoot.com>),
- login: cancel login timeout after authentication so that patient people
timing out on network directory services can log in with local
accounts (http://bugs.debian.org/107148),
- chgpasswd: fixes for build correctly with --disable-shadowgrp
(patch by Johannes Winkelmann <jw@tks6.net>).
- updated translations: cs, da, es, eu, fi, fr, gl, hu, id, pt, ru, sk, sv, vi.
- new translations: hu.
*** documentation:
- new cs man pages: groupmems(8), groupmod(8), grpck(8), gshadow(5)
(by Miroslav Kure <kurem@upcase.inf.upol.cz>),
- regenerate roff man pages using docbook-style-xsl-1.70.1,
- bunch of cleanups in chfn(1), faillog(8), gpasswd(1), groupadd(8),
groupmems(8), limits(5), login(1), login.defs(5), newgrp(1), passwd(1),
passwd(5) and su(1) (by Yuri Kozlov <kozlov.y@gmail.com>),
- update pl vipw(8) man page,
- added chgpasswd(8) ru man page,
- updated ru login.defs(5), passwd(1), userdel(8), usermod(8) man pages,
- pw_auth(3) man page removed (outdated),
- install limits(5), login.access(5) and porttime(5) man pages only when
shadow is built with PAM support disabled,
- passwd(1): better document how password strength is checked
(fixed http://bugs.debian.org/115380),
- usermod(8): added missing -a option description
(by Christian Perrier <bubulle@debian.org>),
- hu chsh(1), lugin(1), newgrp(1): fixed typos
(by Koblinger Egmont <egmont@uhulinux.hu>),
- login.defs(5): remove information about CREATE_HOME (patch by
Mike Frysinger <vapier@gentoo.org>),
- chgpasswd(8): new man page.
shadow-4.0.14 -> shadow-4.0.15 13-03-2006
*** general:
- do not install translated man pages if shadow is configured with
--disable-nls
(based patch submited by Mike Frysinger <vapier@gentoo.org>),
- added fixes for detect BSD's S/Key with updated the skeychallenge()
function for take a fourth argument in case BSD version (patch submited by
Mike Frysinger <vapier@gentoo.org>),
- login: default UMASK if not specified in login.defs is 022 (pointed by
Peter Vrabec <pvrabec@redhat.com>),
- chgpasswd: new tool (by Jonas Meurer <mejo@debian.org>),
- lastlog: print the usage and exit if an additional argument is provided to
lastlog (merge 488_laslog_verify_arguments Debian patch),
- login, newgrp, nologin, su: do not link with libselinux (merge
490_link_selinux_only_when_needed Debian patch),
- chage, chfn, chsh, passwd: fixed confusing error message if /proc is not
mounted (http://bugs.debian.org/352494 patch Nicolas François
<nicolas.francois@centraliens.net>),
- login (merge 433_login_more_LOG_UNKFAIL_ENAB Debian patch):
- TOO MANY LOGIN... logged if PAM_MAXTRIES or failcount >= retries (was
onl test PAM_MAXTRIES),
- print to stderr (in addition to syslog) in case of maximum number of
tries exceeded,
- always prints the number of tries in the syslog entry.
- add special handling for PAM_ABORT
- add an entry to faillog, as when USE_PAM is not defined. (#53164)
- changed pam_end to PAM_END. This is certainly was a mistake. PAM_END is
pam_close_session + pam_end. Here, the session is still not open, we
don't have to close it.
- a HAVE_PAM_FAIL_DELAY is missing,
- su: fixed pam session support (patch from Topi Miettinen; fixed #57526,
#55873, 57532 Debian bugs),
- userdel: user's group is already removed by update_groups().
remove_group() is not needed (bug introduced in 4.0.14 on merge FC fixes).
Fixed by Nicolas François <nicolas.francois@centraliens.net>,
- useradd: always remove group and gshadow databases lock, Fixed by Nicolas
François <nicolas.francois@centraliens.net>
(http://bugs.debian.org/348250)
- auditing fixes:
- corrected prototypes in lib/prototypes.h (thre is no audit_help_log();
added audit_logger() prototype),
- useradd: fixed excess audit_logger() argument,
- chage: added missing \n on display password status if password must be
changed,
- useradd: fixed allow non-unique UID (http://bugs.debian.org/351281),
- various code cleanups for make possible compilation of shadow with -Wall
-Werror (by Alexander Gattin <xrgtn@yandex.ru>),
- su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
on higher level (now is better visable where some programs exit with 126
and 127 exit codes); added new shell() parameter (char *const envp[])
which allow fix preserving enviroment in su on using -p, (patch by
Alexander Gattin <xrgtn@yandex.ru>),
- su: added handle -c,--command option for GNU su compliance (merge
437_su_-c_option Debian patch),
- login: added translate login prompt string (suggested by Evgeniy
Dushistov),
- updated translations: ca, cs, da, el, es, eu, gl, fi, fr, it, nb, nl, pt,
pt_BR, ro, ru, sk, sv, tl, vi, zh_CN,
- new translations: gl.
*** documentation:
- ru man pages: added new nologin(8) and updated all other man pages (by
Yuri Kozlov <kozlov.y@gmail.com>),
- chsh(1), su(1): update fi translations generated from XML files
(Tommi Vainikainen <thv+debian@iki.fi>),
- expiry(1), faillog(5), faillog(8), gpasswd(1), groupadd(8), groupdel(8),
logoutd(8), nologin(8), vipw(8): added new cs man pages, (by Miroslav Kure
<kurem@upcase.inf.upol.cz>)
- login.defs(5): default UMASK if not specified in login.defs is 022
(pointed by Peter Vrabec <pvrabec@redhat.com>),
- useradd(8): better document that -d will not add the user's home directory
if it does not already exist (http://bugs.debian.org/154996),
- nologin(8) man pages added (merge 478_nologin.8.xml Debian patch).
shadow-4.0.13 -> shadow-4.0.14 03-01-2006
*** general:
- fixes in handling login.defs: $MAIL_FILE is used in userdel and usermod,
$MD5_CRYPT_ENAB is used by crypt_make_salt, which is used by chpasswd,
gpasswd and newusers.
Both variables moved to PAM not dependent (447_missing_login.defs_variables
Debian patch),
- chage: fix chage display when the last change field is set to 0.
This is consistent with PAM (merge 427_chage_expiry_0 Debian patch),
- su: if an password is expired, su should propose to change this password
(fixed http://bugs.debian.org/321384),
- login: added auditing support (based on Fedora patch for login from util-linux),
- useradd: merge PUG fixes from RedHat patch,
- nologin: new program,
- vipw: added a "quiet" mode (http://bugs.debian.org/190252),
- newgrp: added auditing support (by Steve Grubb <sgrubb@redhat.com>),
- switch over to a new logging function (by Steve Grubb <sgrubb@redhat.com>),
- userdel: fix incorrect audit record in userdel
(https://bugzilla.redhat.com/bugzilla/174392),
- userdel: remove the user's group unless it is not really a user-private group
for better PUG support (based on FC patch),
- userdel: make the -f option force the removal of the user's group (even if it
is the primary group of another user)
(merge 453_userdel_-f_removes_group Debian patch),
- usermod: rewritten for use getopt_long() (Christian Perrier <bubulle@kheops.frmug.org>),
- grpck: fixed segmentation fault on using -s when /etc/gshadow is empty (fix by
Tomasz Lemiech <szpajder@staszic.waw.pl>),
- passwd: remove handle -f, -g and -s options.
- added handle -s/--shell, -m/-p/preserve-environment options like GNU su
(based on patches from Debian submited by
Nicolas François <nicolas.francois@centraliens.net>)
- su: export $USER and $SHELL as well as $HOME (http://bugs.debian.org/11003 and
http://bugs.debian.org/11189),
- su, vipw: rewritten for use getopt_long(),
- su: log successful/failed through syslog (http://bugs.debian.org/190215),
- updated translations: ca, cs, da, eu, fi, fr, it, pl, pt, ru, sv, tl, vi,
- new translations: gl.
*** documentation:
- added es, ko vigr(8) and vipw(8), hu lastlog(8), ko vipw(8), zh_CN su(1),
zh_TW chpasswd(8) and su(1),
- added tr man pages: chage(1), chfn(1), groupadd(8), groupdel(8), groupmod(8),
login(1), passwd(1), passwd(5), shadow(5), su(1) useradd(8), userdel(8),
usermod(8),
- passwd5): added es, hu, pt_BR, zh_CN zh_TW translations,
- added full set (up to date) fr man pages
(by Nicolas François <nicolas.francois@centraliens.net>),
- pwck(1): document -q option,
- WARNING: all translated man pages are now in UFT-8,
- added full set of ru man pages (by Yuri Kozlov <kozlov.y@gmail.com>),
- login(1): better explain the respective roles of login, init and getty with regards
to the utmp file (merge 440_manpages-login.1 Debian patch),
- login(1): document how to initiate a trusted path on linux
(http://bugs.debian.org/305600),
- userdel(8): document the -f option; document the group removal behavior (merge
455_userdel.8.xml Debian patch),
- groupadd(8), useradd(8): document that useradd/groupadd refuse adding entries already in an
external database (http://bugs.debian.org/282184),
- updated it groupdel(8), passwd(1), pwconv(8), useradd(8), userdel(8), usermod(8) man pages
(merge 205_it-manpages Debian patch),
- added fi chfn(1), chsh(1), passwd(1), su(1),
- newusers(8): added it translation,
- newgrp(1): added de, es, zh_CN, zh_TW translations.
shadow-4.0.12 -> shadow-4.0.13 10-10-2005
*** general:
- chage: removed duplicated pam_start(),
- chfn, chsh: finished PAM support using pam_start() and co.,
- userdel: userdel should not remove the group which is primary for someone else
(fix by Nicolas François <nicolas.francois@centraliens.net>
http://bugs.debian.org/295416),
- login: use "%c" in strftime() output (based on patch from
http://bugs.debian.org/89902 by Christian Perrier <bubulle@debian.org>),
- fixedlib/commonio.c: don't assume selinux is enabled if is_selinux_enabled()
returns -1 (merge isSelinuxEnabled FC patch by Jeremy Katz <katzj@redhat.com>),
- login, su (non-PAM case): fixed setup max address space limits (added missing break
statement in case) spotted by Lasse Collin <lasse.collin@tukaani.org>,
- auditing support added. Patch prepared by Peter Vrabec <pvrabec@redhat.com> basing
on work by Steve Grubb from http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159215
Now auditing support have commands: chage, gpasswd, groupadd, groupdel, groupmod,
useradd, userdel, usermod.
- chage, chfn, chsh, passwd: change to use new selinux API for
selinux_check_passwd_access() (patch from Fedora by Dan Walsh <dwalsh@redhat.com>),
- use #ident preprocesor directive istead RCID macro with content similar
to example described in ident(1) man page (modern compilers like latest GCC
removes not used functions by global optimization).
So "ident /usr/bin/passwd" will show again some useable informations
- su: fixed twice copy enviroment which causes auth problems
(bug was introduced in 4.0.12; fix by Nicolas François <nicolas.francois@centraliens.net>),
- chage: differentiate the different failure causes by the exit value
This will permit to adduser Debian script to detect if chage failed because the
system doesn't have shadowed passwords (fix for http://bugs.debian.org/317012),
- merge 010_more-i18ned-messages Debian patch which adds i18n support for few
more messages (originally patch was prepared by Guillem Jover <guillem@debian.org>),
- lastlog: added handle -b option which allow print only lastlog records older than
specified DAYS (fix by <miles@lubin.us>),
- chpasswd, gpasswd, newusers: fixed libmisc/salt.c for use login.defs::MD5_CRYPT_ENAB
only if PAM support is disabled (fix by John Gatewood Ham <zappaman@buraphalinux.org>),
- passwd: rewritten for use getopt_long(),
- newgrp: when newgrp process sits between parent and child shells, it should
propagate STOPs from child to parent and CONTs from parent to child,
otherwise e.g. bash's "suspend" command won't work
Fixed Debian http://bugs.debian.org/314727
- updated translations: da, es, fr, pt, ro, ru.
*** documentation:
- chsh(1), groupadd(8), newusers(8), pwconv(8), useradd(8), userdel(8), usermod(8):
added missing references to /etc/login.defs and login.defs(5)
(Christian Perrier <bubulle@kheops.frmug.org>),
- passwd(5): rewritten based on work by Greg Wooledge <greg@wooledge.org>
http://bugs.debian.org/328113
- login(1): added securetty(5) to SEE ALSO section
(fixed Debian bug http://bugs.debian.org/325773),
- groupadd(8), useradd(8): fix regular expression describing allowed login/group
names (pointed by Nicolas François <nicolas.francois@centraliens.net>)
(correct is [a-z_][a-z0-9_-]*[$]),
- groupadd(8), useradd(8): documents in CAVEATS section the limitations shadow
places on user and group names (fix by Mike Frysinger <vapier@gentoo.org>).
- chage(1), groupadd(8): document -h,--help option.
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
*** general:
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
close PAM session,
- fixed configure.in: really enable shadow group support by default (pointed by
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
- login.defs: removed handle QMAIL_DIR variable,
- login: allow regular user to login on read-only root file system (not only for root)
Patch by Nicolas François <nicolas.francois@centraliens.net>
Fix for http://bugs.debian.org/52069
- gpasswd, grpck, grpconv, grpuconv: added flushing group nscd cache,
- pwck, pwconv: added flushing passwd nscd cache,
- usermod: fixed handle -p option (patch by Peter Vrabec <pvrabec@redhat.com>),
- chage: use -1 as value for disable password inactivity, expiration date and
checking an password validation.
Based on patch by Peter Vrabec <pvrabec@redhat.com> which fixes:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109499
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137498
and on 427_chage_expiry_0 Debian patch (fix for http://bugs.debian.org/78961)
- useradd: do not copy files from skel directory if home directory exist and write
warning message about not copying skel files
Patch by Peter Vrabec <pvrabec@redhat.com> which fixes:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143150
https://bugzilla.redhat.com/beta/show_bug.cgi?id=158574
https://bugzilla.redhat.com/beta/show_bug.cgi?id=80242
- su: ignore SIGINT while authenticating. A ^C could defeat the waiting
period and permit brute-force attacks (fixed http://bugs.debian.org/288827),
- uClibc fixes (by Martin Schlemmer <azarah@nosferatu.za.org>):
added require ngettext (added [need-ngettext] to AM_GNU_GETTEXT() parameters)
and stub prototype for ngettext() in lib/prototypes.h (necessary if shadow
compiled with disabled NLS support)
- groupadd: rewritten for use getopt_long(),
- groupadd, groupdel, groupmod, userdel: do OPENLOG() before pam_start(),
- groupadd: fixed double OPENLOG(),
- removed lib/{grpack,gspack,pwpack,sppack}.c and prototypes from lib/prototypes.h
(outdated),
- newusers: added flushing passwd and group nscd caches,
- passwd, pwunconv, userdel, vipw: remove flushing shadow nscd cache (nscd do not caches
shadow map),
- pwck: now pwck OPENLOG with correct name ("pwck" instead "pwsk")
(fix by Alexander Gattin <arg@online.com.ua>),
- pwck, grpck: replace all puts() with printf() - it fixes problems with extra blank
lines printed in some messages
(fix by Alexander Gattin <arg@online.com.ua>),
- passwd: use separated message "Password set to expire." instead "Password changed."
on "passwd -e" (fix by Christian Perrier <bubulle@debian.org),
- updated translations: cs, de, fi, fr, nl, pl, pt, ru, sk.
*** documentation:
- regenerate all roff man pages using DocBook XSLT Stylesheets 1.69.1,
- usermod(8): give the correct range for system users (0-999 instead of 0-99),
(http://bugs.debian.org/286258)
- chage(8): better description -1 value passwd in -E, -I and -M options,
- regenerate all roff man pages using DocBook XSLT Stylesheets 1.69.0.
shadow-4.0.11 -> shadow-4.0.11.1 21-07-2005
*** general:
- fixed configure.in: now is possible build shadow with enabled/disabled shadow group
support (thanks for report symptoms of the bug to Greg Schafer <gschafer@zip.com.au>),
- updated translations: sv.
shadow-4.0.10 -> shadow-4.0.11 18-07-2005
*** general:
- su: ignore SIGINT while authenticating. A ^C could defeat the waiting period and
permit brute-force attacks. Also ignore SIGQUIT.
Fixed: http://bugs.debian.org/52372 and http://bugs.debian.org/288827
- useradd: rewritten for use getopt_long(),
- newgrp: add fix for handle splitted NIS groups: extends the functionality that,
if the requested group is given, all groups of the same GID are tested for
membership of the requesting user.
(fix by Christian Mudra <C.Mudra@science-computing.de>)
- fix nscd_flush_cache(): for some reason doing the INVALIDATE call with two
write()'s fails. Do one writev() call instead.
http://bugs.gentoo.org/show_bug.cgi?id=80413
(submited by Martin Schlemmer <azarah@gentoo.org>)
- merge nscd-socket-path patch from Fedora: newer glibc's have a different nscd socket
location (/var/run/nscd/socket instead /var/run/.nscd_socket),
- S/Key support is back,
- usermod: added -a option. This flag can only be used in conjunction with the -G
option. It cause usermod to append user to the current supplementary group list.
(patch by Peter Vrabec <pvrabec@redhat.com>)
- chage: added missing \n in error messages,
- useradd, groupadd: change -O option to -K and document it in man page,
- su, sulogin, login: fixed erroneous warning messages when used with PAM about some
login.defs variables (fix by DJ Lucas <dj@linuxfromscratch.org>),
- autoconf:
-- stop with error message if crypt() not found,
-- remove --with{,out}-libcrypt switch,
-- move all autoheader templates from acconfig.h to configure.in,
- login: setup limits and umask (using login.defs ULIMITS and UMASK variables) only when
PAM support is disabled (it is task for pam_limits and pam_umask modules),
- sulogin, login: use SYSLOG macro instead syslog() which saves the locale, sets the
locale to C, sends the message and restores the locale
(fix by Nicolas François <nicolas.francois@centraliens.net>).
- updated translations: cs, da, de, es, fi, pl, pt, ro, ru, sk.
*** documentation:
- pwck(8): document -q option (based on Debian patch for fix http://bugs.debian.org/309408)
- pwck(8): rewritten OPTIONS section and better SYNOPSIS,
- lastlog(8): document that lastlog is a sparse file, and don't need to be rotated
http://bugs.debian.org/219321
- login(8): better explain the respective roles of login, init and getty with regards
to the utmp file (based on 441_manpages-shadow.5 Debian patch),
- shadowconfig(8): removed (will be maintained in Debian shadow pkg repository),
- groupadd(8): document -o option,
- in SEE ALLSO section in groupadd(8), groupdel(8), groupmod(8), userdel(8), usermod(8)
added refer to gpasswd(8) (suggested by Mike Frysinger <vapier@gentoo.org>).
shadow-4.0.9 -> shadow-4.0.10 28-06-2005
*** general:
- mkpasswd: removed,
- userdel: now deletes user groups from /etc/gshadow as well as /etc/group.
Fix by Nicolas François <nicolas.francois@centraliens.net>.
http://bugs.debian.org/99442
- usermod: when relocating a user's home directory, don't fail and remove the new
home directory if we can't remove the old home directory for some
reason; the results can be spectacularly poor if, for instance, only
the rmdir() fails. Patch prepared by Timo Lindfors <lindi-spamtrap@newmail.com>.
http://bugs.debian.org/166369
- su: fix syslogs to be less ambiguous. Use old:new format instead of old-new
because '-' can appear in usernames
http://bugs.debian.org/213592
- removed not used now libmisc/setup.c,
- login: use also UTMPX API instead UTMP on failure (login was affected for this
when shadow was built without PAM support)
patch by Nicolas François <nicolas.francois@centraliens.net>
- login: the PAM session needs to be closed as root, thus before change_uid()
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
- login: made login's -f option also able to use the username after -- if none
was passed as it's optarg
http://bugs.debian.org/53702
- login: check for hushed login and pass PAM_SILENT if true,
http://bugs.debian.org/48002
- login: fixed username on succesful login (was using the normal username,
when it should have used pam_user) http://bugs.debian.org/47819
- remove using SHADOWPWD #define so now shadow is always built with shadow
password support,
- chage: rewritten for use getopt_long(),
- updated translations: ca, cs, da, fi, pl, ru, zh_TW.
*** documentation:
- most of the man pages now are generated from XML files so in case submitting any
chages to this resources please make diff to XML files,
- chfn: give more details about the influence of login.defs on what's allowed to
users.
shadow-4.0.8 -> shadow-4.0.9 23-05-2005
*** general:
- passwd: fixed segfault in non-PAM configuration
(submited by Greg Schafer <gschafer@zip.com.au>),
- newgrp: fixed NULL pointer dereference - getlogin() and ttyname() can
return NULL which is not checked (http://bugs.debian.org/162303),
- updated translations: ro, ru,
- added new translations: vi,
- lib/getdef.c: leaves the table as it is, and changes from the binary search to
a sequential one (Lucas Correia Villa Real <lucasvr@gobolinux.org>),
- lastlog: fixed --help message (s,--login,--user,) http://bugs.debian.org/249611.
shadow-4.0.7 -> shadow-4.0.8 26-04-2005
*** general:
- remove not working OPIE and SKEY support,
- chage, useradd, usermod: reduce multiple OPENLOG() calls,
- passwd: fix #61313 Debian bug: "passwd -S root" (as a normal user) should not
display "You may not change the password for root.",
- vipw: fixed race condition (Debian #242407 bug; fix by Alexander Gattin
<arg@online.com.ua>),
- configure.in: add using AC_GNU_SOURCE macro for kill compilation warnings about
implicit declaration of function `fseeko',
- faillog: changed faillog record display format for allow fit in 80 columns all
faillog attributes,
- removed NDBM code (unused),
- fixed use of SU_WHEEL_ONLY in su. Now su really is available for wheel group
members. Thanks to Mike Frysinger <vapier@gentoo.org> for report:
http://bugs.gentoo.org/show_bug.cgi?id=80345
- drop never finished kerberos and des_rpc support (for kerberos support back firs
must be prepared modularization),
- fixed UTMP path detection (by Kelledin <kelledin@users.sf.net>),
- useradd: rewritten group count to dynamic (by John Newbigin
<jnewbigin@ict.swin.edu.au>),
- login: fixed create lastlog entry fo users never loged in on non-PAM
variant of login (fix by <oracular@ziplip.com>),
- remove handle login.defs::NOLOGIN_STR (never used),
- useradd: fixes a potential security problem when mailbox is created in
useradd.
Patch and comment by Koblinger Egmont <egmont@uhulinux.hu>:
Only two arguments are passed to the open() call though it expects three
because O_CREAT is present. Hence the permission of the file first becomes
some random garbage found on the stack, and an attacker can perhaps open
this file and hold it open for reading or writing before the proper
fchmod() is executed. (Actually, we could also pass the final "mode" to
the open() call and then save the consequent fchmod().)
- SELinux changes: added changes in chage, chfn, chsh, passwd for allow
construct more grained user password/account properties on SELinux
policies level. Patch originally based on RH changes (submited by Chris
PeBenito <pebenito@gentoo.org>),
- added SELinux changes: in libmisc/copydir.c (based on Fedora patch),
- updated translations: cs, da, es, eu, fi, fr, it, ko, nl, pl, pt, sk, uk,
- added new translations: tl,
- reindent all source code using -l80,
*** documentation:
- it man pages (by Danilo Piazzalunga <danilopiazza@libero.it>):
-- updated: chfn.1, chsh.1, groups.1, grpck.8, grpconv.8,
grpunconv.8, id.1, lastlog.8, login.1, newgrp.1, pwunconv.8, shadow.5,
vigr.8, vipw.8,
-- new: chage.1, chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3,
logoutd.8, porttime.5, pwck.8, shadow.3, shadowconfig.8, su.1,
- passwd(1): fix #160477 Debian bug: improve -S output description,
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
(without gshadow) doesn't permit to use newgrp,
- newgrp(1): newgrp uses /bin/sh (not bash),
- faillog(8): updated after rewritten faillog command for use getopt_long(),
- login(1): removed fragment about abilities pass enviroment variables in login prompt,
- gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
- usermod(8): fixed #302388 Debian bug: added separated -o option description,
shadow-4.0.6 -> shadow-4.0.7 26-01-2005
- updated translations: da, es, fi, it, nl, pl, pt,
- added zh_TW translation (from Debian resources),
- remove unused now files in lib/ directory,
- switch faillog to use getopt_long(),
- added de vigr(8), vipw(8) man pages (from Debian resources),
- added ro, sq translations (from Debian resources),
- fixed large file support in lastlog and faillog:
-- added AC_SYS_LARGEFILE macro to autoconf,
-- use fseeko() instead fseek() and remove casting file offsets to unsigned
long.
- lastlog:
-- rewritten source code using the same style as in chpasswd.c,
-- open lastlog file after finish parse commandline options
(now --help output can be displayed for users without lastlog
file read permission),
-- cleanups in lastlog(8) man page using the same style as in
chpasswd(8).
- chpasswd:
-- switch chpasswd to use getopt_long() and adds a --md5 option
(by Ian Gulliver <ian@penguinhosting.net>),
-- rewritten chpasswd(8) man page.
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
- su: fixed adding of pam_env env variables to enviroment
(Martin Schlemmer <azarah@nosferatu.za.org>),
- autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
which was always empty (Gregorio Guidi <g.guidi@sns.it>),
- really close security bug in libmisc/pwdcheck.c,
- added missing template/example PAM service config files for chfn, chsh and
userdel,
- do not translate variable names from /etc/default/useradd during
"useradd -D".
shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004
- change libmisc to private static library,
- added SELinux support (basing on patch from Gentoo),
- chage: more verbose/human readable -l output. This output is much more
better for send directly via email for each users as message with account
status (for example as message with warning about account/password expiration),
- login: fixed handle -f option: now it works correctly without specify "-h
<host>" if open login session locally is required (thanks for help
investigate bug for Krzysztof Kotlenga),
- userdel: when removing a user with userdel, userdel was always exits with 1 (fixed).
Based on http://bugs.gentoo.org/show_bug.cgi?id=66687,
- useradd: added handle /etc/defaults/useradd::CREATE_MAIL_SPOOL={yes|no}.
Now on adding user account can be also created empty user mail spool.
Curent code handle only mailbox.
TODO: add handle create user mail spool in maildir format.
- useradd: when placing symlinks into /etc/skel copy_tree of
libmisc/copydir.c will properly create the symlink in the destination
directory but not change the ownership to the target user/group. This
makes httpd Option SymlinkIfOwnerMatch break for default weg pages
including symlinks placed into /etc/skel/public_html for example.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
- su: add pam_open_session() support. If built without PAM support
propagate $DISPLAY and $XAUTHORITY enviroment variables.
Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
- applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
Torkelsson <Bjorn.Torkelsson@hpc2n.umu.se>: add support for PAM account
management to restrict access using pam_access when login is invoked with -f.
- applied Owl patches by Solar Designer <solar@openwall.com>:
shadow-4.0.4.1-owl-pam-auth.diff:
Moved the PAM authentication in user management commands after
command-line parsing, made it use separate service names for each command.
Use constant strings rather than argv[0] for syslog ident in the user
management commands,
shadow-4.0.4.1-owl-tmp.diff:
Remove using mktemp() if mkstemp() prototype not found (use always mkstemp()),
shadow-4.0.4.1-owl-check-reads.diff:
Add checking for read errors in commonio and vipw/vigr (not doing so could
result in data loss when the records are written back),
- fixed security bug in libmisc/pwdcheck.c which allow unauthorized
account properties modification.
Affected tools: chfn and chsh.
Bug was discovered by Martin Schulze <joey@infodrom.org>.
- added it translation (by Danilo Piazzalunga <danilopiazza@libero.it>),
- added sk translation (by Peter Mann <Peter.Mann@tuke.sk>, submited by Christian
Perrier <bubulle@kheops.frmug.org>),
- added es translation (by Ruben Porras <nahoo82@telefonica.net>),
- updated ko translation (by Changwoo Ryu <cwryu@debian.org>),
- added fi translation (by Tommi Vainikainen <thv@iki.fi>),
- new translations: bs, ca, da, eu, he, id, nb, nl, nn, pt, pt_BR, tr,
zh_CN (stolen from Debian),
- remove adduser(8) roff include man page to useradd(8).
shadow-4.0.4 => shadow-4.0.4.1 14-01-2004
- bug fixes in automake files for generate correct tar ball on "make dist":
added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
shadow-4.0.3 => shadow-4.0.4 14-01-2004
*** general:
- added missing information about -f options in groupadd usage message
(document this also in man page),
- removed TCFS support (tcfs is dead),
- convert all po/*.po files to utf-8,
- one TODO entry gone: fix nscd flushing databases on change (use
per service flushing method instead HUPing nscd process),
- removed old AUTH_METHODS dependent code,
- chage: now all code depend on SHADOWPWD. If shadow will not be configured
on autoconf level for using shadow password chage is olny stub which
informs "chage not configured for shadow password support."
- dpasswd: removed,
- login: remove handle login.defs::DIALUPS_CHECK_ENAB code,
- login: remove handle login.defs::NO_PASSWORD_CONSOLE code,
- ALL tools, libraries: remove old SVR4, SVR4_SI86_EUA BSD_QUOTA and ATT_AGE
dependent code,
- ALL: ready for gettext 0.11.5, automake 1.7.4, autoconf 2.57,
- logoutd, userd: handle also utmpx if available,
- newgrp: fix for non-PAM version
Use CLOSE_SESSIONS depending code only when USE_PAM.
The problem was reported by Mattias Webjorn Eriksson using Slackware
8.1 and reproduced it using slackware-current (9.0beta) (fix submited by
Simon Williams <simon@no-dns-yet.org.uk>),
- fix in too_many_failures() function: incorrect if() condition in non-PAM
dependent code in fail login handling (fixed by Krzysztof
Oledzki <ole@ans.pl>),
*** documentation:
- install groups(1) man page (moved from EXTRA_DIST to man_MANS),
- removed pwauth(8), d_passwd(5), dialups(5) man pages,
- remove text about password aging from passwd(5) (based on Debian changes),
- document useradd and groupadd -M option in en and pl man pages
(by Jakub Mikusek <mick3y@o.k.pl>).
- added ru passwd(1) man page from KSI resources,
- added es man pages found in Conectiva distribution resources,
- added chch(1), chfn(1) man pages from chinese man pages translation
project,
- added id(1) man page czech man pages translation project,
- updated ja man pages and added expiry(1),
- removed old doc/ANNOUNCE,
- updated german passwd(1), chsh(1) and login(1) man page and added chfn(1)
(by Josef Spillner <josef@ggzgamingzone.org>),
- many other cleanups and unifications in man pages.
shadow-4.0.2 => shadow-4.0.3 13-03-2002
- added various cs, de, fr, id, it, ko man pages found mainly in national
man pages translations projects (this documents are not synced with
current en version but you know .. "Documentations is lik sex. When it is
good it very very good. Whet it is bad it is better than nothing."). Any
changes for syncing this are welcome and for anyone who will want maintain
this documents directly I can give cvs write access to project resources.
- added new de translation (by Frank Schmid <frank@cs-schmid.de>).
- fixed building --with-shared: swapped utent (in src/login.c and
libmisc/utmp.c) and pwent (in libmisc/suauth.c and src/su.c)
definition/extern (by Dimitar Zhekov <jimmy@is-vn.bg>).
- minor changes and updates in man pages (also merged
shadow-4.0.0-owl-man.patch by Solar Designer <solar@openwall.com>).
shadow-4.0.1 => shadow-4.0.2 17-02-2002
- resolve many fuzzy translations also all this which may cause problems on
displaying long uid/gid,
- allow use "$" on ending in created by useradd username accounts for allow
create machine accounts for samba (thanks to Jerome Borsboom
<borsboom@tch.fgg.eur.nl> for point this problem in 4.0.1),
- fix small but ugly bug in configure.in in libpam_mics library detection.
shadow-4.0.0 => shadow-4.0.1
- added ability to log session closes in newgrp
(Joseph Parmelee <jparmele@wildbear.com>),
- add -pcs to .indent.pro file and reindent all code in src/,
- remove "\n" from all SYSLOG() messages,
- finish integrate AGING code into SHADOWPW,
- remove handle old HAVE_USERSEC_H code,
- updated ja and added hu man pages,
- applied patches by Solar Designer <solar@openwall.com>:
shadow-4.0.0-owl-chage-drop-priv.diffd
shadow-4.0.0-owl-chage-ro-no-lock.diff:
Added locks which are needed when doing r/w accesses, not when running
as root. If root does read-only, there's no lock needed. Added missing
"#include <errno.h>" for above (me).
shadow-4.0.0-owl-warnings.diff
Olny one fix from this patch was applied because other was fixed few days
before :)
shadow-4.0.0-owl-check_names.diff
Merge only prat this patch with checking login name matching; checking
is login string isn't longer than possible it will be good prepare using
probably _POSIX_LOGIN_NAME_MAX from <bits/posix1_lim.h>,
shadow-4.0.0-owl-chage-drop-priv.diff
shadow-4.0.0-owl-pam-auth.diff
Merge part with reorder initialize PAM and checking if chage is runed by
root or not - now chage can be runed from non-root account for checking
by user own account information (if PAM enabled).
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
- implemented functions for better reloading the nscd cache (per NSS map)
(Thorsten Kukuk <kukuk@suse.de>),
- fixed warnings "not used but defined" on compile using gcc 3.0.x
(bulletpr00ph <bullet@users.sourceforge.net>),
- added ja, ko translations found in SuSE,
- added symlinks: newgrp -> sg, vipw -> vigr,
- added vigr(1) man page as roff .so link to vipw(1),
- added sg(1) man page as roff .so link to newgrp(1),
- installed fix for SEGV when using pwck -s on /etc/passwd file with
empty lines in it.
shadow-20001016 => shadow-4.0.0 06-01-2002
- fix bug discovered and fixed by Marcel Ritter
<Marcel.Ritter@rrze.uni-erlangen.de>
Due to a big buffer size in lib/commonio.c this error does only appear
if a line gets longer than 4096 bytes (there are probably very few people
stumbling across this).
Ths bug can be exposed by trashing /etc/groups file using useradd with script:
#!/bin/sh
typeset -i NUM
NUM=0
groupadd demogroup
while [ $NUM -le 1000 ]; do
useradd -g demogroup -G demogroup -p "NONE" user$NUM
NUM=$NUM+1
done
- remove limit 32 to groups per user by (the same user can belong to
more than 32 groups) by use sysconf(_SC_NGROUPS_MAX) instead constant
NGROUPS_MAX (patch by Radu Constantin Rendec <radu.rendec@ines.ro>)
NOTE: it probably need testing on other system for add
some condition for using sysconf(_SC_NGROUPS_MAX) or NGROUPS_MAX constant,
- added -s option to {pw,grp}ck to sort checked files by UID/GID,
- drop detecting is pam_strerror() need one or two arguments. Instead using
PAM_STRERROR() macro use directly pam_strerror() function with two
arguments. pam_strerror() with one argument is obsoleted,
- adde ja man pages (probably some man pages need update),
- much better automake support,
- added pt_BR man pages for gpasswd(1), groupadd(8), groupdel(8),
groupmod(8), shadow(5) (man pages for other nations also are welcome),
- many small fixes and updates nad improvements in man pages,
- applied Debian patch to man pages for shadowconfig,
- remove limit to 6 chars logged tty name (012_libmisc_sulog.c.diff Debian
patch).
shadow-20001012 -> shadow-20001016:
- conditionally disabled body reload_nscd() because not every
version of nscd can handle it (this can be enabled by define
ENABLE_NSCD_SIGHUP) (Marek Michałkiewicz <marekm@linux.org.pl>)
- fixes on autoconf/automake level for dist target,
- Julianne F. Haugh new contact address.
shadow-20000902 => shadow-20001012
- removed /redhat directory with obsoleted files (partially rewritten spec
file is now in root directory),
- applied shadow-19990827-group.patch patch from RH wich prevents adduser
overwrite previously existing groups in adduser,
- added PAM support for chage (bind to "chage" PAM config file) also
added PAM support for all other small tools like chpasswd, groupadd,
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
"shadow" PAM config file) - this modifications mainly based on
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
- many small fixes and improvements in automake (mow "make dist"
works correctly),
- added cs translation (Jiri Pavlovsky <Jiri.Pavlovsky@ff.cuni.cz>).
shadow-20000826 => shadow-20000902
This is probably the last release from me.
Tomasz Kloczko <kloczek@rudy.mif.pg.gda.pl> is the new maintainer.
Good luck!
(I'm still interested to know what is going on with this package,
which is fairly important to many Linux distributions, so please
Cc: marekm@linux.org.pl in any related discussions - just don't
expect me to respond quickly...)
Previous warning still applies - be careful!
- applied some of the Red Hat patches (revised slightly), thanks to
Bernhard Rosenkraenzer <bero@redhat.de>: fix for truncated long
lines (>8K) in /etc/group, send SIGHUP to nscd (caching daemon
in glibc 2.1.x) after changing anything, add usermod -L and -U
options, remove LOG_CONS from openlog(), chage -d and -E handles
dates in yyyy-mm-dd format ('/' is not required)
- various cleanups
shadow-19990827 => shadow-20000826
WARNING: this release is not tested (other than that it compiles for me),
please be careful. Previous release was a year ago, so it is really time
to release something and start looking for a new, better maintainer...
(I've been extremely busy recently. Credit for most of the real work,
such as complete PAM support, should go to Ben Collins <bcollins@debian.org>
who maintains this package for Debian.)
- merged most of the changes from Debian (not all of them yet, PAM support
should be complete but is not tested - need to upgrade to potato first)
- added Polish translations of manual pages from PLD
- change sulog() to not depend on global variables oldname, name
- try to not follow symbolic links when deleting files recursively
in userdel (still not perfect, safest to do it in single user mode)
- removed workarounds for ancient (pre-ANSI) C compilers - use gcc!
(a few ANSI C constructs were used already, and no one complained)
- updated author's e-mail address (jfh@bga.com -> jfh@austin.ibm.com)
shadow-19990709 => shadow-19990827
- upgrade to autoconf-2.13, automake-1.4, libtool-1.3.3
- i18n: added French translation by Vincent Renardias <vincent@ldsol.com>
- i18n: added Swedish translation by Kristoffer Brånemyr <ztion@swipnet.se>
- logoutd no longer reads /etc/logoutd.mesg at startup - instead, read
it when sending to luser's tty (no need to reload with SIGHUP)
- added support for "usergroups" feature often found in Linux distributions
(if USERGROUPS_ENAB in login.defs set to "yes", uid != 0, uid == gid, and
username == groupname, then set umask to 002 instead of 022)
- Debian: pwck and grpck are now run from a daily cron job (root will
receive an e-mail if something is wrong), and at system startup
- added support for setting umask in /etc/limits
- when using OPIE, re-prompt with echo on after empty password was entered
- GETPASS_ASTERISKS now run time configurable (login.defs)
- getpass() now uses stdin and stderr (not stdout) if it can't open /dev/tty
- getpass() allows all input to be erased using Control-U, and beeps when
too many characters are entered
- removed obsolete sgtty support, in 1999 everyone should have termios :)
- Debian: tar wrapper no longer needed to build packages as non-root user
(install libtricks, and use "dpkg-buildpackage -rfakeroot" instead)
- Debian: changes for GNU Hurd by Marcus Brinkmann <brinkmd@debian.org>:
dpkg-architecture, cross compilation, only build passwd, add
etc/login.defs.hurd conffile, conditionalize CBAUD
- newgrp sets $HOME before running the new shell
- both "sg group command" (usage message) and "sg group -c command"
(man page) work, updated both the usage message and the man page :)
- i18n: added missing _() for some translatable strings
shadow-19990607 => shadow-19990709
- added PAM support to chfn and chsh (thanks to Thorsten Kukuk)
- fixed a bug in newgrp if the user is in >= 17 groups
- added @LIBSKEY@ to LDADD for all programs (for some reason,
almost all programs need it if skey/opie support is enabled)
- changed grpconv/grpunconv to compile with --disable-shadowgrp
- changed faillog to do something (assume -p) with no options specified
- updated version of the udbachk passwd/shadow/group file integrity
checker (contrib/udbachk.v012.tgz)
shadow-19990307 => shadow-19990607
- upgraded to libtool-1.2, latest config.{guess,sub}
- added missing #include "defines.h" in libmisc/login_desrpc.c - thanks
to almost everyone for reporting it :-)
- moved PAM-related defines to pam_defs.h
- added some braces to if/else to avoid egcs warnings
- started adding PAM support to login (based on util-linux, not finished yet)
- changed "!" to "x" for pw_passwd in src/newusers.c
- a few more Y2K fixes
- added contrib/udbachk.tgz (passwd/shadow/group file integrity checker),
thanks to Sami Kerola
- Debian: made /etc/{limits,login.access,login.defs,porttime,securetty}
files all mode 0600 (Bug#38729 - login: /etc/limits is world readable)
- updated mailing list information (moved again, now hosted by SuSE),
updated README.mirrors, other minor documentation updates
- made getpass work with redirected stdin
- new readpass echoing asterisks disabled by default by popular demand
(can be enabled at compile time: ./configure --enable-readpass)
- the random number of asterisks in readpass is now more random
(random number generator initialization was missing)
- commented out --enable-md5crypt (obsolete) in configure.in
- when checking for libskey, link with -lcrypt if libcrypt is available
(otherwise the configure test for libskey fails - libskey needs libcrypt)
- added Package/Version ident strings (so you can use the RCS "ident"
command to check any binary, which version of shadow it comes from)
shadow-981228 => shadow-19990307
- added support for setting process priority in /etc/limits
- i18n: updated Greek translation
- i18n: added Polish translation by Arkadiusz Miskiewicz
- documented the -p option in useradd.8 and usermod.8 man pages
- some "const" gcc warning fixes
- attempt to fix lib/snprintf.c compilation problems
- added restart/reload/force-reload to /etc/init.d/logoutd (found by lintian)
- always require password for root logins (even with NO_PASSWORD_CONSOLE)
- workaround for RedHat's CREATE_HOME feature in /etc/login.defs
- changed to Y2K compatible version numbering
- more Y2K fixes, use the ISO 8601 date format (yyyy-mm-dd) for default
values of user-entered dates (you can still enter dates in any format
supported by GNU date)
- oops, added doc/README.nls to list of files to distribute
- added missing sanitize_env() call to src/login.c
- debian/rules installs /bin/login non-setuid by default, just in case...
- build Debian packages with cracklib support (depends on cracklib-runtime)
shadow-980724 => shadow-981228
- login now clears the username in argv[] (in case someone types the
password instead of username, by mistake)
- i18n support, Greek translation (Nikos Mavroyanopoulos), see README.nls
- updated author's e-mail address (jfh@tab.com -> jfh@bga.com)
- new getpass() replacement that displays *'s (Pavel Machek)
- no password required when logging in from ttys listed under
NO_PASSWORD_CONSOLE in login.defs (Pavel Machek)
- fixed limits code so RLIMIT_AS should work
- upgraded to Debian 2.0
- built a new machine (P2 350MHz, 64MB RAM) so the thing can be compiled
in reasonable time again
- upgraded to automake-1.3, libtool-1.0h (also new config.guess and
config.sub that work on i686)
- usermod fixed to handle group names starting with digits (not recommended)
shadow-980626 => shadow-980724
- security: login no longer gives you a root shell if setgid()
or initgroups() or setuid() fails for any reason, discovered
by Ted Hickman <thickman@sy.net>
- remove libshadow.so -> libshadow.so.x.x symlink after install
- a few int -> uid_t type cleanups
- fail immediately (don't retry) in *_lock() if euid != 0
- added sample PAM config files etc/pam.d/{passwd,su}
- preliminary PAM support in su (untested - use at your own risk,
comments and patches welcome!)
- cleanup and more comments in OPIE code (Algis Rudys)
- added support for TCFS (Transparent Cryptographic File System)
(use ./configure --with-libtcfs, see http://tcfs.dia.unisa.it/
for more info), thanks to Aniello Del Sorbo
shadow-980529 => shadow-980626
- fixed bug in commonio_lock() (infinite recursion if lckpwdf() not
used and database cannot be locked), thanks to Jonathan Hankins
- fixed bug in copy_tree() (NUL-terminate readlink() results),
thanks to Lutz Schwalowsky
- no need to press Enter after Ctrl-C to interrupt password prompt
- removed a few harmless gcc warnings
- secure RPC login disabled if <rpc/key_prot.h> not found (glibc 2.0)
- faillog.8: changed /usr/adm -> /var/log
- pwconv.8: documented that it may fail on invalid password files
shadow-980417 => shadow-980529
- fixed "interesting" strzero() bug introduced by me in 980417:
strzero(cp) didn't work as intended (the macro used a local
variable called "cp" - oops...); Leonard N. Zubkoff was the
first person to report it - thanks!
- fixed usermod -e to accept empty argument (like useradd),
thanks to Martin Bene
- several changes from Debian 980403-0.2, see debian/changelog
- added contrib/shadow-anonftp.patch (not yet merged, sorry...)
thanks to Calle Karlsson
shadow-980403 => shadow-980417
- fixed login session limits (again - broken since 980130)
- more symbolic constants for exit status values
- fixed logoutd to work with 8-character usernames in utmp
(no room for terminating NUL!)
- various fixes to make the code more glibc2-friendly
- updated doc/cracklib26.diff (fix for empty gecos, etc.)
- updated the files in redhat/ from shadow-utils-970616-11.src.rpm
(RH 5.0 updates)
shadow-980130 => shadow-980403
- security: su now creates the sulog file (if enabled and doesn't
already exist) with umask 077
- hopefully removed arbitrary group size limits (not yet for
shadow groups though - sgetsgent() still needs a rewrite,
but I don't want to delay this release any longer...)
- fixed NULL dereference in groupmod -n
shadow-971215 => shadow-980130
- Debian binary packages can be built without root privileges
(tar wrapper - debian/tar.c)
- new subdir "redhat" (needs more work, see redhat/README)
- in several places, exit(127) if exec fails with ENOENT, and
exit(126) on other errors (as in ksh and bash)
- renamed getpass() and md5_crypt() to libshadow_* to avoid name
conflicts with libc functions - md5_crypt() is also in libcrypt.a
on Linux/PPC, thanks to Anton Gluck <gluc@midway.uchicago.edu>
- handle crypt() returning NULL (possible according to Single Unix
Spec) more gracefully (exit instead of SIGSEGV)
- fixed bug in putgrent() that showed up when realloc() moved the
buffer while expanding it, thanks to Floody <flood@evcom.net>
- fixed bug in login session limits (with a limit set to N logins,
only N-1 logins were allowed), thanks to Floody <flood@evcom.net>
- upgraded to libtool-1.0h (now recognizes GNU ld on Debian 1.3.1)
- newer config.guess and config.sub (should work on x86 for x > 5)
- removed doc/automake-1.0.diff (obsoleted by automake-1.2)
- added doc/cracklib26.diff (some patches for cracklib-2.6)
- documented more (not all yet) login.defs(5) settings
- replaced more exit status numeric values with #defines
- shadow-utils.spec now generated from shadow-utils.spec.in
(so I don't have to edit version numbers for every new release)
- groupadd -f option, based on RedHat's shadow-utils-970616-9 patch
("force" - exit(0) if the group already exists); other RedHat-
specific options not added yet (best done in a perl script that
runs useradd/usermod/groupadd - see Debian's adduser-3.x)
- added -O option (override login.defs values) to useradd and groupadd
- if usermod can't update the group file(s), exit(10) but update the
password file(s) anyway (as documented by Solaris man page)
- useradd should no longer set sp_expire to the current date (oops)
- configure.in: added --enable-desrpc, check for gethostbyname in libc
before trying libnsl (necessary for Solaris; not for Linux or Irix,
even though libnsl may be present), fixed pw_age/pw_comment/pw_quota
detection, setpgrp vs. setpgid, other minor tweaks
- various */Makefile.am tweaks
- login.defs: added FAKE_SHELL - program to run instead of the login
shell, with the real shell in argv[0] (Frank Denis)
- login.defs: ignore case in yes/no settings
- more E_* defines instead of hardcoded numbers for exit()
- added sanitize_env() for setuid programs
- login_desrpc() checks for getnetname() errors
- new password is not "too similar" if it is long enough
- replacement strstr() was static, no one noticed :-)
- {pw,spw}_lock() and {pw,spw}_unlock() track the lock count and call
lckpwdf() and ulckpwdf() as needed, *_lock_first() hack removed
- login sets $REMOTEHOST for remote logins
- added newgrp -l option (Single Unix Spec, same as "-")
- EXPERIMENTAL shared lib support using libtool (libshadow.so saves about
200K of disk space on Linux/x86), enabled by default if supported by
the system, use ./configure --disable-shared if it causes any problems.
Warning: libshadow.so is intended for internal use by this package
only - binary compatibility with future releases is not guaranteed.
There should be no need to link any other programs with libshadow.so -
the libshadow.so -> libshadow.so.x.x symlink is unnecessary.
- pam_strerror() takes one or two arguments, depending on the Linux-PAM
version (!) - added check to configure; fixed do_pam_passwd prototype
- libmisc/login_access.c should compile on Linux/PPC and Solaris
- added information about the new ftp site to doc/README.mirrors
shadow-971001 => shadow-971215
- added workaround for NYS libc 5.3.12 (RedHat 4.2) bug to grpck
- updated the RPM .spec file
- renamed rlogin() to do_rlogin() to avoid Linux/PPC build problem
(glibc defines something else named "rlogin" in utmpbits.h ?)
- added MD5 checksums in Debian packages
- added -p and -g options to vipw (edit the password or group file
respectively, regardless of the command name in argv[0])
- removed old DBM support (NDBM code is still there)
- fixed a bug in gpasswd: current username was incorrectly identified as
"root" because of setuid(0) done too early. It may be a security hole
when using shadow groups - if "root" is listed as a group administrator,
any user can add/remove members in that group. Thanks to Jesse Thilo.
- gpasswd now logs which user (root or group admin) made the changes
- passwd now uses $PATH to search for the chfn, chsh, gpasswd commands
- newgrp and add_groups() allocate supplementary group lists dynamically
- moved check_shell() from src/chsh.c to libmisc/chkshell.c
- CHFN_RESTRICT in login.defs can now specify exactly which fields may be
changed by regular users (any combination of letters "frwh")
- fixed contrib/pwdauth.c segfault with non-existent usernames
- minor change in lib/getdef.c to handle quotes better (Juergen Heinzl)
- new date parsing code (from GNU date) used by useradd, usermod, chage
- upgraded to automake-1.2, added libtool-0.7 (no libshadow.so yet)
- converted code to ANSI C, added ansi2knr (untested - use gcc!)
- fixed useradd -G segfault (one '*' that shouldn't be there)
- allow 8-bit characters in chfn
- added support for RLIMIT_AS (max address space) in libmisc/limits.c
- changed the handling of NIS plus entries in password files
- some more tweaking in various debian/* files
- logoutd uses getutent() instead of reading utmp file directly
- fixed lckpwdf() called twice (and failing) when changing password
if the user is not listed in /etc/shadow (Mike Pakovic)
- erase and kill characters left unchanged if not defined in login.defs
shadow-970616 => shadow-971001
- Debian: mkpasswd no longer installed (dbm files not supported)
- chpasswd checks for shadow/non-shadow at run time, too
- added chpasswd -e (input file with encrypted passwords) - Jay Soffian
- changed libmisc/login_access.c as suggested by Dave Hagewood
- replaced sprintf() with snprintf() in several places
- added lib/snprintf.[ch] (from XFree86) for systems without snprintf()
- minor tweaks in contrib/adduser.c (/usr/local -> /usr)
- non-root users can only run su with a terminal on stdin
- temporarily disabled DES_RPC because getsecretkey() causes login to hang
for 5 minutes on at least one RH 4.0 system. Not sure if this is a bug
in libc, or system misconfiguration. Needs further investigation.
- check for strerror() and -lrpcsvc (should compile on SunOS again)
- fixed free() called twice in libmisc/mail.c
- added information about mirror sites (doc/README.mirrors)
- updated pwconv.8 and pwunconv.8 man pages
- "make install" now installs pwconv, pwunconv, grpconv, grpunconv
- pwauth.8 no longer installed (AUTH_METHODS not supported by default)
- corrected su.1 man page ($SHELL not used)
- no need for --with-md5crypt if the MD5-based crypt() is already in libc
(or another library specified in /etc/ld.so.preload - Linux ld.so 1.8.0+)
- cleaned up PASS_MAX in getpass() (127 always assumed)
- default editor for vipw changed from /bin/ae to a real editor :)
shadow-970601 => shadow-970616
- fixed execlp call (missing NULL) in src/vipw.c
- vipw now preserves permissions on edited files
- commented out the xdm-shadow hack in shadowconfig
- improved RedHat spec file (Timo Karjalainen)
- updated mailing list information
- added information about the shadow paper (doc/README.shadow-paper)
- renamed doc/console.c.spec (confused RPM)
shadow-970502-2 => shadow-970601
- fixed a typo in libmisc/mail.c causing login to segfault
if MAIL_CHECK_ENAB=yes (sorry!)
- patches for OPIE support (Algis Rudys) (untested)
- programs that modify /etc/passwd or /etc/shadow will use
lckpwdf() if available
- now compiles with PAM support! (still untested)
- cosmetic error message changes (prefixed by argv[0]:)
shadow-970216 => shadow-970502-2
- shadow group support fixes (grpconv didn't work - for some
reason, putsgent() returns 1 instead of 0 on success;
now -1 = failure, anything else = success)
- upgraded to autoconf-2.12
- pwconv and pwunconv now follow other UN*X systems and SVID3
(modify files in place), original versions moved to "old"
- scologin.c moved to "old" (it was only for SCO Xenix) so
people stop sending patches for scologin.c gcc warnings :)
- don't use the MD5* functions in libmisc/salt.c (glibc has
the new md5 crypt(), but no <md5.h> and MD5* functions!)
- support for MkLinux, Solaris, JIS, Qmail (Frank Denis)
- "passwd -S -a" now really works
- support for Debian, vipw, a few fixes (Guy Maor)
- src/login.c radius bug fix (Rafal Maszkowski)
- ISSUE_FILE_ENAB -> ISSUE_FILE in the sample /etc/login.defs
- fixes for glibc and DES_RPC (Thorsten Kukuk)
- limits.5 man page (Luca Berra)
- expiry will work setgid shadow too, removed euid 0 check
- added check for a64l() to configure (glibc)
shadow-961025 => shadow-970216
- major rewrite of *io.c (no more 4 copies of almost identical code)
- use fsync() (if available) instead of sync() when updating password files
- use fchmod() and fchown() if available
- keep the NIS "plus on a line by itself" entries at end of passwd/group
- configure checks location of passwd/chfn/chsh programs (/usr/bin or /bin)
- passwd -S -a: list information about all users (root only)
- passwd -k: change only expired passwords
- passwd -q: quiet mode
- first attempt at PAM support in passwd
- passwd updates the non-shadow password if /etc/shadow exists but the
user has no shadow password
- passwd logs who changed the password, added hook to allow non-root
administrators who can change passwords (not implemented yet)
- su sets $HOME even without the "-" option (suggested by Joey Hess)
- added -p (set encrypted password) option to useradd and usermod
(idea from hpux10 - undocumented option used internally by SAM)
- useradd -D -e does the right thing (set default expiration date)
- USERDEL_CMD in login.defs instead of hardcoded {ATRM,CRONTAB}_COMMAND
because there are just too many systems that need different commands
- removed #ifdef FAILLOG_LOCKTIME (now always enabled), warning: the
faillog file format has been changed (somewhere between 960129 and
960810), please truncate the old file (if any) to zero length
- ISSUE_FILE (may be different from /etc/issue) instead of ISSUE_FILE_ENAB
- wtmp, lastlog, faillog file location guessed by configure
- separate checks for invalid user and group names, max username length
based on struct utmp (it's not always 8 characters)
- pwck and grpck now check for invalid user/group names
- pwck -q (quiet, report only serious problems) option added
- separate cleaner sgetpwent() without the NIS magic
- NIS entries ignored (never changed) by *io.c, pwck, grpck
- various code cleanups
- new get_my_pwent() function for getting my own username, uid etc.
- faillog opens the file read-write if possible (even if not root)
- passwd -S allowed for normal users (for their own uid only)
- handle the case of login denied to passwordless accounts better
("Login incorrect" without "Password:" prompt looks strange)
- corrected author information and removed a copyright restriction
shadow-960925 => shadow-961025
- fixed a few typos in shadow group code
- don't check for names starting with 'r' to determine if the shell
is restricted, use /etc/shells instead (for the "rc" shell)
- removed extra definition of LASTLOG_FILE in configure.in
- expiry no longer segfaults if no /etc/shadow
- userdel -r "can't remove mailbox" warning no longer printed on success
- useradd exit codes changed to match hpux10 man page
- fixed possible fd leak etc. in file locking code (lib/commonio.c)
shadow-960920 => shadow-960925
- bug fixes to the new environment code using malloc
- use hardcoded names instead of basename(argv[0]) for openlog() in programs
that users can run (chage, chfn, chsh, gpasswd, login, newgrp, passwd, su)
- small fix to isexpired(), and use it in passwd as well
- use strftime() and strptime() if available
- added chmod 600 /etc/passwd- at the end of pwconv5 (backup file may
contain encrypted passwords!)
- pass size to change_field (chage, chfn, chsh) instead of assuming BUFSIZ
(nothing bad happened yet, just a cleanup)
- gpasswd should work with both shadow and non-shadow group passwords
- detect unsupported options if no shadow (gpasswd, useradd, usermod)
- passwd -e for sunos4 (ATT_AGE), untested
- read environment from file (ENVIRON_FILE in login.defs), idea from ssh
- small fix to l64a()
- passwd prints a message after password successfully changed (for things
like poppassd which run passwd and expect some output)
- passwd logs if password was changed by root (as opposed to a luser)
- passwd uses current uid if no username argument and getlogin() fails
shadow-960910 => shadow-960920
- use malloc for environment variables, no more MAXENV (Juergen Heinzl)
- newusers should work with both shadow and non-shadow passwords
(still left to do: chpasswd, gpasswd)
- login-static no longer compiled by default
- more SYSLOG() macros
shadow-960810 => shadow-960910
- updated README.linux to point to the new ftp site
- chfn and chsh optionally (CHFN_AUTH) prompt for password like util-linux
- man pages now closer to LDP standards (Ivan Nejgebauer)
- newgrp uses SYSLOG_SG_ENAB (not SU) as in the /etc/login.defs comments
- obscure.c fixed to compile with HAVE_LIBCRACK
- cosmetic message changes in age.c
- utmp open error check fixed in utmp.c
- grpunconv added (Michael Meskes)
- login reports invalid login time, not "Login incorrect" (Ivan Nejgebauer)
- logoutd sets OPOST before writing to the tty (Ivan Nejgebauer)
- sulogin: don't use syslog(), other minor changes (Ivan Nejgebauer)
- passwords can be changed if sp_max == -1 (now considered infinity)
- usermod: don't use sizeof(struct lastlog) when writing to faillog (ugh)
- started replacing lots of #ifdef USE_SYSLOG with cleaner macros
- contrib/rpasswd.c added (Joshua Cowan)
- PASS_MAX is 127 with MD5_CRYPT (not just for Linux - sunos4 too...)
- workarounds for a RedHat NYS libc getspnam() bug (if /etc/shadow
doesn't exist, it succeeds and returns sp_lstchg==0 instead of -1).
shadow-960129 => shadow-960810
- automake, configure checks for libcrypt and libcrack (Janos Farkas)
- added --enable-shadowgrp to configure (shadow groups disabled by default)
- should compile on SunOS 4.1.x - but it does NOT mean that it works :-)
- login sets HUSHLOGIN=TRUE or FALSE (for shell startup scripts etc.)
- hopefully removed all the rcsid warnings
- contrib/atudel perl script to remove at jobs (thanks to Brian Gaeke)
- resource limits (Cristian Gafton)
- workaround for buggy init/getty(?) leaving junk in ut_host on RedHat
- more fixes in man pages
- pwck and grpck no longer suggest to run mkpasswd if *DBM not compiled in
- most programs (groupadd, groupdel, groupmod, grpck, login, passwd, pwck,
su, useradd, userdel, usermod) should now work with both shadow and
non-shadow passwords/groups (check for /etc/shadow and /etc/gshadow at
run time); a few programs still left to do
- mailbox mv/chown/rm in usermod/userdel (suggested by Cristian Gafton)
- new contrib/adduser.c from Chris Evans
- lots of other minor changes
- source tree reorganization, GNU autoconf, portability cleanups
- basename() renamed to Basename() to avoid name space confusion
- new programs to create /etc/shadow and /etc/gshadow: pwconv5, grpconv
- newgrp cleanup and a few fixes
- useradd uses PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE
- don't make the first group member the group admin by default
(define FIRST_MEMBER_IS_ADMIN to get the old gpasswd behaviour)
- password aging constants, NGROUPS_MAX and syslog stuff in only one
place (defines.h) instead of repeating it in all source files...
- added userdel -r safety check (refuse to remove the home directory
if it would result in removing some other user's home directory)
- usermod -u now correctly checks for non-unique uid (unless -o)
- sync() after updating password files, just to be more safe
- "make install" should install /etc/login.defs if it doesn't exist
- new option to control what happens if we can't cd to the home directory
(DEFAULT_HOME in /etc/login.defs)
- enter the home directory as the user, not as root (for NFS etc.)
- added check for Slackware bugs (nobody UID -1) in pwck and grpck
- new CONSOLE_GROUPS feature (thanks to pacman@tardis.mars.net), it is
possible to add specified groups (floppy etc.) for console logins
- new faillog feature: lock account for specified (per-user) time since
the last failure after exceeding the failure limit
- new man pages (gpasswd.1, login.access.5, suauth.5)
- fixes in man pages, renamed *.4 to *.5
- new "contrib" directory (two adduser programs)
- changed some "system" to "feature" #ifdefs (autoconf someday...)
- sulogin no longer requires to be run from init, should work from rc
scripts too
- changes to prevent unshadowing with libc SHADOW_COMPAT (get info
using xx_locate(), modify it and call xx_update(), don't write back
anything returned by getpwnam() etc.)
- stupid bug fixed in lastlog.c
- don't move non-directories in "usermod -m"
- don't log unknown usernames (passwords mistyped for usernames) (lmain.c)
- macros to get around ancient compilers which don't like prototypes
- make more use of "const" (not everywhere yet)
- added #ifdef AUTH_METHODS - very few people use administrator defined
authentication methods because many programs are not aware of them;
not supporting them makes the code simpler
- new "save" and "restore" Makefile targets, thanks to Rafal Maszkowski
- sgetgrent() in libshadow.a is optional, some versions of libc have it,
see HAVE_SGETGRENT in config.h (grent.c)
- don't use continued lines in /etc/group, the standard getgr*() functions
don't support that (grent.c)
- removed the third main() argument (according to libc docs, not allowed by
POSIX.1 - use environ instead) (lmain.c, smain.c, newgrp.c, sulogin.c)
- login access control (lmain.c, login_access.c)
- added copyright notice to login_access.c (from logdaemon-5.0)
- detailed su access control (smain.c, suauth.c) - thanks to Chris Evans
- added closelog() in su before executing the shell (smain.c)
- getting current user name changed (smain.c)
- "x" instead of "*" in pw_passwd, consistent with pwconv (useradd.c)
- getpass() shouldn't return NULL except on errors (getpass.c)
- moved isexpired() to isexpired.c (now part of libshadow.a) from age.c
- SunOS4-like passwd -e (force change on next login) (isexpired.c, passwd.c)
- can use shadow support in new versions of Linux libc instead of libshadow.a,
see HAVE_SHADOWPWD, HAVE_SHADOWGRP in config.h.linux (shadow.c, gshadow.c)
- "no shadow password" not logged, the same /bin/login should work with both
shadow and non-shadow passwords (lmain.c)
- some cleanup in various places (lmain.c, passwd.c)
- new program to verify username/password pairs, for xlock etc.; it is not
installed by default, read the comments first (pwdauth.c)
- authentication programs run with empty environment for safety (pwauth.c)
- added missing fstat error checks (faillog.c, lastlog.c, setup.c, *io.c)
- common code separated from *io.c (commonio.c)
- ownership and permissions on password files are now preserved (we may try
to make more use of setgid and setuid non-root programs in the future)
- added (untested) MD5-based crypt() from FreeBSD (md5crypt.c), see
MD5_CRYPT in config.h.linux and MD5_CRYPT_ENAB in login.defs.linux
- termios/termio/sgtty macros cleaned up a bit
shadow-951218 => shadow-960129
Emergency bug fix release - no new features since 951218. There are many
new changes, but this bug really can't wait until they are tested.
Probably all previous versions of the shadow suite have a serious bug which
makes it possible to overwrite the stack by entering very long username at
the login prompt. This can give root access to any remote user!
Changed the maximum size in login.c from BUFSIZ (1024) to 32 (to match
size of the array in lmain.c). Aaargh!!!
shadow-951203 => shadow-951218
Changes:
- Linux utmp handling fixes (utmp.c)
- last failure date printing fixes (failure.c)
- minor fix to compile with USE_CRACKLIB (obscure.c)
- eliminated the use of snprintf (env.c, lmain.c, login.c, shell.c, smain.c)
- basename.c added, replacing duplicated code in various places
- "su -" runs the shell with '-' in argv[0] again (smain.c)
- removing at/cron jobs cleaned up (userdel.c)
- /etc/gshadow should not be world-readable (sgroupio.c)
- if fflush() failed, files were not closed (*io.c)
- login prompt is now "hostname login: " on Linux (lmain.c, login.c)
- "save" and "restore" targets commented out (don't work) (Makefile.linux)
- some minor cleanups for gcc -Wall (unused variables etc.)
- removed README.FIRST (copyrights are OK now)
- updated ANNOUNCE, README.linux, WISHLIST
- as suggested, converted to RCS
shadow-3.3.2-951127 => shadow-951203-jfh
Changes:
- Added the BSD-style copyright to all of the files. Any files with the
old copyright have multiple copyright holders and need to be cleanroomed
to produce BSD-style copyrightable files, or I need to get the consent
of the others to change the copyright.
- Changed the ANNOUNCE file to not refer to the README.FIRST file. Now
that all of the files should have the correct copyright there is no need
to refer to that e-mail message.
- Changes SCCS strings to "%W% %U% %G%". Marek needs to either convert to
RCS or check into SCCS and then checkout. I'd suggest using RCS ;-)
jfh@rpp386.cactus.org
shadow-3.3.2-951106 => shadow-951127
Note: for now this code only supports Linux. All the #ifdef's are there
(and will be; support for at least SunOS 4.1.x would be nice) but:
- I had to fix some potential security problems resulting from sloppy
coding (no bounds checking), and it was easier for me to use snprintf()
(not available on many systems, unfortunately), I'll fix that later.
Old versions of Linux libc don't have snprintf() either, and the one
in libbsd.a ignores the max size - don't use it! (libc-4.6.27 is OK)
- I am lazy and only updated Makefile.linux and config.h.linux this time
- I don't have root access to non-Linux systems (this means no testing)
- this code needs some major reorganization, which will (hopefully)
make porting easier
Changes:
- some code cleanup, prototypes.h, defines.h, Makefile and config.h changes
- login can be statically linked (not that I think it's a good idea, better
fix the telnetd, but paranoid people will like it :-)
- login is installed non-setuid by default
- check for NULL from getpass()
- wipe cleartext password from getpass() when no longer needed (pwauth.c)
- use standard "Password: " prompt by default (pwauth.c)
- hopefully fixed bogus sigaction() stuff (Linux only) (getpass.c)
- oops, setrlimit wants bytes, ulimit wants 512-byte units (lmain.c)
- Linux has <lastlog.h>
- print ll_host on Linux too (lmain.c)
- size checking in various places (setuid root programs, argh!)
- preserve TERM from getty (lmain.c)
- don't ignore SIGHUP (lmain.c)
- :%s/setenv/set_env/g (setenv(3) conflict) (env.c, lmain.c, login.c)
- remove LD_xxx (env.c)
- use bzero() instead of memset() for BSD portability and less #ifdef's
(if the system has no bzero(), implement it as a macro using memset())
- the above fixes wrong order of memset() parameters (log.c)
- use getutent/pututline instead of doing it by hand (utmp.c)
- added the new settings to login.defs.linux
- added login_access.c to the distribution (not used yet)
==========
shadow-3.3.2 => shadow-3.3.2-951106
- added dummy pad.c and #ifdef'ed out references to pad_auth (pwauth.c)
- malloc/strdup error checking, hopefully no more core dumps...
- define HAVE_RLIMIT instead of HAVE_ULIMIT for Linux (config.h.linux)
- changed pathnames on Linux to conform to new FSSTND (/var/log etc.)
- larger buffer for cipher, for md5 crypt() if and when (encrypt.c, passwd.c)
- use POSIX termios whenever possible on Linux
- list.c, removed add_list/del_list from gpmain.c, user{add,del,mod}.c
- strtoday.c, removed duplicates from chage.c, useradd.c, usermod.c
- login -h only for root (lmain.c)
- login -r not needed for Linux (lmain.c)
- sample login.defs modified for Linux (login.defs.linux)
- swapped chfn USAGE and ADMUSAGE (chfn.c)
- added -u to passwd usage (passwd.c)
- no #! check necessary for Linux (shell.c)
- define OLD_CRON for some old incompatible Linux distributions (userdel.c)
- PASS_MAX is now 127 (not 8) for Linux (getpass.c)
- LOGIN_RETRIES, LOGIN_TIMEOUT, PASS_CHANGE_TRIES are no longer compiled in,
can now be set in login.defs, old values are used as defaults (lmain.c)
- unique uid/gid selection now more robust (useradd.c, groupadd.c)
- UID_MIN, UID_MAX, GID_MIN, GID_MAX in login.defs (useradd.c, groupadd.c)
- CRACKLIB_DICTPATH no longer compiled in, can be set in login.defs (passwd.c)
- PASS_ALWAYS_WARN: warn about weak passwords even for root (passwd.c)
- PASS_MAX_LEN, check truncated passwords again (obscure.c)
- check for weak passwords too if previous password was empty (obscure.c)
- CHFN_RESTRICT: don't let users change their full names (chfn.c)
- Linux has getusershell(), use it (chsh.c)
- check if the new shell is executable by the user (chsh.c)
- sleep before printing "Login incorrect", not the other way around (lmain.c)
- don't be picky about utmp only if any of -rfh flags given (lmain.c)
- do "wheel group" more like BSD does (smain.c)
- use getlogin() in su (smain.c)
- UMASK from login.defs defaults to 077, not 0 (lmain.c, newusers.c)
- #undef HAS_ATRM for Linux until atrm can do what we need (config.h.linux)
- Linux has most commands in /usr/bin, not /bin (age.c, passwd.c, userdel.c)
- ULIMIT from login.defs works on systems using setrlimit() too (lmain.c)
- LOGIN_STRING should work now (pwauth.c, getdef.c)
- kludge to avoid conflict with Linux <shadow.h> (gshadow.h)
- mv Makefile Makefile.xenix ; mv config.h config.h.xenix - so that they are
not lost when you copy the right ones to Makefile and config.h
==========
shadow-3.3.2
Original version, received directly from the author.
|