- describe difference between login and logout time formats in struct last_timefmt
- use strtime_iso()
- rename LAST_TIMEFTM_SHORT_CTIME to LAST_TIMEFTM_SHORT
- rename LAST_TIMEFTM_FULL_CTIME to LAST_TIMEFTM_CTIME
- add LAST_TIMEFTM_HHMM for internal purpose (logout format for "--time-format short")
Signed-off-by: Karel Zak <kzak@redhat.com>
for stopping plymouthd. That do not depend on the existence of
the plymouth binary if it e.g. becomes uninstalled or an other
service is providing plymouthd facilities.
[kzak@redhat.com: - fix compiler warnings [-Wpointer-sign]
- use sizeof() for write_all()
- cast to char* for read_all]
Signed-off-by: Werner Fink <werner@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
The close at exit specifier "e" is glibc extension, so use it only if when
the extension is available.
Proposed-by: Ruediger Meier <sweet_f_a@gmx.de>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
If the root account is locked and no password was provided then the terminal
line is not set back to do echo of the input. This correct a small overlook
in commit 7ff1162e67
Signed-off-by: Werner Fink <werner@suse.de>
This happens on Debian kFreeBSD and probably on Hurd too since
cde7699c. One should review this issue to fix it properly.
CC: Werner Fink <werner@suse.de>
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Commit 11b86e1733 changed printf() to puts() in favour of more simple
function, but forgot that puts() adds a new line to end of string. That new
line is neither needed, or expected, so use fputs() that is both a simple
printing function and comes without new line side effect.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
clang warning:
libmount/src/tab.c:1833:6: warning: variable 'rc' is used uninitialized whenever
'if' condition is true [-Wsometimes-uninitialized]
if (!mpc)
^~~~
icc printf warnings:
libmount/src/monitor.c(348): warning #2279: printf/scanf format not a string literal and no format arguments
DBG(MONITOR, ul_debugobj(mn, status == 1 ? " success" : " nothing"));
^
login-utils/vipw.c(348): warning #2279: printf/scanf format not a string literal and no format arguments
: _("You are using shadow passwords on this system.\n"));
^
icc enum warnings:
disk-utils/fdisk-menu.c(150): warning #188: enumerated type mixed with another type
.exclude = FDISK_DISKLABEL_GPT | FDISK_DISKLABEL_BSD,
^
libsmartcols/src/table_print.c(750): warning #188: enumerated type mixed with another type
&width, align,
^
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
The file is no portable (#ifdef HAVE_SYS_SYSMACROS_H is necessary),
but needed on many places. It seems better to keep it in c.h.
Signed-off-by: Karel Zak <kzak@redhat.com>
BSD/Linux systems stick major/minor/makedev in sysmacros.h. Newer Linux
libraries have been moving away from including sysmacros.h implicitly via
sys/types.h, so include it directly.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
This include was added just one month ago in 5a971329 but I don't see
what it was good for. It's missing in musl libc.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
We were missing our nice compliler warnings for many programs
and libs. See next commits how many trivial and non-trival
warnings have to be fixed.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This was a major showstopper when building on a system where
LTLIBINTL libs are needed (e.g. OSX). Maybe there are a few test
programs which wouldn't need LDADD ... never mind.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
__P() is used for compatibility with old K&R C compilers. With
ANSI C this macro has no effect.
This fixes a compilation error with musl libc because of undeclared
__P.
Ref:
https://lists.samba.org/archive/samba-technical/2015-June/108042.html
Signed-off-by: Romain Naour <romain.naour@gmail.com>
This patch does not change any su/runuser behaviour, code changes:
* don't use huge groups[NGROUPS_MAX]; the array has 256k, but we need
it only occasionally when -G/-g specified.
* the current code uses groups[0] for -g and the rest for -G, this patch adds
'gid' to remember -g argument to avoid memmove()
* add function add_supp_group() to simplify su_main()
* add note about -G and -g relation to the man pages (undocumented now)
Signed-off-by: Karel Zak <kzak@redhat.com>
This small patch improves the console detection code and also avoids not
existing device nodes due strdup() which is used in canonicalize_path().
Beside this now the code for emergeny mount does work if enabled at
configure time.
Signed-off-by: Werner Fink <werner@suse.de>
on ppc64:
$ lslogins kzak
$ lslogins: cannot allocate 85899345920 bytes: Cannot allocate memory
because
(int *) len
where len is pointer to size_t is bad idea...
Signed-off-by: Karel Zak <kzak@redhat.com>
sysconf(_SC_GETPW_R_SIZE_MAX) returns initial suggested size for pwd
buffer (see getpwnam_r man page or POSIX). This is not large enough in
some cases.
Yes, this sysconf option is misnamed (should be _SC_GETPW_R_SIZE_MIN).
Signed-off-by: Karel Zak <kzak@redhat.com>
This makes silly practical jokes impossible, like for example symlinking
/dev/null or dev/random to /etc/nologin.txt
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>
The last/lastb(1) from sysvinit has been around for about two years,
and the better implementation is already part of releases 2.24 to 2.26.
It should be safe to remove the unused last code from the source tree.
Reference: ce60272039
Signed-off-by: Sami Kerola <sami.kerola@lastminute.com>
Some installations and distributions don't use a root account password
for security reasons and use sudo instead. In that case, asking for the
password makes no sense, and it is not even considered as valid as it's just
"*" or "!".
In these cases --force is required to just start a root shell and no
ask for password.
I don't think it's a good idea to automatically start root shell when
locked account is detected. It's possible that the machine is on
public place and for example Ubuntu uses root account disabled by
default (and also Fedora when installed by yum/dnf without anaconda).
The --force option forces admins to think about it...
The distro maintainers can also use --force in their initscripts or
systemd emergency.service if they believe that promiscuous setting is
the right thing for the distro.
Addresses: https://bugs.debian.org/326678
Signed-off-by: Karel Zak <kzak@redhat.com>
The getline function distinguishes between the allocated and read
lenghts, and we should not mix them up, as we might end up processing
junk.
Signed-off-by: Guillem Jover <guillem@hadrons.org>
* according to "man getpwnam" 16384 bytes is enough to store one
passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)
* don't use strcpy() to set empty password
Signed-off-by: Karel Zak <kzak@redhat.com>
It is just luck if two time() calls happen within the same
second. Introduced in 31d28e09.
Actually I don't like adding another global variable but this
way we avoid bigger refactoring. IMO it's questionable why
lastdate, lastdown, etc. are initialized with current time() at
all. It looks unsafe to print "still running" always when
logout_time = now.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
last(1) uses a global list of entries, this is unnecessary and it's
also mistake because the pointer to the list is not set to NULL when
last(1) opens another utmp file. For example:
last -f /var/log/wtmp -f /var/log/wtmp-20150220
ends with unexpected free() call or sometimes with never ending loop.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1201033
Signed-off-by: Karel Zak <kzak@redhat.com>
* check for timer_create()
* define dependence on timer_create() for flock
* rename CLOCKGETTIME_LIBS to REALTIME_LIBS
Signed-off-by: Karel Zak <kzak@redhat.com>
As said in include/c.h the usleep() is marked as obsolete, so do the same
that most of the other util-linux calls do with this interface.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The message "stat failed %s" seems to say that stat() failed to
do something, or failed to pass a test, but of course it means
that the statting of something failed. So say so. Also make
two very similar messages equal to this one.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Transform some of them into copyright lines.
Also fix three header lines and snip some trailing whitespace.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
This change fixes all shadow declarations. The worth while to mention
fix is with libfdisk sun geometry. It comes from bitops.h cpu_to_be16
macro that further expands from include/bits/byteswap.h that has the
shadowing.
libfdisk/src/sun.c:961:173: warning: declaration of '__v' shadows a previous local [-Wshadow]
libfdisk/src/sun.c:961:69: warning: shadowed declaration is here [-Wshadow]
libfdisk/src/sun.c:961:178: warning: declaration of '__x' shadows a previous local [-Wshadow]
libfdisk/src/sun.c:961:74: warning: shadowed declaration is here [-Wshadow]
That could have caused earlier some unexpected results.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
The 'if' clauses that have termination as either of the control flow
results will never need 'else'. Making the termination to happen true
flow is enough.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Shell null check is redundant. The shell can be null only after
ask_new_shell returned such, and that is checked earlier in program
logic.
Secondly the check_shell does not need to return values, in such cases
the program can simply exit.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Rename prompt() to ask_new_shell(). Remove fixed size buffer and
allocate path to new shell, that should make Hurd people happy. Use
strutils.h for white space trimming.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Earlier setting a /bin/sh was impossible for users that had nothing set
as shell, as that was seen as no change.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Use of fgets() can make a single long line to be understood as two
entries, and someone could play tricks with the remainder part of the
buffer.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The add_missing() and find_field() functions are needed when input data
is incomplete, such as in case when chfn is instructed to change only
selected fields with command line options.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This change is a little bit messy, and requires a comment the struct
finfo should not have 'struct passwd *pw' as it's member. The earlier
struct design would have been burden to maintain, and confusing to use.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Commit db433bf737 changed -u for --help to
-h, that is not true. The -h is short hand for --home-phone. And the
--version is accompanied with -v not -V.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The left and right white space trimming can be done with strutils.h
[lr]trim_whitespace() functions.
As a minor fix when user input exceeds maxium allowed gecos field length
the remaining characters in stdin are purged so that re-prompting works
correctly.
Additionally the prompt() is made to add message to check_gecos_string(),
so that there are less similar strings for translation project to deal.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This commit changes journal messages in individual user printout the
following way.
Dec 13 16:02:05 systemd[324]:Time has been changed (old)
Dec 13 16:02:05 systemd[324]: Time has been changed (new)
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Usage is promising -e is an option alias of --export, so make it work.
And get rid of -x that was accepted, but not in use.
Long only enum member OPT_VER was probably a development time idea, that
never got to be used.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The password change and expiry has are marked with resolution of a day,
so add a new short iso-8601 format. With this system admins can easily
find users has not updated their password lately
$ lslogins --time-format=iso --user --output=pwd-change,user | sort -n
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
As per the convention shown in Documentation/howto-man-page.txt.
Also make a few other tiny adjustments along the way.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Wrap around the variable declaration for `tv' with ifdef so the compilers
don't warn about unused variables if we're compiling without UT_TV. This
happens with the musl libc, since it doesn't define _HAVE_UT_TV, even
though it _does_ have the ut_tv field in the utmp struct.
Signed-off-by: Will Johansson <will.johansson@gmail.com>
OpenPAM is compatible with util-linux, with a few changes, namely
using OpenPAM's conversation function, openpam_ttyconv.
We check for Linux-PAM by querying for security/pam_misc.h, and OpenPAM
by querying for security/openpam.h.
Signed-off-by: Will Johansson <will.johansson@gmail.com>
Short option -G goes together with long option --supp-groups, while
neither of -m or --groups-info has worked in a release so remove them
from usage() and manual.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This cange makes the following to retun none-zero value instead of a core
dump.
$ lslogins qwertyuiopasdfghjklzxcvbnm1234567
lslogins: libsmartcols/src/line.c:362: scols_line_get_cell: Assertion `ln' failed.
Aborted (core dumped)
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
the lastlog file is huge and on systems with large UIDs, it's so huge that
it generates SIGXFSZ when the FSIZE limit is too small.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1165702
Signed-off-by: Karel Zak <kzak@redhat.com>
Translating these text elements should happen only once, which is
more likely when the text macros are used properly.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
An example is, in one terminal "sudo su -; echo $$", and in
another terminal, "kill -9 $PID" (the pid of the su -). It
should not print "(core dumped)", unless the kill signal
specified so, e.g. kill -7 or kill -11.
Signed-off-by: pcpa <paulo.cesar.pereira.de.andrade@gmail.com>
The glib versionf of getsgnam() is using /etc/nsswitch.conf, allowing the
group passwords to come from external database.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When kernel CONFIG_AUDIT is not set the /proc/<pid>/loginuid information
is not present resulting live sessions to be marked 'gone - no logout' in
last(1) print out. To go-around this change makes last(1) to look
/dev/<tty> device ownership as a substitute of loginuid.
The go-around seems to work fairly well, but it has it short comings.
For example after closing a X window session the /dev/ttyN file seems to
be owned by root, not the user who had it before entering to the X
session. While that is suboptimal it is still better than an attmempt to
determine uid_t by looking owner of the /proc/<struct utmp ut_pid>, that
is a login(1) process running as root.
The issue was found using Archlinux installation.
$ pacman -Qi linux
Name : linux
Version : 3.16-2
[...]
Build Date : Mon Aug 4 18:06:51 2014
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Also fix a pasting mistake where the chfn man page suggested
to use ypchsh or lchsh for non-local entries.
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
Fixing plain typos, miswordings, inconsistent periods, some missing
angular brackets, and a proper pluralization (even when it involves
a constant, because for some languages the precise value matters).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
If current TZ has no representation of a given time_t then localtime()
would return NULL and break the next strftime().
In practice this happens very likely on systems with 64bit time_t when
parsing broken binary data. Seen on aarch64 (and probably s390) using
our (incompatible) test wtmp data.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* rename to PWD-* column names
* add PWD-DENY for accounts where is no possible to login by password
* PWD-LOCK (was LOCKED) checks for valid but locked pawwords
* LOGIN renamed to USER
Signed-off-by: Karel Zak <kzak@redhat.com>
If we really need a sort functionality hardcoded into lslogins(1) then we need
a generic sort options (like for lsblk,--sort <column>).
Note that it seems that "lslogins | sort --key <col>" is good enough for now as
lslogins(1) does not convert any data to human readable non-precise format (like
for example lsblk SIZE column etc.).
Signed-off-by: Karel Zak <kzak@redhat.com>
* don't build list, but directly create a string
* don't mix IDs and group names on output
* add SUPP-GIDS to print only IDs
Signed-off-by: Karel Zak <kzak@redhat.com>
* check xasprintf() return code is unnecessary
* just check all scols_line_set_data() return codes on one place
Signed-off-by: Karel Zak <kzak@redhat.com>
For this approach do not use the ioctl TIOCMGET anymore as this
is for real serial lines only. But switch over to use the ioctl
KDGKBMODE as this is unique to the virtual console lines only.
Signed-off-by: Werner Fink <werner@suse.de>
That is that there are several consoles, the /dev/ttyS0 which
is type of ibm3215 and a dumb terminal, then there is the device
/dev/3270/tty1 which can handle ANSI color escape sequences and is
a ibm327x terminal, and the /dev/ttyS1 which is a vt220 terminal.
The macro is_speed() in agetty.c allows to distinguish between the
terminal line (/dev)3270/tty1 and the speed options on the command
line used in
/run/systemd/generator/getty.target.wants/serial-getty@3270-tty1.service
which is a symbolic link to /usr/lib/systemd/system/serial-getty@.service
Signed-off-by: Werner Fink <werner@suse.de>
Enable sulogin to find a suitable console device even if the first line
in /proc/consoles does not have any major and minor number.
Signed-off-by: Werner Fink <werner@suse.de>
The nowadays used plymouth locks the devices used for the system
console which causes that agetty as well as sulogin can not modify
the termios settings of e.g. the serial devices of the systenm console.
Signed-off-by: Werner Fink <werner@suse.de>
For no reason "full" did something else than "iso" or -F as you
see here:
$ ./last -f ../tests/ts/last/wtmp.LE --time-format=full | grep -A2 "no logout"
torvalds linux hobby Mon Aug 26 02:57:08 1991 gone - no logout
reboot system boot system-name Wed Aug 28 20:00:00 2013 still running
reboot system boot system-name Wed Aug 28 18:00:00 2013 - Wed Aug 28 19:00:00 2013 (01:00)
$ ./last -f ../tests/ts/last/wtmp.LE --time-format=iso | grep -A2 "no logout"
torvalds linux hobby 1991-08-26T02:57:08+0200 gone - no logout
reboot system boot system-name 2013-08-28T20:00:00+0200 still running
reboot system boot system-name 2013-08-28T18:00:00+0200 - 2013-08-28T19:00:00+0200 (01:00)
$ ./last -f ../tests/ts/last/wtmp.LE -F | grep -A2 "no logout"
torvalds linux hobby Mon Aug 26 02:57:08 1991 gone - no logout
reboot system boot system-name Wed Aug 28 20:00:00 2013 still running
reboot system boot system-name Wed Aug 28 18:00:00 2013 - Wed Aug 28 19:00:00 2013 (01:00)
Also note the useless leading space before "gone"
The only thing which matters is fmt->out width when printing these
strings like "still running". Now ctl->fulltime flag is unsused and
removed.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Protect a full stop (.), that begins or ends a string, with \&
Change '-' to '\-', if it indicates an option
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
Change comma (,) to a period (.) as it is the control character
Use macro RB instead of the reverse one (BR)
Add missing [ in front of an (optional) option
Protect a full stop (.), that begins or ends a string, with \&
Change '-' to '\-', if it indicates an option
Signed-off-by: Bjarni Ingi Gislason <bjarniig@rhi.hi.is>
The /proc/<pid>/loginuid is not always available, and when so a running
session should not be determined to be gone. This is a regression from
commit mentioned in reference.
Sessions that have started before previous system boot, and did not log
out meanwhile, will be marked as gone. It is fair to say that these
sessions are most likely result of a wtmp corruption.
Reference: 404fa3f93c
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The current code uses kill(0, caught_signal) after regular
signal cleanup and before exit (all just to make shells happy).
Unfortunately, kill(0, ...) is a bad idea. It seems better to use
kill(getpid(), ...) otherwise we kill our parent process too.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1063887
Signed-off-by: Karel Zak <kzak@redhat.com>
Earlier determination that used kill with signal zero to pid was prone to
false positive reports, due reuse of pid space and unrelated processes.
New function is_phantom() tries do a little bit better job, but fails to
be perfect. It seems linking to gether utmp session start time or
terminal id with /proc/<pid>/ information is not as simple as one might
hope.
Reported-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Let's use nanosleep() although if usleep() exists. The nanosleep
function does no interact with signals and other timers.
The patch introduces xusleep() as replacement to libc (or our fallback)
usleep(). Yes, we don't want to use struct timespec + nanosleep()
everywhere in code as nano-time resolution is useless for us.
The patch also enlarges delays in some busy wait loops. It seems
enough to try read/write 4x per second.
Signed-off-by: Karel Zak <kzak@redhat.com>
The su(1) logging code mix ups "old" and "new" passwd structs. The
result is things like
Sep 9 11:50:45 x2 su: (to kzak) kzak on none
in /var/log/messages. The right log entry is
Sep 9 11:50:45 x2 su: (to root) kzak on pts/3
The bug has been introduced by commit c74a7af17c.
References: https://bugzilla.redhat.com/show_bug.cgi?id=1005194
Signed-off-by: Karel Zak <kzak@redhat.com>
(unless bug[s]) This change is backwards compatibile. Earlier binary to
text dumps can be converted back to binary, or otherway around.
The only thing that will not work are IPv6 addresses that possible
earlier conversion had broke. Such conversions resulted with random IPv4
in place of IPv6 address in text format, and original information is gone
forever.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
In include/bits/utmp.h the ut_user and ut_time macros are marked with
comment they are backwards compatibility hacks. It is probably best to
avoid use of these macros where ever possible.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Use of uptime time stamp as previous boot login time makes the output not
constant, which is rather difficult to test. Verbal message 'system is
still running' makes testing easy, and noticing which boot is still
running clear to a person.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When a session time will reach whopping 10000 days the last round bracket
is unnecessarily removed from output.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The ISO-8601 format makes consuming time stamps easy with various
parsers. The format includes time zone information which is crucial when
an investigator is trying to make sense outputs collected from systems
all a across planet.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This allows reducing global variables and will minimize number of
arguments for functions making code a little bit easier to read, and
maintain.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Even while the YYYYMMDDHHMMSS time format it not magnificent it is best
to make it to be part of the one, and only, time format parser.
Proposed-by: Karel Zak <kzak@redhat.com>
References: http://markmail.org/message/6baqt4ttkopu7ra6
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
The 'Last login:' messages from PAM lastlogin module is unexpected
for non-login sessions or when -c <command> executed.
For example:
$ su - -c id
Last login: Wed Jul 24 08:36:28 CEST 2013 from dhcp-25-161.brq.redhat.com on pts/18
uid=0(root) gid=0(root) skupiny=0(root)
this makes 'su' useless in scripts.
This patch suppress all PAM_TEXT_INFO messages for -c and for
non-login session ('-' is not specified) after pam_authenticate() and
pam_acct_mgmt().
Note that the new PAM conversation function checks the first message
in the msg[] array only. It seems good enough as PAM internally uses
pam_info() function that does not use multiple messages for one conv
call.
References: https://bugzilla.redhat.com/show_bug.cgi?id=987787
Signed-off-by: Karel Zak <kzak@redhat.com>
Comment in the deletion tells everything necessary.
"This doesn't work on modern systems, where only a DNS lookup of the
result from hostname() will get you the domainname. Remember that
domainname() is the NIS domainname, not DNS. So basically this whole
piece of code is bullshit."
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Incremental number lists are more hard to get wrong with enum, and they
are nicer to debug as for example gdb is aware of these symbolic names.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Some of the ut_type numbers does not seem to be recognized by last(1) so
they are, at least for now, silently ignored. See glibc documentation
for information what the ignored EMPTY, INIT_PROCESS, LOGIN_PROCESS, and
ACCOUNTING mean.
Reference: FIXME
Signed-off-by: Sami Kerola <kerolasa@iki.fi>