return value points to static data whose content is overwritten by
each call.
- Warning: The key space consists of 2**56 equal 7.2e16 possible values.
+ Warning: the key space consists of 2**56 equal 7.2e16 possible values.
Exhaustive searches of this key space are possible using massively
parallel computers. Software, such as crack(1), is available which
will search the portion of this key space that is generally used by
sudo for the shadow suite, is available as at:
<ftp://sunsite.unc.edu/pub/Linux/system/Admin/sudo-1.2-shadow.tgz>
- Warning: When you install sudo your /etc/sudoers file will be replaced
+ Warning: when you install sudo your /etc/sudoers file will be replaced
with a default one, so you need to make a backup of it if you have
added anything to the default one. (you could also edit the Makefile
and remove the line that copies the default file to /etc).
Here are common troubleshooting steps:
**Post-test inspection:**
-- **Container persistence**: After tests complete, containers are left running
+- **Container persistence**: after tests complete, containers are left running
to allow inspection of the test environment and debugging of any failures.
This enables you to examine logs, file states, and system configuration
that existed when tests ran.
```
**Command options explained:**
-- `--mh-config=mhc.yaml`: Specifies the multihost configuration file
-- `--mh-lazy-ssh`: Enables lazy SSH connections for better performance
-- `-v`: Verbose output showing individual test results
-- `-k`: Filters tests by name pattern
+- `--mh-config=mhc.yaml`: specifies the multihost configuration file
+- `--mh-lazy-ssh`: enables lazy SSH connections for better performance
+- `-v`: verbose output showing individual test results
+- `-k`: filters tests by name pattern
For additional running options,
see the [pytest-mh running tests documentation](https://pytest-mh.readthedocs.io/en/latest/articles/running-tests.html).
#
# Delay in seconds before being allowed another attempt after a login failure
-# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
+# Note: when PAM is used, some modules may enforce a minimum delay (e.g.
# pam_unix(8) enforces a 2s delay)
#
FAIL_DELAY 3
# Set to "no" if you need to copy encrypted passwords to other systems
# which don't understand the new algorithm. Default is "no".
#
-# Note: If you use PAM, it is recommended to use a value consistent with
+# Note: if you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
# This variable is deprecated. You should use ENCRYPT_METHOD instead.
# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
# Overrides the MD5_CRYPT_ENAB option
#
-# Note: If you use PAM, it is recommended to use a value consistent with
+# Note: if you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
#ENCRYPT_METHOD DES
# Used in pam_timestamp module to calculate the keyed-hash message
# authentication code.
#
-# Note: It is recommended to check hmac(3) to see the possible algorithms
+# Note: it is recommended to check hmac(3) to see the possible algorithms
# that are available in your system.
#
#HMAC_CRYPTO_ALGO SHA512
syslogd should log the current system time for each event, and not
trust the formatted time received from the unix domain (or worse,
UDP) socket. -MM */
-/* Avoid translated PAM error messages: Set LC_ALL to "C".
+/* Avoid translated PAM error messages: set LC_ALL to "C".
* --Nekral */
#define SYSLOG(x) \
do { \
*
* This function will return the minimum and maximum ranges for IDs
*
- * 0: The function completed successfully
- * EINVAL: The provided ranges are impossible (such as maximum < minimum)
+ * 0: the function completed successfully
+ * EINVAL: the provided ranges are impossible (such as maximum < minimum)
*
- * preferred_min: The special-case minimum value for a specifically-
+ * preferred_min: the special-case minimum value for a specifically-
* requested ID, which may be lower than the standard min_id
*/
static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
*
* This function will return the minimum and maximum ranges for IDs
*
- * 0: The function completed successfully
- * EINVAL: The provided ranges are impossible (such as maximum < minimum)
+ * 0: the function completed successfully
+ * EINVAL: the provided ranges are impossible (such as maximum < minimum)
*
- * preferred_min: The special-case minimum value for a specifically-
+ * preferred_min: the special-case minimum value for a specifically-
* requested ID, which may be lower than the standard min_id
*/
static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
* password expiration criteria.
*
* Return value:
- * 0: The password is still valid
- * 1: The password has expired, it must be changed
- * 2: The password has expired since a long time and the account is
+ * 0: the password is still valid
+ * 1: the password has expired, it must be changed
+ * 2: the password has expired since a long time and the account is
* now disabled. (password cannot be changed)
- * 3: The account has expired
+ * 3: the account has expired
*/
int isexpired (const struct passwd *pw, /*@null@*/const struct spwd *sp)
{
if (a2i(rlim_t, &l, value, NULL, 10, 0, type_max(rlim_t)) == -1
&& errno != ENOTSUP)
{
- return 0; // FIXME: We could instead throw an error, though.
+ return 0; // FIXME: we could instead throw an error, though.
}
if (__builtin_mul_overflow(l, multiplier, &limit)) {
- /* FIXME: Again, silent error handling...
+ /* FIXME: again, silent error handling...
* Wouldn't screaming make more sense?
*/
return 0;
* [Tt]: t = RLIMIT_CPU max CPU time (MIN)
* [Uu]: u = RLIMIT_NPROC max number of processes
*
- * NOTE: Remember to extend the "no-limits" string below when adding a new
+ * NOTE: remember to extend the "no-limits" string below when adding a new
* limit...
*
* Return value:
#endif
default:
/* Only report invalid strings once */
- /* Note: A string can be invalid just because a
+ /* Note: a string can be invalid just because a
* specific (theoretically valid) setting is not
* supported by this build.
* It is just a warning in syslog anyway. The line
* - '#' (comment) chars only as first chars on a line;
* - username must start on first column (or *, or @group)
*
- * FIXME: A better (smarter) checking should be done
+ * FIXME: a better (smarter) checking should be done
*/
while (fgets (buf, 1024, fil) != NULL) {
if (strprefix(buf, "#") || strprefix(buf, "\n")) {
* account)
* @group: the limit applies to the members of the group
*
- * To clarify: The first entry with matching user name rules,
+ * To clarify: the first entry with matching user name rules,
* everything after it is ignored. If there is no user entry,
* the last encountered entry for a matching group rules.
* If there is no matching group entry, the default limits rule.
if (info->pw_uid != 0) {
if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) {
(void) fputs (_("Too many logins.\n"), log_get_logfd());
- (void) sleep (2); /* XXX: Should be FAIL_DELAY */
+ (void) sleep (2); /* XXX: should be FAIL_DELAY */
exit (EXIT_FAILURE);
}
}
* presence of the correct number of colons. Any failing tests result
* in a NULL pointer being returned.
*
- * NOTE: This function uses hard-coded string scanning functions for
+ * NOTE: this function uses hard-coded string scanning functions for
* performance reasons. I am going to come up with some conditional
* compilation glarp to improve on this in the future.
*/
Naming conventions:
- 'r': reverse (search from the end).
- 'c': complement (negate the second argument).
- - 'stp': Return a pointer instead of a length.
+ - 'stp': return a pointer instead of a length.
stpspn()
Like strspn(3), but return a pointer instead of an offset.
};
/*
- * range_exists: Check whether @owner owns any ranges
+ * range_exists: check whether @owner owns any ranges
*
* @db: database to query
* @owner: owner being queried
/*
* subid_init: initialize libsubid
*
- * @progname: Name to display as program. If NULL, then "(libsubid)" will be
+ * @progname: name to display as program. If NULL, then "(libsubid)" will be
* shown in error messages.
- * @logfd: Open file pointer to pass error messages to. If NULL, then
+ * @logfd: open file pointer to pass error messages to. If NULL, then
* /dev/null will be opened and messages will be sent there. The
* default if libsubid_init() is not called is stderr (2).
*
/*
* subid_free: free memory allocated in any subid_* function
*
- * @ptr: Pointer to a memory block to release.
+ * @ptr: pointer to a memory block to release.
*
* Some functions like @subid_get_uid_ranges allocate memory internally. As
* soon as a result is no longer needed, it should be freed with this routine.
* subid_get_uid_owners: return a list of uids to which the given uid has been
* delegated.
*
- * @uid: The subuid being queried
+ * @uid: the subuid being queried
* @owners: a pointer to an array of uids into which the results are placed.
* The returned array must be freed by the caller.
*
* subid_get_gid_owners: return a list of uids to which the given gid has been
* delegated.
*
- * @uid: The subgid being queried
+ * @uid: the subgid being queried
* @owners: a pointer to an array of uids into which the results are placed.
* The returned array must be freed by the caller.
*
Do not perform authentication, user is preauthenticated.
</para>
<para>
- Note: In that case, <replaceable>username</replaceable> is
+ Note: in that case, <replaceable>username</replaceable> is
mandatory.
</para>
</listitem>
used.
</para>
<para condition="pam">
- Note: This only affect the generation of group passwords.
+ Note: this only affect the generation of group passwords.
The generation of user passwords is done by PAM and subject to the
PAM configuration. It is recommended to set this variable
consistently with the PAM configuration.
variable.
</para>
<para condition="pam">
- Note: This only affects the generation of group passwords.
+ Note: this only affects the generation of group passwords.
The generation of user passwords is done by PAM and subject to the
PAM configuration. It is recommended to set this variable
consistently with the PAM configuration.
code.
</para>
<para>
- Note: Check <refentrytitle>hmac</refentrytitle><manvolnum>3</manvolnum>
+ Note: check <refentrytitle>hmac</refentrytitle><manvolnum>3</manvolnum>
to see the possible algorithms that are available in your system.
</para>
</listitem>
<option>ENCRYPT_METHOD</option>.
</para>
<para condition="pam">
- Note: This only affect the generation of group passwords.
+ Note: this only affect the generation of group passwords.
The generation of user passwords is done by PAM and subject to the
PAM configuration. It is recommended to set this variable
consistently with the PAM configuration.
used.
</para>
<para condition="pam">
- Note: This only affect the generation of group passwords.
+ Note: this only affect the generation of group passwords.
The generation of user passwords is done by PAM and subject to the
PAM configuration. It is recommended to set this variable
consistently with the PAM configuration.
The value must be inside the 1-11 range.
</para>
<para condition="pam">
- Note: This only affect the generation of group passwords.
+ Note: this only affect the generation of group passwords.
The generation of user passwords is done by PAM and subject to the
PAM configuration. It is recommended to set this variable
consistently with the PAM configuration.
* The information are copied in group structure(s) so that they can be
* modified later.
*
- * Note: If !is_shadowgrp, *sg will not be initialized.
+ * Note: if !is_shadowgrp, *sg will not be initialized.
*/
#ifdef SHADOWGRP
static void get_group(struct group *gr, struct sgrp *sg, const struct option_flags *flags)
* also in other_members.
* file and other_file are used for logging.
*
- * TODO: No changes are performed on the lists.
+ * TODO: no changes are performed on the lists.
*/
static void compare_members_lists (const char *groupname,
char **members,
retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
PAM_FAIL_CHECK;
- /* NOTE: If pam_setcred changes PAM_USER, this will not be taken
+ /* Note: if pam_setcred changes PAM_USER, this will not be taken
* into account.
*/
/*
* There must be a match, either by GID value or by
* string name.
- * FIXME: It should exist according to gr_locate,
+ * FIXME: it should exist according to gr_locate,
* otherwise, we can't change its members
*/
if (NULL == grp) {
#endif /* WITH_TCB */
/*
* Check to make certain the user isn't logged in.
- * Note: This is a best effort basis. The user may log in between,
+ * Note: this is a best effort basis. The user may log in between,
* a cron job may be started on her behalf, etc.
*/
if (streq(prefix, "") && !flags.chroot && user_busy(user_name, user_id) != 0) {
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:1:18294:' ] || exit 1
echo "testing option -I"
-# NOTE: I could pass a date to -I
+# Note: I could pass a date to -I
chage -I 42 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:42:18294:' ] || exit 1
echo "testing option -I -1"
-# NOTE: this behavior is not documented
+# Note: this behavior is not documented
chage -I -1 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7::18294:' ] || exit 1
echo "testing option -I 0"
-# NOTE: We should check that this is the expected behavior
+# Note: we should check that this is the expected behavior
chage -I 0 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:0:18294:' ] || exit 1
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:24:99999:7:12:18294:' ] || exit 1
echo "testing option -m -1"
-# NOTE: this behavior is not documented
+# Note: this behavior is not documented
chage -m -1 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280::99999:7:12:18294:' ] || exit 1
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:0:99999:7:12:18294:' ] || exit 1
echo "testing option --mindays"
chage --min 1 myuser7
-# NOTE: that shouldn't have work
+# Note: that shouldn't have work
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:99999:7:12:18294:' ] || exit 1
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:25:7:12:18294:' ] || exit 1
echo "testing option -M -1"
-# NOTE: this behavior is not documented
+# Note: this behavior is not documented
chage -M -1 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1::7:12:18294:' ] || exit 1
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2:26:12:18294:' ] || exit 1
echo "testing option -W -1"
-# NOTE: this behavior is not documented
+# Note: this behavior is not documented
chage -W -1 myuser7
ent=$(getent shadow myuser7)
[ "$ent" = 'myuser7:$1$yQnIAZWV$gDAMB2IkqaONgrQiRdo4y.:15280:1:2::12:18294:' ] || exit 1
. ../../../common/log.sh
log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
-# FIXME: The PAM and !PAM versions differs:
+# FIXME: the PAM and !PAM versions differs:
# PAM will create a shadow entry if the shadow file exists
# !PAM will update the passwd entry and leave the shadow file untouched
. ../../../common/log.sh
log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
-# FIXME: The PAM and !PAM versions differs:
+# FIXME: the PAM and !PAM versions differs:
# PAM will create a shadow entry if the shadow file exists
# !PAM will update the passwd entry and leave the shadow file untouched
. ../../../common/log.sh
log_start "$0" "chpasswd changes the passwd entry if there are no shadow entries"
-# FIXME: The PAM and !PAM versions differs:
+# FIXME: the PAM and !PAM versions differs:
# PAM will create a shadow entry if the shadow file exists
# !PAM will update the passwd entry and leave the shadow file untouched
projects / thirdparty / shadow.git / commitdiff
