The function user_match actually modifies the string passed as its
first argument, so use char * instead of const char *.

Signed-off-by: Tobias Stoeckmann <[email protected]>

…nd sysconf(_SC_LOGIN_NAME_MAX)

GNU Hurd doesn't define LOGIN_NAME_MAX.  GNU Hurd recommends having no
system limits.  When a program needs a limit, because it needs to
validate user input, it is recommended that each program defines its own
limit macros.  The rationale is that this avoids hard-coded limits in
ABIs, which cannot be modified ever.

However, that doesn't mean that programs should have no limits at all.
We use this limit for validating user input, and so we shouldn't allow
anything just because the system doesn't want to set a limit.

So, when sysconf(2) returns -1, either due to an error or due to a claim
for no limits, we must fall back to the LOGIN_NAME_MAX value.  And if
the system doesn't define that value, we must define it ourselves (we're
more or less free to choose any value, so let's pick the one that glibc
provides nowadays).

Fixes: 6a1f45d (2024-02-04; "lib/chkname.c: Support unlimited user name lengths")
Closes: <#1166>
Cc: Chris Hofstaedtler <[email protected]>
Reviewed-by: Samuel Thibault <[email protected]>
Reviewed-by: Tobias Stoeckmann <[email protected]>
Reviewed-by: Iker Pedrosa <[email protected]>
Signed-off-by: Alejandro Colomar <[email protected]>

The link to Wikipedia's article "Password strength" was added here in
2008 and Wikipedia went HTTPS-only 7 years later.

Link: <https://diff.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/>

These are not available on earlier versions and builds break there.

Signed-off-by: Alexander Kanavin <[email protected]>

The list_match function handles EXCEPT entries through recursive
calls. It calls itself with NULL, which was then passed to strtok so
parsing continued at current position.

Replacing strtok with strsep, this means that EXCEPT entries never
match, because strsep(NULL, ...) always returns NULL, i.e. the
code treats everything after EXCEPT as non-existing.

Fix this by passing current list pointer to recursive call.

Fixes: 90afe61 (2024-07-04; "lib/, src/: Use strsep(3) instead of strtok(3)")
Signed-off-by: Tobias Stoeckmann <[email protected]>

Bug-Debian: https://bugs.debian.org/968304

Bug-Debian: https://bugs.debian.org/1076260

Calling exit might trigger cleanup functions registered through
atexit. Since some programs use this mechanism, be extra cautious to
never release passwd/group locks too early.

Reviewed-by: Alejandro Colomar <[email protected]>
Signed-off-by: Tobias Stoeckmann <[email protected]>

With glibc we can use "e" in mode argument to set O_CLOEXEC on
opened files. The /etc/shadow and /etc/gshadow file handles should
be protected to make sure that they are never passed to child
processes by accident.

Reviewed-by: Alejandro Colomar <[email protected]>
Signed-off-by: Tobias Stoeckmann <[email protected]>

Add translation of manual pages, and update the translation of strings.

Bug-Debian: https://bugs.debian.org/1080487
[alx: fix typo: po => ro]
Reviewed-by: Alejandro Colomar <[email protected]>

Signed-off-by: Alejandro Colomar <[email protected]>