pool/shadow
SHA256
2
0
Fork 2
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 709907 from Base:System

Browse Source 
- Update to 4.7:
  * Spawn: don't loop forever on ECHILD
  * Do not fail locking if there is a stale lockfile (Tomas Mraz)
  * Use lckpwdf if prefix not set (Tomas Mraz)
  * Build: check correct DocBook version (Jan Tojnar)
  * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
  * Add support for btrfs subvolumes for home (Adam Majer)
  * Fix chpasswd long line handling (Nathan Ruiz)
  * Use secure_getenv for gettime (Chris Lamb)
  * Make sp_lstchg reproducible (Chris Lamb)
  * Do not crash commonio_close if db file is not open (Tomas Mraz)
  * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
  * French manpage update (Alban VIDAL)
  * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
  * Sync po files from shadow.pot (Alban VIDAL)
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
  * Fix segfault in useradd (Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
  * run pam_getenvlist after setup_env in su.c (Michael Vogt)
  * Support systems with only utmpx (A. Wilcox)
  * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
  * Update po/zh_CN translation (Lion Yang)
  * Create parent dirs for useradd -m (Michael Vetter)
  * Prevent usermod segv
  * Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):

OBS-URL: https://build.opensuse.org/request/show/709907
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=32
This commit is contained in:
Dominique Leuenberger 2019-07-13 11:33:06 +00:00 committed by Git OBS Bridge
commit 24f5896ea4
12 changed files with 73 additions and 517 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

318
btrfs-subvolumes.patch
View File

@ -1,318 +0,0 @@
commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b
Author: Adam Majer <amajer@suse.de>
Date: Wed Jan 23 16:17:05 2019 +0100
Add autotools support for BtrFS option
Feature is enabled by default, if headers are available. It can be
turned off explictly.
commit 81ead2042afcdb8d423da855cf1528618a4e0c01
Author: Adam Majer <amajer@suse.de>
Date: Mon Jan 21 09:32:36 2019 +0100
Add support for btrfs subvolumes for user homes
new switch added to useradd command, --btrfs-subvolume-home. When
specified *and* the filesystem is detected as btrfs, it will create a
subvolume for user's home instead of a plain directory. This is done via
`btrfs subvolume` command. Specifying the new switch while trying to
create home on non-btrfs will result in an error.
userdel -r will handle and remove this subvolume transparently via
`btrfs subvolume` command. Previosuly this failed as you can't rmdir a
subvolume.
usermod, when moving user's home across devices, will detect if the home
is a subvolume and issue an error messages instead of copying it. Moving
user's home (as subvolume) on same btrfs works transparently.
--- a/configure.ac
+++ b/configure.ac
@@ -256,6 +256,9 @@ AC_ARG_WITH(audit,
AC_ARG_WITH(libpam,
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
[with_libpam=$withval], [with_libpam=maybe])
+AC_ARG_WITH(btrfs,
+ [AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
+ [with_selinux=$withval], [with_selinux=maybe])
AC_ARG_WITH(selinux,
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
[with_selinux=$withval], [with_selinux=maybe])
@@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
fi
+if test "$with_btrfs" != "no"; then
+ AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
+ [btrfs_headers="yes"], [btrfs_headers="no"])
+ if test "$btrfs_headers$with_btrfs" = "noyes" ; then
+ AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
+ fi
+
+ if test "$btrfs_headers" = "yes" ; then
+ AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
+ with_btrfs="yes"
+ fi
+fi
+AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
+
AC_SUBST(LIBSELINUX)
AC_SUBST(LIBSEMANAGE)
if test "$with_selinux" != "no"; then
@@ -672,6 +689,7 @@ if test "$with_libpam" = "yes"; then
echo " suid account management tools: $enable_acct_tools_setuid"
fi
echo " SELinux support: $with_selinux"
+echo " BtrFS support: $with_btrfs"
echo " ACL support: $with_acl"
echo " Extended Attributes support: $with_attr"
echo " tcb support (incomplete): $with_tcb"
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -72,6 +72,14 @@ extern int expire (const struct passwd *
/* isexpired.c */
extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
+/* btrfs.c */
+#ifdef WITH_BTRFS
+extern int btrfs_create_subvolume(const char *path);
+extern int btrfs_remove_subvolume(const char *path);
+extern int btrfs_is_subvolume(const char *path);
+extern int is_btrfs(const char *path);
+#endif
+
/* basename() renamed to Basename() to avoid libc name space confusion */
/* basename.c */
extern /*@observer@*/const char *Basename (const char *str);
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -72,3 +72,8 @@ libmisc_a_SOURCES = \
xgetspnam.c \
xmalloc.c \
yesno.c
+
+if WITH_BTRFS
+libmisc_a_SOURCES += btrfs.c
+endif
+
--- /dev/null
+++ b/libmisc/btrfs.c
@@ -0,0 +1,94 @@
+#include <linux/btrfs_tree.h>
+#include <linux/magic.h>
+#include <sys/statfs.h>
+
+#include "prototypes.h"
+
+
+static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const char *arg2)
+{
+ int status = 0;
+ const char *cmd = "/sbin/btrfs";
+ const char *argv[] = {
+ strrchr(cmd, '/'),
+ "subvolume",
+ subcmd,
+ arg1,
+ arg2,
+ NULL
+ };
+
+ if (argv[0] == NULL)
+ argv[0] = cmd;
+ else
+ argv[0] = argv[0] + 1;
+
+ if (access(cmd, X_OK)) {
+ return 1;
+ }
+
+ if (run_command(cmd, argv, NULL, &status))
+ return -1;
+ return status;
+}
+
+
+int btrfs_create_subvolume(const char *path)
+{
+ return run_btrfs_subvolume_cmd("create", path, NULL);
+}
+
+
+int btrfs_remove_subvolume(const char *path)
+{
+ return run_btrfs_subvolume_cmd("delete", "-C", path);
+}
+
+
+/* Adapted from btrfsprogs */
+/*
+ * This intentionally duplicates btrfs_util_is_subvolume_fd() instead of opening
+ * a file descriptor and calling it, because fstat() and fstatfs() don't accept
+ * file descriptors opened with O_PATH on old kernels (before v3.6 and before
+ * v3.12, respectively), but stat() and statfs() can be called on a path that
+ * the user doesn't have read or write permissions to.
+ *
+ * returns:
+ * 1 - btrfs subvolume
+ * 0 - not btrfs subvolume
+ * -1 - error
+ */
+int btrfs_is_subvolume(const char *path)
+{
+ struct stat st;
+ int ret;
+
+ ret = is_btrfs(path);
+ if (ret <= 0)
+ return ret;
+
+ ret = stat(path, &st);
+ if (ret == -1)
+ return -1;
+
+ if (st.st_ino != BTRFS_FIRST_FREE_OBJECTID || !S_ISDIR(st.st_mode)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+
+/* Adapted from btrfsprogs */
+int is_btrfs(const char *path)
+{
+ struct statfs sfs;
+ int ret;
+
+ ret = statfs(path, &sfs);
+ if (ret == -1)
+ return -1;
+
+ return sfs.f_type == BTRFS_SUPER_MAGIC;
+}
+
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -164,6 +164,7 @@ static bool
oflg = false, /* permit non-unique user ID to be specified with -u */
rflg = false, /* create a system account */
sflg = false, /* shell program for new account */
+ subvolflg = false, /* create subvolume home on BTRFS */
uflg = false, /* specify user ID for new account */
Uflg = false; /* create a group having the same name as the user */
@@ -805,6 +806,9 @@ static void usage (int status)
Prog, Prog, Prog);
(void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
" new account\n"), usageout);
+#ifdef WITH_BTRFS
+ (void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout);
+#endif
(void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
(void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
@@ -1085,6 +1089,9 @@ static void process_flags (int argc, cha
int c;
static struct option long_options[] = {
{"base-dir", required_argument, NULL, 'b'},
+#ifdef WITH_BTRFS
+ {"btrfs-subvolume-home", no_argument, NULL, 200},
+#endif
{"comment", required_argument, NULL, 'c'},
{"home-dir", required_argument, NULL, 'd'},
{"defaults", no_argument, NULL, 'D'},
@@ -1131,6 +1138,9 @@ static void process_flags (int argc, cha
def_home = optarg;
bflg = true;
break;
+ case 200:
+ subvolflg = true;
+ break;
case 'c':
if (!VALID (optarg)) {
fprintf (stderr,
@@ -2049,6 +2059,37 @@ static void create_home (void)
strcat (path, "/");
strcat (path, cp);
if (access (path, F_OK) != 0) {
+ /* Check if parent directory is BTRFS, fail if requesting
+ subvolume but no BTRFS. The paths cound be different by the
+ trailing slash
+ */
+#if WITH_BTRFS
+ if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
+ char *btrfs_check = strdup(path);
+
+ if (!btrfs_check) {
+ fprintf (stderr,
+ _("%s: error while duplicating string in BTRFS check %s\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
+ if (is_btrfs(btrfs_check) <= 0) {
+ fprintf (stderr,
+ _("%s: home directory \"%s\" must be mounted on BTRFS\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ // make subvolume to mount for user instead of directory
+ if (btrfs_create_subvolume(path)) {
+ fprintf (stderr,
+ _("%s: failed to create BTRFS subvolume: %s\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ }
+ else
+#endif
if (mkdir (path, 0) != 0) {
fprintf (stderr,
_("%s: cannot create directory %s\n"),
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -1273,6 +1273,23 @@ int main (int argc, char **argv)
#endif /* EXTRA_CHECK_HOME_DIR */
if (rflg) {
+#ifdef WITH_BTRFS
+ int is_subvolume = btrfs_is_subvolume (user_home);
+ if (is_subvolume < 0) {
+ errors++;
+ /* continue */
+ }
+ else if (is_subvolume > 0) {
+ if (btrfs_remove_subvolume (user_home)) {
+ fprintf (stderr,
+ _("%s: error removing subvolume %s\n"),
+ Prog, user_home);
+ errors++;
+ /* continue */
+ }
+ }
+ else
+#endif
if (remove_tree (user_home, true) != 0) {
fprintf (stderr,
_("%s: error removing directory %s\n"),
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1818,6 +1818,15 @@ static void move_home (void)
return;
} else {
if (EXDEV == errno) {
+#ifdef WITH_BTRFS
+ if (btrfs_is_subvolume (prefix_user_home) > 0) {
+ fprintf (stderr,
+ _("%s: error: cannot move subvolume from %s to %s - different device\n"),
+ Prog, prefix_user_home, prefix_user_newhome);
+ fail_exit (E_HOMEDIR);
+ }
+#endif
+
if (copy_tree (prefix_user_home, prefix_user_newhome, true,
true,
user_id,

86
shadow-4.6.0-fix-usermod-prefix-crash.patch
View File

@ -1,86 +0,0 @@
Bug: https://github.com/shadow-maint/shadow/issues/110
Containing following two fixes.
From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001
From: fariouche <fariouche@yahoo.fr>
Date: Tue, 8 May 2018 21:17:46 -0500
Subject: [PATCH 1/2] Fix usermod crash
Return newly allocated pointers when the caller will free them.
Closes #110
---
libmisc/prefix_flag.c | 2 +-
src/usermod.c | 10 ++++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 6581235e..8ceffd26 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return prefix_getgrnam (grname);
+ return __gr_dup(prefix_getgrnam (grname));
}
else
return getgr_nam_gid(grname);
diff --git a/src/usermod.c b/src/usermod.c
index e571426f..7355ad31 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv)
prefix_user_home = xmalloc(len);
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
assert (wlen == (int) len -1);
+ if (user_newhome) {
+ len = strlen(prefix) + strlen(user_newhome) + 2;
+ prefix_user_newhome = xmalloc(len);
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+ assert (wlen == (int) len -1);
+ }
- len = strlen(prefix) + strlen(user_newhome) + 2;
- prefix_user_newhome = xmalloc(len);
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
- assert (wlen == (int) len -1);
}
else {
prefix_user_home = user_home;
From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn@cisco.com>
Date: Tue, 8 May 2018 21:37:55 -0500
Subject: [PATCH 2/2] usermod: prevent a segv
in the case where prefix does not exist.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
---
libmisc/prefix_flag.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 8ceffd26..96b11faa 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
{
long long int gid;
char *endptr;
+ struct group *g;
if (NULL == grname) {
return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return __gr_dup(prefix_getgrnam (grname));
+ g = prefix_getgrnam (grname);
+ return g ? __gr_dup(g) : NULL;
}
else
return getgr_nam_gid(grname);

3
shadow-4.6.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583
size 1678100

11
shadow-4.6.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
=fk/F
-----END PGP SIGNATURE-----

3
shadow-4.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
size 1624340

11
shadow-4.7.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
=dbPQ
-----END PGP SIGNATURE-----

8
shadow-util-linux.patch
View File

@ -109,11 +109,11 @@ Index: lib/getdef.c
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -93,6 +95,7 @@ static struct itemdef def_table[] = {
{"GID_MIN", NULL},
{"HUSHLOGIN_FILE", NULL},
@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
{"KILLCHAR", NULL},
+ {"LOGIN_PLAIN_PROMPT", NULL},
{"LASTLOG_UID_MAX", NULL},
{"LOGIN_RETRIES", NULL},
+ {"LOGIN_PLAIN_PROMPT", NULL},
{"LOGIN_TIMEOUT", NULL},
{"LOG_OK_LOGINS", NULL},
{"LOG_UNKFAIL_ENAB", NULL},

42
shadow.changes
View File

@ -1,3 +1,45 @@
-------------------------------------------------------------------
Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
- Update to 4.7:
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):
upstreamed: https://github.com/shadow-maint/shadow/pull/149
- Remove useradd-mkdirs.patch (bsc#865563):
upstreamed https://github.com/shadow-maint/shadow/pull/112
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
upstreamed https://github.com/shadow-maint/shadow/issues/110
- Rebase userdel-script.patch
- Rebase useradd-script.patch
- Rebase shadow-util-linux.patch
-------------------------------------------------------------------
Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

13
shadow.spec
View File

@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: shadow
Version: 4.6
Version: 4.7
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
@ -53,18 +53,12 @@ Patch6: shadow-4.1.5.1-userdel-helpfix.patch
Patch7: shadow-4.1.5.1-logmsg.patch
# PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix).
Patch10: encryption_method_nis.patch
# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehrens@suse.com -- Create all parts of the path.
Patch11: useradd-mkdirs.patch
# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvetter@suse.com -- Fixes crash in usermod when called with --prefix.
Patch12: shadow-4.6.0-fix-usermod-prefix-crash.patch
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
Patch13: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
# PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.majer@suse.de -- Add support for btrfs subvolumes for user homes.
Patch21: btrfs-subvolumes.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
@ -105,14 +99,11 @@ group accounts.
%patch6
%patch7
%patch10
%patch11 -p1
%patch12 -p1
%patch13
%patch14
%if 0%{?suse_version} < 1330
%patch20 -p1
%endif
%patch21 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO

73
useradd-mkdirs.patch
View File

@ -1,73 +0,0 @@
https://github.com/shadow-maint/shadow/pull/112
useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2
* check for stdup failure
* create dirs with 0755 instead of 0777
diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c
--- shadow-4.6/src/useradd.c 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6.new-useradd-mkdirs/src/useradd.c 2018-05-15 17:11:03.706371270 +0200
@@ -2018,6 +2018,19 @@
static void create_home (void)
{
if (access (prefix_user_home, F_OK) != 0) {
+ char path[strlen (prefix_user_home) + 2];
+ char *bhome, *cp;
+
+ path[0] = '\0';
+ bhome = strdup (prefix_user_home);
+ if (!bhome) {
+ fprintf (stderr,
+ _("%s: error while duplicating string %s\n"),
+ Prog, user_home);
+ fail_exit (E_HOMEDIR);
+ }
+ ++bhome;
+
#ifdef WITH_SELINUX
if (set_selinux_file_context (prefix_user_home) != 0) {
fprintf (stderr,
@@ -2026,11 +2039,20 @@
fail_exit (E_HOMEDIR);
}
#endif
- /* XXX - create missing parent directories. --marekm */
- if (mkdir (prefix_user_home, 0) != 0) {
+
+ /* Check for every part of the path, if the directory
+ exists. If not, create it with permissions 755 and
+ owner root:root.
+ */
+ cp = strtok (bhome, "/");
+ while (cp) {
+ strcat (path, "/");
+ strcat (path, cp);
+ if (access (path, F_OK) != 0) {
+ if (mkdir (path, 0) != 0) {
fprintf (stderr,
_("%s: cannot create directory %s\n"),
- Prog, prefix_user_home);
+ Prog, path);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding home directory",
@@ -2039,6 +2061,20 @@
#endif
fail_exit (E_HOMEDIR);
}
+ if (chown (path, 0, 0) < 0) {
+ fprintf (stderr,
+ _("%s: warning: chown on `%s' failed: %m\n"),
+ Prog, path);
+ }
+ if (chmod (path, 0755) < 0) {
+ fprintf (stderr,
+ _("%s: warning: chmod on `%s' failed: %m\n"),
+ Prog, path);
+ }
+ }
+ cp = strtok (NULL, "/");
+ }
+
(void) chown (prefix_user_home, user_id, user_gid);
chmod (prefix_user_home,
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));

8
useradd-script.patch
View File

@ -20,7 +20,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -125,6 +125,7 @@ static struct itemdef def_table[] = {
@@ -126,6 +126,7 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL},
{"UID_MIN", NULL},
{"UMASK", NULL},
@ -32,7 +32,7 @@ Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -2115,6 +2115,30 @@ static void create_mail (void)
@@ -2216,6 +2216,30 @@ static void create_mail (void)
}
/*
@ -63,9 +63,9 @@ Index: src/useradd.c
* main - useradd command
*/
int main (int argc, char **argv)
@@ -2390,6 +2414,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
@@ -2492,6 +2516,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ call_script (user_name);
+

14
userdel-script.patch
View File

@ -2,7 +2,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -126,6 +126,8 @@ static struct itemdef def_table[] = {
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
{"UID_MIN", NULL},
{"UMASK", NULL},
{"USERDEL_CMD", NULL},
@ -45,7 +45,7 @@ Index: src/userdel.c
===================================================================
--- src/userdel.c.orig
+++ src/userdel.c
@@ -125,7 +125,7 @@ static void close_files (void);
@@ -126,7 +126,7 @@ static void close_files (void);
static void fail_exit (int);
static void open_files (void);
static void update_user (void);
@ -54,7 +54,7 @@ Index: src/userdel.c
#ifdef EXTRA_CHECK_HOME_DIR
static bool path_prefix (const char *, const char *);
@@ -767,13 +767,13 @@ static void update_user (void)
@@ -768,13 +768,13 @@ static void update_user (void)
* cron, at, or print jobs.
*/
@ -70,7 +70,7 @@ Index: src/userdel.c
if (NULL == cmd) {
return;
}
@@ -1213,9 +1213,10 @@ int main (int argc, char **argv)
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
}
/*
@ -83,7 +83,7 @@ Index: src/userdel.c
open_files ();
update_user ();
update_groups ();
@@ -1319,7 +1320,7 @@ int main (int argc, char **argv)
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
* the entry from /etc/passwd.
*/
if(prefix[0] == '\0')
@ -92,9 +92,9 @@ Index: src/userdel.c
close_files ();
#ifdef WITH_TCB
@@ -1329,6 +1330,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ /* Call the post script, for example to rebuild NIS database */
+ call_script ("USERDEL_POSTCMD", user_name);