diff --git a/btrfs-subvolumes.patch b/btrfs-subvolumes.patch deleted file mode 100644 index e2fa4ad..0000000 --- a/btrfs-subvolumes.patch +++ /dev/null @@ -1,318 +0,0 @@ -commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b -Author: Adam Majer -Date: Wed Jan 23 16:17:05 2019 +0100 - - Add autotools support for BtrFS option - - Feature is enabled by default, if headers are available. It can be - turned off explictly. - -commit 81ead2042afcdb8d423da855cf1528618a4e0c01 -Author: Adam Majer -Date: Mon Jan 21 09:32:36 2019 +0100 - - Add support for btrfs subvolumes for user homes - - new switch added to useradd command, --btrfs-subvolume-home. When - specified *and* the filesystem is detected as btrfs, it will create a - subvolume for user's home instead of a plain directory. This is done via - `btrfs subvolume` command. Specifying the new switch while trying to - create home on non-btrfs will result in an error. - - userdel -r will handle and remove this subvolume transparently via - `btrfs subvolume` command. Previosuly this failed as you can't rmdir a - subvolume. - - usermod, when moving user's home across devices, will detect if the home - is a subvolume and issue an error messages instead of copying it. Moving - user's home (as subvolume) on same btrfs works transparently. - - ---- a/configure.ac -+++ b/configure.ac -@@ -256,6 +256,9 @@ AC_ARG_WITH(audit, - AC_ARG_WITH(libpam, - [AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])], - [with_libpam=$withval], [with_libpam=maybe]) -+AC_ARG_WITH(btrfs, -+ [AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])], -+ [with_selinux=$withval], [with_selinux=maybe]) - AC_ARG_WITH(selinux, - [AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])], - [with_selinux=$withval], [with_selinux=maybe]) -@@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then - AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.])) - fi - -+if test "$with_btrfs" != "no"; then -+ AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \ -+ [btrfs_headers="yes"], [btrfs_headers="no"]) -+ if test "$btrfs_headers$with_btrfs" = "noyes" ; then -+ AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing]) -+ fi -+ -+ if test "$btrfs_headers" = "yes" ; then -+ AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support]) -+ with_btrfs="yes" -+ fi -+fi -+AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes) -+ - AC_SUBST(LIBSELINUX) - AC_SUBST(LIBSEMANAGE) - if test "$with_selinux" != "no"; then -@@ -672,6 +689,7 @@ if test "$with_libpam" = "yes"; then - echo " suid account management tools: $enable_acct_tools_setuid" - fi - echo " SELinux support: $with_selinux" -+echo " BtrFS support: $with_btrfs" - echo " ACL support: $with_acl" - echo " Extended Attributes support: $with_attr" - echo " tcb support (incomplete): $with_tcb" ---- a/lib/prototypes.h -+++ b/lib/prototypes.h -@@ -72,6 +72,14 @@ extern int expire (const struct passwd * - /* isexpired.c */ - extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *); - -+/* btrfs.c */ -+#ifdef WITH_BTRFS -+extern int btrfs_create_subvolume(const char *path); -+extern int btrfs_remove_subvolume(const char *path); -+extern int btrfs_is_subvolume(const char *path); -+extern int is_btrfs(const char *path); -+#endif -+ - /* basename() renamed to Basename() to avoid libc name space confusion */ - /* basename.c */ - extern /*@observer@*/const char *Basename (const char *str); ---- a/libmisc/Makefile.am -+++ b/libmisc/Makefile.am -@@ -72,3 +72,8 @@ libmisc_a_SOURCES = \ - xgetspnam.c \ - xmalloc.c \ - yesno.c -+ -+if WITH_BTRFS -+libmisc_a_SOURCES += btrfs.c -+endif -+ ---- /dev/null -+++ b/libmisc/btrfs.c -@@ -0,0 +1,94 @@ -+#include -+#include -+#include -+ -+#include "prototypes.h" -+ -+ -+static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const char *arg2) -+{ -+ int status = 0; -+ const char *cmd = "/sbin/btrfs"; -+ const char *argv[] = { -+ strrchr(cmd, '/'), -+ "subvolume", -+ subcmd, -+ arg1, -+ arg2, -+ NULL -+ }; -+ -+ if (argv[0] == NULL) -+ argv[0] = cmd; -+ else -+ argv[0] = argv[0] + 1; -+ -+ if (access(cmd, X_OK)) { -+ return 1; -+ } -+ -+ if (run_command(cmd, argv, NULL, &status)) -+ return -1; -+ return status; -+} -+ -+ -+int btrfs_create_subvolume(const char *path) -+{ -+ return run_btrfs_subvolume_cmd("create", path, NULL); -+} -+ -+ -+int btrfs_remove_subvolume(const char *path) -+{ -+ return run_btrfs_subvolume_cmd("delete", "-C", path); -+} -+ -+ -+/* Adapted from btrfsprogs */ -+/* -+ * This intentionally duplicates btrfs_util_is_subvolume_fd() instead of opening -+ * a file descriptor and calling it, because fstat() and fstatfs() don't accept -+ * file descriptors opened with O_PATH on old kernels (before v3.6 and before -+ * v3.12, respectively), but stat() and statfs() can be called on a path that -+ * the user doesn't have read or write permissions to. -+ * -+ * returns: -+ * 1 - btrfs subvolume -+ * 0 - not btrfs subvolume -+ * -1 - error -+ */ -+int btrfs_is_subvolume(const char *path) -+{ -+ struct stat st; -+ int ret; -+ -+ ret = is_btrfs(path); -+ if (ret <= 0) -+ return ret; -+ -+ ret = stat(path, &st); -+ if (ret == -1) -+ return -1; -+ -+ if (st.st_ino != BTRFS_FIRST_FREE_OBJECTID || !S_ISDIR(st.st_mode)) { -+ return 0; -+ } -+ -+ return 1; -+} -+ -+ -+/* Adapted from btrfsprogs */ -+int is_btrfs(const char *path) -+{ -+ struct statfs sfs; -+ int ret; -+ -+ ret = statfs(path, &sfs); -+ if (ret == -1) -+ return -1; -+ -+ return sfs.f_type == BTRFS_SUPER_MAGIC; -+} -+ ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -164,6 +164,7 @@ static bool - oflg = false, /* permit non-unique user ID to be specified with -u */ - rflg = false, /* create a system account */ - sflg = false, /* shell program for new account */ -+ subvolflg = false, /* create subvolume home on BTRFS */ - uflg = false, /* specify user ID for new account */ - Uflg = false; /* create a group having the same name as the user */ - -@@ -805,6 +806,9 @@ static void usage (int status) - Prog, Prog, Prog); - (void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n" - " new account\n"), usageout); -+#ifdef WITH_BTRFS -+ (void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout); -+#endif - (void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout); - (void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout); - (void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout); -@@ -1085,6 +1089,9 @@ static void process_flags (int argc, cha - int c; - static struct option long_options[] = { - {"base-dir", required_argument, NULL, 'b'}, -+#ifdef WITH_BTRFS -+ {"btrfs-subvolume-home", no_argument, NULL, 200}, -+#endif - {"comment", required_argument, NULL, 'c'}, - {"home-dir", required_argument, NULL, 'd'}, - {"defaults", no_argument, NULL, 'D'}, -@@ -1131,6 +1138,9 @@ static void process_flags (int argc, cha - def_home = optarg; - bflg = true; - break; -+ case 200: -+ subvolflg = true; -+ break; - case 'c': - if (!VALID (optarg)) { - fprintf (stderr, -@@ -2049,6 +2059,37 @@ static void create_home (void) - strcat (path, "/"); - strcat (path, cp); - if (access (path, F_OK) != 0) { -+ /* Check if parent directory is BTRFS, fail if requesting -+ subvolume but no BTRFS. The paths cound be different by the -+ trailing slash -+ */ -+#if WITH_BTRFS -+ if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) { -+ char *btrfs_check = strdup(path); -+ -+ if (!btrfs_check) { -+ fprintf (stderr, -+ _("%s: error while duplicating string in BTRFS check %s\n"), -+ Prog, path); -+ fail_exit (E_HOMEDIR); -+ } -+ btrfs_check[strlen(path) - strlen(cp) - 1] = '\0'; -+ if (is_btrfs(btrfs_check) <= 0) { -+ fprintf (stderr, -+ _("%s: home directory \"%s\" must be mounted on BTRFS\n"), -+ Prog, path); -+ fail_exit (E_HOMEDIR); -+ } -+ // make subvolume to mount for user instead of directory -+ if (btrfs_create_subvolume(path)) { -+ fprintf (stderr, -+ _("%s: failed to create BTRFS subvolume: %s\n"), -+ Prog, path); -+ fail_exit (E_HOMEDIR); -+ } -+ } -+ else -+#endif - if (mkdir (path, 0) != 0) { - fprintf (stderr, - _("%s: cannot create directory %s\n"), ---- a/src/userdel.c -+++ b/src/userdel.c -@@ -1273,6 +1273,23 @@ int main (int argc, char **argv) - #endif /* EXTRA_CHECK_HOME_DIR */ - - if (rflg) { -+#ifdef WITH_BTRFS -+ int is_subvolume = btrfs_is_subvolume (user_home); -+ if (is_subvolume < 0) { -+ errors++; -+ /* continue */ -+ } -+ else if (is_subvolume > 0) { -+ if (btrfs_remove_subvolume (user_home)) { -+ fprintf (stderr, -+ _("%s: error removing subvolume %s\n"), -+ Prog, user_home); -+ errors++; -+ /* continue */ -+ } -+ } -+ else -+#endif - if (remove_tree (user_home, true) != 0) { - fprintf (stderr, - _("%s: error removing directory %s\n"), ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1818,6 +1818,15 @@ static void move_home (void) - return; - } else { - if (EXDEV == errno) { -+#ifdef WITH_BTRFS -+ if (btrfs_is_subvolume (prefix_user_home) > 0) { -+ fprintf (stderr, -+ _("%s: error: cannot move subvolume from %s to %s - different device\n"), -+ Prog, prefix_user_home, prefix_user_newhome); -+ fail_exit (E_HOMEDIR); -+ } -+#endif -+ - if (copy_tree (prefix_user_home, prefix_user_newhome, true, - true, - user_id, diff --git a/shadow-4.6.0-fix-usermod-prefix-crash.patch b/shadow-4.6.0-fix-usermod-prefix-crash.patch deleted file mode 100644 index c67ae64..0000000 --- a/shadow-4.6.0-fix-usermod-prefix-crash.patch +++ /dev/null @@ -1,86 +0,0 @@ -Bug: https://github.com/shadow-maint/shadow/issues/110 -Containing following two fixes. - -From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001 -From: fariouche -Date: Tue, 8 May 2018 21:17:46 -0500 -Subject: [PATCH 1/2] Fix usermod crash - -Return newly allocated pointers when the caller will free them. - -Closes #110 ---- - libmisc/prefix_flag.c | 2 +- - src/usermod.c | 10 ++++++---- - 2 files changed, 7 insertions(+), 5 deletions(-) - -diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c -index 6581235e..8ceffd26 100644 ---- a/libmisc/prefix_flag.c -+++ b/libmisc/prefix_flag.c -@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) - && (gid == (gid_t)gid)) { - return prefix_getgrgid ((gid_t) gid); - } -- return prefix_getgrnam (grname); -+ return __gr_dup(prefix_getgrnam (grname)); - } - else - return getgr_nam_gid(grname); -diff --git a/src/usermod.c b/src/usermod.c -index e571426f..7355ad31 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv) - prefix_user_home = xmalloc(len); - wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home); - assert (wlen == (int) len -1); -+ if (user_newhome) { -+ len = strlen(prefix) + strlen(user_newhome) + 2; -+ prefix_user_newhome = xmalloc(len); -+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); -+ assert (wlen == (int) len -1); -+ } - -- len = strlen(prefix) + strlen(user_newhome) + 2; -- prefix_user_newhome = xmalloc(len); -- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); -- assert (wlen == (int) len -1); - } - else { - prefix_user_home = user_home; - -From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Tue, 8 May 2018 21:37:55 -0500 -Subject: [PATCH 2/2] usermod: prevent a segv - -in the case where prefix does not exist. - -Signed-off-by: Serge Hallyn ---- - libmisc/prefix_flag.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c -index 8ceffd26..96b11faa 100644 ---- a/libmisc/prefix_flag.c -+++ b/libmisc/prefix_flag.c -@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) - { - long long int gid; - char *endptr; -+ struct group *g; - - if (NULL == grname) { - return NULL; -@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) - && (gid == (gid_t)gid)) { - return prefix_getgrgid ((gid_t) gid); - } -- return __gr_dup(prefix_getgrnam (grname)); -+ g = prefix_getgrnam (grname); -+ return g ? __gr_dup(g) : NULL; - } - else - return getgr_nam_gid(grname); diff --git a/shadow-4.6.tar.xz b/shadow-4.6.tar.xz deleted file mode 100644 index 4785e9d..0000000 --- a/shadow-4.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583 -size 1678100 diff --git a/shadow-4.6.tar.xz.asc b/shadow-4.6.tar.xz.asc deleted file mode 100644 index 5321e1d..0000000 --- a/shadow-4.6.tar.xz.asc +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe -P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B -hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy -BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw -5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub -55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D -FmhwCtSTnmKlj0jeAqevmkijJhGPQQ== -=fk/F ------END PGP SIGNATURE----- diff --git a/shadow-4.7.tar.xz b/shadow-4.7.tar.xz new file mode 100644 index 0000000..1b003f5 --- /dev/null +++ b/shadow-4.7.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c +size 1624340 diff --git a/shadow-4.7.tar.xz.asc b/shadow-4.7.tar.xz.asc new file mode 100644 index 0000000..a866b61 --- /dev/null +++ b/shadow-4.7.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe +P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa +9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv +JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv +csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ +5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N +EkUBRYdbbiAsUNW3syN/Q2o+DF00aw== +=dbPQ +-----END PGP SIGNATURE----- diff --git a/shadow-util-linux.patch b/shadow-util-linux.patch index 1c5e558..b9dda9f 100644 --- a/shadow-util-linux.patch +++ b/shadow-util-linux.patch @@ -109,11 +109,11 @@ Index: lib/getdef.c {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -93,6 +95,7 @@ static struct itemdef def_table[] = { - {"GID_MIN", NULL}, - {"HUSHLOGIN_FILE", NULL}, +@@ -95,6 +97,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, -+ {"LOGIN_PLAIN_PROMPT", NULL}, + {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL}, ++ {"LOGIN_PLAIN_PROMPT", NULL}, {"LOGIN_TIMEOUT", NULL}, {"LOG_OK_LOGINS", NULL}, + {"LOG_UNKFAIL_ENAB", NULL}, diff --git a/shadow.changes b/shadow.changes index f40c32d..2b6a588 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com + +- Update to 4.7: + * Spawn: don't loop forever on ECHILD + * Do not fail locking if there is a stale lockfile (Tomas Mraz) + * Use lckpwdf if prefix not set (Tomas Mraz) + * Build: check correct DocBook version (Jan Tojnar) + * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) + * Add support for btrfs subvolumes for home (Adam Majer) + * Fix chpasswd long line handling (Nathan Ruiz) + * Use secure_getenv for gettime (Chris Lamb) + * Make sp_lstchg reproducible (Chris Lamb) + * Do not crash commonio_close if db file is not open (Tomas Mraz) + * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) + * French manpage update (Alban VIDAL) + * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) + * Sync po files from shadow.pot (Alban VIDAL) + * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) + * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) + * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) + * Fix segfault in useradd (Tomas Mraz) + * Coverity issues (Tomas Mraz) + * Flush sssd caches (Jakub Hrozek) + * Log UID in nologin (Vladimir Ivanov) + * run pam_getenvlist after setup_env in su.c (Michael Vogt) + * Support systems with only utmpx (A. Wilcox) + * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) + * Update po/zh_CN translation (Lion Yang) + * Create parent dirs for useradd -m (Michael Vetter) + * Prevent usermod segv + * Fix usermod crash (fariouche) +- Remove btrfs-subvolumes.patch (fate#316134): + upstreamed: https://github.com/shadow-maint/shadow/pull/149 +- Remove useradd-mkdirs.patch (bsc#865563): + upstreamed https://github.com/shadow-maint/shadow/pull/112 +- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch + upstreamed https://github.com/shadow-maint/shadow/issues/110 +- Rebase userdel-script.patch +- Rebase useradd-script.patch +- Rebase shadow-util-linux.patch + ------------------------------------------------------------------- Thu May 30 11:15:49 UTC 2019 - Martin Pluskal diff --git a/shadow.spec b/shadow.spec index 59e3ec8..a1a1fcd 100644 --- a/shadow.spec +++ b/shadow.spec @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: shadow -Version: 4.6 +Version: 4.7 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later @@ -53,18 +53,12 @@ Patch6: shadow-4.1.5.1-userdel-helpfix.patch Patch7: shadow-4.1.5.1-logmsg.patch # PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). Patch10: encryption_method_nis.patch -# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehrens@suse.com -- Create all parts of the path. -Patch11: useradd-mkdirs.patch -# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvetter@suse.com -- Fixes crash in usermod when called with --prefix. -Patch12: shadow-4.6.0-fix-usermod-prefix-crash.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments. Patch13: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. Patch14: shadow-login_defs-suse.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. Patch20: disable_new_audit_function.patch -# PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.majer@suse.de -- Add support for btrfs subvolumes for user homes. -Patch21: btrfs-subvolumes.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -105,14 +99,11 @@ group accounts. %patch6 %patch7 %patch10 -%patch11 -p1 -%patch12 -p1 %patch13 %patch14 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif -%patch21 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO diff --git a/useradd-mkdirs.patch b/useradd-mkdirs.patch deleted file mode 100644 index 54df69f..0000000 --- a/useradd-mkdirs.patch +++ /dev/null @@ -1,73 +0,0 @@ -https://github.com/shadow-maint/shadow/pull/112 - -useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2 -* check for stdup failure -* create dirs with 0755 instead of 0777 -diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c ---- shadow-4.6/src/useradd.c 2018-04-29 18:42:37.000000000 +0200 -+++ shadow-4.6.new-useradd-mkdirs/src/useradd.c 2018-05-15 17:11:03.706371270 +0200 -@@ -2018,6 +2018,19 @@ - static void create_home (void) - { - if (access (prefix_user_home, F_OK) != 0) { -+ char path[strlen (prefix_user_home) + 2]; -+ char *bhome, *cp; -+ -+ path[0] = '\0'; -+ bhome = strdup (prefix_user_home); -+ if (!bhome) { -+ fprintf (stderr, -+ _("%s: error while duplicating string %s\n"), -+ Prog, user_home); -+ fail_exit (E_HOMEDIR); -+ } -+ ++bhome; -+ - #ifdef WITH_SELINUX - if (set_selinux_file_context (prefix_user_home) != 0) { - fprintf (stderr, -@@ -2026,11 +2039,20 @@ - fail_exit (E_HOMEDIR); - } - #endif -- /* XXX - create missing parent directories. --marekm */ -- if (mkdir (prefix_user_home, 0) != 0) { -+ -+ /* Check for every part of the path, if the directory -+ exists. If not, create it with permissions 755 and -+ owner root:root. -+ */ -+ cp = strtok (bhome, "/"); -+ while (cp) { -+ strcat (path, "/"); -+ strcat (path, cp); -+ if (access (path, F_OK) != 0) { -+ if (mkdir (path, 0) != 0) { - fprintf (stderr, - _("%s: cannot create directory %s\n"), -- Prog, prefix_user_home); -+ Prog, path); - #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", -@@ -2039,6 +2061,20 @@ - #endif - fail_exit (E_HOMEDIR); - } -+ if (chown (path, 0, 0) < 0) { -+ fprintf (stderr, -+ _("%s: warning: chown on `%s' failed: %m\n"), -+ Prog, path); -+ } -+ if (chmod (path, 0755) < 0) { -+ fprintf (stderr, -+ _("%s: warning: chmod on `%s' failed: %m\n"), -+ Prog, path); -+ } -+ } -+ cp = strtok (NULL, "/"); -+ } -+ - (void) chown (prefix_user_home, user_id, user_gid); - chmod (prefix_user_home, - 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); diff --git a/useradd-script.patch b/useradd-script.patch index 880c142..cca957e 100644 --- a/useradd-script.patch +++ b/useradd-script.patch @@ -20,7 +20,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -125,6 +125,7 @@ static struct itemdef def_table[] = { +@@ -126,6 +126,7 @@ static struct itemdef def_table[] = { {"UID_MAX", NULL}, {"UID_MIN", NULL}, {"UMASK", NULL}, @@ -32,7 +32,7 @@ Index: src/useradd.c =================================================================== --- src/useradd.c.orig +++ src/useradd.c -@@ -2115,6 +2115,30 @@ static void create_mail (void) +@@ -2216,6 +2216,30 @@ static void create_mail (void) } /* @@ -63,9 +63,9 @@ Index: src/useradd.c * main - useradd command */ int main (int argc, char **argv) -@@ -2390,6 +2414,7 @@ int main (int argc, char **argv) - nscd_flush_cache ("passwd"); +@@ -2492,6 +2516,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); + sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); + call_script (user_name); + diff --git a/userdel-script.patch b/userdel-script.patch index e4b93a0..0421c8c 100644 --- a/userdel-script.patch +++ b/userdel-script.patch @@ -2,7 +2,7 @@ Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -126,6 +126,8 @@ static struct itemdef def_table[] = { +@@ -127,6 +127,8 @@ static struct itemdef def_table[] = { {"UID_MIN", NULL}, {"UMASK", NULL}, {"USERDEL_CMD", NULL}, @@ -45,7 +45,7 @@ Index: src/userdel.c =================================================================== --- src/userdel.c.orig +++ src/userdel.c -@@ -125,7 +125,7 @@ static void close_files (void); +@@ -126,7 +126,7 @@ static void close_files (void); static void fail_exit (int); static void open_files (void); static void update_user (void); @@ -54,7 +54,7 @@ Index: src/userdel.c #ifdef EXTRA_CHECK_HOME_DIR static bool path_prefix (const char *, const char *); -@@ -767,13 +767,13 @@ static void update_user (void) +@@ -768,13 +768,13 @@ static void update_user (void) * cron, at, or print jobs. */ @@ -70,7 +70,7 @@ Index: src/userdel.c if (NULL == cmd) { return; } -@@ -1213,9 +1213,10 @@ int main (int argc, char **argv) +@@ -1214,9 +1214,10 @@ int main (int argc, char **argv) } /* @@ -83,7 +83,7 @@ Index: src/userdel.c open_files (); update_user (); update_groups (); -@@ -1319,7 +1320,7 @@ int main (int argc, char **argv) +@@ -1337,7 +1338,7 @@ int main (int argc, char **argv) * the entry from /etc/passwd. */ if(prefix[0] == '\0') @@ -92,9 +92,9 @@ Index: src/userdel.c close_files (); #ifdef WITH_TCB -@@ -1329,6 +1330,9 @@ int main (int argc, char **argv) - nscd_flush_cache ("passwd"); +@@ -1348,6 +1349,9 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); + sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); + /* Call the post script, for example to rebuild NIS database */ + call_script ("USERDEL_POSTCMD", user_name);