Accepting request 709907 from Base:System

- Update to 4.7: * Spawn: don't loop forever on ECHILD * Do not fail locking if there is a stale lockfile (Tomas Mraz) * Use lckpwdf if prefix not set (Tomas Mraz) * Build: check correct DocBook version (Jan Tojnar) * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) * Add support for btrfs subvolumes for home (Adam Majer) * Fix chpasswd long line handling (Nathan Ruiz) * Use secure_getenv for gettime (Chris Lamb) * Make sp_lstchg reproducible (Chris Lamb) * Do not crash commonio_close if db file is not open (Tomas Mraz) * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) * French manpage update (Alban VIDAL) * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) * Sync po files from shadow.pot (Alban VIDAL) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * Fix segfault in useradd (Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) * run pam_getenvlist after setup_env in su.c (Michael Vogt) * Support systems with only utmpx (A. Wilcox) * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) * Update po/zh_CN translation (Lion Yang) * Create parent dirs for useradd -m (Michael Vetter) * Prevent usermod segv * Fix usermod crash (fariouche) - Remove btrfs-subvolumes.patch (fate#316134): OBS-URL: https://build.opensuse.org/request/show/709907 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=32
2019-07-13 11:33:06 +00:00 · 2019-07-13 11:33:06 +00:00 · 24f5896ea4
commit 24f5896ea4
parent f0ae6718ac 36577fca4e
12 changed files with 73 additions and 517 deletions
--- a/btrfs-subvolumes.patch
+++ b/btrfs-subvolumes.patch
@ -1,318 +0,0 @@
 commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b
 Author: Adam Majer <amajer@suse.de>
 Date:   Wed Jan 23 16:17:05 2019 +0100
    Add autotools support for BtrFS option
    Feature is enabled by default, if headers are available. It can be
    turned off explictly.
 commit 81ead2042afcdb8d423da855cf1528618a4e0c01
 Author: Adam Majer <amajer@suse.de>
 Date:   Mon Jan 21 09:32:36 2019 +0100
    Add support for btrfs subvolumes for user homes
    new switch added to useradd command, --btrfs-subvolume-home. When
    specified *and* the filesystem is detected as btrfs, it will create a
    subvolume for user's home instead of a plain directory. This is done via
    `btrfs subvolume` command.  Specifying the new switch while trying to
    create home on non-btrfs will result in an error.
    userdel -r will handle and remove this subvolume transparently via
    `btrfs subvolume` command. Previosuly this failed as you can't rmdir a
    subvolume.
    usermod, when moving user's home across devices, will detect if the home
    is a subvolume and issue an error messages instead of copying it. Moving
    user's home (as subvolume) on same btrfs works transparently.
 --- a/configure.ac
 +++ b/configure.ac
@@ -256,6 +256,9 @@ AC_ARG_WITH(audit,
 AC_ARG_WITH(libpam,
 	[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
 	[with_libpam=$withval], [with_libpam=maybe])
 +AC_ARG_WITH(btrfs,
 +	[AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
 +	[with_selinux=$withval], [with_selinux=maybe])
 AC_ARG_WITH(selinux,
 	[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
 	[with_selinux=$withval], [with_selinux=maybe])
@@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then
 		AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
 fi
 +if test "$with_btrfs" != "no"; then
 +	AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
 +		[btrfs_headers="yes"], [btrfs_headers="no"])
 +	if test "$btrfs_headers$with_btrfs" = "noyes" ; then
 +		AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
 +	fi
 +
 +	if test "$btrfs_headers" = "yes" ; then
 +		AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
 +		with_btrfs="yes"
 +	fi
 +fi
 +AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
 +
 AC_SUBST(LIBSELINUX)
 AC_SUBST(LIBSEMANAGE)
 if test "$with_selinux" != "no"; then
@@ -672,6 +689,7 @@ if test "$with_libpam" = "yes"; then
 echo "	suid account management tools:	$enable_acct_tools_setuid"
 fi
 echo "	SELinux support:		$with_selinux"
 +echo "	BtrFS support:			$with_btrfs"
 echo "	ACL support:			$with_acl"
 echo "	Extended Attributes support:	$with_attr"
 echo "	tcb support (incomplete):	$with_tcb"
 --- a/lib/prototypes.h
 +++ b/lib/prototypes.h
@@ -72,6 +72,14 @@ extern int expire (const struct passwd *
 /* isexpired.c */
 extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
 +/* btrfs.c */
 +#ifdef WITH_BTRFS
 +extern int btrfs_create_subvolume(const char *path);
 +extern int btrfs_remove_subvolume(const char *path);
 +extern int btrfs_is_subvolume(const char *path);
 +extern int is_btrfs(const char *path);
 +#endif
 +
 /* basename() renamed to Basename() to avoid libc name space confusion */
 /* basename.c */
 extern /*@observer@*/const char *Basename (const char *str);
 --- a/libmisc/Makefile.am
 +++ b/libmisc/Makefile.am
@@ -72,3 +72,8 @@ libmisc_a_SOURCES = \
 	xgetspnam.c \
 	xmalloc.c \
 	yesno.c
 +
 +if WITH_BTRFS
 +libmisc_a_SOURCES += btrfs.c
 +endif
 +
 --- /dev/null
 +++ b/libmisc/btrfs.c
@@ -0,0 +1,94 @@
 +#include <linux/btrfs_tree.h>
 +#include <linux/magic.h>
 +#include <sys/statfs.h>
 +
 +#include "prototypes.h"
 +
 +
 +static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const char *arg2)
 +{
 +	int status = 0;
 +	const char *cmd = "/sbin/btrfs";
 +	const char *argv[] = {
 +		strrchr(cmd, '/'),
 +		"subvolume",
 +		subcmd,
 +		arg1,
 +		arg2,
 +		NULL
 +	};
 +
 +	if (argv[0] == NULL)
 +		argv[0] = cmd;
 +	else
 +		argv[0] = argv[0] + 1;
 +
 +	if (access(cmd, X_OK)) {
 +		return 1;
 +	}
 +
 +	if (run_command(cmd, argv, NULL, &status))
 +		return -1;
 +	return status;
 +}
 +
 +
 +int btrfs_create_subvolume(const char *path)
 +{
 +	return run_btrfs_subvolume_cmd("create", path, NULL);
 +}
 +
 +
 +int btrfs_remove_subvolume(const char *path)
 +{
 +	return run_btrfs_subvolume_cmd("delete", "-C", path);
 +}
 +
 +
 +/* Adapted from btrfsprogs */
 +/*
 + * This intentionally duplicates btrfs_util_is_subvolume_fd() instead of opening
 + * a file descriptor and calling it, because fstat() and fstatfs() don't accept
 + * file descriptors opened with O_PATH on old kernels (before v3.6 and before
 + * v3.12, respectively), but stat() and statfs() can be called on a path that
 + * the user doesn't have read or write permissions to.
 + *
 + * returns:
 + *   1 - btrfs subvolume
 + *   0 - not btrfs subvolume
 + *  -1 - error
 + */
 +int btrfs_is_subvolume(const char *path)
 +{
 +	struct stat st;
 +	int ret;
 +
 +	ret = is_btrfs(path);
 +	if (ret <= 0)
 +		return ret;
 +
 +	ret = stat(path, &st);
 +	if (ret == -1)
 +		return -1;
 +
 +	if (st.st_ino != BTRFS_FIRST_FREE_OBJECTID || !S_ISDIR(st.st_mode)) {
 +		return 0;
 +	}
 +
 +	return 1;
 +}
 +
 +
 +/* Adapted from btrfsprogs */
 +int is_btrfs(const char *path)
 +{
 +	struct statfs sfs;
 +	int ret;
 +
 +	ret = statfs(path, &sfs);
 +	if (ret == -1)
 +		return -1;
 +
 +	return sfs.f_type == BTRFS_SUPER_MAGIC;
 +}
 +
 --- a/src/useradd.c
 +++ b/src/useradd.c
@@ -164,6 +164,7 @@ static bool
     oflg = false,		/* permit non-unique user ID to be specified with -u */
     rflg = false,		/* create a system account */
     sflg = false,		/* shell program for new account */
 +    subvolflg = false,		/* create subvolume home on BTRFS */
     uflg = false,		/* specify user ID for new account */
     Uflg = false;		/* create a group having the same name as the user */
@@ -805,6 +806,9 @@ static void usage (int status)
 	                Prog, Prog, Prog);
 	(void) fputs (_("  -b, --base-dir BASE_DIR       base directory for the home directory of the\n"
 	                "                                new account\n"), usageout);
 +#ifdef WITH_BTRFS
 +	(void) fputs (_("      --btrfs-subvolume-home    use BTRFS subvolume for home directory\n"), usageout);
 +#endif
 	(void) fputs (_("  -c, --comment COMMENT         GECOS field of the new account\n"), usageout);
 	(void) fputs (_("  -d, --home-dir HOME_DIR       home directory of the new account\n"), usageout);
 	(void) fputs (_("  -D, --defaults                print or change default useradd configuration\n"), usageout);
@@ -1085,6 +1089,9 @@ static void process_flags (int argc, cha
 		int c;
 		static struct option long_options[] = {
 			{"base-dir",       required_argument, NULL, 'b'},
 +#ifdef WITH_BTRFS
 +			{"btrfs-subvolume-home", no_argument, NULL, 200},
 +#endif
 			{"comment",        required_argument, NULL, 'c'},
 			{"home-dir",       required_argument, NULL, 'd'},
 			{"defaults",       no_argument,       NULL, 'D'},
@@ -1131,6 +1138,9 @@ static void process_flags (int argc, cha
 				def_home = optarg;
 				bflg = true;
 				break;
 +			case 200:
 +				subvolflg = true;
 +				break;
 			case 'c':
 				if (!VALID (optarg)) {
 					fprintf (stderr,
@@ -2049,6 +2059,37 @@ static void create_home (void)
 			strcat (path, "/");
 			strcat (path, cp);
 			if (access (path, F_OK) != 0) {
 +				/* Check if parent directory is BTRFS, fail if requesting
 +				   subvolume but no BTRFS. The paths cound be different by the
 +				   trailing slash
 +				 */
 +#if WITH_BTRFS
 +				if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
 +					char *btrfs_check = strdup(path);
 +
 +					if (!btrfs_check) {
 +						fprintf (stderr,
 +						         _("%s: error while duplicating string in BTRFS check %s\n"),
 +						         Prog, path);
 +						fail_exit (E_HOMEDIR);
 +					}
 +					btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
 +					if (is_btrfs(btrfs_check) <= 0) {
 +						fprintf (stderr,
 +						         _("%s: home directory \"%s\" must be mounted on BTRFS\n"),
 +						         Prog, path);
 +						fail_exit (E_HOMEDIR);
 +					}
 +					// make subvolume to mount for user instead of directory
 +					if (btrfs_create_subvolume(path)) {
 +						fprintf (stderr,
 +						         _("%s: failed to create BTRFS subvolume: %s\n"),
 +						         Prog, path);
 +						fail_exit (E_HOMEDIR);
 +					}
 +				}
 +				else
 +#endif
 				if (mkdir (path, 0) != 0) {
 			fprintf (stderr,
 			         _("%s: cannot create directory %s\n"),
 --- a/src/userdel.c
 +++ b/src/userdel.c
@@ -1273,6 +1273,23 @@ int main (int argc, char **argv)
 #endif				/* EXTRA_CHECK_HOME_DIR */
 	if (rflg) {
 +#ifdef WITH_BTRFS
 +		int is_subvolume = btrfs_is_subvolume (user_home);
 +		if (is_subvolume < 0) {
 +		    errors++;
 +		    /* continue */
 +		}
 +		else if (is_subvolume > 0) {
 +			if (btrfs_remove_subvolume (user_home)) {
 +				fprintf (stderr,
 +				         _("%s: error removing subvolume %s\n"),
 +				         Prog, user_home);
 +				errors++;
 +				/* continue */
 +			}
 +		}
 +		else
 +#endif
 		if (remove_tree (user_home, true) != 0) {
 			fprintf (stderr,
 			         _("%s: error removing directory %s\n"),
 --- a/src/usermod.c
 +++ b/src/usermod.c
@@ -1818,6 +1818,15 @@ static void move_home (void)
 			return;
 		} else {
 			if (EXDEV == errno) {
 +#ifdef WITH_BTRFS
 +				if (btrfs_is_subvolume (prefix_user_home) > 0) {
 +					fprintf (stderr,
 +					        _("%s: error: cannot move subvolume from %s to %s - different device\n"),
 +					        Prog, prefix_user_home, prefix_user_newhome);
 +					fail_exit (E_HOMEDIR);
 +				}
 +#endif
 +
 				if (copy_tree (prefix_user_home, prefix_user_newhome, true,
 				               true,
 				               user_id,
--- a/shadow-4.6.0-fix-usermod-prefix-crash.patch
+++ b/shadow-4.6.0-fix-usermod-prefix-crash.patch
@ -1,86 +0,0 @@
 Bug: https://github.com/shadow-maint/shadow/issues/110
 Containing following two fixes.
 From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001
 From: fariouche <fariouche@yahoo.fr>
 Date: Tue, 8 May 2018 21:17:46 -0500
 Subject: [PATCH 1/2] Fix usermod crash
 Return newly allocated pointers when the caller will free them.
 Closes #110
 ---
 libmisc/prefix_flag.c |  2 +-
 src/usermod.c         | 10 ++++++----
 2 files changed, 7 insertions(+), 5 deletions(-)
 diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
 index 6581235e..8ceffd26 100644
 --- a/libmisc/prefix_flag.c
 +++ b/libmisc/prefix_flag.c
@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 	    	&& (gid == (gid_t)gid)) {
 			return prefix_getgrgid ((gid_t) gid);
 		}
 -		return prefix_getgrnam (grname);
 +		return __gr_dup(prefix_getgrnam (grname));
 	}
 	else
 		return getgr_nam_gid(grname);
 diff --git a/src/usermod.c b/src/usermod.c
 index e571426f..7355ad31 100644
 --- a/src/usermod.c
 +++ b/src/usermod.c
@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv)
 		prefix_user_home = xmalloc(len);
 		wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
 		assert (wlen == (int) len -1);
 +		if (user_newhome) {
 +			len = strlen(prefix) + strlen(user_newhome) + 2;
 +			prefix_user_newhome = xmalloc(len);
 +			wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
 +			assert (wlen == (int) len -1);
 +		}
 -		len = strlen(prefix) + strlen(user_newhome) + 2;
 -		prefix_user_newhome = xmalloc(len);
 -		wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
 -		assert (wlen == (int) len -1);
 	}
 	else {
 		prefix_user_home = user_home;
 From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001
 From: Serge Hallyn <shallyn@cisco.com>
 Date: Tue, 8 May 2018 21:37:55 -0500
 Subject: [PATCH 2/2] usermod: prevent a segv
 in the case where prefix does not exist.
 Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 ---
 libmisc/prefix_flag.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
 index 8ceffd26..96b11faa 100644
 --- a/libmisc/prefix_flag.c
 +++ b/libmisc/prefix_flag.c
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 {
 	long long int gid;
 	char *endptr;
 +	struct group *g;
 	if (NULL == grname) {
 		return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
 	    	&& (gid == (gid_t)gid)) {
 			return prefix_getgrgid ((gid_t) gid);
 		}
 -		return __gr_dup(prefix_getgrnam (grname));
 +		g = prefix_getgrnam (grname);
 +		return g ? __gr_dup(g) : NULL;
 	}
 	else
 		return getgr_nam_gid(grname);
--- a/shadow-4.6.tar.xz
+++ b/shadow-4.6.tar.xz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583
 size 1678100
--- a/shadow-4.6.tar.xz.asc
+++ b/shadow-4.6.tar.xz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
 P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
 hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
 BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
 5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
 55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
 FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
 =fk/F
 -----END PGP SIGNATURE-----
--- a/shadow-4.7.tar.xz
+++ b/shadow-4.7.tar.xz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
 size 1624340
--- a/shadow-4.7.tar.xz.asc
+++ b/shadow-4.7.tar.xz.asc
@ -0,0 +1,11 @@
 -----BEGIN PGP SIGNATURE-----
 iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
 P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
 9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
 JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
 csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
 5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
 EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
 =dbPQ
 -----END PGP SIGNATURE-----
--- a/shadow-util-linux.patch
+++ b/shadow-util-linux.patch
@ -109,11 +109,11 @@ Index: lib/getdef.c
 	{"ENV_SUPATH", NULL},
 	{"ERASECHAR", NULL},
 	{"FAIL_DELAY", NULL},
-@@ -93,6 +95,7 @@ static struct itemdef def_table[] = {
+@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
 	{"GID_MIN", NULL},
 	{"HUSHLOGIN_FILE", NULL},
 	{"KILLCHAR", NULL},
-+	{"LOGIN_PLAIN_PROMPT", NULL},
+ 	{"LASTLOG_UID_MAX", NULL},
 	{"LOGIN_RETRIES", NULL},
 +	{"LOGIN_PLAIN_PROMPT", NULL},
 	{"LOGIN_TIMEOUT", NULL},
 	{"LOG_OK_LOGINS", NULL},
 	{"LOG_UNKFAIL_ENAB", NULL},
--- a/shadow.changes
+++ b/shadow.changes
@ -1,3 +1,45 @@
 -------------------------------------------------------------------
 Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
 - Update to 4.7:
  * Spawn: don't loop forever on ECHILD
  * Do not fail locking if there is a stale lockfile (Tomas Mraz)
  * Use lckpwdf if prefix not set (Tomas Mraz)
  * Build: check correct DocBook version (Jan Tojnar)
  * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
  * Add support for btrfs subvolumes for home (Adam Majer)
  * Fix chpasswd long line handling (Nathan Ruiz)
  * Use secure_getenv for gettime (Chris Lamb)
  * Make sp_lstchg reproducible (Chris Lamb)
  * Do not crash commonio_close if db file is not open (Tomas Mraz)
  * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
  * French manpage update (Alban VIDAL)
  * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
  * Sync po files from shadow.pot (Alban VIDAL)
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
  * Fix segfault in useradd (Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
  * run pam_getenvlist after setup_env in su.c (Michael Vogt)
  * Support systems with only utmpx (A. Wilcox)
  * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
  * Update po/zh_CN translation (Lion Yang)
  * Create parent dirs for useradd -m (Michael Vetter)
  * Prevent usermod segv
  * Fix usermod crash (fariouche)
 - Remove btrfs-subvolumes.patch (fate#316134):
  upstreamed: https://github.com/shadow-maint/shadow/pull/149
 - Remove useradd-mkdirs.patch (bsc#865563):
  upstreamed https://github.com/shadow-maint/shadow/pull/112
 - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
  upstreamed https://github.com/shadow-maint/shadow/issues/110
 - Rebase userdel-script.patch
 - Rebase useradd-script.patch
 - Rebase shadow-util-linux.patch
 -------------------------------------------------------------------
 Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
--- a/shadow.spec
+++ b/shadow.spec
@ -12,12 +12,12 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 Name:           shadow
-Version:        4.6
+Version:        4.7
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@ -53,18 +53,12 @@ Patch6:         shadow-4.1.5.1-userdel-helpfix.patch
 Patch7:         shadow-4.1.5.1-logmsg.patch
 # PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix).
 Patch10:        encryption_method_nis.patch
 # PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehrens@suse.com -- Create all parts of the path.
 Patch11:        useradd-mkdirs.patch
 # PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvetter@suse.com -- Fixes crash in usermod when called with --prefix.
 Patch12:        shadow-4.6.0-fix-usermod-prefix-crash.patch
 # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
 Patch13:        shadow-login_defs-comments.patch
 # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
 Patch14:        shadow-login_defs-suse.patch
 # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
 Patch20:        disable_new_audit_function.patch
 # PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.majer@suse.de -- Add support for btrfs subvolumes for user homes.
 Patch21:        btrfs-subvolumes.patch
 BuildRequires:  audit-devel > 2.3
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -105,14 +99,11 @@ group accounts.
 %patch6
 %patch7
 %patch10
 %patch11 -p1
 %patch12 -p1
 %patch13
 %patch14
 %if 0%{?suse_version} < 1330
 %patch20 -p1
 %endif
 %patch21 -p1
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO
--- a/useradd-mkdirs.patch
+++ b/useradd-mkdirs.patch
@ -1,73 +0,0 @@
 https://github.com/shadow-maint/shadow/pull/112
 useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2
 * check for stdup failure
 * create dirs with 0755 instead of 0777
 diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c
 --- shadow-4.6/src/useradd.c	2018-04-29 18:42:37.000000000 +0200
 +++ shadow-4.6.new-useradd-mkdirs/src/useradd.c	2018-05-15 17:11:03.706371270 +0200
@@ -2018,6 +2018,19 @@
 static void create_home (void)
 {
 	if (access (prefix_user_home, F_OK) != 0) {
 +		char path[strlen (prefix_user_home) + 2];
 +		char *bhome, *cp;
 +
 +		path[0] = '\0';
 +		bhome = strdup (prefix_user_home);
 +		if (!bhome) {
 +			fprintf (stderr,
 +			         _("%s: error while duplicating string %s\n"),
 +			         Prog, user_home);
 +			fail_exit (E_HOMEDIR);
 +		}
 +		++bhome;
 +
 #ifdef WITH_SELINUX
 		if (set_selinux_file_context (prefix_user_home) != 0) {
 			fprintf (stderr,
@@ -2026,11 +2039,20 @@
 			fail_exit (E_HOMEDIR);
 		}
 #endif
 -		/* XXX - create missing parent directories.  --marekm */
 -		if (mkdir (prefix_user_home, 0) != 0) {
 +
 +		/* Check for every part of the path, if the directory
 +		   exists. If not, create it with permissions 755 and
 +		   owner root:root.
 +		 */
 +		cp = strtok (bhome, "/");
 +		while (cp) {
 +			strcat (path, "/");
 +			strcat (path, cp);
 +			if (access (path, F_OK) != 0) {
 +				if (mkdir (path, 0) != 0) {
 			fprintf (stderr,
 			         _("%s: cannot create directory %s\n"),
 -			         Prog, prefix_user_home);
 +					         Prog, path);
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
 			              "adding home directory",
@@ -2039,6 +2061,20 @@
 #endif
 			fail_exit (E_HOMEDIR);
 		}
 +				if (chown (path, 0, 0) < 0) {
 +					fprintf (stderr,
 +					         _("%s: warning: chown on `%s' failed: %m\n"),
 +					         Prog, path);
 +				}
 +				if (chmod (path, 0755) < 0) {
 +					fprintf (stderr,
 +					         _("%s: warning: chmod on `%s' failed: %m\n"),
 +					         Prog, path);
 +				}
 +			}
 +			cp = strtok (NULL, "/");
 +		}
 +
 		(void) chown (prefix_user_home, user_id, user_gid);
 		chmod (prefix_user_home,
 		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
--- a/useradd-script.patch
+++ b/useradd-script.patch
@ -20,7 +20,7 @@ Index: lib/getdef.c
 ===================================================================
 --- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -125,6 +125,7 @@ static struct itemdef def_table[] = {
+@@ -126,6 +126,7 @@ static struct itemdef def_table[] = {
 	{"UID_MAX", NULL},
 	{"UID_MIN", NULL},
 	{"UMASK", NULL},
@ -32,7 +32,7 @@ Index: src/useradd.c
 ===================================================================
 --- src/useradd.c.orig
 +++ src/useradd.c
-@@ -2115,6 +2115,30 @@ static void create_mail (void)
+@@ -2216,6 +2216,30 @@ static void create_mail (void)
 }
 /*
@ -63,9 +63,9 @@ Index: src/useradd.c
  * main - useradd command
  */
 int main (int argc, char **argv)
-@@ -2390,6 +2414,7 @@ int main (int argc, char **argv)
+@@ -2492,6 +2516,7 @@ int main (int argc, char **argv)
 	nscd_flush_cache ("passwd");
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 +	call_script (user_name);
 +
--- a/userdel-script.patch
+++ b/userdel-script.patch
@ -2,7 +2,7 @@ Index: lib/getdef.c
 ===================================================================
 --- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -126,6 +126,8 @@ static struct itemdef def_table[] = {
+@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
 	{"UID_MIN", NULL},
 	{"UMASK", NULL},
 	{"USERDEL_CMD", NULL},
@ -45,7 +45,7 @@ Index: src/userdel.c
 ===================================================================
 --- src/userdel.c.orig
 +++ src/userdel.c
-@@ -125,7 +125,7 @@ static void close_files (void);
+@@ -126,7 +126,7 @@ static void close_files (void);
 static void fail_exit (int);
 static void open_files (void);
 static void update_user (void);
@ -54,7 +54,7 @@ Index: src/userdel.c
 #ifdef EXTRA_CHECK_HOME_DIR
 static bool path_prefix (const char *, const char *);
-@@ -767,13 +767,13 @@ static void update_user (void)
+@@ -768,13 +768,13 @@ static void update_user (void)
  *	cron, at, or print jobs.
  */
@ -70,7 +70,7 @@ Index: src/userdel.c
 	if (NULL == cmd) {
 		return;
 	}
-@@ -1213,9 +1213,10 @@ int main (int argc, char **argv)
+@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
 	}
 	/*
@ -83,7 +83,7 @@ Index: src/userdel.c
 	open_files ();
 	update_user ();
 	update_groups ();
-@@ -1319,7 +1320,7 @@ int main (int argc, char **argv)
+@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
 	 * the entry from /etc/passwd.
 	 */
 	if(prefix[0] == '\0')
@ -92,9 +92,9 @@ Index: src/userdel.c
 	close_files ();
 #ifdef WITH_TCB
-@@ -1329,6 +1330,9 @@ int main (int argc, char **argv)
+@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
 	nscd_flush_cache ("passwd");
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 +	/* Call the post script, for example to rebuild NIS database */
 +	call_script ("USERDEL_POSTCMD", user_name);