diff --git a/shadow-fix-print-login-timeout.patch b/shadow-fix-print-login-timeout.patch index 3982d19..7a6dcbd 100644 --- a/shadow-fix-print-login-timeout.patch +++ b/shadow-fix-print-login-timeout.patch @@ -10,7 +10,7 @@ Calling exit from new handler provides enough time to display full message. 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/login.c b/src/login.c -index 116e2cb3..c55f4de0 100644 +index 116e2cb36..c55f4de0a 100644 --- a/src/login.c +++ b/src/login.c @@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user); diff --git a/shadow.changes b/shadow.changes index a619b6b..1b4f844 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Thu Feb 16 11:31:33 UTC 2023 - Michael Vetter + +- Update shadow-fix-print-login-timeout.patch +- Reorder source files and patches + +------------------------------------------------------------------- +Wed Feb 15 10:49:33 UTC 2023 - Ludwig Nussel + +- Remove scripts that claim to be config but are in /usr (boo#1191578) + * userdel-script.patch + * useradd-script.patch + * useradd.local + * userdel-post.local + * userdel-pre.local + ------------------------------------------------------------------- Fri Jan 13 08:21:46 UTC 2023 - Michael Vetter diff --git a/shadow.spec b/shadow.spec index 4a793b0..2685aae 100644 --- a/shadow.spec +++ b/shadow.spec @@ -28,39 +28,32 @@ Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later Group: System/Base URL: https://github.com/shadow-maint/shadow -Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source1: pamd.tar.bz2 -Source3: useradd.local -Source4: userdel-pre.local -Source5: userdel-post.local -Source6: shadow.service -Source7: shadow.timer -Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc -Source43: %{name}.keyring +Source2: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc +Source3: %{name}.keyring +Source4: shadow.service +Source5: shadow.timer # SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. -Source44: shadow-login_defs-check.sh +Source40: shadow-login_defs-check.sh # PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch kukuk@suse.com -- Remove variables that have no use with PAM. Patch0: shadow-login_defs-unused-by-pam.patch -# PATCH-FEATURE-SUSE userdel-script.patch kukuk@suse.com -- Add support for USERDEL_PRECMD and USERDEL_POSTCMD. -Patch1: userdel-script.patch -# PATCH-FEATURE-SUSE useradd-script.patch kukuk@suse.com -- Add support for USERADD_CMD. -Patch2: useradd-script.patch # PATCH-FEATURE-SUSE useradd-default.patch kukuk@suse.com -- Change useradd defaults group to 1000. -Patch3: useradd-default.patch +Patch1: useradd-default.patch # PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific. -Patch4: shadow-util-linux.patch +Patch2: shadow-util-linux.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments. -Patch5: shadow-login_defs-comments.patch +Patch3: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. -Patch6: shadow-login_defs-suse.patch +Patch4: shadow-login_defs-suse.patch # PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321) (gh/shadow-maint/shadow#591) -Patch7: useradd-userkeleton.patch +Patch5: useradd-userkeleton.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. -Patch8: disable_new_audit_function.patch +Patch6: disable_new_audit_function.patch # PATCH-FIX-UPSTREAM shadow-audit-no-id.patch mvetter@suse.com -- Fix useradd audit event logging of ID field (bsc#1205502) (gh/shadow-maint/shadow#606) -Patch9: shadow-audit-no-id.patch +Patch7: shadow-audit-no-id.patch # PATCH-FIX-UPSTREAM shadow-fix-print-login-timeout.patch mvetter@suse.com -- Fix print full login timeout message (gh/shadow-maint/shadow#621) -Patch10: https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c.patch#/shadow-fix-print-login-timeout.patch +Patch8: shadow-fix-print-login-timeout.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -125,13 +118,11 @@ Development files for libsubid4. %patch3 %patch4 %patch5 -%patch6 -%patch7 %if 0%{?suse_version} < 1330 -%patch8 -p1 +%patch6 -p1 %endif -%patch9 -p1 -%patch10 -p1 +%patch7 -p1 +%patch8 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -162,12 +153,8 @@ autoreconf -fvi # Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389 %make_install -C man install-man -# install useradd.local, userdel.local, ... -install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ -install -m 0755 %{SOURCE4} %{buildroot}/%{_sbindir}/ -install -m 0755 %{SOURCE5} %{buildroot}/%{_sbindir}/ -install -Dm644 %{SOURCE6} %{buildroot}%{_unitdir}/shadow.service -install -Dm644 %{SOURCE7} %{buildroot}%{_unitdir}/shadow.timer +install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service +install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer # add empty /etc/sub{u,g}id files touch %{buildroot}/%{_sysconfdir}/subuid @@ -356,9 +343,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm %attr(0755,root,root) %{_sbindir}/newusers %{_sbindir}/vipw %{_sbindir}/vigr -%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local -%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-pre.local -%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-post.local %{_mandir}/man1/chage.1%{?ext_man} %{_mandir}/man1/chfn.1%{?ext_man} %{_mandir}/man1/chsh.1%{?ext_man} diff --git a/useradd-script.patch b/useradd-script.patch deleted file mode 100644 index 225a157..0000000 --- a/useradd-script.patch +++ /dev/null @@ -1,94 +0,0 @@ ---- - etc/login.defs | 7 +++++++ - lib/getdef.c | 1 + - src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++- - 3 files changed, 48 insertions(+), 1 deletion(-) - -Index: etc/login.defs -=================================================================== ---- etc/login.defs.orig -+++ etc/login.defs -@@ -238,6 +238,13 @@ DEFAULT_HOME yes - NONEXISTENT /nonexistent - - # -+# If defined, this command is run when adding a user. -+# It should rebuild any NIS database etc. to add the -+# new created account. -+# -+USERADD_CMD /usr/sbin/useradd.local -+ -+# - # If defined, this command is run when removing a user. - # It should remove any at/cron/print jobs etc. owned by - # the user to be removed (passed as the first argument). -Index: lib/getdef.c -=================================================================== ---- lib/getdef.c.orig -+++ lib/getdef.c -@@ -127,6 +127,7 @@ static struct itemdef def_table[] = { - {"UID_MAX", NULL}, - {"UID_MIN", NULL}, - {"UMASK", NULL}, -+ {"USERADD_CMD", NULL}, - {"USERDEL_CMD", NULL}, - {"USERDEL_PRECMD", NULL}, - {"USERDEL_POSTCMD", NULL}, -Index: src/useradd.c -=================================================================== ---- src/useradd.c.orig -+++ src/useradd.c -@@ -2426,6 +2426,44 @@ static void check_uid_range(int rflg, ui - - } - /* -+ * call_script - call a script to do some work -+ * -+ * call_script calls a script for additional changes to the -+ * account. -+ */ -+ -+static void call_script (const char *user, const uid_t uid, const gid_t gid, const char *home) -+{ -+ const char *cmd; -+ const char *argv[6]; -+ char *strgid, *struid; -+ int status; -+ -+ cmd = getdef_str ("USERADD_CMD"); -+ if (NULL == cmd) { -+ return; -+ } -+ if (asprintf(&struid, "%lu", (long unsigned)uid) < 0) { -+ (void) fprintf (stderr, _("%s: out of memory\n"), Prog); -+ exit(1); -+ } -+ if (asprintf(&strgid, "%lu", (long unsigned)gid) < 0) { -+ (void) fprintf (stderr, _("%s: out of memory\n"), Prog); -+ exit(1); -+ } -+ argv[0] = cmd; -+ argv[1] = user; -+ argv[2] = struid; -+ argv[3] = strgid; -+ argv[4] = home; -+ argv[5] = (char *)0; -+ (void) run_command (cmd, argv, NULL, &status); -+ free(strgid); -+ free(struid); -+} -+ -+ -+/* - * main - useradd command - */ - int main (int argc, char **argv) -@@ -2720,6 +2758,7 @@ int main (int argc, char **argv) - exit(1); - } - -+ call_script (user_name, user_id, user_gid, user_home); -+ - return E_SUCCESS; - } -- diff --git a/useradd.local b/useradd.local deleted file mode 100644 index ffe1f56..0000000 --- a/useradd.local +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# -# Here you can add your own stuff, that should be done for every user who -# was new created. -# -# When you create a user with useradd, this script will be called -# with the login name as parameter. Optional, UID, GID and the HOME -# directory are added. -# - -case "$1" in - --help|--version) - echo Usage: $0 username [uid gid home] - exit 0 - ;; -esac - -# Check for the required argument. -if [ $# -lt 1 -o $# -gt 4 ]; then - echo Usage: $0 username [uid gid home] - exit 1 -fi - -USER=$1 - -if [ $# -eq 4 ]; then - GID=$3 - HOMEDIR=$4 -else - GID=$(id -g $USER) - HOMEDIR=$(grep -E "^${USER}:" /etc/passwd| cut -d: -f6,6) -fi - -# Update NIS database -# make -C /var/yp - -# Main useradd tool creates this if specified on command line -[ -d $HOMEDIR ] || exit 0 - -# If SELinux is enabled, we have to run restorecon to assign -# appropriate fcontexts to the respective $HOME and files under it -if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then - test -x /sbin/restorecon || exit 2 - - /sbin/restorecon -R $HOMEDIR -fi - -# All done. -exit 0 diff --git a/userdel-post.local b/userdel-post.local deleted file mode 100644 index 7b8478e..0000000 --- a/userdel-post.local +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# -# Here you can add your own stuff, that should be done for every user -# which we deleted. -# -# If you delete a user with userdel, this script will be called -# with the login name as parameter after the account and optional -# home directory was removed from the system. -# - -case "$1" in - --help|--version) - echo Usage: $0 username uid gid home - exit 0 - ;; -esac - -# Check for the required argument. -if [ $# != 1 ]; then - echo Usage: $0 username - exit 1 -fi - -# Rebuild NIS database to remove the account from it. -# make -C /var/yp - -# All done. -exit 0 - diff --git a/userdel-pre.local b/userdel-pre.local deleted file mode 100644 index d47e046..0000000 --- a/userdel-pre.local +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# Here you can add your own stuff, that should be done for every user -# who will be deleted. -# -# When you delete a user with userdel, this script will be called -# with the login name as parameter before any other action is done. -# - -case "$1" in - --help|--version) - echo Usage: $0 username uid gid home - exit 0 - ;; -esac - -# Check for the required argument. -if [ $# != 1 ]; then - echo Usage: $0 username - exit 1 -fi - -# Remove cron jobs -test -x /usr/bin/crontab && /usr/bin/crontab -r -u $1 - -# Stop systemd user jobs, even this requires --force -id=$(id -u $1) -systemctl stop user@${id}.service > /dev/null 2>&1 & - -# All done. -exit 0 - diff --git a/userdel-script.patch b/userdel-script.patch deleted file mode 100644 index 9701747..0000000 --- a/userdel-script.patch +++ /dev/null @@ -1,104 +0,0 @@ -Index: lib/getdef.c -=================================================================== ---- lib/getdef.c.orig -+++ lib/getdef.c -@@ -128,6 +128,8 @@ static struct itemdef def_table[] = { - {"UID_MIN", NULL}, - {"UMASK", NULL}, - {"USERDEL_CMD", NULL}, -+ {"USERDEL_PRECMD", NULL}, -+ {"USERDEL_POSTCMD", NULL}, - {"USERGROUPS_ENAB", NULL}, - #ifndef USE_PAM - PAMDEFS -Index: etc/login.defs -=================================================================== ---- etc/login.defs.orig -+++ etc/login.defs -@@ -242,9 +242,25 @@ NONEXISTENT /nonexistent - # It should remove any at/cron/print jobs etc. owned by - # the user to be removed (passed as the first argument). - # -+# See also USERDEL_PRECMD and USERDEL_POSTCMD below. -+# - #USERDEL_CMD /usr/sbin/userdel_local - - # -+# If defined, this command is run before removing a user. -+# It should remove any at/cron/print jobs etc. owned by -+# the user to be removed. -+# -+USERDEL_PRECMD /usr/sbin/userdel-pre.local -+ -+# -+# If defined, this command is run after removing a user. -+# It should rebuild any NIS database etc. to remove the -+# account from it. -+# -+USERDEL_POSTCMD /usr/sbin/userdel-post.local -+ -+# - # Enable setting of the umask group bits to be the same as owner bits - # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is - # the same as gid, and username is the same as the primary group name. -Index: src/userdel.c -=================================================================== ---- src/userdel.c.orig -+++ src/userdel.c -@@ -108,7 +108,7 @@ static void close_files (void); - static void fail_exit (int); - static void open_files (void); - static void update_user (void); --static void user_cancel (const char *); -+static void call_script (const char *, const char *); - - #ifdef EXTRA_CHECK_HOME_DIR - static bool path_prefix (const char *, const char *); -@@ -751,13 +751,13 @@ static void update_user (void) - * cron, at, or print jobs. - */ - --static void user_cancel (const char *user) -+static void call_script (const char *program, const char *user) - { - const char *cmd; - const char *argv[3]; - int status; - -- cmd = getdef_str ("USERDEL_CMD"); -+ cmd = getdef_str (program); - if (NULL == cmd) { - return; - } -@@ -1203,9 +1203,10 @@ int main (int argc, char **argv) - } - - /* -- * Do the hard stuff - open the files, create the user entries, -- * create the home directory, then close and update the files. -+ * Do the hard stuff - open the files, remove the user entries, -+ * remove the home directory, then close and update the files. - */ -+ call_script ("USERDEL_PRECMD", user_name); - open_files (); - update_user (); - update_groups (); -@@ -1326,7 +1327,7 @@ int main (int argc, char **argv) - * the entry from /etc/passwd. - */ - if (prefix[0] == '\0') -- user_cancel (user_name); -+ call_script ("USERDEL_CMD", user_name); - close_files (); - - if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) { -@@ -1341,6 +1342,9 @@ int main (int argc, char **argv) - nscd_flush_cache ("group"); - sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); - -+ /* Call the post script, for example to rebuild NIS database */ -+ call_script ("USERDEL_POSTCMD", user_name); -+ - return ((0 != errors) ? E_HOMEDIR : E_SUCCESS); - } -