Accepting request 1066319 from Base:System
- Update shadow-fix-print-login-timeout.patch - Reorder source files and patches - Remove scripts that claim to be config but are in /usr (boo#1191578) * userdel-script.patch * useradd-script.patch * useradd.local * userdel-post.local * userdel-pre.local OBS-URL: https://build.opensuse.org/request/show/1066319 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=55
This commit is contained in:
commit
2fe7ade94a
@ -10,7 +10,7 @@ Calling exit from new handler provides enough time to display full message.
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/login.c b/src/login.c
|
||||
index 116e2cb3..c55f4de0 100644
|
||||
index 116e2cb36..c55f4de0a 100644
|
||||
--- a/src/login.c
|
||||
+++ b/src/login.c
|
||||
@@ -120,6 +120,7 @@ static void get_pam_user (char **ptr_pam_user);
|
||||
|
@ -1,3 +1,19 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 16 11:31:33 UTC 2023 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Update shadow-fix-print-login-timeout.patch
|
||||
- Reorder source files and patches
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Feb 15 10:49:33 UTC 2023 - Ludwig Nussel <lnussel@suse.de>
|
||||
|
||||
- Remove scripts that claim to be config but are in /usr (boo#1191578)
|
||||
* userdel-script.patch
|
||||
* useradd-script.patch
|
||||
* useradd.local
|
||||
* userdel-post.local
|
||||
* userdel-pre.local
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 13 08:21:46 UTC 2023 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
|
54
shadow.spec
54
shadow.spec
@ -28,39 +28,32 @@ Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||
Group: System/Base
|
||||
URL: https://github.com/shadow-maint/shadow
|
||||
Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source1: pamd.tar.bz2
|
||||
Source3: useradd.local
|
||||
Source4: userdel-pre.local
|
||||
Source5: userdel-post.local
|
||||
Source6: shadow.service
|
||||
Source7: shadow.timer
|
||||
Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source43: %{name}.keyring
|
||||
Source2: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source3: %{name}.keyring
|
||||
Source4: shadow.service
|
||||
Source5: shadow.timer
|
||||
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
|
||||
Source44: shadow-login_defs-check.sh
|
||||
Source40: shadow-login_defs-check.sh
|
||||
# PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch kukuk@suse.com -- Remove variables that have no use with PAM.
|
||||
Patch0: shadow-login_defs-unused-by-pam.patch
|
||||
# PATCH-FEATURE-SUSE userdel-script.patch kukuk@suse.com -- Add support for USERDEL_PRECMD and USERDEL_POSTCMD.
|
||||
Patch1: userdel-script.patch
|
||||
# PATCH-FEATURE-SUSE useradd-script.patch kukuk@suse.com -- Add support for USERADD_CMD.
|
||||
Patch2: useradd-script.patch
|
||||
# PATCH-FEATURE-SUSE useradd-default.patch kukuk@suse.com -- Change useradd defaults group to 1000.
|
||||
Patch3: useradd-default.patch
|
||||
Patch1: useradd-default.patch
|
||||
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
|
||||
Patch4: shadow-util-linux.patch
|
||||
Patch2: shadow-util-linux.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
|
||||
Patch5: shadow-login_defs-comments.patch
|
||||
Patch3: shadow-login_defs-comments.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
|
||||
Patch6: shadow-login_defs-suse.patch
|
||||
Patch4: shadow-login_defs-suse.patch
|
||||
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321) (gh/shadow-maint/shadow#591)
|
||||
Patch7: useradd-userkeleton.patch
|
||||
Patch5: useradd-userkeleton.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch8: disable_new_audit_function.patch
|
||||
Patch6: disable_new_audit_function.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-audit-no-id.patch mvetter@suse.com -- Fix useradd audit event logging of ID field (bsc#1205502) (gh/shadow-maint/shadow#606)
|
||||
Patch9: shadow-audit-no-id.patch
|
||||
Patch7: shadow-audit-no-id.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-fix-print-login-timeout.patch mvetter@suse.com -- Fix print full login timeout message (gh/shadow-maint/shadow#621)
|
||||
Patch10: https://github.com/shadow-maint/shadow/commit/670cae834827a8f794e6f7464fa57790d911b63c.patch#/shadow-fix-print-login-timeout.patch
|
||||
Patch8: shadow-fix-print-login-timeout.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -125,13 +118,11 @@ Development files for libsubid4.
|
||||
%patch3
|
||||
%patch4
|
||||
%patch5
|
||||
%patch6
|
||||
%patch7
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch8 -p1
|
||||
%patch6 -p1
|
||||
%endif
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -162,12 +153,8 @@ autoreconf -fvi
|
||||
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
|
||||
%make_install -C man install-man
|
||||
|
||||
# install useradd.local, userdel.local, ...
|
||||
install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/
|
||||
install -m 0755 %{SOURCE4} %{buildroot}/%{_sbindir}/
|
||||
install -m 0755 %{SOURCE5} %{buildroot}/%{_sbindir}/
|
||||
install -Dm644 %{SOURCE6} %{buildroot}%{_unitdir}/shadow.service
|
||||
install -Dm644 %{SOURCE7} %{buildroot}%{_unitdir}/shadow.timer
|
||||
install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service
|
||||
install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
|
||||
|
||||
# add empty /etc/sub{u,g}id files
|
||||
touch %{buildroot}/%{_sysconfdir}/subuid
|
||||
@ -356,9 +343,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
|
||||
%attr(0755,root,root) %{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-pre.local
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-post.local
|
||||
%{_mandir}/man1/chage.1%{?ext_man}
|
||||
%{_mandir}/man1/chfn.1%{?ext_man}
|
||||
%{_mandir}/man1/chsh.1%{?ext_man}
|
||||
|
@ -1,94 +0,0 @@
|
||||
---
|
||||
etc/login.defs | 7 +++++++
|
||||
lib/getdef.c | 1 +
|
||||
src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++-
|
||||
3 files changed, 48 insertions(+), 1 deletion(-)
|
||||
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -238,6 +238,13 @@ DEFAULT_HOME yes
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
#
|
||||
+# If defined, this command is run when adding a user.
|
||||
+# It should rebuild any NIS database etc. to add the
|
||||
+# new created account.
|
||||
+#
|
||||
+USERADD_CMD /usr/sbin/useradd.local
|
||||
+
|
||||
+#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -127,6 +127,7 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MAX", NULL},
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
+ {"USERADD_CMD", NULL},
|
||||
{"USERDEL_CMD", NULL},
|
||||
{"USERDEL_PRECMD", NULL},
|
||||
{"USERDEL_POSTCMD", NULL},
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -2426,6 +2426,44 @@ static void check_uid_range(int rflg, ui
|
||||
|
||||
}
|
||||
/*
|
||||
+ * call_script - call a script to do some work
|
||||
+ *
|
||||
+ * call_script calls a script for additional changes to the
|
||||
+ * account.
|
||||
+ */
|
||||
+
|
||||
+static void call_script (const char *user, const uid_t uid, const gid_t gid, const char *home)
|
||||
+{
|
||||
+ const char *cmd;
|
||||
+ const char *argv[6];
|
||||
+ char *strgid, *struid;
|
||||
+ int status;
|
||||
+
|
||||
+ cmd = getdef_str ("USERADD_CMD");
|
||||
+ if (NULL == cmd) {
|
||||
+ return;
|
||||
+ }
|
||||
+ if (asprintf(&struid, "%lu", (long unsigned)uid) < 0) {
|
||||
+ (void) fprintf (stderr, _("%s: out of memory\n"), Prog);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (asprintf(&strgid, "%lu", (long unsigned)gid) < 0) {
|
||||
+ (void) fprintf (stderr, _("%s: out of memory\n"), Prog);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ argv[0] = cmd;
|
||||
+ argv[1] = user;
|
||||
+ argv[2] = struid;
|
||||
+ argv[3] = strgid;
|
||||
+ argv[4] = home;
|
||||
+ argv[5] = (char *)0;
|
||||
+ (void) run_command (cmd, argv, NULL, &status);
|
||||
+ free(strgid);
|
||||
+ free(struid);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* main - useradd command
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
@@ -2720,6 +2758,7 @@ int main (int argc, char **argv)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
+ call_script (user_name, user_id, user_gid, user_home);
|
||||
+
|
||||
return E_SUCCESS;
|
||||
}
|
||||
-
|
@ -1,49 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user who
|
||||
# was new created.
|
||||
#
|
||||
# When you create a user with useradd, this script will be called
|
||||
# with the login name as parameter. Optional, UID, GID and the HOME
|
||||
# directory are added.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username [uid gid home]
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# -lt 1 -o $# -gt 4 ]; then
|
||||
echo Usage: $0 username [uid gid home]
|
||||
exit 1
|
||||
fi
|
||||
|
||||
USER=$1
|
||||
|
||||
if [ $# -eq 4 ]; then
|
||||
GID=$3
|
||||
HOMEDIR=$4
|
||||
else
|
||||
GID=$(id -g $USER)
|
||||
HOMEDIR=$(grep -E "^${USER}:" /etc/passwd| cut -d: -f6,6)
|
||||
fi
|
||||
|
||||
# Update NIS database
|
||||
# make -C /var/yp
|
||||
|
||||
# Main useradd tool creates this if specified on command line
|
||||
[ -d $HOMEDIR ] || exit 0
|
||||
|
||||
# If SELinux is enabled, we have to run restorecon to assign
|
||||
# appropriate fcontexts to the respective $HOME and files under it
|
||||
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
|
||||
test -x /sbin/restorecon || exit 2
|
||||
|
||||
/sbin/restorecon -R $HOMEDIR
|
||||
fi
|
||||
|
||||
# All done.
|
||||
exit 0
|
@ -1,29 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user
|
||||
# which we deleted.
|
||||
#
|
||||
# If you delete a user with userdel, this script will be called
|
||||
# with the login name as parameter after the account and optional
|
||||
# home directory was removed from the system.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username uid gid home
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# != 1 ]; then
|
||||
echo Usage: $0 username
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Rebuild NIS database to remove the account from it.
|
||||
# make -C /var/yp
|
||||
|
||||
# All done.
|
||||
exit 0
|
||||
|
@ -1,32 +0,0 @@
|
||||
#!/bin/sh
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user
|
||||
# who will be deleted.
|
||||
#
|
||||
# When you delete a user with userdel, this script will be called
|
||||
# with the login name as parameter before any other action is done.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username uid gid home
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# != 1 ]; then
|
||||
echo Usage: $0 username
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Remove cron jobs
|
||||
test -x /usr/bin/crontab && /usr/bin/crontab -r -u $1
|
||||
|
||||
# Stop systemd user jobs, even this requires --force
|
||||
id=$(id -u $1)
|
||||
systemctl stop user@${id}.service > /dev/null 2>&1 &
|
||||
|
||||
# All done.
|
||||
exit 0
|
||||
|
@ -1,104 +0,0 @@
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -128,6 +128,8 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
{"USERDEL_CMD", NULL},
|
||||
+ {"USERDEL_PRECMD", NULL},
|
||||
+ {"USERDEL_POSTCMD", NULL},
|
||||
{"USERGROUPS_ENAB", NULL},
|
||||
#ifndef USE_PAM
|
||||
PAMDEFS
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -242,9 +242,25 @@ NONEXISTENT /nonexistent
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
+# See also USERDEL_PRECMD and USERDEL_POSTCMD below.
|
||||
+#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
+# If defined, this command is run before removing a user.
|
||||
+# It should remove any at/cron/print jobs etc. owned by
|
||||
+# the user to be removed.
|
||||
+#
|
||||
+USERDEL_PRECMD /usr/sbin/userdel-pre.local
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run after removing a user.
|
||||
+# It should rebuild any NIS database etc. to remove the
|
||||
+# account from it.
|
||||
+#
|
||||
+USERDEL_POSTCMD /usr/sbin/userdel-post.local
|
||||
+
|
||||
+#
|
||||
# Enable setting of the umask group bits to be the same as owner bits
|
||||
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
|
||||
# the same as gid, and username is the same as the primary group name.
|
||||
Index: src/userdel.c
|
||||
===================================================================
|
||||
--- src/userdel.c.orig
|
||||
+++ src/userdel.c
|
||||
@@ -108,7 +108,7 @@ static void close_files (void);
|
||||
static void fail_exit (int);
|
||||
static void open_files (void);
|
||||
static void update_user (void);
|
||||
-static void user_cancel (const char *);
|
||||
+static void call_script (const char *, const char *);
|
||||
|
||||
#ifdef EXTRA_CHECK_HOME_DIR
|
||||
static bool path_prefix (const char *, const char *);
|
||||
@@ -751,13 +751,13 @@ static void update_user (void)
|
||||
* cron, at, or print jobs.
|
||||
*/
|
||||
|
||||
-static void user_cancel (const char *user)
|
||||
+static void call_script (const char *program, const char *user)
|
||||
{
|
||||
const char *cmd;
|
||||
const char *argv[3];
|
||||
int status;
|
||||
|
||||
- cmd = getdef_str ("USERDEL_CMD");
|
||||
+ cmd = getdef_str (program);
|
||||
if (NULL == cmd) {
|
||||
return;
|
||||
}
|
||||
@@ -1203,9 +1203,10 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
/*
|
||||
- * Do the hard stuff - open the files, create the user entries,
|
||||
- * create the home directory, then close and update the files.
|
||||
+ * Do the hard stuff - open the files, remove the user entries,
|
||||
+ * remove the home directory, then close and update the files.
|
||||
*/
|
||||
+ call_script ("USERDEL_PRECMD", user_name);
|
||||
open_files ();
|
||||
update_user ();
|
||||
update_groups ();
|
||||
@@ -1326,7 +1327,7 @@ int main (int argc, char **argv)
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
if (prefix[0] == '\0')
|
||||
- user_cancel (user_name);
|
||||
+ call_script ("USERDEL_CMD", user_name);
|
||||
close_files ();
|
||||
|
||||
if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) {
|
||||
@@ -1341,6 +1342,9 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
+ /* Call the post script, for example to rebuild NIS database */
|
||||
+ call_script ("USERDEL_POSTCMD", user_name);
|
||||
+
|
||||
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user