Accepting request 497707 from home:adamm:branches:Base:System

- New upstream version 4.5
- Refreshed patches:
  * shadow-login_defs.patch
  * chkname-regex.patch
  * getdef-new-defs.patch
  * useradd-mkdirs.patch
- Upstreamed patches:
  * shadow-4.1.5.1-manfix.patch
  * shadow-4.1.5.1-errmsg.patch
  * shadow-4.1.5.1-backup-mode.patch
  * shadow-4.1.5.1-audit-owner.patch
  * shadow-4.2.1-defs-chroot.patch
  * shadow-4.2.1-merge-group.patch
  * Fix-user-busy-errors-at-userdel.patch
  * useradd-clear-tallylog.patch
- shadow.keyring: update keyring with current maintainer's keyid
  only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
- disable_new_audit_function.patch:
  Disable newer libaudit functionality for older distributions

OBS-URL: https://build.opensuse.org/request/show/497707
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=32

Fix-user-busy-errors-at-userdel.patch

@@ -1,42 +0,0 @@
-From 546e2ae44955510b06a922647796ec54744f10ce Mon Sep 17 00:00:00 2001
-From: Bastian Blank <bastian.blank@credativ.de>
-Date: Tue, 17 Nov 2015 10:52:24 -0600
-Subject: [PATCH 17/17] Fix user busy errors at userdel
-
-Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- libmisc/user_busy.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
---- libmisc/user_busy.c
-+++ libmisc/user_busy.c
-@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 	if (stat ("/", &sbroot) != 0) {
- 		perror ("stat (\"/\")");
- 		(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+		sub_uid_close();
-+#endif
- 		return 0;
- 	}
- 
-@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 
- 		if (check_status (name, tmp_d_name, uid) != 0) {
- 			(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+			sub_uid_close();
-+#endif
- 			fprintf (stderr,
- 			         _("%s: user %s is currently used by process %d\n"),
- 			         Prog, name, pid);
-@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 				}
- 				if (check_status (name, task_path+6, uid) != 0) {
- 					(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+					sub_uid_close();
-+#endif
- 					fprintf (stderr,
- 					         _("%s: user %s is currently used by process %d\n"),
- 					         Prog, name, pid);

chkname-regex.patch

@@ -1,6 +1,8 @@
---- lib/getdef.c
+Index: lib/getdef.c
+===================================================================
+--- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -51,6 +51,7 @@ struct itemdef {
+@@ -77,6 +77,7 @@ struct itemdef {
  
  #define NUMDEFS	(sizeof(def_table)/sizeof(def_table[0]))
  static struct itemdef def_table[] = {
@@ -8,7 +10,9 @@
  	{"CHFN_RESTRICT", NULL},
  	{"CONSOLE_GROUPS", NULL},
  	{"CONSOLE", NULL},
---- libmisc/chkname.c
+Index: libmisc/chkname.c
+===================================================================
+--- libmisc/chkname.c.orig
 +++ libmisc/chkname.c
 @@ -43,30 +43,57 @@
  #ident "$Id$"
@@ -81,3 +85,4 @@
 +	regfree(&reg);
  	return true;
  }
+ 

disable_new_audit_function.patch

@@ -0,0 +1,28 @@
+Index: shadow-4.5/src/lastlog.c
+===================================================================
+--- shadow-4.5.orig/src/lastlog.c
++++ shadow-4.5/src/lastlog.c
+@@ -221,12 +221,15 @@ static void update_one (/*@null@*/const
+ 		strcpy (ll.ll_host, "localhost");
+ #endif
+ 		strcpy (ll.ll_line, "lastlog");
++/*
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ 			"clearing-lastlog",
+ 			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ #endif
++*/
+ 	}
++/*
+ #ifdef WITH_AUDIT
+ 	else {
+ 		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+@@ -234,6 +237,7 @@ static void update_one (/*@null@*/const
+ 			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ 	}
+ #endif
++*/
+ 
+ 	if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
+ 			fprintf (stderr,

getdef-new-defs.patch

@@ -1,6 +1,8 @@
---- lib/getdef.c
+Index: lib/getdef.c
+===================================================================
+--- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -65,6 +65,7 @@ static struct itemdef def_table[] = {
+@@ -91,6 +91,7 @@ static struct itemdef def_table[] = {
  	{"FAKE_SHELL", NULL},
  	{"GID_MAX", NULL},
  	{"GID_MIN", NULL},
@@ -8,7 +10,7 @@
  	{"HUSHLOGIN_FILE", NULL},
  	{"KILLCHAR", NULL},
  	{"LOGIN_RETRIES", NULL},
-@@ -100,7 +101,10 @@ static struct itemdef def_table[] = {
+@@ -126,7 +127,10 @@ static struct itemdef def_table[] = {
  	{"UID_MAX", NULL},
  	{"UID_MIN", NULL},
  	{"UMASK", NULL},
@@ -18,10 +20,10 @@
 +	{"USERDEL_POSTCMD", NULL},
  	{"USERGROUPS_ENAB", NULL},
  #ifndef USE_PAM
- 	{"CHFN_AUTH", NULL},
-@@ -136,6 +140,10 @@ static struct itemdef def_table[] = {
- 	{"TCB_SYMLINKS", NULL},
- 	{"USE_TCB", NULL},
+ 	PAMDEFS
+@@ -149,6 +153,10 @@ static struct itemdef knowndef_table[] =
+ #ifdef USE_PAM
+ 	PAMDEFS
  #endif
 +	/* Used by /bin/login */
 +	{"MOTD_FILE", NULL},

shadow-4.1.5.1-audit-owner.patch

@@ -1,31 +0,0 @@
---- src/usermod.c
-+++ src/usermod.c
-@@ -1808,6 +1808,14 @@ static void move_home (void)
- 			fail_exit (E_HOMEDIR);
- 		}
- 
-+#ifdef WITH_AUDIT
-+		if (uflg || gflg) {
-+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-+				      "changing home directory owner",
-+				      user_newname, (unsigned int) user_newid, 1);
-+		}
-+#endif
-+
- 		if (rename (user_home, user_newhome) == 0) {
- 			/* FIXME: rename above may have broken symlinks
- 			 *        pointing to the user's home directory
-@@ -2254,6 +2262,13 @@ int main (int argc, char **argv)
- 			 * ownership.
- 			 *
- 			 */
-+#ifdef WITH_AUDIT
-+			if (uflg || gflg) {
-+				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-+					      "changing home directory owner",
-+					      user_newname, (unsigned int) user_newid, 1);
-+			}
-+#endif
- 			if (chown_tree (dflg ? user_newhome : user_home,
- 			                user_id,
- 			                uflg ? user_newid  : (uid_t)-1,

shadow-4.1.5.1-backup-mode.patch

@@ -1,19 +0,0 @@
---- lib/commonio.c
-+++ lib/commonio.c
-@@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
- 	struct utimbuf ub;
- 	FILE *bkfp;
- 	int c;
--	mode_t mask;
- 
- 	if (fstat (fileno (fp), &sb) != 0) {
- 		return -1;
- 	}
- 
--	mask = umask (077);
--	bkfp = fopen (backup, "w");
--	(void) umask (mask);
-+	bkfp = fopen_set_perms (backup, "w", &sb);
- 	if (NULL == bkfp) {
- 		return -1;
- 	}

shadow-4.1.5.1-errmsg.patch

@@ -1,22 +0,0 @@
---- src/useradd.c
-+++ src/useradd.c
-@@ -1896,6 +1896,9 @@ static void create_home (void)
- 	if (access (user_home, F_OK) != 0) {
- #ifdef WITH_SELINUX
- 		if (set_selinux_file_context (user_home) != 0) {
-+		        fprintf (stderr,
-+                                 _("%s: cannot set SELinux context for home directory %s\n"),
-+                                 Prog, user_home);
- 			fail_exit (E_HOMEDIR);
- 		}
- #endif
-@@ -1925,6 +1928,9 @@ static void create_home (void)
- #ifdef WITH_SELINUX
- 		/* Reset SELinux to create files with default contexts */
- 		if (reset_selinux_file_context () != 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot reset SELinux file creation context\n"),
-+			         Prog);
- 			fail_exit (E_HOMEDIR);
- 		}
- #endif

shadow-4.1.5.1-manfix.patch

@@ -1,11 +0,0 @@
---- man/useradd.8.xml
-+++ man/useradd.8.xml
-@@ -351,7 +351,7 @@
-       </varlistentry>
-       <varlistentry>
- 	<term>
--	  <option>-M</option>
-+	  <option>-M</option>, <option>--no-create-home</option>
- 	</term>
- 	<listitem>
- 	  <para>

shadow-4.1.5.1-pam_group.patch

@@ -0,0 +1,50 @@
+Date: Thu Apr  6 16:04:17 CEST 2017
+Bug:  bnc#1031643
+Upstream: https://github.com/shadow-maint/shadow/pull/74
+
+dynamically added users via pam_group are not listed in groups
+databases but are still valid.
+
+
+Index: shadow-4.1.5.1/src/newgrp.c
+===================================================================
+--- shadow-4.1.5.1.orig/src/newgrp.c
++++ shadow-4.1.5.1/src/newgrp.c
+@@ -372,6 +372,7 @@ int main (int argc, char **argv)
+ {
+ 	bool initflag = false;
+ 	int i;
++	bool is_member = false;
+ 	bool cflag = false;
+ 	int err = 0;
+ 	gid_t gid;
+@@ -610,6 +611,18 @@ int main (int argc, char **argv)
+ 		goto failure;
+ 	}
+ 
++#ifdef HAVE_SETGROUPS
++	/* when using pam_group, she will not be listed in the groups
++	 * database. However getgroups() will return the group. So 
++	 * if she is listed there already it is ok to grant membership.
++	 */
++	for (i = 0; i < ngroups; i++) {
++		if (grp->gr_gid == grouplist[i]) {
++			is_member = true;
++			break;
++		}
++	}
++#endif                          /* HAVE_SETGROUPS */
+ 	/*
+ 	 * For splitted groups (due to limitations of NIS), check all 
+ 	 * groups of the same GID like the requested group for
+@@ -638,7 +651,9 @@ int main (int argc, char **argv)
+ 	/*
+ 	 * Check if the user is allowed to access this group.
+ 	 */
+-	check_perms (grp, pwd, group);
++	if (!is_member) {
++		check_perms (grp, pwd, group);
++	}
+ 
+ 	/*
+ 	 * all successful validations pass through this point. The group id

shadow-4.2.1-defs-chroot.patch

@@ -1,23 +0,0 @@
---- src/useradd.c
-+++ src/useradd.c
-@@ -2054,8 +2054,8 @@ int main (int argc, char **argv)
- #endif				/* ACCT_TOOLS_SETUID */
- 
- 	/* Needed for userns check */
--	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
--	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+	uid_t uid_min;
-+	uid_t uid_max;
- 
- 	/*
- 	 * Get my name so that I can use it to report errors.
-@@ -2073,6 +2073,9 @@ int main (int argc, char **argv)
- 	audit_help_open ();
- #endif
- 
-+	uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-+	uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+
- 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
- 	user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
- 	/*

shadow-4.2.1-merge-group.patch

@@ -1,12 +0,0 @@
---- lib/groupio.c
-+++ lib/groupio.c
-@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
- 		errno = ENOMEM;
- 		return NULL;
- 	}
--	snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
--	new_line[new_line_len] = '\0';
-+	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
- 
- 	/* Concatenate the 2 list of members */
- 	for (i=0; NULL != gptr1->gr_mem[i]; i++);

shadow-4.2.1.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41
-size 1594536

shadow-4.2.1.tar.xz.sig

@@ -1,17 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.12 (GNU/Linux)
-
-iQIVAwUAU21C6YcvcCxNbiWoAQIQRxAAl0Z2MtGkjKax2n7GVtexbvlNMK9VI/bo
-N9mdKOwfDEJt0ZUZ5ZP9JOBFPbn87nO/EtufQSVjlMQivuY2n7o4y3kXAQlEy1UA
-oAaD0FUDku5beKS+SJoPZUj4l60giFV8wM+njsz3K+BD/skIr+VpMPxikhMRfVA5
-NPV0tMId03iClDpONfVSOu83BwJoiURG6amJRyq+skzEA4JIIPMkr2Ach65HNBmv
-zwhb1Xyi1IQ75TyAI0qL1NiFNasoosWIndmBYwbsu+F+nn0Tvwn2LZ5Ah6i918Vz
-+eJl2cD9KAyacMlLF/kQ3fd5jDuZ95ep+psxU/CvlENb2HVIVpBrGqi9D1mJvAc1
-zzMt3SJVxt3Qyn5mlF6q6M/Hi3XmwC9otxxUF0DRgb9BlrIvwzdcwXEscrb0Z9T6
-uu7JPadUiubmmmgKpZawc5DEDoDsW8a3l807dfEjQ64mFZZL1Yihzt3apeEd8NbL
-34yBWBI7jAOHeYBocZ2FK4FJeyyLojTic9a5UZrE/8RmzEfJHR2/3Sb4DMG/OKcf
-xvNG3Kp5ku5GCDEjfZgtW+ffI9hnQ/HknGUUMRfDopInBNpmDf6t2qt5eNLvRYzN
-ACQRUS9YpUhGu3tYGcJgmtmHze1t8Y6/QkxEvjV7NbIi6T6h7BJG8XVVbM9WayfJ
-KdnV8qS2bxQ=
-=sUFz
------END PGP SIGNATURE-----

shadow-4.5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fc8c858381ad577a5c25ff5beb6ee60a34f8719c73e4e7c61e74188b4e54b741
+size 1626704

shadow-4.5.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABCgAGBQJZHKsTAAoJEOn+6gaoXj+dIT8H/2UNtVDHrtXk4Z6d5RGZPKvs
+eBOiK03Mk89jtD1YFBLu4kk2tkFP86lylfRdnQisqAovLwsOF36gAoZUK/0X71x3
+AcyYUEno2Go8Sf+Ol432+Tj6FdBG3n/yXzroh7PmxG58PBMV1PBm95RLZ/uVp7hz
+WLtrd8FL4QC4fe0rt00BOb2bW6Bbcx+XiXI6QCvLwtQi2bnJt2DcIYxiqZPni4YT
+FUAClxYB/hHbjChg3EMFn8JZkaf8SLMuiyLGYKNbqLaXu88/El80QYATSuCNH14y
+ywMYEXxKHIiaJ+KnNfjUb3fXHlWyaeWDltguIr0EMfIjF5VrtN4fKxsJy8ZJtMc=
+=G9lG
+-----END PGP SIGNATURE-----

shadow-login_defs.patch

@@ -1,4 +1,6 @@
---- etc/login.defs
+Index: etc/login.defs
+===================================================================
+--- etc/login.defs.orig
 +++ etc/login.defs
 @@ -1,8 +1,5 @@
  #
@@ -333,12 +335,19 @@
  
  #
  # If set to a non-zero number, the shadow utilities will make sure that
-@@ -391,5 +255,40 @@ USERGROUPS_ENAB yes
+@@ -391,10 +255,47 @@ USERGROUPS_ENAB yes
  # This option is overridden with the -M or -m flags on the useradd(8)
  # command-line.
  #
 -#CREATE_HOME     yes
 +CREATE_HOME     no
+ 
+ #
+ # Force use shadow, even if shadow passwd & shadow group files are
+ # missing.
+ #
+-#FORCE_SHADOW    yes
++FORCE_SHADOW    no
 +
 +#
 +# User/group names must match the following regex expression.
@@ -347,7 +356,7 @@
 +#
 +#CHARACTER_CLASS                [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
 +CHARACTER_CLASS         [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
- 
++
 +#
 +# If defined, this command is run when adding a group.
 +# It should rebuild any NIS database etc. to add the
@@ -375,3 +384,4 @@
 +# account from it.
 +#
 +USERDEL_POSTCMD         /usr/sbin/userdel-post.local
++

shadow.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Mon May 22 13:31:25 UTC 2017 - adam.majer@suse.de
+
+- New upstream version 4.5
+- Refreshed patches:
+  * shadow-login_defs.patch
+  * chkname-regex.patch
+  * getdef-new-defs.patch
+  * useradd-mkdirs.patch
+- Upstreamed patches:
+  * shadow-4.1.5.1-manfix.patch
+  * shadow-4.1.5.1-errmsg.patch
+  * shadow-4.1.5.1-backup-mode.patch
+  * shadow-4.1.5.1-audit-owner.patch
+  * shadow-4.2.1-defs-chroot.patch
+  * shadow-4.2.1-merge-group.patch
+  * Fix-user-busy-errors-at-userdel.patch
+  * useradd-clear-tallylog.patch
+- shadow.keyring: update keyring with current maintainer's keyid
+  only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
+- disable_new_audit_function.patch:
+  Disable newer libaudit functionality for older distributions
+
 -------------------------------------------------------------------
 Mon Feb 20 07:28:24 UTC 2017 - josef.moellers@suse.com
 

shadow.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,11 +20,11 @@ Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause and GPL-2.0+
 Group:          System/Base
 Name:           shadow
-Version:        4.2.1
+Version:        4.5
 Release:        0
-Url:            http://pkg-shadow.alioth.debian.org/
-Source:         http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
-Source42:       http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
+Url:            https://github.com/shadow-maint/shadow
+Source:         https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
+Source42:       https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
 Source43:       %name.keyring
 Source1:        pamd.tar.bz2
 Source2:        README.changes-pwdutils
@@ -39,26 +39,21 @@ Patch2:         useradd-script.patch
 Patch3:         chkname-regex.patch
 Patch4:         useradd-default.patch
 Patch5:         getdef-new-defs.patch
-Patch6:         shadow-4.1.5.1-manfix.patch
+Patch6:         shadow-4.1.5.1-userdel-helpfix.patch
 Patch7:         shadow-4.1.5.1-logmsg.patch
-Patch8:         shadow-4.1.5.1-errmsg.patch
-Patch9:         shadow-4.1.5.1-backup-mode.patch
 Patch10:        encryption_method_nis.patch
 Patch11:        useradd-mkdirs.patch
-Patch12:        shadow-4.1.5.1-audit-owner.patch
-Patch13:        shadow-4.1.5.1-userdel-helpfix.patch
-Patch14:        shadow-4.2.1-defs-chroot.patch
-Patch15:        shadow-4.2.1-merge-group.patch
-Patch16:        Fix-user-busy-errors-at-userdel.patch
-Patch17:        useradd-clear-tallylog.patch
+Patch18:        shadow-4.1.5.1-pam_group.patch
+Patch20:        disable_new_audit_function.patch
 
 Requires:       aaa_base
-BuildRequires:  audit-devel
+BuildRequires:  audit-devel > 2.3
 BuildRequires:  libacl-devel
 BuildRequires:  libattr-devel
 BuildRequires:  libselinux-devel
 BuildRequires:  libsemanage-devel
 BuildRequires:  pam-devel
+BuildRequires:  xz
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         permissions
 Provides:       pwdutils = 3.2.20
@@ -79,16 +74,12 @@ group accounts.
 %patch5 -p0
 %patch6 -p0
 %patch7 -p0
-%patch8 -p0
-%patch9 -p0
 %patch10 -p0
 %patch11 -p0
-%patch12 -p0
-%patch13 -p0
-%patch14 -p0
-%patch15 -p0
-%patch16 -p0
-%patch17 -p1
+%patch18 -p1
+%if 0%{?suse_version} < 1330
+%patch20 -p1
+%endif
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO

useradd-clear-tallylog.patch

@@ -1,91 +0,0 @@
-Index: shadow-4.2.1/src/useradd.c
-===================================================================
---- shadow-4.2.1.orig/src/useradd.c
-+++ shadow-4.2.1/src/useradd.c
-@@ -51,7 +51,9 @@
- #include <string.h>
- #include <sys/stat.h>
- #include <sys/types.h>
-+#include <sys/wait.h>
- #include <time.h>
-+#include <unistd.h>
- #include "chkname.h"
- #include "defines.h"
- #include "faillog.h"
-@@ -213,6 +215,7 @@ static void open_files (void);
- static void open_shadow (void);
- static void faillog_reset (uid_t);
- static void lastlog_reset (uid_t);
-+static void tallylog_reset (char *);
- static void usr_update (void);
- static void create_home (void);
- static void create_mail (void);
-@@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid)
- 	}
- }
- 
-+static void tallylog_reset (char *user_name)
-+{
-+	static const char pam_tally2[] = "/sbin/pam_tally2";
-+	const char *pname;
-+	pid_t childpid;
-+	int failed;
-+	int status;
-+
-+	if (access(pam_tally2, X_OK) == -1)
-+		return;
-+
-+	failed = 0;
-+	switch (childpid = fork())
-+	{
-+	case -1: /* error */
-+		failed = 1;
-+		break;
-+	case 0: /* child */
-+		pname = strrchr(pam_tally2, '/');
-+		if (pname == NULL)
-+			pname = pam_tally2;
-+		else
-+			pname++;        /* Skip the '/' */
-+		execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL);
-+		/* If we come here, something has gone terribly wrong */
-+		perror(pam_tally2);
-+		exit(42);	/* don't continue, we now have 2 processe running! */
-+		/* NOTREACHED */
-+		break;
-+	default: /* parent */
-+		if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
-+			failed = 3;
-+		break;
-+	}
-+
-+	if (failed)
-+	{
-+		fprintf (stderr,
-+		         _("%s: failed to reset the tallylog entry of user \"%s\"\n"),
-+		         Prog, user_name);
-+		SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name));
-+	}
-+
-+	return;
-+}
-+
- /*
-  * usr_update - create the user entries
-  *
-@@ -2286,6 +2335,15 @@ int main (int argc, char **argv)
- 
- 	close_files ();
- 
-+	/*
-+	 * tallylog_reset needs to be able to lookup
-+	 * a valid existing user name,
-+	 * so we canot call it before close_files()
-+	 */
-+	if ((!lflg) && (getpwuid (user_id) != NULL)) {
-+		tallylog_reset (user_name);
-+	}
-+
- #ifdef WITH_SELINUX
- 	if (Zflg) {
- 		if (set_seuser (user_name, user_selinux) != 0) {

useradd-mkdirs.patch

@@ -1,6 +1,8 @@
---- src/useradd.c
+Index: src/useradd.c
+===================================================================
+--- src/useradd.c.orig
 +++ src/useradd.c
-@@ -1894,6 +1894,13 @@ static void usr_update (void)
+@@ -1943,6 +1943,13 @@ static void usr_update (void)
  static void create_home (void)
  {
  	if (access (user_home, F_OK) != 0) {
@@ -13,8 +15,8 @@
 +
  #ifdef WITH_SELINUX
  		if (set_selinux_file_context (user_home) != 0) {
- 		        fprintf (stderr,
-@@ -1902,19 +1909,42 @@ static void create_home (void)
+ 			fprintf (stderr,
+@@ -1951,19 +1958,42 @@ static void create_home (void)
  			fail_exit (E_HOMEDIR);
  		}
  #endif