Accepting request 920286 from Base:System

- bsc#1190146: Fix empty subid range
  Add shadow-4.9-useradd-subuid.patch
  https://github.com/shadow-maint/shadow/pull/399

- bsc#1190145: Fix double free in gpasswd:
  Add shadow-4.9-sgent-free.patch upstreamed as
  https://github.com/shadow-maint/shadow/pull/417

- Fix shadow-login_defs-check.sh:
  In the last update we switched from calling make to %make_build
  macro. Using sed to adapt the spec file now.

- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
  use already shadow

- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
  be compatible with other Linux distros and the other tools
  creating user accounts in use on openSUSE. Set HOME_MODE to 700
  for security reasons and compatibility. [bsc#1189139] [bsc#1182850]

- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes

OBS-URL: https://build.opensuse.org/request/show/920286
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=44
This commit is contained in:
Dominique Leuenberger 2021-09-22 20:12:46 +00:00 committed by Git OBS Bridge
commit 7f56492672
24 changed files with 557 additions and 232 deletions

View File

@ -1,62 +0,0 @@
This file lists changes between pwdutils used in the past and
the shadow utils used now.
General changes:
================
- No support to modify LDAP accounts anymore (-D and --service option)
- No -P/--path option
- /etc/default/passwd was removed. The configure options are
partly available in /etc/login.defs.
/etc/login.defs:
----------------
SYSTEM_UID_MIN/SYSTEM_UID_MAX were renamed to SYS_UID_MIN/SYS_UID_MAX
SYSTEM_GID_MIN/SYSTEM_GID_MAX were renamed to SYS_GID_MIN/SYS_GID_MAX
chfn
----
-m/--other has changed to -o/--other
-o/--office has changed to -r/--room.
-p/--phone has changed to -w/--work-phone
chpasswd
--------
-c blowfish is now longer supported, instead SHA256 and SHA512 were added.
chsh
----
-l/--list-shells was removed.
gpasswd
-------
-l/-u option are missing
groupadd
--------
/usr/sbin/groupadd.local is missing
--preferred-gid was removed
groupmod
--------
-A/--add-user was removed
-R/--remove-user was removed
passwd
------
-f was dropped (use chfn instead)
-g was dropped (use gpasswd instead)
-s was dropped (use chsh instead)
useradd
-------
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
-U/--umask was removed, -U has now another meaning
--preferred-uid was removed
userdel
-------
-r/--remove-home was renamed to -r/--remove
usermod
-------
-e/--expire has changed to -e/--expiredate (incompatible arguments!)

View File

@ -2,23 +2,25 @@ Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
# missing.
@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes
#
#FORCE_SHADOW yes
+
+#
+# User/group names must match the following regex expression.
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
+# but be aware that the result could depend on the locale settings.
+#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
#
# Allow newuidmap and newgidmap when running under an alternative
# primary group.
Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -80,6 +80,7 @@ struct itemdef {
@@ -91,6 +91,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {

123
libsubid-build-fix.patch Normal file
View File

@ -0,0 +1,123 @@
Fix build fails for libsubid (libtool: error: cannot find name of link library for '../libsubid/libsubid.la').
Consisting of following upstream commits:
* f4a84efb468b8be21be124700ce35159c444e9d6
* 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1
* fa986b1d73605ecca54a4f19249227aeab827bf6
Index: shadow-4.9/configure.ac
===================================================================
--- shadow-4.9.orig/configure.ac
+++ shadow-4.9/configure.ac
@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
fi
+AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
+
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
if test "$with_bcrypt" = "yes"; then
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
Index: shadow-4.9/lib/Makefile.am
===================================================================
--- shadow-4.9.orig/lib/Makefile.am
+++ shadow-4.9/lib/Makefile.am
@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
endif
+libshadow_la_CPPFLAGS += -I$(top_srcdir)
+
libshadow_la_SOURCES = \
commonio.c \
commonio.h \
Index: shadow-4.9/libmisc/Makefile.am
===================================================================
--- shadow-4.9.orig/libmisc/Makefile.am
+++ shadow-4.9/libmisc/Makefile.am
@@ -1,7 +1,7 @@
EXTRA_DIST = .indent.pro xgetXXbyYY.c
-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
noinst_LTLIBRARIES = libmisc.la
Index: shadow-4.9/libsubid/Makefile.am
===================================================================
--- shadow-4.9.orig/libsubid/Makefile.am
+++ shadow-4.9/libsubid/Makefile.am
@@ -1,6 +1,8 @@
lib_LTLIBRARIES = libsubid.la
+if ENABLE_SHARED
libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
-shared -version-info @LIBSUBID_ABI_MAJOR@
+endif
libsubid_la_SOURCES = api.c
pkginclude_HEADERS = subid.h
@@ -16,11 +18,12 @@ MISCLIBS = \
$(LIBCRYPT) \
$(LIBACL) \
$(LIBATTR) \
- $(LIBTCB)
+ $(LIBTCB) \
+ $(LIBPAM)
libsubid_la_LIBADD = \
- $(top_srcdir)/lib/libshadow.la \
- $(top_srcdir)/libmisc/libmisc.la \
+ $(top_builddir)/lib/libshadow.la \
+ $(top_builddir)/libmisc/libmisc.la \
$(MISCLIBS) -ldl
AM_CPPFLAGS = \
Index: shadow-4.9/src/Makefile.am
===================================================================
--- shadow-4.9.orig/src/Makefile.am
+++ shadow-4.9/src/Makefile.am
@@ -10,6 +10,7 @@ sgidperms = 2755
AM_CPPFLAGS = \
-I${top_srcdir}/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-DLOCALEDIR=\"$(datadir)/locale\"
# XXX why are login and su in /bin anyway (other than for
@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
list_subid_ranges_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
get_subid_owners_LDADD = \
@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
get_subid_owners_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
new_subid_range_LDADD = \
@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
free_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
-I$(top_srcdir)/libmisc \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libsubid
free_subid_range_LDADD = \
@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
check_subid_range_CPPFLAGS = \
-I$(top_srcdir)/lib \
+ -I$(top_srcdir) \
-I$(top_srcdir)/libmisc
check_subid_range_LDADD = \

View File

@ -1,11 +0,0 @@
--- src/useradd.c
+++ src/useradd.c
@@ -320,7 +320,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
exit (code);
}

View File

@ -1,14 +0,0 @@
--- src/userdel.c
+++ src/userdel.c
@@ -143,8 +143,9 @@ static void usage (int status)
"\n"
"Options:\n"),
Prog);
- (void) fputs (_(" -f, --force force removal of files,\n"
- " even if not owned by user\n"),
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
+ " e.g. removal of user still logged in\n"
+ " or files, even if not owned by the user\n"),
usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
size 1611196

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl4qDlEACgkQ6f7qBqhe
P51Lfwf/b2gxtqo9WRUTOhau4kCy+zDbg3S/K7ZD/20I2t205FNCOyV+cR4Q/PRA
+hBLFsA/WAVqZm0/3re09VDV0eaBpI7hgNF0JFODawIixKdLVff9mbfbLdgzy2Dl
IvbNrUVDJV1wSlEJLIeUpUT4ClFaiExM/XaCvHSUUbRsJ5cutH2wt0neNC8mJHMu
srXoCp8lb4fT+BDgRKoGA6RMvnJSkExBbhrRqaARWWCGnS++5oJiD7UwPAOu9Imb
LtouVitkrjrpQncnQN+zCaKwyTGw/xlQyl0z86DXWbvhnTwUeeWZbyfRAglIsSkk
DRpWh2m7ejcvf1pGt66UBuMNr0yb1w==
=8I3q
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,23 @@
Index: shadow-4.9/src/gpasswd.c
===================================================================
--- shadow-4.9.orig/src/gpasswd.c
+++ shadow-4.9/src/gpasswd.c
@@ -1207,11 +1207,13 @@ int main (int argc, char **argv)
sssd_flush_cache (SSSD_DB_GROUP);
#ifdef SHADOWGRP
- if (sgent.sg_adm) {
- xfree(sgent.sg_adm);
- }
- if (sgent.sg_mem) {
- xfree(sgent.sg_mem);
+ if(is_shadowgrp) {
+ if (sgent.sg_adm) {
+ xfree(sgent.sg_adm);
+ }
+ if (sgent.sg_mem) {
+ xfree(sgent.sg_mem);
+ }
}
#endif
if (grent.gr_mem) {

View File

@ -0,0 +1,94 @@
This patch contains:
https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249#diff-9a7a2bfccabec64213bd054801b9efca8ad55636afbc49e0107714c0f8ffabbe
and
https://github.com/shadow-maint/shadow/commit/049b08481acc2040e2079ae06e64d0bb36326528#
Index: shadow-4.9/src/useradd.c
===================================================================
--- shadow-4.9.orig/src/useradd.c
+++ shadow-4.9/src/useradd.c
@@ -146,9 +146,7 @@ static bool is_sub_gid = false;
static bool sub_uid_locked = false;
static bool sub_gid_locked = false;
static uid_t sub_uid_start; /* New subordinate uid range */
-static unsigned long sub_uid_count;
static gid_t sub_gid_start; /* New subordinate gid range */
-static unsigned long sub_gid_count;
#endif /* ENABLE_SUBIDS */
static bool pw_locked = false;
static bool gr_locked = false;
@@ -239,7 +237,7 @@ static void open_shadow (void);
static void faillog_reset (uid_t);
static void lastlog_reset (uid_t);
static void tallylog_reset (const char *);
-static void usr_update (void);
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
static void create_home (void);
static void create_mail (void);
static void check_uid_range(int rflg, uid_t user_id);
@@ -2118,7 +2116,7 @@ static void tallylog_reset (const char *
* usr_update() creates the password file entries for this user
* and will update the group entries if required.
*/
-static void usr_update (void)
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
{
struct passwd pwent;
struct spwd spent;
@@ -2181,14 +2179,14 @@ static void usr_update (void)
}
#ifdef ENABLE_SUBIDS
if (is_sub_uid &&
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
fail_exit (E_SUB_UID_UPDATE);
}
if (is_sub_gid &&
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
fprintf (stderr,
_("%s: failed to prepare the new %s entry\n"),
Prog, sub_uid_dbname ());
@@ -2484,9 +2482,9 @@ int main (int argc, char **argv)
#ifdef ENABLE_SUBIDS
uid_t uid_min;
uid_t uid_max;
+#endif
unsigned long subuid_count;
unsigned long subgid_count;
-#endif
/*
* Get my name so that I can use it to report errors.
@@ -2688,16 +2686,16 @@ int main (int argc, char **argv)
}
#ifdef ENABLE_SUBIDS
- if (is_sub_uid && sub_uid_count != 0) {
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
+ if (is_sub_uid && subuid_count != 0) {
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate user IDs\n"),
Prog);
fail_exit(E_SUB_UID_UPDATE);
}
}
- if (is_sub_gid && sub_gid_count != 0) {
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
+ if (is_sub_gid && subgid_count != 0) {
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
fprintf (stderr,
_("%s: can't create subordinate group IDs\n"),
Prog);
@@ -2706,7 +2704,7 @@ int main (int argc, char **argv)
}
#endif /* ENABLE_SUBIDS */
- usr_update ();
+ usr_update (subuid_count, subgid_count);
if (mflg) {
create_home ();

3
shadow-4.9.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:feec1f2ce9c1b62798afd35a7d1b04cefdfa3a0a30ff3e75d6965ba8978c9144
size 1627008

11
shadow-4.9.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAmD5+dkACgkQ6f7qBqhe
P53Qywf/ShkcKvecTDRIrKUNJUTIlP8iywZ1NXypfdDKG/J63awMAGrKMZwOkLUS
AnImsvyoW3+XDIhdkeJd1Kv+8JDEt3oJ0ifHjfpXl4FzOervb1ZKtRPUcoJzzpnJ
Szt/7f3Sd0VfbItgf5F6jgMi7iDA/ZIqJTXeI0kEfVVL7DT681jVRjpnoURlrEq1
6SmIyAul50VmZjLXq1xJ35uktr7VclnaRu17acax95e+oekP4sdNMaV5E5DSeq2N
db7kKCu80+lPvtQpj22vOO2w15ActH6f5Ec3P7OG8jL125q3yZNebVoh8FKxmFsh
PssfXu0TL50qH/p7qNEeihDLpwoI7g==
=6MLu
-----END PGP SIGNATURE-----

14
shadow-fix-sigabrt.patch Normal file
View File

@ -0,0 +1,14 @@
Upstream commit 4624e9fca1b02b64e25e8b2280a0186182ab73ba
To fix SIGABRT: https://github.com/shadow-maint/shadow/issues/394
Index: shadow-4.9/src/useradd.c
===================================================================
--- shadow-4.9.orig/src/useradd.c
+++ shadow-4.9/src/useradd.c
@@ -420,7 +420,6 @@ static void get_defaults (void)
} else {
def_group = grp->gr_gid;
def_gname = xstrdup (grp->gr_name);
- gr_free(grp);
}
}

View File

@ -0,0 +1,17 @@
Include libeconf to newuidmap and newgidmap
Upstream commit: c6847011e8b656adacd9a0d2a78418cad0de34cb
Index: shadow-4.9/src/Makefile.am
===================================================================
--- shadow-4.9.orig/src/Makefile.am
+++ shadow-4.9/src/Makefile.am
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
endif
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)

View File

@ -66,13 +66,7 @@ if ! test -f shadow-login_defs-check-build/stamp ; then
# In case of shadow, variables extraction is more complicated. The list
# depends on configure options, so we have to perform a fake build and
# extract variables from prepreocessed sources.
patch <<EOF
--- shadow.spec
+++ shadow.spec
@@ -133,1 +133,1 @@
-make %{?_smp_mflags} V=1
+make %{?_smp_mflags} V=1 -k CPPFLAGS="-E"
EOF
sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
fi
osc build "$@" || :

View File

@ -14,7 +14,7 @@ Index: etc/login.defs
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -62,8 +65,8 @@ CONSOLE /etc/securetty
@@ -52,8 +55,8 @@ CONSOLE /etc/securetty
# If defined, ":" delimited list of "message of the day" files to
# be displayed upon login.
#
@ -25,7 +25,7 @@ Index: etc/login.defs
#
# If set to "yes", login stops display content specified by MOTD_FILE after
@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd
@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd
# user's name or shell are found in the file. If not a full pathname, then
# hushed mode will be enabled if the file exists in the user's home directory.
#
@ -36,7 +36,7 @@ Index: etc/login.defs
# If this variable is set to "yes", hostname will be suppressed in the
# login: prompt.
@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin
@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
# (and falback for login).
#
@ -49,7 +49,7 @@ Index: etc/login.defs
# If this variable is set to "yes" (default is "no"), su will always set
# path. every su call will overwrite the PATH variable.
@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
# The recommended value is "yes". The default "no" behavior could have
# a security implication in applications that use commands without path.
#
@ -58,7 +58,7 @@ Index: etc/login.defs
#
# Terminal permissions
@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no
@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no
# set TTYPERM to either 622 or 600.
#
TTYGROUP tty
@ -67,7 +67,16 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -167,8 +169,8 @@ PASS_WARN_AGE 7
@@ -125,7 +128,7 @@
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
-#HOME_MODE 0700
+HOME_MODE 0700
#
# Password aging controls:
@@ -157,8 +160,8 @@ PASS_WARN_AGE 7
UID_MIN 1000
UID_MAX 60000
# System accounts
@ -78,7 +87,7 @@ Index: etc/login.defs
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536
@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536
GID_MIN 1000
GID_MAX 60000
# System accounts
@ -89,7 +98,7 @@ Index: etc/login.defs
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536
@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536
#
# Max number of login(1) retries if password is bad
#
@ -98,7 +107,7 @@ Index: etc/login.defs
#
# Max time in seconds for login(1)
@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60
@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
@ -119,7 +128,7 @@ Index: etc/login.defs
#
# If set to MD5, MD5-based algorithm will be used for encrypting password
@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh
@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration.
#
@ -128,7 +137,7 @@ Index: etc/login.defs
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde
@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde
#
# This also enables userdel(8) to remove user groups if no members exist.
#
@ -137,19 +146,13 @@ Index: etc/login.defs
#
# If set to a non-zero number, the shadow utilities will make sure that
@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes
@@ -344,7 +338,7 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd(8)
# command-line.
#
-#CREATE_HOME yes
+CREATE_HOME no
+CREATE_HOME yes
#
# Force use shadow, even if shadow passwd & shadow group files are
# missing.
#
-#FORCE_SHADOW yes
+FORCE_SHADOW no
#
# User/group names must match the following regex expression.

View File

@ -149,7 +149,7 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -206,28 +120,13 @@ UMASK 022
@@ -211,28 +125,13 @@ UMASK 022
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
@ -178,7 +178,7 @@ Index: etc/login.defs
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN 1000
@@ -264,28 +163,6 @@ LOGIN_RETRIES 5
@@ -269,28 +168,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60
#
@ -207,7 +207,7 @@ Index: etc/login.defs
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
@@ -294,13 +171,6 @@ CHFN_AUTH yes
@@ -299,13 +176,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh
#
@ -221,8 +221,8 @@ Index: etc/login.defs
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh
#BCRYPT_MAX_ROUNDS 13
@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh
#YESCRYPT_COST_FACTOR 5
#
-# List of groups to add to the user's supplementary group set
@ -239,7 +239,8 @@ Index: etc/login.defs
# Should login be allowed if we can't cd to the home directory?
# Default is no.
#
DEFAULT_HOME yes
@@ -407,12 +266,6 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent
#
-# If this file exists and is readable, login environment will be

View File

@ -0,0 +1,21 @@
Upstream commit: adb83f779618674e5e96e27e3d48559d62e2c410
To fix: https://github.com/shadow-maint/shadow/pull/398
Index: shadow-4.9/src/passwd.c
===================================================================
--- shadow-4.9.orig/src/passwd.c
+++ shadow-4.9/src/passwd.c
@@ -490,9 +490,12 @@ static void print_status (const struct p
((long long)sp->sp_max * SCALE) / DAY,
((long long)sp->sp_warn * SCALE) / DAY,
((long long)sp->sp_inact * SCALE) / DAY);
- } else {
+ } else if (NULL != pw->pw_passwd) {
(void) printf ("%s %s\n",
- pw->pw_name, pw_status (pw->pw_passwd));
+ pw->pw_name, pw_status (pw->pw_passwd));
+ } else {
+ (void) fprintf(stderr, _("%s: malformed password data obtained for user %s\n"),
+ Prog, pw->pw_name);
}
}

View File

@ -113,7 +113,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -66,6 +66,7 @@ struct itemdef {
@@ -67,6 +67,7 @@ struct itemdef {
{"LOGIN_STRING", NULL}, \
{"MAIL_CHECK_ENAB", NULL}, \
{"MOTD_FILE", NULL}, \
@ -121,7 +121,7 @@ Index: lib/getdef.c
{"NOLOGINS_FILE", NULL}, \
{"OBSCURE_CHECKS_ENAB", NULL}, \
{"PASS_ALWAYS_WARN", NULL}, \
@@ -80,6 +81,7 @@ struct itemdef {
@@ -91,6 +92,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
@ -129,7 +129,7 @@ Index: lib/getdef.c
{"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
@@ -88,6 +90,7 @@ static struct itemdef def_table[] = {
@@ -99,6 +101,7 @@ static struct itemdef def_table[] = {
{"DEFAULT_HOME", NULL},
{"ENCRYPT_METHOD", NULL},
{"ENV_PATH", NULL},
@ -137,7 +137,7 @@ Index: lib/getdef.c
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -99,6 +102,7 @@ static struct itemdef def_table[] = {
@@ -110,6 +113,7 @@ static struct itemdef def_table[] = {
{"KILLCHAR", NULL},
{"LASTLOG_UID_MAX", NULL},
{"LOGIN_RETRIES", NULL},

View File

@ -1,3 +1,86 @@
-------------------------------------------------------------------
Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com>
- bsc#1190146: Fix empty subid range
Add shadow-4.9-useradd-subuid.patch
https://github.com/shadow-maint/shadow/pull/399
-------------------------------------------------------------------
Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <mvetter@suse.com>
- bsc#1190145: Fix double free in gpasswd:
Add shadow-4.9-sgent-free.patch upstreamed as
https://github.com/shadow-maint/shadow/pull/417
-------------------------------------------------------------------
Tue Sep 7 15:08:19 UTC 2021 - Michael Vetter <mvetter@suse.com>
- Fix shadow-login_defs-check.sh:
In the last update we switched from calling make to %make_build
macro. Using sed to adapt the spec file now.
-------------------------------------------------------------------
Wed Aug 18 15:17:52 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
use already shadow
-------------------------------------------------------------------
Wed Aug 18 14:59:15 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
-------------------------------------------------------------------
Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <mvetter@suse.com>
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file.
change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch
- Remove because upstreamed:
* shadow-4.1.5.1-userdel-helpfix.patch
* shadow-4.1.5.1-logmsg.patch
- Add libsubid-build-fix.patch:
See https://github.com/shadow-maint/shadow/issues/387
- Add shadow-libeconf-include.patch:
See c6847011e8b656adacd9a0d2a78418cad0de34cb
- Add shadow-fix-sigabrt.patch:
See https://github.com/shadow-maint/shadow/issues/394
- Add shadow-passwd-handle-null.patch [bsc#1188307]:
See https://github.com/shadow-maint/shadow/pull/398
- Remove %{_sysconfdir}/default/useradd: file not shipped anymore
- Remove --disable-shared: Dont need it anymore
See https://github.com/shadow-maint/shadow/issues/336
-------------------------------------------------------------------
Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>

View File

@ -21,23 +21,21 @@
%else
%define no_config 1
%endif
Name: shadow
Version: 4.8.1
Version: 4.9
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
Group: System/Base
URL: https://github.com/shadow-maint/shadow
Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
Source1: pamd.tar.bz2
Source2: README.changes-pwdutils
Source3: useradd.local
Source4: userdel-pre.local
Source5: userdel-post.local
Source6: shadow.service
Source7: shadow.timer
Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
Source43: %{name}.keyring
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
Source44: shadow-login_defs-check.sh
@ -53,40 +51,48 @@ Patch3: chkname-regex.patch
Patch4: useradd-default.patch
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
Patch5: shadow-util-linux.patch
# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brauner@mailbox.org -- Give a hint about what happens when you force the removal of a user.
Patch6: shadow-4.1.5.1-userdel-helpfix.patch
# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message.
Patch7: shadow-4.1.5.1-logmsg.patch
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
Patch13: shadow-login_defs-comments.patch
Patch6: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
Patch7: shadow-login_defs-suse.patch
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
Patch15: useradd-userkeleton.patch
Patch8: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
Patch9: disable_new_audit_function.patch
# PATCH-FIX-UPSTREAM libsubid-build-fix.patch mvetter@suse.de -- Fix build with libsubid (f4a84e, 537b8c, fa986b)
Patch10: libsubid-build-fix.patch
# PATCH-FIX-UPSTREAM shadow-libeconf-include.patch mvetter@suse.de -- Include libeconf to new*idmap (c68470)
Patch11: shadow-libeconf-include.patch
# PATCH-FIX-UPSTREAM shadow-fix-sigabrt.patch mvetter@suse.de -- Fix SIGABRT https://github.com/shadow-maint/shadow/issues/394
Patch12: shadow-fix-sigabrt.patch
# PATCH-FIX-UPSTREAM shadow-passwd-handle-null.patch mvetter@suse.de -- Fix passwd NULL handling https://github.com/shadow-maint/shadow/pull/398
Patch13: shadow-passwd-handle-null.patch
# PATCH-FIX-UPSTREAM shadow-4.9-sgent-free.patch mvetter@suse.de -- Fix double free (boo#1190145)
Patch14: shadow-4.9-sgent-free.patch
# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146)
Patch15: shadow-4.9-useradd-subuid.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libacl-devel
BuildRequires: libattr-devel
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel
%endif
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
BuildRequires: libtool
BuildRequires: pam-devel
BuildRequires: xz
Requires: login_defs >= %{version}
Requires(pre): group(root)
Requires(pre): group(shadow)
Requires(pre): permissions
Requires(pre): user(root)
Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19
Requires: login_defs >= %{version}
Provides: useradd_or_adduser_dep
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel
%endif
%description
This package includes the necessary programs for converting plain
@ -94,21 +100,36 @@ password files to the shadow password format and to manage user and
group accounts.
%package -n login_defs
Summary: login.defs configuration file
Group: System/Base
BuildArch: noarch
Summary: The login.defs configuration file
# Virtual provides for supported variables in login.defs.
# It prevents references to unknown variables.
# Upgrade them only if shadow-util-linux.patch or
# encryption_method_nis.patch has to be ported!
# Call shadow-login_defs-check.sh before!
Group: System/Base
Provides: login_defs-support-for-pam = 1.3.1
Provides: login_defs-support-for-util-linux = 2.36
BuildArch: noarch
%description -n login_defs
This package contains the default login.defs configuration file
as used by util-linux, pam and shadow.
%package -n libsubid3
Summary: A library to manage subordinate uid and gid ranges
Group: System/Base
%description -n libsubid3
Utility library that provides a way to manage subid ranges.
%package -n libsubid-devel
Summary: Development files for libsubid3
Group: System/Base
Requires: libsubid3 = %{version}
%description -n libsubid-devel
Development files for libsubid3.
%prep
%setup -q -a 1
%patch0
@ -119,12 +140,16 @@ as used by util-linux, pam and shadow.
%patch5
%patch6
%patch7
%patch13
%patch14
%patch15
%patch8
%if 0%{?suse_version} < 1330
%patch20 -p1
%patch9 -p1
%endif
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
@ -145,14 +170,15 @@ autoreconf -fvi
--with-nscd \
--with-selinux \
--without-libcrack \
--disable-shared \
--with-group-name-max-length=32 \
--enable-vendordir=%{_distconfdir}
make %{?_smp_mflags} V=1
%make_build
# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
%install
cp %{SOURCE2} .
%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
%make_install -C man install-man
# install useradd.local, userdel.local, ...
install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/
@ -221,6 +247,8 @@ rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
rm -rf %{buildroot}%{_mandir}/{??,??_??}
rm %{buildroot}/%{_libdir}/libsubid.la
# Move /etc to /usr/etc
if [ ! -d %{buildroot}%{_distconfdir} ]; then
mkdir -p %{buildroot}%{_distconfdir}
@ -233,11 +261,11 @@ fi
%pre
%service_add_pre shadow.service shadow.timer
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%pre -n login_defs
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
%post
%set_permissions %{_bindir}/chage
@ -273,7 +301,7 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%if %{defined no_config}
# Migration to /usr/etc
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
@ -281,12 +309,14 @@ done
# rpmsave file can be created by
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
# - Migration to /usr/etc (after SLE15 and Leap 15)
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
%post -n libsubid3 -p /sbin/ldconfig
%postun -n libsubid3 -p /sbin/ldconfig
%files -f shadow.lang
%license COPYING
%doc NEWS doc/HOWTO README README.changes-pwdutils
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
%doc NEWS doc/HOWTO README
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
%if %{defined no_config}
@ -308,7 +338,6 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%config %{_sysconfdir}/pam.d/chfn
%config %{_sysconfdir}/pam.d/chsh
%config %{_sysconfdir}/pam.d/passwd
%config %{_sysconfdir}/pam.d/useradd
%config %{_sysconfdir}/pam.d/chpasswd
%config %{_sysconfdir}/pam.d/groupadd
%config %{_sysconfdir}/pam.d/groupdel
@ -380,11 +409,19 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
%files -n login_defs
%if %{defined no_config}
%dir /etc/login.defs.d
%dir %{_sysconfdir}/login.defs.d
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%{_mandir}/man5/login.defs.5%{?ext_man}
%files -n libsubid3
%{_libdir}/libsubid.so.*
%files -n libsubid-devel
%dir %{_includedir}/shadow
%{_includedir}/shadow/subid.h
%{_libdir}/libsubid.so
%changelog

View File

@ -1,9 +1,13 @@
--- etc/useradd
+++ etc/useradd
@@ -1,5 +1,5 @@
# useradd defaults file
-GROUP=1000
+GROUP=100
HOME=/home
INACTIVE=-1
EXPIRE=
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -101,7 +101,7 @@ FILE *shadow_logfd = NULL;
/*
* These defaults are used if there is no defaults file.
*/
-static gid_t def_group = 1000;
+static gid_t def_group = 100;
static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "/bin/bash";

View File

@ -4,10 +4,12 @@
src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++-
3 files changed, 48 insertions(+), 1 deletion(-)
--- etc/login.defs
+++ etc/login.defs 2020-10-30 12:54:38.117849829 +0000
@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes
Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -266,6 +266,13 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent
#
+# If defined, this command is run when adding a user.
@ -20,9 +22,11 @@
# If defined, this command is run when removing a user.
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
--- lib/getdef.c
+++ lib/getdef.c 2020-10-30 12:54:38.117849829 +0000
@@ -134,6 +134,7 @@ static struct itemdef def_table[] = {
Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -149,6 +149,7 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL},
{"UID_MIN", NULL},
{"UMASK", NULL},
@ -30,11 +34,13 @@
{"USERDEL_CMD", NULL},
{"USERDEL_PRECMD", NULL},
{"USERDEL_POSTCMD", NULL},
--- src/useradd.c
+++ src/useradd.c 2020-10-30 13:08:17.378336989 +0000
@@ -2238,6 +2238,44 @@ static void create_mail (void)
}
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -2398,6 +2398,44 @@ static void check_uid_range(int rflg, ui
}
/*
+ * call_script - call a script to do some work
+ *
@ -77,7 +83,7 @@
* main - useradd command
*/
int main (int argc, char **argv)
@@ -2514,6 +2552,7 @@ int main (int argc, char **argv)
@@ -2691,6 +2729,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);

View File

@ -5,21 +5,11 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321)
src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
Index: etc/useradd
===================================================================
--- etc/useradd.orig
+++ etc/useradd
@@ -5,4 +5,5 @@ INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
+USRSKEL=/usr/etc/skel
CREATE_MAIL_SPOOL=yes
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -78,6 +78,9 @@
@@ -82,6 +82,9 @@
#ifndef SKEL_DIR
#define SKEL_DIR "/etc/skel"
#endif
@ -29,15 +19,15 @@ Index: src/useradd.c
#ifndef USER_DEFAULTS_FILE
#define USER_DEFAULTS_FILE "/etc/default/useradd"
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
@@ -101,6 +104,7 @@ static const char *def_gname = "other";
@@ -106,6 +109,7 @@ static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "";
static const char *def_shell = "/bin/bash";
static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
static const char *def_create_mail_spool = "no";
static const char *def_create_mail_spool = "yes";
static long def_inactive = -1;
@@ -202,6 +206,7 @@ static bool home_added = false;
@@ -208,6 +212,7 @@ static bool home_added = false;
#define DINACT "INACTIVE="
#define DEXPIRE "EXPIRE="
#define DSKEL "SKEL="
@ -45,7 +35,7 @@ Index: src/useradd.c
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
/* local function prototypes */
@@ -469,6 +474,29 @@ static void get_defaults (void)
@@ -481,6 +486,29 @@ static void get_defaults (void)
}
/*
@ -75,7 +65,7 @@ Index: src/useradd.c
* Create by default user mail spool or not ?
*/
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
@@ -500,6 +528,7 @@ static void show_defaults (void)
@@ -512,6 +540,7 @@ static void show_defaults (void)
printf ("EXPIRE=%s\n", def_expire);
printf ("SHELL=%s\n", def_shell);
printf ("SKEL=%s\n", def_template);
@ -83,7 +73,7 @@ Index: src/useradd.c
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
}
@@ -526,6 +555,7 @@ static int set_defaults (void)
@@ -538,6 +567,7 @@ static int set_defaults (void)
bool out_expire = false;
bool out_shell = false;
bool out_skel = false;
@ -91,7 +81,7 @@ Index: src/useradd.c
bool out_create_mail_spool = false;
size_t len;
int ret = -1;
@@ -620,6 +650,9 @@ static int set_defaults (void)
@@ -632,6 +662,9 @@ static int set_defaults (void)
} else if (!out_skel && MATCH (buf, DSKEL)) {
fprintf (ofp, DSKEL "%s\n", def_template);
out_skel = true;
@ -101,7 +91,7 @@ Index: src/useradd.c
} else if (!out_create_mail_spool
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
fprintf (ofp,
@@ -649,6 +682,8 @@ static int set_defaults (void)
@@ -661,6 +694,8 @@ static int set_defaults (void)
fprintf (ofp, DSHELL "%s\n", def_shell);
if (!out_skel)
fprintf (ofp, DSKEL "%s\n", def_template);
@ -110,7 +100,7 @@ Index: src/useradd.c
if (!out_create_mail_spool)
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
@@ -2679,6 +2714,8 @@ int main (int argc, char **argv)
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);

View File

@ -2,7 +2,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
@@ -150,6 +150,8 @@ static struct itemdef def_table[] = {
{"UID_MIN", NULL},
{"UMASK", NULL},
{"USERDEL_CMD", NULL},
@ -15,7 +15,7 @@ Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -216,9 +216,25 @@ DEFAULT_HOME yes
@@ -270,9 +270,25 @@ NONEXISTENT /nonexistent
# It should remove any at/cron/print jobs etc. owned by
# the user to be removed (passed as the first argument).
#
@ -45,7 +45,7 @@ Index: src/userdel.c
===================================================================
--- src/userdel.c.orig
+++ src/userdel.c
@@ -126,7 +126,7 @@ static void close_files (void);
@@ -131,7 +131,7 @@ static void close_files (void);
static void fail_exit (int);
static void open_files (void);
static void update_user (void);
@ -54,7 +54,7 @@ Index: src/userdel.c
#ifdef EXTRA_CHECK_HOME_DIR
static bool path_prefix (const char *, const char *);
@@ -768,13 +768,13 @@ static void update_user (void)
@@ -774,13 +774,13 @@ static void update_user (void)
* cron, at, or print jobs.
*/
@ -70,7 +70,7 @@ Index: src/userdel.c
if (NULL == cmd) {
return;
}
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
@@ -1225,9 +1225,10 @@ int main (int argc, char **argv)
}
/*
@ -83,7 +83,7 @@ Index: src/userdel.c
open_files ();
update_user ();
update_groups ();
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
@@ -1348,7 +1349,7 @@ int main (int argc, char **argv)
* the entry from /etc/passwd.
*/
if(prefix[0] == '\0')
@ -91,8 +91,8 @@ Index: src/userdel.c
+ call_script ("USERDEL_CMD", user_name);
close_files ();
#ifdef WITH_TCB
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) {
@@ -1363,6 +1364,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);