Accepting request 400383 from Base:System

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/400383
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=14
This commit is contained in:
Dominique Leuenberger 2016-07-03 10:18:20 +00:00 committed by Git OBS Bridge
commit 974d43b11f
22 changed files with 376 additions and 205 deletions

View File

@ -0,0 +1,42 @@
From 546e2ae44955510b06a922647796ec54744f10ce Mon Sep 17 00:00:00 2001
From: Bastian Blank <bastian.blank@credativ.de>
Date: Tue, 17 Nov 2015 10:52:24 -0600
Subject: [PATCH 17/17] Fix user busy errors at userdel
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
libmisc/user_busy.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- libmisc/user_busy.c
+++ libmisc/user_busy.c
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (stat ("/", &sbroot) != 0) {
perror ("stat (\"/\")");
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
return 0;
}
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (check_status (name, tmp_d_name, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
}
if (check_status (name, task_path+6, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);

View File

@ -1,91 +0,0 @@
--- lib/getdef.c
+++ lib/getdef.c 2012/09/26 14:14:15
@@ -51,6 +51,7 @@
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
--- libmisc/chkname.c
+++ libmisc/chkname.c 2012/09/27 12:32:18
@@ -43,31 +43,55 @@
#ident "$Id: chkname.c 2828 2009-04-28 19:14:05Z nekral-guest $"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
- return false;
- }
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result)
+ {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
- }
+ return false;
+ }
+
+ if (regexec (&reg, name, 0, NULL, 0) != 0)
+ return false;
- return true;
+ return true;
}
bool is_valid_user_name (const char *name)
@@ -96,4 +120,3 @@
return is_valid_name (name);
}
-

83
chkname-regex.patch Normal file
View File

@ -0,0 +1,83 @@
--- lib/getdef.c
+++ lib/getdef.c
@@ -51,6 +51,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
--- libmisc/chkname.c
+++ libmisc/chkname.c
@@ -43,30 +43,57 @@
#ident "$Id$"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result) {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
+
+ regfree(&reg);
return false;
}
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
+ if (regexec (&reg, name, 0, NULL, 0) != 0) {
+ regfree(&reg);
+ return false;
}
+ regfree(&reg);
return true;
}

View File

@ -1,6 +1,6 @@
--- lib/getdef.c --- lib/getdef.c
+++ lib/getdef.c 2013/11/12 13:44:01 +++ lib/getdef.c
@@ -57,6 +57,7 @@ @@ -58,6 +58,7 @@ static struct itemdef def_table[] = {
{"CREATE_HOME", NULL}, {"CREATE_HOME", NULL},
{"DEFAULT_HOME", NULL}, {"DEFAULT_HOME", NULL},
{"ENCRYPT_METHOD", NULL}, {"ENCRYPT_METHOD", NULL},

View File

@ -1,6 +1,6 @@
--- lib/getdef.c --- lib/getdef.c
+++ lib/getdef.c 2012/11/13 16:26:34 +++ lib/getdef.c
@@ -64,6 +64,7 @@ @@ -65,6 +65,7 @@ static struct itemdef def_table[] = {
{"FAKE_SHELL", NULL}, {"FAKE_SHELL", NULL},
{"GID_MAX", NULL}, {"GID_MAX", NULL},
{"GID_MIN", NULL}, {"GID_MIN", NULL},
@ -8,7 +8,7 @@
{"HUSHLOGIN_FILE", NULL}, {"HUSHLOGIN_FILE", NULL},
{"KILLCHAR", NULL}, {"KILLCHAR", NULL},
{"LOGIN_RETRIES", NULL}, {"LOGIN_RETRIES", NULL},
@@ -93,7 +94,10 @@ @@ -100,7 +101,10 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL}, {"UID_MAX", NULL},
{"UID_MIN", NULL}, {"UID_MIN", NULL},
{"UMASK", NULL}, {"UMASK", NULL},
@ -19,7 +19,7 @@
{"USERGROUPS_ENAB", NULL}, {"USERGROUPS_ENAB", NULL},
#ifndef USE_PAM #ifndef USE_PAM
{"CHFN_AUTH", NULL}, {"CHFN_AUTH", NULL},
@@ -129,6 +133,10 @@ @@ -136,6 +140,10 @@ static struct itemdef def_table[] = {
{"TCB_SYMLINKS", NULL}, {"TCB_SYMLINKS", NULL},
{"USE_TCB", NULL}, {"USE_TCB", NULL},
#endif #endif

View File

@ -0,0 +1,31 @@
--- src/usermod.c
+++ src/usermod.c
@@ -1808,6 +1808,14 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
+
if (rename (user_home, user_newhome) == 0) {
/* FIXME: rename above may have broken symlinks
* pointing to the user's home directory
@@ -2254,6 +2262,13 @@ int main (int argc, char **argv)
* ownership.
*
*/
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
if (chown_tree (dflg ? user_newhome : user_home,
user_id,
uflg ? user_newid : (uid_t)-1,

View File

@ -1,7 +1,6 @@
diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c --- lib/commonio.c
--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200 +++ lib/commonio.c
+++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200 @@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
@@ -301,15 +301,12 @@ static int create_backup (const char *ba
struct utimbuf ub; struct utimbuf ub;
FILE *bkfp; FILE *bkfp;
int c; int c;

View File

@ -1,6 +1,6 @@
--- src/useradd.c --- src/useradd.c
+++ src/useradd.c 2013/09/17 12:30:31 +++ src/useradd.c
@@ -1759,6 +1759,9 @@ @@ -1896,6 +1896,9 @@ static void create_home (void)
if (access (user_home, F_OK) != 0) { if (access (user_home, F_OK) != 0) {
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
if (set_selinux_file_context (user_home) != 0) { if (set_selinux_file_context (user_home) != 0) {
@ -10,7 +10,7 @@
fail_exit (E_HOMEDIR); fail_exit (E_HOMEDIR);
} }
#endif #endif
@@ -1788,6 +1791,9 @@ @@ -1925,6 +1928,9 @@ static void create_home (void)
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
/* Reset SELinux to create files with default contexts */ /* Reset SELinux to create files with default contexts */
if (reset_selinux_file_context () != 0) { if (reset_selinux_file_context () != 0) {

View File

@ -1,7 +1,6 @@
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c --- src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100 +++ src/useradd.c
+++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100 @@ -320,7 +320,7 @@ static void fail_exit (int code)
@@ -275,7 +275,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID, user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE); SHADOW_AUDIT_FAILURE);
#endif #endif

View File

@ -1,16 +1,6 @@
diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml --- man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-06-14 15:25:44.000000000 +0200 +++ man/useradd.8.xml
+++ shadow-4.1.5.1/man/useradd.8.xml 2013-07-19 07:33:53.768619759 +0200 @@ -351,7 +351,7 @@
@@ -161,7 +161,7 @@
</varlistentry>
<varlistentry>
<term>
- <option>-d</option>, <option>--home</option>
+ <option>-d</option>, <option>--home-dir</option>
<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
@@ -362,7 +362,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term> <term>

View File

@ -0,0 +1,14 @@
--- src/userdel.c
+++ src/userdel.c
@@ -143,8 +143,9 @@ static void usage (int status)
"\n"
"Options:\n"),
Prog);
- (void) fputs (_(" -f, --force force removal of files,\n"
- " even if not owned by user\n"),
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
+ " e.g. removal of user still logged in\n"
+ " or files, even if not owned by the user\n"),
usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb
size 2193325

View File

@ -0,0 +1,23 @@
--- src/useradd.c
+++ src/useradd.c
@@ -2054,8 +2054,8 @@ int main (int argc, char **argv)
#endif /* ACCT_TOOLS_SETUID */
/* Needed for userns check */
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ uid_t uid_min;
+ uid_t uid_max;
/*
* Get my name so that I can use it to report errors.
@@ -2073,6 +2073,9 @@ int main (int argc, char **argv)
audit_help_open ();
#endif
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
/*

View File

@ -0,0 +1,12 @@
--- lib/groupio.c
+++ lib/groupio.c
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
errno = ENOMEM;
return NULL;
}
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
- new_line[new_line_len] = '\0';
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
/* Concatenate the 2 list of members */
for (i=0; NULL != gptr1->gr_mem[i]; i++);

3
shadow-4.2.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41
size 1594536

View File

@ -1,31 +1,31 @@
--- etc/login.defs --- etc/login.defs
+++ etc/login.defs 2013/02/05 12:16:54 +++ etc/login.defs
@@ -1,8 +1,6 @@ @@ -1,8 +1,5 @@
# #
# /etc/login.defs - Configuration control definitions for the shadow package. # /etc/login.defs - Configuration control definitions for the shadow package.
# -#
-# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $ -# $Id$
-# -#
# #
# Delay in seconds before being allowed another attempt after a login failure # Delay in seconds before being allowed another attempt after a login failure
@@ -12,11 +10,6 @@ @@ -12,11 +9,6 @@
FAIL_DELAY 3 FAIL_DELAY 3
# #
-# Enable logging and display of /var/log/faillog login failure info. -# Enable logging and display of /var/log/faillog login(1) failure info.
-# -#
-FAILLOG_ENAB yes -FAILLOG_ENAB yes
- -
-# -#
# Enable display of unknown usernames when login failures are recorded. # Enable display of unknown usernames when login(1) failures are recorded.
# #
LOG_UNKFAIL_ENAB no LOG_UNKFAIL_ENAB no
@@ -27,34 +20,6 @@ @@ -27,34 +19,6 @@ LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no LOG_OK_LOGINS no
# #
-# Enable logging and display of /var/log/lastlog login time info. -# Enable logging and display of /var/log/lastlog login(1) time info.
-# -#
-LASTLOG_ENAB yes -LASTLOG_ENAB yes
- -
@ -48,45 +48,45 @@
-PORTTIME_CHECKS_ENAB yes -PORTTIME_CHECKS_ENAB yes
- -
-# -#
-# Enable setting of ulimit, umask, and niceness from passwd gecos field. -# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
-# -#
-QUOTAS_ENAB yes -QUOTAS_ENAB yes
- -
-# -#
# Enable "syslog" logging of su activity - in addition to sulog file logging. # Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg. # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
# #
@@ -82,75 +47,31 @@ @@ -82,75 +46,31 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
# #
-# If defined, this file will be output before each login prompt. -# If defined, this file will be output before each login(1) prompt.
-# -#
-#ISSUE_FILE /etc/issue -#ISSUE_FILE /etc/issue
- -
-# -#
# If defined, file which maps tty line to TERM environment parameter. # If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01". # Each line of the file is in a format similar to "vt100 tty01".
# #
#TTYTYPE_FILE /etc/ttytype #TTYTYPE_FILE /etc/ttytype
# #
-# If defined, login failures will be logged here in a utmp format. -# If defined, login(1) failures will be logged here in a utmp format.
-# last, when invoked as lastb, will read /var/log/btmp, so... -# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
-# -#
-FTMP_FILE /var/log/btmp -FTMP_FILE /var/log/btmp
- -
-# -#
-# If defined, name of file whose presence which will inhibit non-root -# If defined, name of file whose presence will inhibit non-root
-# logins. The contents of this file should be a message indicating -# logins. The content of this file should be a message indicating
-# why logins are inhibited. -# why logins are inhibited.
-# -#
-NOLOGINS_FILE /etc/nologin -NOLOGINS_FILE /etc/nologin
- -
-# -#
-# If defined, the command name to display when running "su -". For -# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the -# example, if this is defined as "su" then ps(1) will display the
-# command is "-su". If not defined, then "ps" would display the -# command as "-su". If not defined, then ps(1) will display the
-# name of the shell actually being run, e.g. something like "-sh". -# name of the shell actually being run, e.g. something like "-sh".
-# -#
-SU_NAME su -SU_NAME su
@ -122,7 +122,7 @@
-ENV_HZ HZ=100 -ENV_HZ HZ=100
-# For Linux/Alpha... -# For Linux/Alpha...
-#ENV_HZ HZ=1024 -#ENV_HZ HZ=1024
+#HUSHLOGIN_FILE .hushlogin +# HUSHLOGIN_FILE .hushlogin
+HUSHLOGIN_FILE /etc/hushlogins +HUSHLOGIN_FILE /etc/hushlogins
# #
@ -140,8 +140,8 @@
# #
# Terminal permissions # Terminal permissions
@@ -164,24 +85,20 @@ @@ -164,24 +84,20 @@ ENV_PATH PATH=/bin:/usr/bin
# TTYPERM to either 622 or 600. # set TTYPERM to either 622 or 600.
# #
TTYGROUP tty TTYGROUP tty
-TTYPERM 0600 -TTYPERM 0600
@ -164,9 +164,9 @@
KILLCHAR 025 KILLCHAR 025
-#ULIMIT 2097152 -#ULIMIT 2097152
# Default initial "umask" value used by login on non-PAM enabled systems. # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask on PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -197,49 +114,44 @@ @@ -197,35 +113,25 @@ UMASK 022
# #
# PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_DAYS Minimum number of days allowed between password changes.
@ -187,12 +187,12 @@
-SU_WHEEL_ONLY no -SU_WHEEL_ONLY no
- -
-# -#
-# If compiled with cracklib support, where are the dictionaries -# If compiled with cracklib support, sets the path to the dictionaries
-# -#
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict -CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
- -
-# -#
# Min/max values for automatic uid selection in useradd # Min/max values for automatic uid selection in useradd(8)
# #
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for +# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts. +# UIDs for dynamically allocated administrative and system accounts.
@ -206,9 +206,12 @@
-SYS_UID_MAX 999 -SYS_UID_MAX 999
+SYS_UID_MIN 100 +SYS_UID_MIN 100
+SYS_UID_MAX 499 +SYS_UID_MAX 499
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
@@ -234,11 +140,16 @@ SUB_UID_COUNT 65536
# #
# Min/max values for automatic gid selection in groupadd # Min/max values for automatic gid selection in groupadd(8)
# #
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for +# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups. +# GIDs for dynamically allocated administrative and system groups.
@ -222,16 +225,19 @@
-SYS_GID_MAX 999 -SYS_GID_MAX 999
+SYS_GID_MIN 100 +SYS_GID_MIN 100
+SYS_GID_MAX 499 +SYS_GID_MAX 499
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
@@ -247,7 +158,7 @@ SUB_GID_COUNT 65536
# #
# Max number of login retries if password is bad # Max number of login(1) retries if password is bad
# #
-LOGIN_RETRIES 5 -LOGIN_RETRIES 5
+LOGIN_RETRIES 3 +LOGIN_RETRIES 3
# #
# Max time in seconds for login # Max time in seconds for login(1)
@@ -247,28 +159,6 @@ @@ -255,28 +166,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60 LOGIN_TIMEOUT 60
# #
@ -252,15 +258,15 @@
-#PASS_MAX_LEN 8 -#PASS_MAX_LEN 8
- -
-# -#
-# Require password before chfn/chsh can make any changes. -# Require password before chfn(1)/chsh(1) can make any changes.
-# -#
-CHFN_AUTH yes -CHFN_AUTH yes
- -
-# -#
# Which fields may be changed by regular users using chfn - use # Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work # any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed. # phone, home phone). If not defined, no changes are allowed.
@@ -277,29 +167,6 @@ @@ -285,28 +174,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh CHFN_RESTRICT rwh
# #
@ -281,16 +287,15 @@
-# Note: If you use PAM, it is recommended to use a value consistent with -# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration. -# the PAM modules configuration.
-# -#
-# This variable is deprecated. You should use ENCRYPT_METHOD. -# This variable is deprecated. You should use ENCRYPT_METHOD instead.
-# -#
-#MD5_CRYPT_ENAB no -#MD5_CRYPT_ENAB no
- -
-# -#
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined: # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password @@ -317,7 +184,8 @@ CHFN_RESTRICT rwh
@@ -309,7 +176,8 @@
# Note: If you use PAM, it is recommended to use a value consistent with # Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration. # the PAM modules configuration.
# #
@ -300,7 +305,7 @@
# #
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -345,16 +212,12 @@ @@ -353,16 +221,12 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes DEFAULT_HOME yes
# #
@ -319,18 +324,18 @@
#USERDEL_CMD /usr/sbin/userdel_local #USERDEL_CMD /usr/sbin/userdel_local
# #
@@ -364,7 +227,7 @@ @@ -372,7 +236,7 @@ ENVIRON_FILE /etc/environment
# #
# This also enables userdel to remove user groups if no members exist. # This also enables userdel(8) to remove user groups if no members exist.
# #
-USERGROUPS_ENAB yes -USERGROUPS_ENAB yes
+USERGROUPS_ENAB no +USERGROUPS_ENAB no
# #
# If set to a non-nul number, the shadow utilities will make sure that # If set to a non-zero number, the shadow utilities will make sure that
@@ -383,5 +246,41 @@ @@ -391,5 +255,40 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd command # This option is overridden with the -M or -m flags on the useradd(8)
# line. # command-line.
# #
-#CREATE_HOME yes -#CREATE_HOME yes
+CREATE_HOME no +CREATE_HOME no
@ -342,7 +347,7 @@
+# +#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
+# +#
+# If defined, this command is run when adding a group. +# If defined, this command is run when adding a group.
+# It should rebuild any NIS database etc. to add the +# It should rebuild any NIS database etc. to add the
@ -370,4 +375,3 @@
+# account from it. +# account from it.
+# +#
+USERDEL_POSTCMD /usr/sbin/userdel-post.local +USERDEL_POSTCMD /usr/sbin/userdel-post.local

View File

@ -1,3 +1,49 @@
-------------------------------------------------------------------
Tue May 31 06:48:41 UTC 2016 - mvetter@suse.com
- Add package dependency for aaa_base, fixing bnc#899409
(was done by tbehrens@suse.com but not submitted to Factory)
-------------------------------------------------------------------
Mon May 30 09:41:55 UTC 2016 - mvetter@suse.com
- shadow 4.2.1 requested by fate#320422
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
Remove the files used to circumvent the check.
- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.secure
* shadow-subids.paranoid
-------------------------------------------------------------------
Thu May 19 12:28:47 UTC 2016 - christian.brauner@mailbox.org
- Update to shadow-4.2.1:
- add support for subuids/subgids via newuidmap/newgidmap
- Rename chkname-regex.diff to chkname-regex.patch
- Rename encryption_method_nis.diff to encryption_method_nis.patch
- Rename getdef-new-defs.diff to getdef-new-defs.patch
- Rename shadow-login_defs.diff to shadow-login_defs.patch
- Rename userdel-scripts.diff to userdel-script.patch
- Rename useradd-script.diff to useradd-script.patch
- Rename useradd-default.diff to useradd-default.patch
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
- Add fixes from Red Hat/Fedora:
- shadow-4.1.5.1-audit-owner.patch.patch:
- log owner changes for home directory
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
- give a hint about what happens when you force the removal of a user
- shadow-4.2.1-defs-chroot.patch.patch:
- initialize uid_t uid_min and uid_t uid_max not before we need them
- shadow-4.2.1-merge-group.patch.patch:
- simplify by using a single call to snprintf()
- Add upstream fix
- Fix-user-busy-errors-at-userdel.patch:
- call sub_uid_close()
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com

View File

@ -20,10 +20,10 @@ Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause and GPL-2.0+ License: BSD-3-Clause and GPL-2.0+
Group: System/Base Group: System/Base
Name: shadow Name: shadow
Version: 4.1.5.1 Version: 4.2.1
Release: 0 Release: 0
Url: http://pkg-shadow.alioth.debian.org/ Url: http://pkg-shadow.alioth.debian.org/
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
Source1: pamd.tar.bz2 Source1: pamd.tar.bz2
Source2: README.changes-pwdutils Source2: README.changes-pwdutils
Source3: useradd.local Source3: useradd.local
@ -31,18 +31,24 @@ Source4: userdel-pre.local
Source5: userdel-post.local Source5: userdel-post.local
Source6: shadow.service Source6: shadow.service
Source7: shadow.timer Source7: shadow.timer
Patch: shadow-login_defs.diff Patch: shadow-login_defs.patch
Patch1: userdel-scripts.diff Patch1: userdel-script.patch
Patch2: useradd-script.diff Patch2: useradd-script.patch
Patch3: chkname-regex.diff Patch3: chkname-regex.patch
Patch4: useradd-default.diff Patch4: useradd-default.patch
Patch5: getdef-new-defs.diff Patch5: getdef-new-defs.patch
Patch6: shadow-4.1.5.1-manfix.patch Patch6: shadow-4.1.5.1-manfix.patch
Patch7: shadow-4.1.5.1-logmsg.patch Patch7: shadow-4.1.5.1-logmsg.patch
Patch8: shadow-4.1.5.1-errmsg.patch Patch8: shadow-4.1.5.1-errmsg.patch
Patch9: shadow-4.1.5.1-backup-mode.patch Patch9: shadow-4.1.5.1-backup-mode.patch
Patch10: encryption_method_nis.diff Patch10: encryption_method_nis.patch
Patch11: useradd-mkdirs.diff Patch11: useradd-mkdirs.patch
Patch12: shadow-4.1.5.1-audit-owner.patch
Patch13: shadow-4.1.5.1-userdel-helpfix.patch
Patch14: shadow-4.2.1-defs-chroot.patch
Patch15: shadow-4.2.1-merge-group.patch
Patch16: Fix-user-busy-errors-at-userdel.patch
Requires: aaa_base
BuildRequires: audit-devel BuildRequires: audit-devel
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
@ -67,12 +73,17 @@ group accounts.
%patch3 -p0 %patch3 -p0
%patch4 -p0 %patch4 -p0
%patch5 -p0 %patch5 -p0
%patch6 -p1 %patch6 -p0
%patch7 -p1 %patch7 -p0
%patch8 -p0 %patch8 -p0
%patch9 -p1 %patch9 -p0
%patch10 -p0 %patch10 -p0
%patch11 -p1 %patch11 -p0
%patch12 -p0
%patch13 -p0
%patch14 -p0
%patch15 -p0
%patch16 -p0
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO mv -v doc/HOWTO.utf8 doc/HOWTO
@ -181,6 +192,8 @@ rm -rf $RPM_BUILD_ROOT
%set_permissions /usr/bin/gpasswd %set_permissions /usr/bin/gpasswd
%set_permissions /usr/bin/newgrp %set_permissions /usr/bin/newgrp
%set_permissions /usr/bin/passwd %set_permissions /usr/bin/passwd
%set_permissions /usr/bin/newgidmap
%set_permissions /usr/bin/newuidmap
%service_add_post shadow.service shadow.timer %service_add_post shadow.service shadow.timer
@ -192,6 +205,8 @@ rm -rf $RPM_BUILD_ROOT
%verify_permissions /usr/bin/gpasswd %verify_permissions /usr/bin/gpasswd
%verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/newgrp
%verify_permissions /usr/bin/passwd %verify_permissions /usr/bin/passwd
%verify_permissions /usr/bin/newgidmap
%verify_permissions /usr/bin/newuidmap
%preun %preun
%service_del_preun shadow.service shadow.timer %service_del_preun shadow.service shadow.timer
@ -225,6 +240,8 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/lastlog %{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp %attr(4755,root,root) %{_bindir}/newgrp
%attr(4755,root,shadow) %{_bindir}/passwd %attr(4755,root,shadow) %{_bindir}/passwd
%attr(0755,root,shadow) %{_bindir}/newgidmap
%attr(0755,root,shadow) %{_bindir}/newuidmap
%{_bindir}/sg %{_bindir}/sg
%{_sbindir}/groupadd %{_sbindir}/groupadd
%{_sbindir}/groupdel %{_sbindir}/groupdel
@ -268,6 +285,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/usermod.8* %{_mandir}/man8/usermod.8*
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%{_mandir}/man8/vipw.8* %{_mandir}/man8/vipw.8*
%{_mandir}/man5/subuid.5*
%{_mandir}/man5/subgid.5*
%{_mandir}/man1/newgidmap.1*
%{_mandir}/man1/newuidmap.1*
%{_unitdir}/* %{_unitdir}/*

View File

@ -1,5 +1,5 @@
--- etc/useradd --- etc/useradd
+++ etc/useradd 2012/11/13 09:29:57 +++ etc/useradd
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
# useradd defaults file # useradd defaults file
-GROUP=1000 -GROUP=1000

View File

@ -1,8 +1,6 @@
diff --git a/src/useradd.c b/src/useradd.c --- src/useradd.c
index fa93853..a9f8caa 100644 +++ src/useradd.c
--- a/src/useradd.c @@ -1894,6 +1894,13 @@ static void usr_update (void)
+++ b/src/useradd.c
@@ -1757,6 +1757,13 @@ static void usr_update (void)
static void create_home (void) static void create_home (void)
{ {
if (access (user_home, F_OK) != 0) { if (access (user_home, F_OK) != 0) {
@ -16,7 +14,7 @@ index fa93853..a9f8caa 100644
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
if (set_selinux_file_context (user_home) != 0) { if (set_selinux_file_context (user_home) != 0) {
fprintf (stderr, fprintf (stderr,
@@ -1765,19 +1772,42 @@ static void create_home (void) @@ -1902,19 +1909,42 @@ static void create_home (void)
fail_exit (E_HOMEDIR); fail_exit (E_HOMEDIR);
} }
#endif #endif

View File

@ -1,6 +1,6 @@
--- src/useradd.c --- src/useradd.c
+++ src/useradd.c 2012/09/26 13:06:50 +++ src/useradd.c
@@ -1845,6 +1845,30 @@ @@ -1982,6 +1982,30 @@ static void create_mail (void)
} }
/* /*
@ -31,7 +31,7 @@
* main - useradd command * main - useradd command
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
@@ -2076,6 +2100,7 @@ @@ -2242,6 +2266,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");
nscd_flush_cache ("group"); nscd_flush_cache ("group");

View File

@ -1,6 +1,6 @@
--- src/userdel.c --- src/userdel.c
+++ src/userdel.c 2012/09/25 13:46:38 +++ src/userdel.c
@@ -635,13 +635,13 @@ @@ -762,13 +762,13 @@ static void update_user (void)
* cron, at, or print jobs. * cron, at, or print jobs.
*/ */
@ -16,7 +16,7 @@
if (NULL == cmd) { if (NULL == cmd) {
return; return;
} }
@@ -1032,9 +1032,10 @@ @@ -1163,9 +1163,10 @@ int main (int argc, char **argv)
} }
/* /*
@ -29,7 +29,7 @@
open_files (); open_files ();
update_user (); update_user ();
update_groups (); update_groups ();
@@ -1137,7 +1138,7 @@ @@ -1268,7 +1269,7 @@ int main (int argc, char **argv)
* Cancel any crontabs or at jobs. Have to do this before we remove * Cancel any crontabs or at jobs. Have to do this before we remove
* the entry from /etc/passwd. * the entry from /etc/passwd.
*/ */
@ -38,7 +38,7 @@
close_files (); close_files ();
#ifdef WITH_TCB #ifdef WITH_TCB
@@ -1147,6 +1148,8 @@ @@ -1278,6 +1279,8 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");
nscd_flush_cache ("group"); nscd_flush_cache ("group");