Accepting request 497756 from Base:System
- New upstream version 4.5 - Refreshed patches: * shadow-login_defs.patch * chkname-regex.patch * getdef-new-defs.patch * useradd-mkdirs.patch - Upstreamed patches: * shadow-4.1.5.1-manfix.patch * shadow-4.1.5.1-errmsg.patch * shadow-4.1.5.1-backup-mode.patch * shadow-4.1.5.1-audit-owner.patch * shadow-4.2.1-defs-chroot.patch * shadow-4.2.1-merge-group.patch * Fix-user-busy-errors-at-userdel.patch * useradd-clear-tallylog.patch - shadow-4.1.5.1-pam_group.patch dynamically added users via pam_group are not listed in groups databases but are still valid - shadow.keyring: update keyring with current maintainer's keyid only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D' - disable_new_audit_function.patch: Disable newer libaudit functionality for older distributions OBS-URL: https://build.opensuse.org/request/show/497756 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=19
This commit is contained in:
commit
b87ae2ad63
@ -1,42 +0,0 @@
|
||||
From 546e2ae44955510b06a922647796ec54744f10ce Mon Sep 17 00:00:00 2001
|
||||
From: Bastian Blank <bastian.blank@credativ.de>
|
||||
Date: Tue, 17 Nov 2015 10:52:24 -0600
|
||||
Subject: [PATCH 17/17] Fix user busy errors at userdel
|
||||
|
||||
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
||||
---
|
||||
libmisc/user_busy.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
--- libmisc/user_busy.c
|
||||
+++ libmisc/user_busy.c
|
||||
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
if (stat ("/", &sbroot) != 0) {
|
||||
perror ("stat (\"/\")");
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
|
||||
if (check_status (name, tmp_d_name, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
||||
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
}
|
||||
if (check_status (name, task_path+6, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
@ -1,6 +1,8 @@
|
||||
--- lib/getdef.c
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -51,6 +51,7 @@ struct itemdef {
|
||||
@@ -77,6 +77,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
@ -8,7 +10,9 @@
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
{"CONSOLE", NULL},
|
||||
--- libmisc/chkname.c
|
||||
Index: libmisc/chkname.c
|
||||
===================================================================
|
||||
--- libmisc/chkname.c.orig
|
||||
+++ libmisc/chkname.c
|
||||
@@ -43,30 +43,57 @@
|
||||
#ident "$Id$"
|
||||
@ -81,3 +85,4 @@
|
||||
+ regfree(®);
|
||||
return true;
|
||||
}
|
||||
|
||||
|
28
disable_new_audit_function.patch
Normal file
28
disable_new_audit_function.patch
Normal file
@ -0,0 +1,28 @@
|
||||
Index: shadow-4.5/src/lastlog.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/lastlog.c
|
||||
+++ shadow-4.5/src/lastlog.c
|
||||
@@ -221,12 +221,15 @@ static void update_one (/*@null@*/const
|
||||
strcpy (ll.ll_host, "localhost");
|
||||
#endif
|
||||
strcpy (ll.ll_line, "lastlog");
|
||||
+/*
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
"clearing-lastlog",
|
||||
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
#endif
|
||||
+*/
|
||||
}
|
||||
+/*
|
||||
#ifdef WITH_AUDIT
|
||||
else {
|
||||
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
@@ -234,6 +237,7 @@ static void update_one (/*@null@*/const
|
||||
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
}
|
||||
#endif
|
||||
+*/
|
||||
|
||||
if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
|
||||
fprintf (stderr,
|
@ -1,6 +1,8 @@
|
||||
--- lib/getdef.c
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -65,6 +65,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -91,6 +91,7 @@ static struct itemdef def_table[] = {
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
{"GID_MIN", NULL},
|
||||
@ -8,7 +10,7 @@
|
||||
{"HUSHLOGIN_FILE", NULL},
|
||||
{"KILLCHAR", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
@@ -100,7 +101,10 @@ static struct itemdef def_table[] = {
|
||||
@@ -126,7 +127,10 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MAX", NULL},
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
@ -18,10 +20,10 @@
|
||||
+ {"USERDEL_POSTCMD", NULL},
|
||||
{"USERGROUPS_ENAB", NULL},
|
||||
#ifndef USE_PAM
|
||||
{"CHFN_AUTH", NULL},
|
||||
@@ -136,6 +140,10 @@ static struct itemdef def_table[] = {
|
||||
{"TCB_SYMLINKS", NULL},
|
||||
{"USE_TCB", NULL},
|
||||
PAMDEFS
|
||||
@@ -149,6 +153,10 @@ static struct itemdef knowndef_table[] =
|
||||
#ifdef USE_PAM
|
||||
PAMDEFS
|
||||
#endif
|
||||
+ /* Used by /bin/login */
|
||||
+ {"MOTD_FILE", NULL},
|
||||
|
@ -1,31 +0,0 @@
|
||||
--- src/usermod.c
|
||||
+++ src/usermod.c
|
||||
@@ -1808,6 +1808,14 @@ static void move_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (rename (user_home, user_newhome) == 0) {
|
||||
/* FIXME: rename above may have broken symlinks
|
||||
* pointing to the user's home directory
|
||||
@@ -2254,6 +2262,13 @@ int main (int argc, char **argv)
|
||||
* ownership.
|
||||
*
|
||||
*/
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
if (chown_tree (dflg ? user_newhome : user_home,
|
||||
user_id,
|
||||
uflg ? user_newid : (uid_t)-1,
|
@ -1,19 +0,0 @@
|
||||
--- lib/commonio.c
|
||||
+++ lib/commonio.c
|
||||
@@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
|
||||
struct utimbuf ub;
|
||||
FILE *bkfp;
|
||||
int c;
|
||||
- mode_t mask;
|
||||
|
||||
if (fstat (fileno (fp), &sb) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
- mask = umask (077);
|
||||
- bkfp = fopen (backup, "w");
|
||||
- (void) umask (mask);
|
||||
+ bkfp = fopen_set_perms (backup, "w", &sb);
|
||||
if (NULL == bkfp) {
|
||||
return -1;
|
||||
}
|
@ -1,22 +0,0 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -1896,6 +1896,9 @@ static void create_home (void)
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (user_home) != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot set SELinux context for home directory %s\n"),
|
||||
+ Prog, user_home);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
@@ -1925,6 +1928,9 @@ static void create_home (void)
|
||||
#ifdef WITH_SELINUX
|
||||
/* Reset SELinux to create files with default contexts */
|
||||
if (reset_selinux_file_context () != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot reset SELinux file creation context\n"),
|
||||
+ Prog);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
@ -1,11 +0,0 @@
|
||||
--- man/useradd.8.xml
|
||||
+++ man/useradd.8.xml
|
||||
@@ -351,7 +351,7 @@
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
- <option>-M</option>
|
||||
+ <option>-M</option>, <option>--no-create-home</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
50
shadow-4.1.5.1-pam_group.patch
Normal file
50
shadow-4.1.5.1-pam_group.patch
Normal file
@ -0,0 +1,50 @@
|
||||
Date: Thu Apr 6 16:04:17 CEST 2017
|
||||
Bug: bnc#1031643
|
||||
Upstream: https://github.com/shadow-maint/shadow/pull/74
|
||||
|
||||
dynamically added users via pam_group are not listed in groups
|
||||
databases but are still valid.
|
||||
|
||||
|
||||
Index: shadow-4.1.5.1/src/newgrp.c
|
||||
===================================================================
|
||||
--- shadow-4.1.5.1.orig/src/newgrp.c
|
||||
+++ shadow-4.1.5.1/src/newgrp.c
|
||||
@@ -372,6 +372,7 @@ int main (int argc, char **argv)
|
||||
{
|
||||
bool initflag = false;
|
||||
int i;
|
||||
+ bool is_member = false;
|
||||
bool cflag = false;
|
||||
int err = 0;
|
||||
gid_t gid;
|
||||
@@ -610,6 +611,18 @@ int main (int argc, char **argv)
|
||||
goto failure;
|
||||
}
|
||||
|
||||
+#ifdef HAVE_SETGROUPS
|
||||
+ /* when using pam_group, she will not be listed in the groups
|
||||
+ * database. However getgroups() will return the group. So
|
||||
+ * if she is listed there already it is ok to grant membership.
|
||||
+ */
|
||||
+ for (i = 0; i < ngroups; i++) {
|
||||
+ if (grp->gr_gid == grouplist[i]) {
|
||||
+ is_member = true;
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* HAVE_SETGROUPS */
|
||||
/*
|
||||
* For splitted groups (due to limitations of NIS), check all
|
||||
* groups of the same GID like the requested group for
|
||||
@@ -638,7 +651,9 @@ int main (int argc, char **argv)
|
||||
/*
|
||||
* Check if the user is allowed to access this group.
|
||||
*/
|
||||
- check_perms (grp, pwd, group);
|
||||
+ if (!is_member) {
|
||||
+ check_perms (grp, pwd, group);
|
||||
+ }
|
||||
|
||||
/*
|
||||
* all successful validations pass through this point. The group id
|
@ -1,23 +0,0 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -2054,8 +2054,8 @@ int main (int argc, char **argv)
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
|
||||
/* Needed for userns check */
|
||||
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+ uid_t uid_min;
|
||||
+ uid_t uid_max;
|
||||
|
||||
/*
|
||||
* Get my name so that I can use it to report errors.
|
||||
@@ -2073,6 +2073,9 @@ int main (int argc, char **argv)
|
||||
audit_help_open ();
|
||||
#endif
|
||||
|
||||
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+
|
||||
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
|
||||
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
|
||||
/*
|
@ -1,12 +0,0 @@
|
||||
--- lib/groupio.c
|
||||
+++ lib/groupio.c
|
||||
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
|
||||
- new_line[new_line_len] = '\0';
|
||||
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
|
||||
|
||||
/* Concatenate the 2 list of members */
|
||||
for (i=0; NULL != gptr1->gr_mem[i]; i++);
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41
|
||||
size 1594536
|
@ -1,17 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1.4.12 (GNU/Linux)
|
||||
|
||||
iQIVAwUAU21C6YcvcCxNbiWoAQIQRxAAl0Z2MtGkjKax2n7GVtexbvlNMK9VI/bo
|
||||
N9mdKOwfDEJt0ZUZ5ZP9JOBFPbn87nO/EtufQSVjlMQivuY2n7o4y3kXAQlEy1UA
|
||||
oAaD0FUDku5beKS+SJoPZUj4l60giFV8wM+njsz3K+BD/skIr+VpMPxikhMRfVA5
|
||||
NPV0tMId03iClDpONfVSOu83BwJoiURG6amJRyq+skzEA4JIIPMkr2Ach65HNBmv
|
||||
zwhb1Xyi1IQ75TyAI0qL1NiFNasoosWIndmBYwbsu+F+nn0Tvwn2LZ5Ah6i918Vz
|
||||
+eJl2cD9KAyacMlLF/kQ3fd5jDuZ95ep+psxU/CvlENb2HVIVpBrGqi9D1mJvAc1
|
||||
zzMt3SJVxt3Qyn5mlF6q6M/Hi3XmwC9otxxUF0DRgb9BlrIvwzdcwXEscrb0Z9T6
|
||||
uu7JPadUiubmmmgKpZawc5DEDoDsW8a3l807dfEjQ64mFZZL1Yihzt3apeEd8NbL
|
||||
34yBWBI7jAOHeYBocZ2FK4FJeyyLojTic9a5UZrE/8RmzEfJHR2/3Sb4DMG/OKcf
|
||||
xvNG3Kp5ku5GCDEjfZgtW+ffI9hnQ/HknGUUMRfDopInBNpmDf6t2qt5eNLvRYzN
|
||||
ACQRUS9YpUhGu3tYGcJgmtmHze1t8Y6/QkxEvjV7NbIi6T6h7BJG8XVVbM9WayfJ
|
||||
KdnV8qS2bxQ=
|
||||
=sUFz
|
||||
-----END PGP SIGNATURE-----
|
3
shadow-4.5.tar.xz
Normal file
3
shadow-4.5.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:fc8c858381ad577a5c25ff5beb6ee60a34f8719c73e4e7c61e74188b4e54b741
|
||||
size 1626704
|
11
shadow-4.5.tar.xz.asc
Normal file
11
shadow-4.5.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iQEcBAABCgAGBQJZHKsTAAoJEOn+6gaoXj+dIT8H/2UNtVDHrtXk4Z6d5RGZPKvs
|
||||
eBOiK03Mk89jtD1YFBLu4kk2tkFP86lylfRdnQisqAovLwsOF36gAoZUK/0X71x3
|
||||
AcyYUEno2Go8Sf+Ol432+Tj6FdBG3n/yXzroh7PmxG58PBMV1PBm95RLZ/uVp7hz
|
||||
WLtrd8FL4QC4fe0rt00BOb2bW6Bbcx+XiXI6QCvLwtQi2bnJt2DcIYxiqZPni4YT
|
||||
FUAClxYB/hHbjChg3EMFn8JZkaf8SLMuiyLGYKNbqLaXu88/El80QYATSuCNH14y
|
||||
ywMYEXxKHIiaJ+KnNfjUb3fXHlWyaeWDltguIr0EMfIjF5VrtN4fKxsJy8ZJtMc=
|
||||
=G9lG
|
||||
-----END PGP SIGNATURE-----
|
@ -1,4 +1,6 @@
|
||||
--- etc/login.defs
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -1,8 +1,5 @@
|
||||
#
|
||||
@ -333,12 +335,19 @@
|
||||
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
@@ -391,5 +255,40 @@ USERGROUPS_ENAB yes
|
||||
@@ -391,10 +255,47 @@ USERGROUPS_ENAB yes
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
-#CREATE_HOME yes
|
||||
+CREATE_HOME no
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
-#FORCE_SHADOW yes
|
||||
+FORCE_SHADOW no
|
||||
+
|
||||
+#
|
||||
+# User/group names must match the following regex expression.
|
||||
@ -347,7 +356,7 @@
|
||||
+#
|
||||
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
|
||||
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
|
||||
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run when adding a group.
|
||||
+# It should rebuild any NIS database etc. to add the
|
||||
@ -375,3 +384,4 @@
|
||||
+# account from it.
|
||||
+#
|
||||
+USERDEL_POSTCMD /usr/sbin/userdel-post.local
|
||||
+
|
||||
|
@ -1,3 +1,29 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 22 13:31:25 UTC 2017 - adam.majer@suse.de
|
||||
|
||||
- New upstream version 4.5
|
||||
- Refreshed patches:
|
||||
* shadow-login_defs.patch
|
||||
* chkname-regex.patch
|
||||
* getdef-new-defs.patch
|
||||
* useradd-mkdirs.patch
|
||||
- Upstreamed patches:
|
||||
* shadow-4.1.5.1-manfix.patch
|
||||
* shadow-4.1.5.1-errmsg.patch
|
||||
* shadow-4.1.5.1-backup-mode.patch
|
||||
* shadow-4.1.5.1-audit-owner.patch
|
||||
* shadow-4.2.1-defs-chroot.patch
|
||||
* shadow-4.2.1-merge-group.patch
|
||||
* Fix-user-busy-errors-at-userdel.patch
|
||||
* useradd-clear-tallylog.patch
|
||||
- shadow-4.1.5.1-pam_group.patch
|
||||
dynamically added users via pam_group are not listed in groups
|
||||
databases but are still valid
|
||||
- shadow.keyring: update keyring with current maintainer's keyid
|
||||
only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
|
||||
- disable_new_audit_function.patch:
|
||||
Disable newer libaudit functionality for older distributions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 20 07:28:24 UTC 2017 - josef.moellers@suse.com
|
||||
|
||||
|
24401
shadow.keyring
24401
shadow.keyring
File diff suppressed because it is too large
Load Diff
37
shadow.spec
37
shadow.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package shadow
|
||||
#
|
||||
# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -20,11 +20,11 @@ Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause and GPL-2.0+
|
||||
Group: System/Base
|
||||
Name: shadow
|
||||
Version: 4.2.1
|
||||
Version: 4.5
|
||||
Release: 0
|
||||
Url: http://pkg-shadow.alioth.debian.org/
|
||||
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
||||
Source42: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
|
||||
Url: https://github.com/shadow-maint/shadow
|
||||
Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source43: %name.keyring
|
||||
Source1: pamd.tar.bz2
|
||||
Source2: README.changes-pwdutils
|
||||
@ -39,26 +39,21 @@ Patch2: useradd-script.patch
|
||||
Patch3: chkname-regex.patch
|
||||
Patch4: useradd-default.patch
|
||||
Patch5: getdef-new-defs.patch
|
||||
Patch6: shadow-4.1.5.1-manfix.patch
|
||||
Patch6: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
Patch8: shadow-4.1.5.1-errmsg.patch
|
||||
Patch9: shadow-4.1.5.1-backup-mode.patch
|
||||
Patch10: encryption_method_nis.patch
|
||||
Patch11: useradd-mkdirs.patch
|
||||
Patch12: shadow-4.1.5.1-audit-owner.patch
|
||||
Patch13: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch14: shadow-4.2.1-defs-chroot.patch
|
||||
Patch15: shadow-4.2.1-merge-group.patch
|
||||
Patch16: Fix-user-busy-errors-at-userdel.patch
|
||||
Patch17: useradd-clear-tallylog.patch
|
||||
Patch18: shadow-4.1.5.1-pam_group.patch
|
||||
Patch20: disable_new_audit_function.patch
|
||||
|
||||
Requires: aaa_base
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: xz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: permissions
|
||||
Provides: pwdutils = 3.2.20
|
||||
@ -79,16 +74,12 @@ group accounts.
|
||||
%patch5 -p0
|
||||
%patch6 -p0
|
||||
%patch7 -p0
|
||||
%patch8 -p0
|
||||
%patch9 -p0
|
||||
%patch10 -p0
|
||||
%patch11 -p0
|
||||
%patch12 -p0
|
||||
%patch13 -p0
|
||||
%patch14 -p0
|
||||
%patch15 -p0
|
||||
%patch16 -p0
|
||||
%patch17 -p1
|
||||
%patch18 -p1
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch20 -p1
|
||||
%endif
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
@ -1,91 +0,0 @@
|
||||
Index: shadow-4.2.1/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.2.1.orig/src/useradd.c
|
||||
+++ shadow-4.2.1/src/useradd.c
|
||||
@@ -51,7 +51,9 @@
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
+#include <sys/wait.h>
|
||||
#include <time.h>
|
||||
+#include <unistd.h>
|
||||
#include "chkname.h"
|
||||
#include "defines.h"
|
||||
#include "faillog.h"
|
||||
@@ -213,6 +215,7 @@ static void open_files (void);
|
||||
static void open_shadow (void);
|
||||
static void faillog_reset (uid_t);
|
||||
static void lastlog_reset (uid_t);
|
||||
+static void tallylog_reset (char *);
|
||||
static void usr_update (void);
|
||||
static void create_home (void);
|
||||
static void create_mail (void);
|
||||
@@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid)
|
||||
}
|
||||
}
|
||||
|
||||
+static void tallylog_reset (char *user_name)
|
||||
+{
|
||||
+ static const char pam_tally2[] = "/sbin/pam_tally2";
|
||||
+ const char *pname;
|
||||
+ pid_t childpid;
|
||||
+ int failed;
|
||||
+ int status;
|
||||
+
|
||||
+ if (access(pam_tally2, X_OK) == -1)
|
||||
+ return;
|
||||
+
|
||||
+ failed = 0;
|
||||
+ switch (childpid = fork())
|
||||
+ {
|
||||
+ case -1: /* error */
|
||||
+ failed = 1;
|
||||
+ break;
|
||||
+ case 0: /* child */
|
||||
+ pname = strrchr(pam_tally2, '/');
|
||||
+ if (pname == NULL)
|
||||
+ pname = pam_tally2;
|
||||
+ else
|
||||
+ pname++; /* Skip the '/' */
|
||||
+ execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL);
|
||||
+ /* If we come here, something has gone terribly wrong */
|
||||
+ perror(pam_tally2);
|
||||
+ exit(42); /* don't continue, we now have 2 processe running! */
|
||||
+ /* NOTREACHED */
|
||||
+ break;
|
||||
+ default: /* parent */
|
||||
+ if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
|
||||
+ failed = 3;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (failed)
|
||||
+ {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to reset the tallylog entry of user \"%s\"\n"),
|
||||
+ Prog, user_name);
|
||||
+ SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name));
|
||||
+ }
|
||||
+
|
||||
+ return;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* usr_update - create the user entries
|
||||
*
|
||||
@@ -2286,6 +2335,15 @@ int main (int argc, char **argv)
|
||||
|
||||
close_files ();
|
||||
|
||||
+ /*
|
||||
+ * tallylog_reset needs to be able to lookup
|
||||
+ * a valid existing user name,
|
||||
+ * so we canot call it before close_files()
|
||||
+ */
|
||||
+ if ((!lflg) && (getpwuid (user_id) != NULL)) {
|
||||
+ tallylog_reset (user_name);
|
||||
+ }
|
||||
+
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg) {
|
||||
if (set_seuser (user_name, user_selinux) != 0) {
|
@ -1,6 +1,8 @@
|
||||
--- src/useradd.c
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -1894,6 +1894,13 @@ static void usr_update (void)
|
||||
@@ -1943,6 +1943,13 @@ static void usr_update (void)
|
||||
static void create_home (void)
|
||||
{
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
@ -14,7 +16,7 @@
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (user_home) != 0) {
|
||||
fprintf (stderr,
|
||||
@@ -1902,19 +1909,42 @@ static void create_home (void)
|
||||
@@ -1951,19 +1958,42 @@ static void create_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user