From cf082dac01a9263b89cac415950741f04b67478c684c9b51ed99435af2c4544c Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Wed, 11 Nov 2020 11:39:56 +0000 Subject: [PATCH 1/5] Add support for /usr/etc/skel to useradd binary its self OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=97 --- shadow.changes | 7 +++ shadow.spec | 3 + useradd-userkeleton.patch | 117 ++++++++++++++++++++++++++++++++++++++ useradd.local | 14 ----- 4 files changed, 127 insertions(+), 14 deletions(-) create mode 100644 useradd-userkeleton.patch diff --git a/shadow.changes b/shadow.changes index f66d131..73eaf25 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink + +- Add patch useradd-userkeleton.patch to extend original C code + of useradd to handle /usr/etc/skel (boo#1173321) +- Remove /usr/etc/skel support in useradd.local script + ------------------------------------------------------------------- Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink diff --git a/shadow.spec b/shadow.spec index 32c2ea8..42c7265 100644 --- a/shadow.spec +++ b/shadow.spec @@ -61,6 +61,8 @@ Patch7: shadow-4.1.5.1-logmsg.patch Patch13: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. Patch14: shadow-login_defs-suse.patch +# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321) +Patch15: useradd-userkeleton.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. Patch20: disable_new_audit_function.patch BuildRequires: audit-devel > 2.3 @@ -106,6 +108,7 @@ group accounts. %patch7 %patch13 %patch14 +%patch15 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif diff --git a/useradd-userkeleton.patch b/useradd-userkeleton.patch new file mode 100644 index 0000000..d2b936b --- /dev/null +++ b/useradd-userkeleton.patch @@ -0,0 +1,117 @@ +Copy also skeleton files from /usr/etc/skel (boo#1173321) + +--- + etc/useradd | 1 + + src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++ + 2 files changed, 38 insertions(+) + +--- etc/useradd ++++ etc/useradd 2020-11-11 11:33:32.809513584 +0000 +@@ -5,4 +5,5 @@ INACTIVE=-1 + EXPIRE= + SHELL=/bin/bash + SKEL=/etc/skel ++USRSKEL=/usr/etc/skel + CREATE_MAIL_SPOOL=yes +--- src/useradd.c ++++ src/useradd.c 2020-11-11 11:15:42.922067931 +0000 +@@ -78,6 +78,9 @@ + #ifndef SKEL_DIR + #define SKEL_DIR "/etc/skel" + #endif ++#ifndef USRSKELDIR ++#define USRSKELDIR "/usr/etc/skel" ++#endif + #ifndef USER_DEFAULTS_FILE + #define USER_DEFAULTS_FILE "/etc/default/useradd" + #define NEW_USER_FILE "/etc/default/nuaddXXXXXX" +@@ -101,6 +104,7 @@ static const char *def_gname = "other"; + static const char *def_home = "/home"; + static const char *def_shell = ""; + static const char *def_template = SKEL_DIR; ++static const char *def_usrtemplate = USRSKELDIR; + static const char *def_create_mail_spool = "no"; + + static long def_inactive = -1; +@@ -202,6 +206,7 @@ static bool home_added = false; + #define DINACT "INACTIVE=" + #define DEXPIRE "EXPIRE=" + #define DSKEL "SKEL=" ++#define DUSRSKEL "USRSKEL=" + #define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL=" + + /* local function prototypes */ +@@ -469,6 +474,29 @@ static void get_defaults (void) + } + + /* ++ * Default Usr Skeleton information ++ */ ++ else if (MATCH (buf, DUSRSKEL)) { ++ if ('\0' == *cp) { ++ cp = USRSKELDIR; /* XXX warning: const */ ++ } ++ ++ if(prefix[0]) { ++ size_t len; ++ int wlen; ++ char* _def_usrtemplate; /* avoid const warning */ ++ ++ len = strlen(prefix) + strlen(cp) + 2; ++ _def_usrtemplate = xmalloc(len); ++ wlen = snprintf(_def_usrtemplate, len, "%s/%s", prefix, cp); ++ assert (wlen == (int) len -1); ++ def_usrtemplate = _def_usrtemplate; ++ } ++ else { ++ def_usrtemplate = xstrdup (cp); ++ } ++ } ++ /* + * Create by default user mail spool or not ? + */ + else if (MATCH (buf, DCREATE_MAIL_SPOOL)) { +@@ -500,6 +528,7 @@ static void show_defaults (void) + printf ("EXPIRE=%s\n", def_expire); + printf ("SHELL=%s\n", def_shell); + printf ("SKEL=%s\n", def_template); ++ printf ("USRSKEL=%s\n", def_usrtemplate); + printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool); + } + +@@ -526,6 +555,7 @@ static int set_defaults (void) + bool out_expire = false; + bool out_shell = false; + bool out_skel = false; ++ bool out_usrskel = false; + bool out_create_mail_spool = false; + size_t len; + int ret = -1; +@@ -620,6 +650,9 @@ static int set_defaults (void) + } else if (!out_skel && MATCH (buf, DSKEL)) { + fprintf (ofp, DSKEL "%s\n", def_template); + out_skel = true; ++ } else if (!out_usrskel && MATCH (buf, DUSRSKEL)) { ++ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate); ++ out_usrskel = true; + } else if (!out_create_mail_spool + && MATCH (buf, DCREATE_MAIL_SPOOL)) { + fprintf (ofp, +@@ -649,6 +682,8 @@ static int set_defaults (void) + fprintf (ofp, DSHELL "%s\n", def_shell); + if (!out_skel) + fprintf (ofp, DSKEL "%s\n", def_template); ++ if (!out_usrskel) ++ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate); + + if (!out_create_mail_spool) + fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool); +@@ -2505,6 +2540,8 @@ int main (int argc, char **argv) + if (mflg) { + create_home (); + if (home_added) { ++ copy_tree (def_usrtemplate, prefix_user_home, false, false, ++ (uid_t)-1, user_id, (gid_t)-1, user_gid); + copy_tree (def_template, prefix_user_home, false, false, + (uid_t)-1, user_id, (gid_t)-1, user_gid); + } else { diff --git a/useradd.local b/useradd.local index 32656f4..ffe1f56 100644 --- a/useradd.local +++ b/useradd.local @@ -37,20 +37,6 @@ fi # Main useradd tool creates this if specified on command line [ -d $HOMEDIR ] || exit 0 -# -# Copy also skeleton files from /usr/etc/skel (boo#1173321) -# -USRSKELDIR=/usr/etc/skel -if [ -d $USRSKELDIR ] ; then - for file in $(ls -A $USRSKELDIR); do - # Only copy if not exist yet, i.e. does *not* exist in /etc/skel, which is still - # being preferred ... - test -e $HOMEDIR/$file && continue - cp -a $USRSKELDIR/$file $HOMEDIR - chown -R $USER.$GID $HOMEDIR/$file - done -fi - # If SELinux is enabled, we have to run restorecon to assign # appropriate fcontexts to the respective $HOME and files under it if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then From ff3f23e66991b5f70e57027da439d86bb975b47f6fd5cd0bd42c6057f4af353b Mon Sep 17 00:00:00 2001 From: "Dr. Werner Fink" Date: Thu, 12 Nov 2020 10:32:46 +0000 Subject: [PATCH 2/5] Accepting request 848094 from home:favogt:boo1178296 - Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc OBS-URL: https://build.opensuse.org/request/show/848094 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=98 --- shadow.changes | 6 ++++ useradd-userkeleton.patch | 66 +++++++++++++++++++++++++++++++++------ 2 files changed, 63 insertions(+), 9 deletions(-) diff --git a/shadow.changes b/shadow.changes index 73eaf25..8034ed6 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt + +- Amend patches/useradd-userkeleton.patch to also write into + existing directories and prefer files from /etc + ------------------------------------------------------------------- Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink diff --git a/useradd-userkeleton.patch b/useradd-userkeleton.patch index d2b936b..64be475 100644 --- a/useradd-userkeleton.patch +++ b/useradd-userkeleton.patch @@ -5,16 +5,20 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321) src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) ---- etc/useradd -+++ etc/useradd 2020-11-11 11:33:32.809513584 +0000 +Index: etc/useradd +=================================================================== +--- etc/useradd.orig ++++ etc/useradd @@ -5,4 +5,5 @@ INACTIVE=-1 EXPIRE= SHELL=/bin/bash SKEL=/etc/skel +USRSKEL=/usr/etc/skel CREATE_MAIL_SPOOL=yes ---- src/useradd.c -+++ src/useradd.c 2020-11-11 11:15:42.922067931 +0000 +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig ++++ src/useradd.c @@ -78,6 +78,9 @@ #ifndef SKEL_DIR #define SKEL_DIR "/etc/skel" @@ -106,12 +110,56 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321) if (!out_create_mail_spool) fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool); -@@ -2505,6 +2540,8 @@ int main (int argc, char **argv) - if (mflg) { - create_home (); +@@ -2507,6 +2542,8 @@ int main (int argc, char **argv) if (home_added) { -+ copy_tree (def_usrtemplate, prefix_user_home, false, false, -+ (uid_t)-1, user_id, (gid_t)-1, user_gid); copy_tree (def_template, prefix_user_home, false, false, (uid_t)-1, user_id, (gid_t)-1, user_gid); ++ copy_tree (def_usrtemplate, prefix_user_home, false, false, ++ (uid_t)-1, user_id, (gid_t)-1, user_gid); } else { + fprintf (stderr, + _("%s: warning: the home directory %s already exists.\n" +Index: libmisc/copydir.c +=================================================================== +--- libmisc/copydir.c.orig ++++ libmisc/copydir.c +@@ -416,6 +416,14 @@ static int copy_entry (const char *src, + old_uid, new_uid, old_gid, new_gid); + } + ++ /* ++ * If the destination already exists do nothing. ++ * This is after the copy_dir above to still iterate into subdirectories. ++ */ ++ if (LSTAT (dst, &sb) != -1) { ++ return 0; ++ } ++ + #ifdef S_IFLNK + /* + * Copy any symbolic links +@@ -477,6 +485,7 @@ static int copy_dir (const char *src, co + gid_t old_gid, gid_t new_gid) + { + int err = 0; ++ struct stat dst_sb; + + /* + * Create a new target directory, make it owned by +@@ -488,6 +497,16 @@ static int copy_dir (const char *src, co + return -1; + } + #endif /* WITH_SELINUX */ ++ ++ /* ++ * If the destination is already a directory, don't change it ++ * but copy into it (recursively). ++ */ ++ if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) { ++ return (copy_tree (src, dst, false, reset_selinux, ++ old_uid, new_uid, old_gid, new_gid) != 0); ++ } ++ + if ( (mkdir (dst, statp->st_mode) != 0) + || (chown_if_needed (dst, statp, + old_uid, new_uid, old_gid, new_gid) != 0) From a4ea6b15c3e70b8679033fb8b5e4538410efe9aabf1f6221dcfd2adb9a4c5a76 Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Thu, 21 Jan 2021 08:48:53 +0000 Subject: [PATCH 3/5] Accepting request 865245 from home:kukuk:branches:Base:System - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite. OBS-URL: https://build.opensuse.org/request/show/865245 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=99 --- shadow.changes | 8 ++++++++ shadow.spec | 46 ++++++++++++++++++++++++++++++++-------------- 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/shadow.changes b/shadow.changes index 8034ed6..d1a4ee4 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk + +- Split login.defs configuration file into own sub-package, which + allows to install util-linux or pam on small embedded/edge + systems or container without the need to pull in the full shadow + suite. + ------------------------------------------------------------------- Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt diff --git a/shadow.spec b/shadow.spec index 42c7265..dca2c38 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -82,6 +82,18 @@ Requires(pre): permissions Requires(pre): user(root) Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19 +Requires: login_defs >= %{version} +Provides: useradd_or_adduser_dep + +%description +This package includes the necessary programs for converting plain +password files to the shadow password format and to manage user and +group accounts. + +%package -n login_defs +Summary: login.defs configuration file +Group: System/Base +BuildArch: noarch # Virtual provides for supported variables in login.defs. # It prevents references to unknown variables. # Upgrade them only if shadow-util-linux.patch or @@ -89,12 +101,10 @@ Obsoletes: pwdutils <= 3.2.19 # Call shadow-login_defs-check.sh before! Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-util-linux = 2.36 -Provides: useradd_or_adduser_dep -%description -This package includes the necessary programs for converting plain -password files to the shadow password format and to manage user and -group accounts. +%description -n login_defs +This package contains the default login.defs configuration file +as used by util-linux, pam and shadow. %prep %setup -q -a 1 @@ -218,10 +228,13 @@ fi %pre %service_add_pre shadow.service shadow.timer -for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do +for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: done +%pre -n login_defs +test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||: + %post %set_permissions %{_bindir}/chage %set_permissions %{_bindir}/chfn @@ -254,18 +267,16 @@ done %posttrans # Migration to /usr/etc -for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do +for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: done +%posttrans -n login_defs +test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||: + %files -f shadow.lang %license COPYING %doc NEWS doc/HOWTO README README.changes-pwdutils -%if %{defined no_config} -%attr(0644,root,root) %{_distconfdir}/login.defs -%else -%attr(0644,root,root) %config %{_sysconfdir}/login.defs -%endif %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid @@ -335,7 +346,6 @@ done %{_mandir}/man1/passwd.1%{?ext_man} %{_mandir}/man1/sg.1%{?ext_man} %{_mandir}/man3/shadow.3%{?ext_man} -%{_mandir}/man5/login.defs.5%{?ext_man} %{_mandir}/man5/shadow.5%{?ext_man} %{_mandir}/man8/chpasswd.8%{?ext_man} %{_mandir}/man8/groupadd.8%{?ext_man} @@ -359,4 +369,12 @@ done %{_unitdir}/* +%files -n login_defs +%if %{defined no_config} +%attr(0644,root,root) %{_distconfdir}/login.defs +%else +%attr(0644,root,root) %config %{_sysconfdir}/login.defs +%endif +%{_mandir}/man5/login.defs.5%{?ext_man} + %changelog From 1b82897569fa41fedde7a388f47afe159066ee00355ba4e1d897ff3390aa3218 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Sat, 30 Jan 2021 08:05:35 +0000 Subject: [PATCH 4/5] Accepting request 867612 from home:sbrabec:branches:distconfdir-fix - Do not require libeconf-devel on products without /usr/etc. OBS-URL: https://build.opensuse.org/request/show/867612 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=100 --- shadow.changes | 5 +++++ shadow.spec | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/shadow.changes b/shadow.changes index d1a4ee4..6c34e07 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec + +- Do not require libeconf-devel on products without /usr/etc. + ------------------------------------------------------------------- Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk diff --git a/shadow.spec b/shadow.spec index dca2c38..352fd50 100644 --- a/shadow.spec +++ b/shadow.spec @@ -70,7 +70,10 @@ BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel +# It should be %%if %%{defined no_config}, but OBS cannot handle it: +%if 0%{?suse_version} >= 1550 BuildRequires: libeconf-devel +%endif BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: libtool @@ -266,12 +269,17 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs %service_del_postun shadow.service shadow.timer %posttrans +%if %{defined no_config} # Migration to /usr/etc for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: done +%endif %posttrans -n login_defs +# rpmsave file can be created by +# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3) +# - Migration to /usr/etc (after SLE15 and Leap 15) test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||: %files -f shadow.lang From 451a55ed1d4d77f900b9c0a75d0515e3beb123743c2e105efe50275440851dba Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Mon, 15 Feb 2021 09:45:08 +0000 Subject: [PATCH 5/5] Accepting request 871006 from home:sbrabec:branches:distconfdir-fix No change in code. Integrate changes in SLE/Leap branch into older changelog entries in Factory. OBS-URL: https://build.opensuse.org/request/show/871006 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=101 --- shadow.changes | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/shadow.changes b/shadow.changes index 6c34e07..85095e8 100644 --- a/shadow.changes +++ b/shadow.changes @@ -195,7 +195,7 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) - * Fix segfault in useradd (Tomas Mraz) + * Fix segfault in useradd (bsc#1141113, Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) @@ -212,6 +212,9 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com upstreamed https://github.com/shadow-maint/shadow/pull/112 - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch upstreamed https://github.com/shadow-maint/shadow/issues/110 +- Remove shadow-4.6-bsc1141113-useradd-segfault.patch + (SLE15 SP3 and openSUSE Leap 15.3 only) + upstreamed https://github.com/shadow-maint/shadow/issues/125 - Rebase userdel-script.patch - Rebase useradd-script.patch - Rebase shadow-util-linux.patch