Accepting request 872327 from Base:System

OBS-URL: https://build.opensuse.org/request/show/872327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2021-04-15 14:56:33 +00:00 committed by Git OBS Bridge
commit c2abc15313
4 changed files with 238 additions and 29 deletions

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
- Do not require libeconf-devel on products without /usr/etc.
-------------------------------------------------------------------
Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Split login.defs configuration file into own sub-package, which
allows to install util-linux or pam on small embedded/edge
systems or container without the need to pull in the full shadow
suite.
-------------------------------------------------------------------
Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Amend patches/useradd-userkeleton.patch to also write into
existing directories and prefer files from /etc
-------------------------------------------------------------------
Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink <werner@suse.de>
- Add patch useradd-userkeleton.patch to extend original C code
of useradd to handle /usr/etc/skel (boo#1173321)
- Remove /usr/etc/skel support in useradd.local script
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de> Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de>
@ -169,7 +195,7 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz) * Fix segfault in useradd (bsc#1141113, Tomas Mraz)
* Coverity issues (Tomas Mraz) * Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek) * Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov) * Log UID in nologin (Vladimir Ivanov)
@ -186,6 +212,9 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
upstreamed https://github.com/shadow-maint/shadow/pull/112 upstreamed https://github.com/shadow-maint/shadow/pull/112
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
upstreamed https://github.com/shadow-maint/shadow/issues/110 upstreamed https://github.com/shadow-maint/shadow/issues/110
- Remove shadow-4.6-bsc1141113-useradd-segfault.patch
(SLE15 SP3 and openSUSE Leap 15.3 only)
upstreamed https://github.com/shadow-maint/shadow/issues/125
- Rebase userdel-script.patch - Rebase userdel-script.patch
- Rebase useradd-script.patch - Rebase useradd-script.patch
- Rebase shadow-util-linux.patch - Rebase shadow-util-linux.patch

View File

@ -1,7 +1,7 @@
# #
# spec file for package shadow # spec file for package shadow
# #
# Copyright (c) 2020 SUSE LLC # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -61,6 +61,8 @@ Patch7: shadow-4.1.5.1-logmsg.patch
Patch13: shadow-login_defs-comments.patch Patch13: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch Patch14: shadow-login_defs-suse.patch
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
Patch15: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions. # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch Patch20: disable_new_audit_function.patch
BuildRequires: audit-devel > 2.3 BuildRequires: audit-devel > 2.3
@ -68,7 +70,10 @@ BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel BuildRequires: libeconf-devel
%endif
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel BuildRequires: libsemanage-devel
BuildRequires: libtool BuildRequires: libtool
@ -80,6 +85,18 @@ Requires(pre): permissions
Requires(pre): user(root) Requires(pre): user(root)
Provides: pwdutils = 3.2.20 Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19 Obsoletes: pwdutils <= 3.2.19
Requires: login_defs >= %{version}
Provides: useradd_or_adduser_dep
%description
This package includes the necessary programs for converting plain
password files to the shadow password format and to manage user and
group accounts.
%package -n login_defs
Summary: login.defs configuration file
Group: System/Base
BuildArch: noarch
# Virtual provides for supported variables in login.defs. # Virtual provides for supported variables in login.defs.
# It prevents references to unknown variables. # It prevents references to unknown variables.
# Upgrade them only if shadow-util-linux.patch or # Upgrade them only if shadow-util-linux.patch or
@ -87,12 +104,10 @@ Obsoletes: pwdutils <= 3.2.19
# Call shadow-login_defs-check.sh before! # Call shadow-login_defs-check.sh before!
Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-pam = 1.3.1
Provides: login_defs-support-for-util-linux = 2.36 Provides: login_defs-support-for-util-linux = 2.36
Provides: useradd_or_adduser_dep
%description %description -n login_defs
This package includes the necessary programs for converting plain This package contains the default login.defs configuration file
password files to the shadow password format and to manage user and as used by util-linux, pam and shadow.
group accounts.
%prep %prep
%setup -q -a 1 %setup -q -a 1
@ -106,6 +121,7 @@ group accounts.
%patch7 %patch7
%patch13 %patch13
%patch14 %patch14
%patch15
%if 0%{?suse_version} < 1330 %if 0%{?suse_version} < 1330
%patch20 -p1 %patch20 -p1
%endif %endif
@ -215,10 +231,13 @@ fi
%pre %pre
%service_add_pre shadow.service shadow.timer %service_add_pre shadow.service shadow.timer
for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
done done
%pre -n login_defs
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
%post %post
%set_permissions %{_bindir}/chage %set_permissions %{_bindir}/chage
%set_permissions %{_bindir}/chfn %set_permissions %{_bindir}/chfn
@ -250,19 +269,22 @@ done
%service_del_postun shadow.service shadow.timer %service_del_postun shadow.service shadow.timer
%posttrans %posttrans
%if %{defined no_config}
# Migration to /usr/etc # Migration to /usr/etc
for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
done done
%endif
%posttrans -n login_defs
# rpmsave file can be created by
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
# - Migration to /usr/etc (after SLE15 and Leap 15)
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:
%files -f shadow.lang %files -f shadow.lang
%license COPYING %license COPYING
%doc NEWS doc/HOWTO README README.changes-pwdutils %doc NEWS doc/HOWTO README README.changes-pwdutils
%if %{defined no_config}
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
@ -332,7 +354,6 @@ done
%{_mandir}/man1/passwd.1%{?ext_man} %{_mandir}/man1/passwd.1%{?ext_man}
%{_mandir}/man1/sg.1%{?ext_man} %{_mandir}/man1/sg.1%{?ext_man}
%{_mandir}/man3/shadow.3%{?ext_man} %{_mandir}/man3/shadow.3%{?ext_man}
%{_mandir}/man5/login.defs.5%{?ext_man}
%{_mandir}/man5/shadow.5%{?ext_man} %{_mandir}/man5/shadow.5%{?ext_man}
%{_mandir}/man8/chpasswd.8%{?ext_man} %{_mandir}/man8/chpasswd.8%{?ext_man}
%{_mandir}/man8/groupadd.8%{?ext_man} %{_mandir}/man8/groupadd.8%{?ext_man}
@ -356,4 +377,12 @@ done
%{_unitdir}/* %{_unitdir}/*
%files -n login_defs
%if %{defined no_config}
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%{_mandir}/man5/login.defs.5%{?ext_man}
%changelog %changelog

165
useradd-userkeleton.patch Normal file
View File

@ -0,0 +1,165 @@
Copy also skeleton files from /usr/etc/skel (boo#1173321)
---
etc/useradd | 1 +
src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
Index: etc/useradd
===================================================================
--- etc/useradd.orig
+++ etc/useradd
@@ -5,4 +5,5 @@ INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
+USRSKEL=/usr/etc/skel
CREATE_MAIL_SPOOL=yes
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -78,6 +78,9 @@
#ifndef SKEL_DIR
#define SKEL_DIR "/etc/skel"
#endif
+#ifndef USRSKELDIR
+#define USRSKELDIR "/usr/etc/skel"
+#endif
#ifndef USER_DEFAULTS_FILE
#define USER_DEFAULTS_FILE "/etc/default/useradd"
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
@@ -101,6 +104,7 @@ static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "";
static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
static const char *def_create_mail_spool = "no";
static long def_inactive = -1;
@@ -202,6 +206,7 @@ static bool home_added = false;
#define DINACT "INACTIVE="
#define DEXPIRE "EXPIRE="
#define DSKEL "SKEL="
+#define DUSRSKEL "USRSKEL="
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
/* local function prototypes */
@@ -469,6 +474,29 @@ static void get_defaults (void)
}
/*
+ * Default Usr Skeleton information
+ */
+ else if (MATCH (buf, DUSRSKEL)) {
+ if ('\0' == *cp) {
+ cp = USRSKELDIR; /* XXX warning: const */
+ }
+
+ if(prefix[0]) {
+ size_t len;
+ int wlen;
+ char* _def_usrtemplate; /* avoid const warning */
+
+ len = strlen(prefix) + strlen(cp) + 2;
+ _def_usrtemplate = xmalloc(len);
+ wlen = snprintf(_def_usrtemplate, len, "%s/%s", prefix, cp);
+ assert (wlen == (int) len -1);
+ def_usrtemplate = _def_usrtemplate;
+ }
+ else {
+ def_usrtemplate = xstrdup (cp);
+ }
+ }
+ /*
* Create by default user mail spool or not ?
*/
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
@@ -500,6 +528,7 @@ static void show_defaults (void)
printf ("EXPIRE=%s\n", def_expire);
printf ("SHELL=%s\n", def_shell);
printf ("SKEL=%s\n", def_template);
+ printf ("USRSKEL=%s\n", def_usrtemplate);
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
}
@@ -526,6 +555,7 @@ static int set_defaults (void)
bool out_expire = false;
bool out_shell = false;
bool out_skel = false;
+ bool out_usrskel = false;
bool out_create_mail_spool = false;
size_t len;
int ret = -1;
@@ -620,6 +650,9 @@ static int set_defaults (void)
} else if (!out_skel && MATCH (buf, DSKEL)) {
fprintf (ofp, DSKEL "%s\n", def_template);
out_skel = true;
+ } else if (!out_usrskel && MATCH (buf, DUSRSKEL)) {
+ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
+ out_usrskel = true;
} else if (!out_create_mail_spool
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
fprintf (ofp,
@@ -649,6 +682,8 @@ static int set_defaults (void)
fprintf (ofp, DSHELL "%s\n", def_shell);
if (!out_skel)
fprintf (ofp, DSKEL "%s\n", def_template);
+ if (!out_usrskel)
+ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
if (!out_create_mail_spool)
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
+ copy_tree (def_usrtemplate, prefix_user_home, false, false,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
_("%s: warning: the home directory %s already exists.\n"
Index: libmisc/copydir.c
===================================================================
--- libmisc/copydir.c.orig
+++ libmisc/copydir.c
@@ -416,6 +416,14 @@ static int copy_entry (const char *src,
old_uid, new_uid, old_gid, new_gid);
}
+ /*
+ * If the destination already exists do nothing.
+ * This is after the copy_dir above to still iterate into subdirectories.
+ */
+ if (LSTAT (dst, &sb) != -1) {
+ return 0;
+ }
+
#ifdef S_IFLNK
/*
* Copy any symbolic links
@@ -477,6 +485,7 @@ static int copy_dir (const char *src, co
gid_t old_gid, gid_t new_gid)
{
int err = 0;
+ struct stat dst_sb;
/*
* Create a new target directory, make it owned by
@@ -488,6 +497,16 @@ static int copy_dir (const char *src, co
return -1;
}
#endif /* WITH_SELINUX */
+
+ /*
+ * If the destination is already a directory, don't change it
+ * but copy into it (recursively).
+ */
+ if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) {
+ return (copy_tree (src, dst, false, reset_selinux,
+ old_uid, new_uid, old_gid, new_gid) != 0);
+ }
+
if ( (mkdir (dst, statp->st_mode) != 0)
|| (chown_if_needed (dst, statp,
old_uid, new_uid, old_gid, new_gid) != 0)

View File

@ -37,20 +37,6 @@ fi
# Main useradd tool creates this if specified on command line # Main useradd tool creates this if specified on command line
[ -d $HOMEDIR ] || exit 0 [ -d $HOMEDIR ] || exit 0
#
# Copy also skeleton files from /usr/etc/skel (boo#1173321)
#
USRSKELDIR=/usr/etc/skel
if [ -d $USRSKELDIR ] ; then
for file in $(ls -A $USRSKELDIR); do
# Only copy if not exist yet, i.e. does *not* exist in /etc/skel, which is still
# being preferred ...
test -e $HOMEDIR/$file && continue
cp -a $USRSKELDIR/$file $HOMEDIR
chown -R $USER.$GID $HOMEDIR/$file
done
fi
# If SELinux is enabled, we have to run restorecon to assign # If SELinux is enabled, we have to run restorecon to assign
# appropriate fcontexts to the respective $HOME and files under it # appropriate fcontexts to the respective $HOME and files under it
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then