forked from pool/shadow
Accepting request 709907 from Base:System
- Update to 4.7: * Spawn: don't loop forever on ECHILD * Do not fail locking if there is a stale lockfile (Tomas Mraz) * Use lckpwdf if prefix not set (Tomas Mraz) * Build: check correct DocBook version (Jan Tojnar) * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) * Add support for btrfs subvolumes for home (Adam Majer) * Fix chpasswd long line handling (Nathan Ruiz) * Use secure_getenv for gettime (Chris Lamb) * Make sp_lstchg reproducible (Chris Lamb) * Do not crash commonio_close if db file is not open (Tomas Mraz) * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) * French manpage update (Alban VIDAL) * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) * Sync po files from shadow.pot (Alban VIDAL) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * Fix segfault in useradd (Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) * run pam_getenvlist after setup_env in su.c (Michael Vogt) * Support systems with only utmpx (A. Wilcox) * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) * Update po/zh_CN translation (Lion Yang) * Create parent dirs for useradd -m (Michael Vetter) * Prevent usermod segv * Fix usermod crash (fariouche) - Remove btrfs-subvolumes.patch (fate#316134): OBS-URL: https://build.opensuse.org/request/show/709907 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=32
This commit is contained in:
commit
24f5896ea4
@ -1,318 +0,0 @@
|
||||
commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b
|
||||
Author: Adam Majer <amajer@suse.de>
|
||||
Date: Wed Jan 23 16:17:05 2019 +0100
|
||||
|
||||
Add autotools support for BtrFS option
|
||||
|
||||
Feature is enabled by default, if headers are available. It can be
|
||||
turned off explictly.
|
||||
|
||||
commit 81ead2042afcdb8d423da855cf1528618a4e0c01
|
||||
Author: Adam Majer <amajer@suse.de>
|
||||
Date: Mon Jan 21 09:32:36 2019 +0100
|
||||
|
||||
Add support for btrfs subvolumes for user homes
|
||||
|
||||
new switch added to useradd command, --btrfs-subvolume-home. When
|
||||
specified *and* the filesystem is detected as btrfs, it will create a
|
||||
subvolume for user's home instead of a plain directory. This is done via
|
||||
`btrfs subvolume` command. Specifying the new switch while trying to
|
||||
create home on non-btrfs will result in an error.
|
||||
|
||||
userdel -r will handle and remove this subvolume transparently via
|
||||
`btrfs subvolume` command. Previosuly this failed as you can't rmdir a
|
||||
subvolume.
|
||||
|
||||
usermod, when moving user's home across devices, will detect if the home
|
||||
is a subvolume and issue an error messages instead of copying it. Moving
|
||||
user's home (as subvolume) on same btrfs works transparently.
|
||||
|
||||
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -256,6 +256,9 @@ AC_ARG_WITH(audit,
|
||||
AC_ARG_WITH(libpam,
|
||||
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
||||
[with_libpam=$withval], [with_libpam=maybe])
|
||||
+AC_ARG_WITH(btrfs,
|
||||
+ [AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
|
||||
+ [with_selinux=$withval], [with_selinux=maybe])
|
||||
AC_ARG_WITH(selinux,
|
||||
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
||||
[with_selinux=$withval], [with_selinux=maybe])
|
||||
@@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then
|
||||
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
||||
fi
|
||||
|
||||
+if test "$with_btrfs" != "no"; then
|
||||
+ AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
|
||||
+ [btrfs_headers="yes"], [btrfs_headers="no"])
|
||||
+ if test "$btrfs_headers$with_btrfs" = "noyes" ; then
|
||||
+ AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
|
||||
+ fi
|
||||
+
|
||||
+ if test "$btrfs_headers" = "yes" ; then
|
||||
+ AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
|
||||
+ with_btrfs="yes"
|
||||
+ fi
|
||||
+fi
|
||||
+AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
|
||||
+
|
||||
AC_SUBST(LIBSELINUX)
|
||||
AC_SUBST(LIBSEMANAGE)
|
||||
if test "$with_selinux" != "no"; then
|
||||
@@ -672,6 +689,7 @@ if test "$with_libpam" = "yes"; then
|
||||
echo " suid account management tools: $enable_acct_tools_setuid"
|
||||
fi
|
||||
echo " SELinux support: $with_selinux"
|
||||
+echo " BtrFS support: $with_btrfs"
|
||||
echo " ACL support: $with_acl"
|
||||
echo " Extended Attributes support: $with_attr"
|
||||
echo " tcb support (incomplete): $with_tcb"
|
||||
--- a/lib/prototypes.h
|
||||
+++ b/lib/prototypes.h
|
||||
@@ -72,6 +72,14 @@ extern int expire (const struct passwd *
|
||||
/* isexpired.c */
|
||||
extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
|
||||
|
||||
+/* btrfs.c */
|
||||
+#ifdef WITH_BTRFS
|
||||
+extern int btrfs_create_subvolume(const char *path);
|
||||
+extern int btrfs_remove_subvolume(const char *path);
|
||||
+extern int btrfs_is_subvolume(const char *path);
|
||||
+extern int is_btrfs(const char *path);
|
||||
+#endif
|
||||
+
|
||||
/* basename() renamed to Basename() to avoid libc name space confusion */
|
||||
/* basename.c */
|
||||
extern /*@observer@*/const char *Basename (const char *str);
|
||||
--- a/libmisc/Makefile.am
|
||||
+++ b/libmisc/Makefile.am
|
||||
@@ -72,3 +72,8 @@ libmisc_a_SOURCES = \
|
||||
xgetspnam.c \
|
||||
xmalloc.c \
|
||||
yesno.c
|
||||
+
|
||||
+if WITH_BTRFS
|
||||
+libmisc_a_SOURCES += btrfs.c
|
||||
+endif
|
||||
+
|
||||
--- /dev/null
|
||||
+++ b/libmisc/btrfs.c
|
||||
@@ -0,0 +1,94 @@
|
||||
+#include <linux/btrfs_tree.h>
|
||||
+#include <linux/magic.h>
|
||||
+#include <sys/statfs.h>
|
||||
+
|
||||
+#include "prototypes.h"
|
||||
+
|
||||
+
|
||||
+static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const char *arg2)
|
||||
+{
|
||||
+ int status = 0;
|
||||
+ const char *cmd = "/sbin/btrfs";
|
||||
+ const char *argv[] = {
|
||||
+ strrchr(cmd, '/'),
|
||||
+ "subvolume",
|
||||
+ subcmd,
|
||||
+ arg1,
|
||||
+ arg2,
|
||||
+ NULL
|
||||
+ };
|
||||
+
|
||||
+ if (argv[0] == NULL)
|
||||
+ argv[0] = cmd;
|
||||
+ else
|
||||
+ argv[0] = argv[0] + 1;
|
||||
+
|
||||
+ if (access(cmd, X_OK)) {
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ if (run_command(cmd, argv, NULL, &status))
|
||||
+ return -1;
|
||||
+ return status;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int btrfs_create_subvolume(const char *path)
|
||||
+{
|
||||
+ return run_btrfs_subvolume_cmd("create", path, NULL);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int btrfs_remove_subvolume(const char *path)
|
||||
+{
|
||||
+ return run_btrfs_subvolume_cmd("delete", "-C", path);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/* Adapted from btrfsprogs */
|
||||
+/*
|
||||
+ * This intentionally duplicates btrfs_util_is_subvolume_fd() instead of opening
|
||||
+ * a file descriptor and calling it, because fstat() and fstatfs() don't accept
|
||||
+ * file descriptors opened with O_PATH on old kernels (before v3.6 and before
|
||||
+ * v3.12, respectively), but stat() and statfs() can be called on a path that
|
||||
+ * the user doesn't have read or write permissions to.
|
||||
+ *
|
||||
+ * returns:
|
||||
+ * 1 - btrfs subvolume
|
||||
+ * 0 - not btrfs subvolume
|
||||
+ * -1 - error
|
||||
+ */
|
||||
+int btrfs_is_subvolume(const char *path)
|
||||
+{
|
||||
+ struct stat st;
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = is_btrfs(path);
|
||||
+ if (ret <= 0)
|
||||
+ return ret;
|
||||
+
|
||||
+ ret = stat(path, &st);
|
||||
+ if (ret == -1)
|
||||
+ return -1;
|
||||
+
|
||||
+ if (st.st_ino != BTRFS_FIRST_FREE_OBJECTID || !S_ISDIR(st.st_mode)) {
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ return 1;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/* Adapted from btrfsprogs */
|
||||
+int is_btrfs(const char *path)
|
||||
+{
|
||||
+ struct statfs sfs;
|
||||
+ int ret;
|
||||
+
|
||||
+ ret = statfs(path, &sfs);
|
||||
+ if (ret == -1)
|
||||
+ return -1;
|
||||
+
|
||||
+ return sfs.f_type == BTRFS_SUPER_MAGIC;
|
||||
+}
|
||||
+
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -164,6 +164,7 @@ static bool
|
||||
oflg = false, /* permit non-unique user ID to be specified with -u */
|
||||
rflg = false, /* create a system account */
|
||||
sflg = false, /* shell program for new account */
|
||||
+ subvolflg = false, /* create subvolume home on BTRFS */
|
||||
uflg = false, /* specify user ID for new account */
|
||||
Uflg = false; /* create a group having the same name as the user */
|
||||
|
||||
@@ -805,6 +806,9 @@ static void usage (int status)
|
||||
Prog, Prog, Prog);
|
||||
(void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
|
||||
" new account\n"), usageout);
|
||||
+#ifdef WITH_BTRFS
|
||||
+ (void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout);
|
||||
+#endif
|
||||
(void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
|
||||
(void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
|
||||
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
|
||||
@@ -1085,6 +1089,9 @@ static void process_flags (int argc, cha
|
||||
int c;
|
||||
static struct option long_options[] = {
|
||||
{"base-dir", required_argument, NULL, 'b'},
|
||||
+#ifdef WITH_BTRFS
|
||||
+ {"btrfs-subvolume-home", no_argument, NULL, 200},
|
||||
+#endif
|
||||
{"comment", required_argument, NULL, 'c'},
|
||||
{"home-dir", required_argument, NULL, 'd'},
|
||||
{"defaults", no_argument, NULL, 'D'},
|
||||
@@ -1131,6 +1138,9 @@ static void process_flags (int argc, cha
|
||||
def_home = optarg;
|
||||
bflg = true;
|
||||
break;
|
||||
+ case 200:
|
||||
+ subvolflg = true;
|
||||
+ break;
|
||||
case 'c':
|
||||
if (!VALID (optarg)) {
|
||||
fprintf (stderr,
|
||||
@@ -2049,6 +2059,37 @@ static void create_home (void)
|
||||
strcat (path, "/");
|
||||
strcat (path, cp);
|
||||
if (access (path, F_OK) != 0) {
|
||||
+ /* Check if parent directory is BTRFS, fail if requesting
|
||||
+ subvolume but no BTRFS. The paths cound be different by the
|
||||
+ trailing slash
|
||||
+ */
|
||||
+#if WITH_BTRFS
|
||||
+ if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
|
||||
+ char *btrfs_check = strdup(path);
|
||||
+
|
||||
+ if (!btrfs_check) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: error while duplicating string in BTRFS check %s\n"),
|
||||
+ Prog, path);
|
||||
+ fail_exit (E_HOMEDIR);
|
||||
+ }
|
||||
+ btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
|
||||
+ if (is_btrfs(btrfs_check) <= 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: home directory \"%s\" must be mounted on BTRFS\n"),
|
||||
+ Prog, path);
|
||||
+ fail_exit (E_HOMEDIR);
|
||||
+ }
|
||||
+ // make subvolume to mount for user instead of directory
|
||||
+ if (btrfs_create_subvolume(path)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to create BTRFS subvolume: %s\n"),
|
||||
+ Prog, path);
|
||||
+ fail_exit (E_HOMEDIR);
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+#endif
|
||||
if (mkdir (path, 0) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create directory %s\n"),
|
||||
--- a/src/userdel.c
|
||||
+++ b/src/userdel.c
|
||||
@@ -1273,6 +1273,23 @@ int main (int argc, char **argv)
|
||||
#endif /* EXTRA_CHECK_HOME_DIR */
|
||||
|
||||
if (rflg) {
|
||||
+#ifdef WITH_BTRFS
|
||||
+ int is_subvolume = btrfs_is_subvolume (user_home);
|
||||
+ if (is_subvolume < 0) {
|
||||
+ errors++;
|
||||
+ /* continue */
|
||||
+ }
|
||||
+ else if (is_subvolume > 0) {
|
||||
+ if (btrfs_remove_subvolume (user_home)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: error removing subvolume %s\n"),
|
||||
+ Prog, user_home);
|
||||
+ errors++;
|
||||
+ /* continue */
|
||||
+ }
|
||||
+ }
|
||||
+ else
|
||||
+#endif
|
||||
if (remove_tree (user_home, true) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: error removing directory %s\n"),
|
||||
--- a/src/usermod.c
|
||||
+++ b/src/usermod.c
|
||||
@@ -1818,6 +1818,15 @@ static void move_home (void)
|
||||
return;
|
||||
} else {
|
||||
if (EXDEV == errno) {
|
||||
+#ifdef WITH_BTRFS
|
||||
+ if (btrfs_is_subvolume (prefix_user_home) > 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: error: cannot move subvolume from %s to %s - different device\n"),
|
||||
+ Prog, prefix_user_home, prefix_user_newhome);
|
||||
+ fail_exit (E_HOMEDIR);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (copy_tree (prefix_user_home, prefix_user_newhome, true,
|
||||
true,
|
||||
user_id,
|
@ -1,86 +0,0 @@
|
||||
Bug: https://github.com/shadow-maint/shadow/issues/110
|
||||
Containing following two fixes.
|
||||
|
||||
From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001
|
||||
From: fariouche <fariouche@yahoo.fr>
|
||||
Date: Tue, 8 May 2018 21:17:46 -0500
|
||||
Subject: [PATCH 1/2] Fix usermod crash
|
||||
|
||||
Return newly allocated pointers when the caller will free them.
|
||||
|
||||
Closes #110
|
||||
---
|
||||
libmisc/prefix_flag.c | 2 +-
|
||||
src/usermod.c | 10 ++++++----
|
||||
2 files changed, 7 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
|
||||
index 6581235e..8ceffd26 100644
|
||||
--- a/libmisc/prefix_flag.c
|
||||
+++ b/libmisc/prefix_flag.c
|
||||
@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
|
||||
&& (gid == (gid_t)gid)) {
|
||||
return prefix_getgrgid ((gid_t) gid);
|
||||
}
|
||||
- return prefix_getgrnam (grname);
|
||||
+ return __gr_dup(prefix_getgrnam (grname));
|
||||
}
|
||||
else
|
||||
return getgr_nam_gid(grname);
|
||||
diff --git a/src/usermod.c b/src/usermod.c
|
||||
index e571426f..7355ad31 100644
|
||||
--- a/src/usermod.c
|
||||
+++ b/src/usermod.c
|
||||
@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv)
|
||||
prefix_user_home = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
|
||||
assert (wlen == (int) len -1);
|
||||
+ if (user_newhome) {
|
||||
+ len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
+ prefix_user_newhome = xmalloc(len);
|
||||
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
+ assert (wlen == (int) len -1);
|
||||
+ }
|
||||
|
||||
- len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
- prefix_user_newhome = xmalloc(len);
|
||||
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
- assert (wlen == (int) len -1);
|
||||
}
|
||||
else {
|
||||
prefix_user_home = user_home;
|
||||
|
||||
From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001
|
||||
From: Serge Hallyn <shallyn@cisco.com>
|
||||
Date: Tue, 8 May 2018 21:37:55 -0500
|
||||
Subject: [PATCH 2/2] usermod: prevent a segv
|
||||
|
||||
in the case where prefix does not exist.
|
||||
|
||||
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
|
||||
---
|
||||
libmisc/prefix_flag.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
|
||||
index 8ceffd26..96b11faa 100644
|
||||
--- a/libmisc/prefix_flag.c
|
||||
+++ b/libmisc/prefix_flag.c
|
||||
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
|
||||
{
|
||||
long long int gid;
|
||||
char *endptr;
|
||||
+ struct group *g;
|
||||
|
||||
if (NULL == grname) {
|
||||
return NULL;
|
||||
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
|
||||
&& (gid == (gid_t)gid)) {
|
||||
return prefix_getgrgid ((gid_t) gid);
|
||||
}
|
||||
- return __gr_dup(prefix_getgrnam (grname));
|
||||
+ g = prefix_getgrnam (grname);
|
||||
+ return g ? __gr_dup(g) : NULL;
|
||||
}
|
||||
else
|
||||
return getgr_nam_gid(grname);
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583
|
||||
size 1678100
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
|
||||
P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
|
||||
hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
|
||||
BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
|
||||
5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
|
||||
55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
|
||||
FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
|
||||
=fk/F
|
||||
-----END PGP SIGNATURE-----
|
3
shadow-4.7.tar.xz
Normal file
3
shadow-4.7.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
|
||||
size 1624340
|
11
shadow-4.7.tar.xz.asc
Normal file
11
shadow-4.7.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
|
||||
P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
|
||||
9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
|
||||
JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
|
||||
csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
|
||||
5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
|
||||
EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
|
||||
=dbPQ
|
||||
-----END PGP SIGNATURE-----
|
@ -109,11 +109,11 @@ Index: lib/getdef.c
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
@@ -93,6 +95,7 @@ static struct itemdef def_table[] = {
|
||||
{"GID_MIN", NULL},
|
||||
{"HUSHLOGIN_FILE", NULL},
|
||||
@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
|
||||
{"KILLCHAR", NULL},
|
||||
+ {"LOGIN_PLAIN_PROMPT", NULL},
|
||||
{"LASTLOG_UID_MAX", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
+ {"LOGIN_PLAIN_PROMPT", NULL},
|
||||
{"LOGIN_TIMEOUT", NULL},
|
||||
{"LOG_OK_LOGINS", NULL},
|
||||
{"LOG_UNKFAIL_ENAB", NULL},
|
||||
|
@ -1,3 +1,45 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
|
||||
|
||||
- Update to 4.7:
|
||||
* Spawn: don't loop forever on ECHILD
|
||||
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
|
||||
* Use lckpwdf if prefix not set (Tomas Mraz)
|
||||
* Build: check correct DocBook version (Jan Tojnar)
|
||||
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
|
||||
* Add support for btrfs subvolumes for home (Adam Majer)
|
||||
* Fix chpasswd long line handling (Nathan Ruiz)
|
||||
* Use secure_getenv for gettime (Chris Lamb)
|
||||
* Make sp_lstchg reproducible (Chris Lamb)
|
||||
* Do not crash commonio_close if db file is not open (Tomas Mraz)
|
||||
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
|
||||
* French manpage update (Alban VIDAL)
|
||||
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
|
||||
* Sync po files from shadow.pot (Alban VIDAL)
|
||||
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
|
||||
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
|
||||
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
|
||||
* Fix segfault in useradd (Tomas Mraz)
|
||||
* Coverity issues (Tomas Mraz)
|
||||
* Flush sssd caches (Jakub Hrozek)
|
||||
* Log UID in nologin (Vladimir Ivanov)
|
||||
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
|
||||
* Support systems with only utmpx (A. Wilcox)
|
||||
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
|
||||
* Update po/zh_CN translation (Lion Yang)
|
||||
* Create parent dirs for useradd -m (Michael Vetter)
|
||||
* Prevent usermod segv
|
||||
* Fix usermod crash (fariouche)
|
||||
- Remove btrfs-subvolumes.patch (fate#316134):
|
||||
upstreamed: https://github.com/shadow-maint/shadow/pull/149
|
||||
- Remove useradd-mkdirs.patch (bsc#865563):
|
||||
upstreamed https://github.com/shadow-maint/shadow/pull/112
|
||||
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
|
||||
upstreamed https://github.com/shadow-maint/shadow/issues/110
|
||||
- Rebase userdel-script.patch
|
||||
- Rebase useradd-script.patch
|
||||
- Rebase shadow-util-linux.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
|
||||
|
||||
|
13
shadow.spec
13
shadow.spec
@ -12,12 +12,12 @@
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Name: shadow
|
||||
Version: 4.6
|
||||
Version: 4.7
|
||||
Release: 0
|
||||
Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||
@ -53,18 +53,12 @@ Patch6: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
# PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix).
|
||||
Patch10: encryption_method_nis.patch
|
||||
# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehrens@suse.com -- Create all parts of the path.
|
||||
Patch11: useradd-mkdirs.patch
|
||||
# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvetter@suse.com -- Fixes crash in usermod when called with --prefix.
|
||||
Patch12: shadow-4.6.0-fix-usermod-prefix-crash.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
|
||||
Patch13: shadow-login_defs-comments.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
|
||||
Patch14: shadow-login_defs-suse.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch20: disable_new_audit_function.patch
|
||||
# PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.majer@suse.de -- Add support for btrfs subvolumes for user homes.
|
||||
Patch21: btrfs-subvolumes.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
@ -105,14 +99,11 @@ group accounts.
|
||||
%patch6
|
||||
%patch7
|
||||
%patch10
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13
|
||||
%patch14
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch20 -p1
|
||||
%endif
|
||||
%patch21 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
@ -1,73 +0,0 @@
|
||||
https://github.com/shadow-maint/shadow/pull/112
|
||||
|
||||
useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2
|
||||
* check for stdup failure
|
||||
* create dirs with 0755 instead of 0777
|
||||
diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6.new-useradd-mkdirs/src/useradd.c 2018-05-15 17:11:03.706371270 +0200
|
||||
@@ -2018,6 +2018,19 @@
|
||||
static void create_home (void)
|
||||
{
|
||||
if (access (prefix_user_home, F_OK) != 0) {
|
||||
+ char path[strlen (prefix_user_home) + 2];
|
||||
+ char *bhome, *cp;
|
||||
+
|
||||
+ path[0] = '\0';
|
||||
+ bhome = strdup (prefix_user_home);
|
||||
+ if (!bhome) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: error while duplicating string %s\n"),
|
||||
+ Prog, user_home);
|
||||
+ fail_exit (E_HOMEDIR);
|
||||
+ }
|
||||
+ ++bhome;
|
||||
+
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (prefix_user_home) != 0) {
|
||||
fprintf (stderr,
|
||||
@@ -2026,11 +2039,20 @@
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
- /* XXX - create missing parent directories. --marekm */
|
||||
- if (mkdir (prefix_user_home, 0) != 0) {
|
||||
+
|
||||
+ /* Check for every part of the path, if the directory
|
||||
+ exists. If not, create it with permissions 755 and
|
||||
+ owner root:root.
|
||||
+ */
|
||||
+ cp = strtok (bhome, "/");
|
||||
+ while (cp) {
|
||||
+ strcat (path, "/");
|
||||
+ strcat (path, cp);
|
||||
+ if (access (path, F_OK) != 0) {
|
||||
+ if (mkdir (path, 0) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot create directory %s\n"),
|
||||
- Prog, prefix_user_home);
|
||||
+ Prog, path);
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ADD_USER, Prog,
|
||||
"adding home directory",
|
||||
@@ -2039,6 +2061,20 @@
|
||||
#endif
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ if (chown (path, 0, 0) < 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: chown on `%s' failed: %m\n"),
|
||||
+ Prog, path);
|
||||
+ }
|
||||
+ if (chmod (path, 0755) < 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: chmod on `%s' failed: %m\n"),
|
||||
+ Prog, path);
|
||||
+ }
|
||||
+ }
|
||||
+ cp = strtok (NULL, "/");
|
||||
+ }
|
||||
+
|
||||
(void) chown (prefix_user_home, user_id, user_gid);
|
||||
chmod (prefix_user_home,
|
||||
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
@ -20,7 +20,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -125,6 +125,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -126,6 +126,7 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MAX", NULL},
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
@ -32,7 +32,7 @@ Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -2115,6 +2115,30 @@ static void create_mail (void)
|
||||
@@ -2216,6 +2216,30 @@ static void create_mail (void)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -63,9 +63,9 @@ Index: src/useradd.c
|
||||
* main - useradd command
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
@@ -2390,6 +2414,7 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("passwd");
|
||||
@@ -2492,6 +2516,7 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
+ call_script (user_name);
|
||||
+
|
||||
|
@ -2,7 +2,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -126,6 +126,8 @@ static struct itemdef def_table[] = {
|
||||
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
{"USERDEL_CMD", NULL},
|
||||
@ -45,7 +45,7 @@ Index: src/userdel.c
|
||||
===================================================================
|
||||
--- src/userdel.c.orig
|
||||
+++ src/userdel.c
|
||||
@@ -125,7 +125,7 @@ static void close_files (void);
|
||||
@@ -126,7 +126,7 @@ static void close_files (void);
|
||||
static void fail_exit (int);
|
||||
static void open_files (void);
|
||||
static void update_user (void);
|
||||
@ -54,7 +54,7 @@ Index: src/userdel.c
|
||||
|
||||
#ifdef EXTRA_CHECK_HOME_DIR
|
||||
static bool path_prefix (const char *, const char *);
|
||||
@@ -767,13 +767,13 @@ static void update_user (void)
|
||||
@@ -768,13 +768,13 @@ static void update_user (void)
|
||||
* cron, at, or print jobs.
|
||||
*/
|
||||
|
||||
@ -70,7 +70,7 @@ Index: src/userdel.c
|
||||
if (NULL == cmd) {
|
||||
return;
|
||||
}
|
||||
@@ -1213,9 +1213,10 @@ int main (int argc, char **argv)
|
||||
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -83,7 +83,7 @@ Index: src/userdel.c
|
||||
open_files ();
|
||||
update_user ();
|
||||
update_groups ();
|
||||
@@ -1319,7 +1320,7 @@ int main (int argc, char **argv)
|
||||
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
if(prefix[0] == '\0')
|
||||
@ -92,9 +92,9 @@ Index: src/userdel.c
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_TCB
|
||||
@@ -1329,6 +1330,9 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("passwd");
|
||||
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
+ /* Call the post script, for example to rebuild NIS database */
|
||||
+ call_script ("USERDEL_POSTCMD", user_name);
|
||||
|
Loading…
Reference in New Issue
Block a user