forked from pool/shadow
Accepting request 920286 from Base:System
- bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399 - bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417 - Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now. - libsubid-devel: add missing requires for libsubid3 - Remove README.changes-pwdutils, all distros you can upgrade from use already shadow - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] - Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes OBS-URL: https://build.opensuse.org/request/show/920286 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=44
This commit is contained in:
commit
7f56492672
@ -1,62 +0,0 @@
|
||||
This file lists changes between pwdutils used in the past and
|
||||
the shadow utils used now.
|
||||
|
||||
General changes:
|
||||
================
|
||||
- No support to modify LDAP accounts anymore (-D and --service option)
|
||||
- No -P/--path option
|
||||
- /etc/default/passwd was removed. The configure options are
|
||||
partly available in /etc/login.defs.
|
||||
|
||||
/etc/login.defs:
|
||||
----------------
|
||||
SYSTEM_UID_MIN/SYSTEM_UID_MAX were renamed to SYS_UID_MIN/SYS_UID_MAX
|
||||
SYSTEM_GID_MIN/SYSTEM_GID_MAX were renamed to SYS_GID_MIN/SYS_GID_MAX
|
||||
|
||||
chfn
|
||||
----
|
||||
-m/--other has changed to -o/--other
|
||||
-o/--office has changed to -r/--room.
|
||||
-p/--phone has changed to -w/--work-phone
|
||||
|
||||
chpasswd
|
||||
--------
|
||||
-c blowfish is now longer supported, instead SHA256 and SHA512 were added.
|
||||
|
||||
chsh
|
||||
----
|
||||
-l/--list-shells was removed.
|
||||
|
||||
gpasswd
|
||||
-------
|
||||
-l/-u option are missing
|
||||
|
||||
groupadd
|
||||
--------
|
||||
/usr/sbin/groupadd.local is missing
|
||||
--preferred-gid was removed
|
||||
|
||||
groupmod
|
||||
--------
|
||||
-A/--add-user was removed
|
||||
-R/--remove-user was removed
|
||||
|
||||
passwd
|
||||
------
|
||||
-f was dropped (use chfn instead)
|
||||
-g was dropped (use gpasswd instead)
|
||||
-s was dropped (use chsh instead)
|
||||
|
||||
useradd
|
||||
-------
|
||||
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
|
||||
-U/--umask was removed, -U has now another meaning
|
||||
--preferred-uid was removed
|
||||
|
||||
userdel
|
||||
-------
|
||||
-r/--remove-home was renamed to -r/--remove
|
||||
|
||||
usermod
|
||||
-------
|
||||
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
|
@ -2,23 +2,25 @@ Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
|
||||
# missing.
|
||||
@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
+
|
||||
+#
|
||||
|
||||
+# User/group names must match the following regex expression.
|
||||
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
|
||||
+# but be aware that the result could depend on the locale settings.
|
||||
+#
|
||||
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
|
||||
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
|
||||
+
|
||||
#
|
||||
# Allow newuidmap and newgidmap when running under an alternative
|
||||
# primary group.
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -80,6 +80,7 @@ struct itemdef {
|
||||
@@ -91,6 +91,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
|
123
libsubid-build-fix.patch
Normal file
123
libsubid-build-fix.patch
Normal file
@ -0,0 +1,123 @@
|
||||
Fix build fails for libsubid (libtool: error: cannot find name of link library for '../libsubid/libsubid.la').
|
||||
Consisting of following upstream commits:
|
||||
* f4a84efb468b8be21be124700ce35159c444e9d6
|
||||
* 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1
|
||||
* fa986b1d73605ecca54a4f19249227aeab827bf6
|
||||
Index: shadow-4.9/configure.ac
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/configure.ac
|
||||
+++ shadow-4.9/configure.ac
|
||||
@@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then
|
||||
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
||||
fi
|
||||
|
||||
+AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes")
|
||||
+
|
||||
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
|
||||
if test "$with_bcrypt" = "yes"; then
|
||||
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
|
||||
Index: shadow-4.9/lib/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/lib/Makefile.am
|
||||
+++ shadow-4.9/lib/Makefile.am
|
||||
@@ -10,6 +10,8 @@ if HAVE_VENDORDIR
|
||||
libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\"
|
||||
endif
|
||||
|
||||
+libshadow_la_CPPFLAGS += -I$(top_srcdir)
|
||||
+
|
||||
libshadow_la_SOURCES = \
|
||||
commonio.c \
|
||||
commonio.h \
|
||||
Index: shadow-4.9/libmisc/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/libmisc/Makefile.am
|
||||
+++ shadow-4.9/libmisc/Makefile.am
|
||||
@@ -1,7 +1,7 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
-AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS)
|
||||
+AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS)
|
||||
|
||||
noinst_LTLIBRARIES = libmisc.la
|
||||
|
||||
Index: shadow-4.9/libsubid/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/libsubid/Makefile.am
|
||||
+++ shadow-4.9/libsubid/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
lib_LTLIBRARIES = libsubid.la
|
||||
+if ENABLE_SHARED
|
||||
libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \
|
||||
-shared -version-info @LIBSUBID_ABI_MAJOR@
|
||||
+endif
|
||||
libsubid_la_SOURCES = api.c
|
||||
|
||||
pkginclude_HEADERS = subid.h
|
||||
@@ -16,11 +18,12 @@ MISCLIBS = \
|
||||
$(LIBCRYPT) \
|
||||
$(LIBACL) \
|
||||
$(LIBATTR) \
|
||||
- $(LIBTCB)
|
||||
+ $(LIBTCB) \
|
||||
+ $(LIBPAM)
|
||||
|
||||
libsubid_la_LIBADD = \
|
||||
- $(top_srcdir)/lib/libshadow.la \
|
||||
- $(top_srcdir)/libmisc/libmisc.la \
|
||||
+ $(top_builddir)/lib/libshadow.la \
|
||||
+ $(top_builddir)/libmisc/libmisc.la \
|
||||
$(MISCLIBS) -ldl
|
||||
|
||||
AM_CPPFLAGS = \
|
||||
Index: shadow-4.9/src/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/Makefile.am
|
||||
+++ shadow-4.9/src/Makefile.am
|
||||
@@ -10,6 +10,7 @@ sgidperms = 2755
|
||||
AM_CPPFLAGS = \
|
||||
-I${top_srcdir}/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
+ -I$(top_srcdir) \
|
||||
-DLOCALEDIR=\"$(datadir)/locale\"
|
||||
|
||||
# XXX why are login and su in /bin anyway (other than for
|
||||
@@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \
|
||||
list_subid_ranges_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
+ -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/libsubid
|
||||
|
||||
get_subid_owners_LDADD = \
|
||||
@@ -194,11 +196,13 @@ get_subid_owners_LDADD = \
|
||||
get_subid_owners_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
+ -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/libsubid
|
||||
|
||||
new_subid_range_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
+ -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/libsubid
|
||||
|
||||
new_subid_range_LDADD = \
|
||||
@@ -210,6 +214,7 @@ new_subid_range_LDADD = \
|
||||
free_subid_range_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
+ -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/libsubid
|
||||
|
||||
free_subid_range_LDADD = \
|
||||
@@ -220,6 +225,7 @@ free_subid_range_LDADD = \
|
||||
|
||||
check_subid_range_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
+ -I$(top_srcdir) \
|
||||
-I$(top_srcdir)/libmisc
|
||||
|
||||
check_subid_range_LDADD = \
|
@ -1,11 +0,0 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c
|
||||
@@ -320,7 +320,7 @@ static void fail_exit (int code)
|
||||
user_name, AUDIT_NO_ID,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif
|
||||
- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
|
||||
+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
|
||||
exit (code);
|
||||
}
|
||||
|
@ -1,14 +0,0 @@
|
||||
--- src/userdel.c
|
||||
+++ src/userdel.c
|
||||
@@ -143,8 +143,9 @@ static void usage (int status)
|
||||
"\n"
|
||||
"Options:\n"),
|
||||
Prog);
|
||||
- (void) fputs (_(" -f, --force force removal of files,\n"
|
||||
- " even if not owned by user\n"),
|
||||
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
|
||||
+ " e.g. removal of user still logged in\n"
|
||||
+ " or files, even if not owned by the user\n"),
|
||||
usageout);
|
||||
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
||||
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
|
||||
size 1611196
|
@ -1,11 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl4qDlEACgkQ6f7qBqhe
|
||||
P51Lfwf/b2gxtqo9WRUTOhau4kCy+zDbg3S/K7ZD/20I2t205FNCOyV+cR4Q/PRA
|
||||
+hBLFsA/WAVqZm0/3re09VDV0eaBpI7hgNF0JFODawIixKdLVff9mbfbLdgzy2Dl
|
||||
IvbNrUVDJV1wSlEJLIeUpUT4ClFaiExM/XaCvHSUUbRsJ5cutH2wt0neNC8mJHMu
|
||||
srXoCp8lb4fT+BDgRKoGA6RMvnJSkExBbhrRqaARWWCGnS++5oJiD7UwPAOu9Imb
|
||||
LtouVitkrjrpQncnQN+zCaKwyTGw/xlQyl0z86DXWbvhnTwUeeWZbyfRAglIsSkk
|
||||
DRpWh2m7ejcvf1pGt66UBuMNr0yb1w==
|
||||
=8I3q
|
||||
-----END PGP SIGNATURE-----
|
23
shadow-4.9-sgent-free.patch
Normal file
23
shadow-4.9-sgent-free.patch
Normal file
@ -0,0 +1,23 @@
|
||||
Index: shadow-4.9/src/gpasswd.c
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/gpasswd.c
|
||||
+++ shadow-4.9/src/gpasswd.c
|
||||
@@ -1207,11 +1207,13 @@ int main (int argc, char **argv)
|
||||
sssd_flush_cache (SSSD_DB_GROUP);
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
- if (sgent.sg_adm) {
|
||||
- xfree(sgent.sg_adm);
|
||||
- }
|
||||
- if (sgent.sg_mem) {
|
||||
- xfree(sgent.sg_mem);
|
||||
+ if(is_shadowgrp) {
|
||||
+ if (sgent.sg_adm) {
|
||||
+ xfree(sgent.sg_adm);
|
||||
+ }
|
||||
+ if (sgent.sg_mem) {
|
||||
+ xfree(sgent.sg_mem);
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
if (grent.gr_mem) {
|
94
shadow-4.9-useradd-subuid.patch
Normal file
94
shadow-4.9-useradd-subuid.patch
Normal file
@ -0,0 +1,94 @@
|
||||
This patch contains:
|
||||
https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249#diff-9a7a2bfccabec64213bd054801b9efca8ad55636afbc49e0107714c0f8ffabbe
|
||||
and
|
||||
https://github.com/shadow-maint/shadow/commit/049b08481acc2040e2079ae06e64d0bb36326528#
|
||||
Index: shadow-4.9/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/useradd.c
|
||||
+++ shadow-4.9/src/useradd.c
|
||||
@@ -146,9 +146,7 @@ static bool is_sub_gid = false;
|
||||
static bool sub_uid_locked = false;
|
||||
static bool sub_gid_locked = false;
|
||||
static uid_t sub_uid_start; /* New subordinate uid range */
|
||||
-static unsigned long sub_uid_count;
|
||||
static gid_t sub_gid_start; /* New subordinate gid range */
|
||||
-static unsigned long sub_gid_count;
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
static bool pw_locked = false;
|
||||
static bool gr_locked = false;
|
||||
@@ -239,7 +237,7 @@ static void open_shadow (void);
|
||||
static void faillog_reset (uid_t);
|
||||
static void lastlog_reset (uid_t);
|
||||
static void tallylog_reset (const char *);
|
||||
-static void usr_update (void);
|
||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
|
||||
static void create_home (void);
|
||||
static void create_mail (void);
|
||||
static void check_uid_range(int rflg, uid_t user_id);
|
||||
@@ -2118,7 +2116,7 @@ static void tallylog_reset (const char *
|
||||
* usr_update() creates the password file entries for this user
|
||||
* and will update the group entries if required.
|
||||
*/
|
||||
-static void usr_update (void)
|
||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
|
||||
{
|
||||
struct passwd pwent;
|
||||
struct spwd spent;
|
||||
@@ -2181,14 +2179,14 @@ static void usr_update (void)
|
||||
}
|
||||
#ifdef ENABLE_SUBIDS
|
||||
if (is_sub_uid &&
|
||||
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
|
||||
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to prepare the new %s entry\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
if (is_sub_gid &&
|
||||
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
|
||||
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to prepare the new %s entry\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
@@ -2484,9 +2482,9 @@ int main (int argc, char **argv)
|
||||
#ifdef ENABLE_SUBIDS
|
||||
uid_t uid_min;
|
||||
uid_t uid_max;
|
||||
+#endif
|
||||
unsigned long subuid_count;
|
||||
unsigned long subgid_count;
|
||||
-#endif
|
||||
|
||||
/*
|
||||
* Get my name so that I can use it to report errors.
|
||||
@@ -2688,16 +2686,16 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SUBIDS
|
||||
- if (is_sub_uid && sub_uid_count != 0) {
|
||||
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
|
||||
+ if (is_sub_uid && subuid_count != 0) {
|
||||
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: can't create subordinate user IDs\n"),
|
||||
Prog);
|
||||
fail_exit(E_SUB_UID_UPDATE);
|
||||
}
|
||||
}
|
||||
- if (is_sub_gid && sub_gid_count != 0) {
|
||||
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
|
||||
+ if (is_sub_gid && subgid_count != 0) {
|
||||
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: can't create subordinate group IDs\n"),
|
||||
Prog);
|
||||
@@ -2706,7 +2704,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
- usr_update ();
|
||||
+ usr_update (subuid_count, subgid_count);
|
||||
|
||||
if (mflg) {
|
||||
create_home ();
|
3
shadow-4.9.tar.xz
Normal file
3
shadow-4.9.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:feec1f2ce9c1b62798afd35a7d1b04cefdfa3a0a30ff3e75d6965ba8978c9144
|
||||
size 1627008
|
11
shadow-4.9.tar.xz.asc
Normal file
11
shadow-4.9.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAmD5+dkACgkQ6f7qBqhe
|
||||
P53Qywf/ShkcKvecTDRIrKUNJUTIlP8iywZ1NXypfdDKG/J63awMAGrKMZwOkLUS
|
||||
AnImsvyoW3+XDIhdkeJd1Kv+8JDEt3oJ0ifHjfpXl4FzOervb1ZKtRPUcoJzzpnJ
|
||||
Szt/7f3Sd0VfbItgf5F6jgMi7iDA/ZIqJTXeI0kEfVVL7DT681jVRjpnoURlrEq1
|
||||
6SmIyAul50VmZjLXq1xJ35uktr7VclnaRu17acax95e+oekP4sdNMaV5E5DSeq2N
|
||||
db7kKCu80+lPvtQpj22vOO2w15ActH6f5Ec3P7OG8jL125q3yZNebVoh8FKxmFsh
|
||||
PssfXu0TL50qH/p7qNEeihDLpwoI7g==
|
||||
=6MLu
|
||||
-----END PGP SIGNATURE-----
|
14
shadow-fix-sigabrt.patch
Normal file
14
shadow-fix-sigabrt.patch
Normal file
@ -0,0 +1,14 @@
|
||||
Upstream commit 4624e9fca1b02b64e25e8b2280a0186182ab73ba
|
||||
To fix SIGABRT: https://github.com/shadow-maint/shadow/issues/394
|
||||
Index: shadow-4.9/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/useradd.c
|
||||
+++ shadow-4.9/src/useradd.c
|
||||
@@ -420,7 +420,6 @@ static void get_defaults (void)
|
||||
} else {
|
||||
def_group = grp->gr_gid;
|
||||
def_gname = xstrdup (grp->gr_name);
|
||||
- gr_free(grp);
|
||||
}
|
||||
}
|
||||
|
17
shadow-libeconf-include.patch
Normal file
17
shadow-libeconf-include.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Include libeconf to newuidmap and newgidmap
|
||||
Upstream commit: c6847011e8b656adacd9a0d2a78418cad0de34cb
|
||||
Index: shadow-4.9/src/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/Makefile.am
|
||||
+++ shadow-4.9/src/Makefile.am
|
||||
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
|
||||
endif
|
||||
|
||||
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
||||
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
||||
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
||||
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
@ -66,13 +66,7 @@ if ! test -f shadow-login_defs-check-build/stamp ; then
|
||||
# In case of shadow, variables extraction is more complicated. The list
|
||||
# depends on configure options, so we have to perform a fake build and
|
||||
# extract variables from prepreocessed sources.
|
||||
patch <<EOF
|
||||
--- shadow.spec
|
||||
+++ shadow.spec
|
||||
@@ -133,1 +133,1 @@
|
||||
-make %{?_smp_mflags} V=1
|
||||
+make %{?_smp_mflags} V=1 -k CPPFLAGS="-E"
|
||||
EOF
|
||||
sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
|
||||
fi
|
||||
|
||||
osc build "$@" || :
|
||||
|
@ -14,7 +14,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -62,8 +65,8 @@ CONSOLE /etc/securetty
|
||||
@@ -52,8 +55,8 @@ CONSOLE /etc/securetty
|
||||
# If defined, ":" delimited list of "message of the day" files to
|
||||
# be displayed upon login.
|
||||
#
|
||||
@ -25,7 +25,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If set to "yes", login stops display content specified by MOTD_FILE after
|
||||
@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd
|
||||
@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
@ -36,7 +36,7 @@ Index: etc/login.defs
|
||||
|
||||
# If this variable is set to "yes", hostname will be suppressed in the
|
||||
# login: prompt.
|
||||
@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin
|
||||
@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin
|
||||
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
||||
# (and falback for login).
|
||||
#
|
||||
@ -49,7 +49,7 @@ Index: etc/login.defs
|
||||
|
||||
# If this variable is set to "yes" (default is "no"), su will always set
|
||||
# path. every su call will overwrite the PATH variable.
|
||||
@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
|
||||
@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
|
||||
# The recommended value is "yes". The default "no" behavior could have
|
||||
# a security implication in applications that use commands without path.
|
||||
#
|
||||
@ -58,7 +58,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no
|
||||
@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
@ -67,7 +67,16 @@ Index: etc/login.defs
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -167,8 +169,8 @@ PASS_WARN_AGE 7
|
||||
@@ -125,7 +128,7 @@
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
-#HOME_MODE 0700
|
||||
+HOME_MODE 0700
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
@@ -157,8 +160,8 @@ PASS_WARN_AGE 7
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
@ -78,7 +87,7 @@ Index: etc/login.defs
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536
|
||||
@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@ -89,7 +98,7 @@ Index: etc/login.defs
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536
|
||||
@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
@ -98,7 +107,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Max time in seconds for login(1)
|
||||
@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60
|
||||
@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -119,7 +128,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh
|
||||
@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
@ -128,7 +137,7 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde
|
||||
@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde
|
||||
#
|
||||
# This also enables userdel(8) to remove user groups if no members exist.
|
||||
#
|
||||
@ -137,19 +146,13 @@ Index: etc/login.defs
|
||||
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes
|
||||
@@ -344,7 +338,7 @@ USERGROUPS_ENAB yes
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
-#CREATE_HOME yes
|
||||
+CREATE_HOME no
|
||||
+CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
-#FORCE_SHADOW yes
|
||||
+FORCE_SHADOW no
|
||||
|
||||
#
|
||||
# User/group names must match the following regex expression.
|
||||
|
||||
|
@ -149,7 +149,7 @@ Index: etc/login.defs
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -206,28 +120,13 @@ UMASK 022
|
||||
@@ -211,28 +125,13 @@ UMASK 022
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
@ -178,7 +178,7 @@ Index: etc/login.defs
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
UID_MIN 1000
|
||||
@@ -264,28 +163,6 @@ LOGIN_RETRIES 5
|
||||
@@ -269,28 +168,6 @@ LOGIN_RETRIES 5
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
@ -207,7 +207,7 @@ Index: etc/login.defs
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
@@ -294,13 +171,6 @@ CHFN_AUTH yes
|
||||
@@ -299,13 +176,6 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
@ -221,8 +221,8 @@ Index: etc/login.defs
|
||||
# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh
|
||||
#BCRYPT_MAX_ROUNDS 13
|
||||
@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh
|
||||
#YESCRYPT_COST_FACTOR 5
|
||||
|
||||
#
|
||||
-# List of groups to add to the user's supplementary group set
|
||||
@ -239,7 +239,8 @@ Index: etc/login.defs
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
@@ -407,12 +266,6 @@ DEFAULT_HOME yes
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
#
|
||||
-# If this file exists and is readable, login environment will be
|
||||
|
21
shadow-passwd-handle-null.patch
Normal file
21
shadow-passwd-handle-null.patch
Normal file
@ -0,0 +1,21 @@
|
||||
Upstream commit: adb83f779618674e5e96e27e3d48559d62e2c410
|
||||
To fix: https://github.com/shadow-maint/shadow/pull/398
|
||||
Index: shadow-4.9/src/passwd.c
|
||||
===================================================================
|
||||
--- shadow-4.9.orig/src/passwd.c
|
||||
+++ shadow-4.9/src/passwd.c
|
||||
@@ -490,9 +490,12 @@ static void print_status (const struct p
|
||||
((long long)sp->sp_max * SCALE) / DAY,
|
||||
((long long)sp->sp_warn * SCALE) / DAY,
|
||||
((long long)sp->sp_inact * SCALE) / DAY);
|
||||
- } else {
|
||||
+ } else if (NULL != pw->pw_passwd) {
|
||||
(void) printf ("%s %s\n",
|
||||
- pw->pw_name, pw_status (pw->pw_passwd));
|
||||
+ pw->pw_name, pw_status (pw->pw_passwd));
|
||||
+ } else {
|
||||
+ (void) fprintf(stderr, _("%s: malformed password data obtained for user %s\n"),
|
||||
+ Prog, pw->pw_name);
|
||||
}
|
||||
}
|
||||
|
@ -113,7 +113,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -66,6 +66,7 @@ struct itemdef {
|
||||
@@ -67,6 +67,7 @@ struct itemdef {
|
||||
{"LOGIN_STRING", NULL}, \
|
||||
{"MAIL_CHECK_ENAB", NULL}, \
|
||||
{"MOTD_FILE", NULL}, \
|
||||
@ -121,7 +121,7 @@ Index: lib/getdef.c
|
||||
{"NOLOGINS_FILE", NULL}, \
|
||||
{"OBSCURE_CHECKS_ENAB", NULL}, \
|
||||
{"PASS_ALWAYS_WARN", NULL}, \
|
||||
@@ -80,6 +81,7 @@ struct itemdef {
|
||||
@@ -91,6 +92,7 @@ struct itemdef {
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
@ -129,7 +129,7 @@ Index: lib/getdef.c
|
||||
{"CHARACTER_CLASS", NULL},
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
@@ -88,6 +90,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -99,6 +101,7 @@ static struct itemdef def_table[] = {
|
||||
{"DEFAULT_HOME", NULL},
|
||||
{"ENCRYPT_METHOD", NULL},
|
||||
{"ENV_PATH", NULL},
|
||||
@ -137,7 +137,7 @@ Index: lib/getdef.c
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
@@ -99,6 +102,7 @@ static struct itemdef def_table[] = {
|
||||
@@ -110,6 +113,7 @@ static struct itemdef def_table[] = {
|
||||
{"KILLCHAR", NULL},
|
||||
{"LASTLOG_UID_MAX", NULL},
|
||||
{"LOGIN_RETRIES", NULL},
|
||||
|
@ -1,3 +1,86 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- bsc#1190146: Fix empty subid range
|
||||
Add shadow-4.9-useradd-subuid.patch
|
||||
https://github.com/shadow-maint/shadow/pull/399
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- bsc#1190145: Fix double free in gpasswd:
|
||||
Add shadow-4.9-sgent-free.patch upstreamed as
|
||||
https://github.com/shadow-maint/shadow/pull/417
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 7 15:08:19 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Fix shadow-login_defs-check.sh:
|
||||
In the last update we switched from calling make to %make_build
|
||||
macro. Using sed to adapt the spec file now.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 18 15:17:52 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- libsubid-devel: add missing requires for libsubid3
|
||||
- Remove README.changes-pwdutils, all distros you can upgrade from
|
||||
use already shadow
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 18 14:59:15 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
|
||||
be compatible with other Linux distros and the other tools
|
||||
creating user accounts in use on openSUSE. Set HOME_MODE to 700
|
||||
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
||||
|
||||
- Update to 4.9:
|
||||
* Updated translations
|
||||
* Major salt updates
|
||||
* Various coverity and cleanup fixes
|
||||
* Consistently use 0 to disable PASS_MIN_DAYS in man
|
||||
* Implement NSS support for subids and a libsubid
|
||||
* setfcap: retain setfcap when mapping uid 0
|
||||
* login.defs: include HMAC_CRYPTO_ALGO key
|
||||
* selinux fixes
|
||||
* Fix path prefix path handling
|
||||
* Manpage updates
|
||||
* Treat an empty passwd field as invalid(Haelwenn Monnier)
|
||||
* newxidmap: allow running under alternative gid
|
||||
* usermod: check that shell is executable
|
||||
* Add yescript support
|
||||
* useradd memleak fixes
|
||||
* useradd: use built-in settings by default
|
||||
* getdefs: add foreign
|
||||
* buffer overflow fixes
|
||||
* Adding run-parts style for pre and post useradd/del
|
||||
- Refresh:
|
||||
* shadow-login_defs-unused-by-pam.patch
|
||||
* userdel-script.patch
|
||||
* useradd-script.patch
|
||||
* chkname-regex.patch
|
||||
* useradd-default.patch: bbf4b79 stopped shipping default file.
|
||||
change group in code now.
|
||||
* shadow-login_defs-suse.patch
|
||||
* useradd-userkeleton.patch
|
||||
- Remove because upstreamed:
|
||||
* shadow-4.1.5.1-userdel-helpfix.patch
|
||||
* shadow-4.1.5.1-logmsg.patch
|
||||
- Add libsubid-build-fix.patch:
|
||||
See https://github.com/shadow-maint/shadow/issues/387
|
||||
- Add shadow-libeconf-include.patch:
|
||||
See c6847011e8b656adacd9a0d2a78418cad0de34cb
|
||||
- Add shadow-fix-sigabrt.patch:
|
||||
See https://github.com/shadow-maint/shadow/issues/394
|
||||
- Add shadow-passwd-handle-null.patch [bsc#1188307]:
|
||||
See https://github.com/shadow-maint/shadow/pull/398
|
||||
- Remove %{_sysconfdir}/default/useradd: file not shipped anymore
|
||||
- Remove --disable-shared: Dont need it anymore
|
||||
See https://github.com/shadow-maint/shadow/issues/336
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
@ -7,7 +90,7 @@ Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
||||
-------------------------------------------------------------------
|
||||
Sat Jun 5 13:38:52 UTC 2021 - Maurizio Galli <maurizio.galli@gmail.com>
|
||||
|
||||
- Enable shadowgrp so that we can set more secure group passwords
|
||||
- Enable shadowgrp so that we can set more secure group passwords
|
||||
using shadow.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
@ -54,7 +137,7 @@ Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de>
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 9 13:12:11 UTC 2020 - Dr. Werner Fink <werner@suse.de>
|
||||
|
||||
- Add support for /usr/etc/skel to useradd.local script (boo#1173321)
|
||||
- Add support for /usr/etc/skel to useradd.local script (boo#1173321)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 8 03:16:58 UTC 2020 - Stanislav Brabec <sbrabec@suse.com>
|
||||
@ -530,7 +613,7 @@ Tue Nov 13 17:31:50 CET 2012 - kukuk@suse.de
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 13 10:36:28 CET 2012 - kukuk@suse.de
|
||||
|
||||
- Fix default group value in /etc/default/useradd
|
||||
- Fix default group value in /etc/default/useradd
|
||||
(useradd-default.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
109
shadow.spec
109
shadow.spec
@ -21,23 +21,21 @@
|
||||
%else
|
||||
%define no_config 1
|
||||
%endif
|
||||
|
||||
Name: shadow
|
||||
Version: 4.8.1
|
||||
Version: 4.9
|
||||
Release: 0
|
||||
Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||
Group: System/Base
|
||||
URL: https://github.com/shadow-maint/shadow
|
||||
Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
|
||||
Source1: pamd.tar.bz2
|
||||
Source2: README.changes-pwdutils
|
||||
Source3: useradd.local
|
||||
Source4: userdel-pre.local
|
||||
Source5: userdel-post.local
|
||||
Source6: shadow.service
|
||||
Source7: shadow.timer
|
||||
Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source43: %{name}.keyring
|
||||
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
|
||||
Source44: shadow-login_defs-check.sh
|
||||
@ -53,40 +51,48 @@ Patch3: chkname-regex.patch
|
||||
Patch4: useradd-default.patch
|
||||
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
|
||||
Patch5: shadow-util-linux.patch
|
||||
# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brauner@mailbox.org -- Give a hint about what happens when you force the removal of a user.
|
||||
Patch6: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message.
|
||||
Patch7: shadow-4.1.5.1-logmsg.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
|
||||
Patch13: shadow-login_defs-comments.patch
|
||||
Patch6: shadow-login_defs-comments.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
|
||||
Patch14: shadow-login_defs-suse.patch
|
||||
Patch7: shadow-login_defs-suse.patch
|
||||
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
|
||||
Patch15: useradd-userkeleton.patch
|
||||
Patch8: useradd-userkeleton.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch20: disable_new_audit_function.patch
|
||||
Patch9: disable_new_audit_function.patch
|
||||
# PATCH-FIX-UPSTREAM libsubid-build-fix.patch mvetter@suse.de -- Fix build with libsubid (f4a84e, 537b8c, fa986b)
|
||||
Patch10: libsubid-build-fix.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-libeconf-include.patch mvetter@suse.de -- Include libeconf to new*idmap (c68470)
|
||||
Patch11: shadow-libeconf-include.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-fix-sigabrt.patch mvetter@suse.de -- Fix SIGABRT https://github.com/shadow-maint/shadow/issues/394
|
||||
Patch12: shadow-fix-sigabrt.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-passwd-handle-null.patch mvetter@suse.de -- Fix passwd NULL handling https://github.com/shadow-maint/shadow/pull/398
|
||||
Patch13: shadow-passwd-handle-null.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-4.9-sgent-free.patch mvetter@suse.de -- Fix double free (boo#1190145)
|
||||
Patch14: shadow-4.9-sgent-free.patch
|
||||
# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146)
|
||||
Patch15: shadow-4.9-useradd-subuid.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libattr-devel
|
||||
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
|
||||
%if 0%{?suse_version} >= 1550
|
||||
BuildRequires: libeconf-devel
|
||||
%endif
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: xz
|
||||
Requires: login_defs >= %{version}
|
||||
Requires(pre): group(root)
|
||||
Requires(pre): group(shadow)
|
||||
Requires(pre): permissions
|
||||
Requires(pre): user(root)
|
||||
Provides: pwdutils = 3.2.20
|
||||
Obsoletes: pwdutils <= 3.2.19
|
||||
Requires: login_defs >= %{version}
|
||||
Provides: useradd_or_adduser_dep
|
||||
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
|
||||
%if 0%{?suse_version} >= 1550
|
||||
BuildRequires: libeconf-devel
|
||||
%endif
|
||||
|
||||
%description
|
||||
This package includes the necessary programs for converting plain
|
||||
@ -94,21 +100,36 @@ password files to the shadow password format and to manage user and
|
||||
group accounts.
|
||||
|
||||
%package -n login_defs
|
||||
Summary: login.defs configuration file
|
||||
Group: System/Base
|
||||
BuildArch: noarch
|
||||
Summary: The login.defs configuration file
|
||||
# Virtual provides for supported variables in login.defs.
|
||||
# It prevents references to unknown variables.
|
||||
# Upgrade them only if shadow-util-linux.patch or
|
||||
# encryption_method_nis.patch has to be ported!
|
||||
# Call shadow-login_defs-check.sh before!
|
||||
Group: System/Base
|
||||
Provides: login_defs-support-for-pam = 1.3.1
|
||||
Provides: login_defs-support-for-util-linux = 2.36
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n login_defs
|
||||
This package contains the default login.defs configuration file
|
||||
as used by util-linux, pam and shadow.
|
||||
|
||||
%package -n libsubid3
|
||||
Summary: A library to manage subordinate uid and gid ranges
|
||||
Group: System/Base
|
||||
|
||||
%description -n libsubid3
|
||||
Utility library that provides a way to manage subid ranges.
|
||||
|
||||
%package -n libsubid-devel
|
||||
Summary: Development files for libsubid3
|
||||
Group: System/Base
|
||||
Requires: libsubid3 = %{version}
|
||||
|
||||
%description -n libsubid-devel
|
||||
Development files for libsubid3.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch0
|
||||
@ -119,12 +140,16 @@ as used by util-linux, pam and shadow.
|
||||
%patch5
|
||||
%patch6
|
||||
%patch7
|
||||
%patch13
|
||||
%patch14
|
||||
%patch15
|
||||
%patch8
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch20 -p1
|
||||
%patch9 -p1
|
||||
%endif
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
%patch12 -p1
|
||||
%patch13 -p1
|
||||
%patch14 -p1
|
||||
%patch15 -p1
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -145,14 +170,15 @@ autoreconf -fvi
|
||||
--with-nscd \
|
||||
--with-selinux \
|
||||
--without-libcrack \
|
||||
--disable-shared \
|
||||
--with-group-name-max-length=32 \
|
||||
--enable-vendordir=%{_distconfdir}
|
||||
make %{?_smp_mflags} V=1
|
||||
%make_build
|
||||
# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
|
||||
|
||||
%install
|
||||
cp %{SOURCE2} .
|
||||
%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
|
||||
%make_install -C man install-man
|
||||
|
||||
# install useradd.local, userdel.local, ...
|
||||
install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/
|
||||
@ -221,6 +247,8 @@ rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
|
||||
|
||||
rm -rf %{buildroot}%{_mandir}/{??,??_??}
|
||||
|
||||
rm %{buildroot}/%{_libdir}/libsubid.la
|
||||
|
||||
# Move /etc to /usr/etc
|
||||
if [ ! -d %{buildroot}%{_distconfdir} ]; then
|
||||
mkdir -p %{buildroot}%{_distconfdir}
|
||||
@ -233,11 +261,11 @@ fi
|
||||
%pre
|
||||
%service_add_pre shadow.service shadow.timer
|
||||
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
|
||||
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
||||
done
|
||||
|
||||
%pre -n login_defs
|
||||
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
|
||||
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
|
||||
|
||||
%post
|
||||
%set_permissions %{_bindir}/chage
|
||||
@ -273,7 +301,7 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
|
||||
%if %{defined no_config}
|
||||
# Migration to /usr/etc
|
||||
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
|
||||
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
||||
done
|
||||
%endif
|
||||
|
||||
@ -281,12 +309,14 @@ done
|
||||
# rpmsave file can be created by
|
||||
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
|
||||
# - Migration to /usr/etc (after SLE15 and Leap 15)
|
||||
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:
|
||||
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
|
||||
|
||||
%post -n libsubid3 -p /sbin/ldconfig
|
||||
%postun -n libsubid3 -p /sbin/ldconfig
|
||||
|
||||
%files -f shadow.lang
|
||||
%license COPYING
|
||||
%doc NEWS doc/HOWTO README README.changes-pwdutils
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
|
||||
%doc NEWS doc/HOWTO README
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
|
||||
%if %{defined no_config}
|
||||
@ -308,7 +338,6 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
|
||||
%config %{_sysconfdir}/pam.d/chfn
|
||||
%config %{_sysconfdir}/pam.d/chsh
|
||||
%config %{_sysconfdir}/pam.d/passwd
|
||||
%config %{_sysconfdir}/pam.d/useradd
|
||||
%config %{_sysconfdir}/pam.d/chpasswd
|
||||
%config %{_sysconfdir}/pam.d/groupadd
|
||||
%config %{_sysconfdir}/pam.d/groupdel
|
||||
@ -380,11 +409,19 @@ test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs
|
||||
|
||||
%files -n login_defs
|
||||
%if %{defined no_config}
|
||||
%dir /etc/login.defs.d
|
||||
%dir %{_sysconfdir}/login.defs.d
|
||||
%attr(0644,root,root) %{_distconfdir}/login.defs
|
||||
%else
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
|
||||
%endif
|
||||
%{_mandir}/man5/login.defs.5%{?ext_man}
|
||||
|
||||
%files -n libsubid3
|
||||
%{_libdir}/libsubid.so.*
|
||||
|
||||
%files -n libsubid-devel
|
||||
%dir %{_includedir}/shadow
|
||||
%{_includedir}/shadow/subid.h
|
||||
%{_libdir}/libsubid.so
|
||||
|
||||
%changelog
|
||||
|
@ -1,9 +1,13 @@
|
||||
--- etc/useradd
|
||||
+++ etc/useradd
|
||||
@@ -1,5 +1,5 @@
|
||||
# useradd defaults file
|
||||
-GROUP=1000
|
||||
+GROUP=100
|
||||
HOME=/home
|
||||
INACTIVE=-1
|
||||
EXPIRE=
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -101,7 +101,7 @@ FILE *shadow_logfd = NULL;
|
||||
/*
|
||||
* These defaults are used if there is no defaults file.
|
||||
*/
|
||||
-static gid_t def_group = 1000;
|
||||
+static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
static const char *def_shell = "/bin/bash";
|
||||
|
@ -4,10 +4,12 @@
|
||||
src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++-
|
||||
3 files changed, 48 insertions(+), 1 deletion(-)
|
||||
|
||||
--- etc/login.defs
|
||||
+++ etc/login.defs 2020-10-30 12:54:38.117849829 +0000
|
||||
@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh
|
||||
DEFAULT_HOME yes
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -266,6 +266,13 @@ DEFAULT_HOME yes
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
#
|
||||
+# If defined, this command is run when adding a user.
|
||||
@ -20,9 +22,11 @@
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c 2020-10-30 12:54:38.117849829 +0000
|
||||
@@ -134,6 +134,7 @@ static struct itemdef def_table[] = {
|
||||
Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -149,6 +149,7 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MAX", NULL},
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
@ -30,11 +34,13 @@
|
||||
{"USERDEL_CMD", NULL},
|
||||
{"USERDEL_PRECMD", NULL},
|
||||
{"USERDEL_POSTCMD", NULL},
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c 2020-10-30 13:08:17.378336989 +0000
|
||||
@@ -2238,6 +2238,44 @@ static void create_mail (void)
|
||||
}
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -2398,6 +2398,44 @@ static void check_uid_range(int rflg, ui
|
||||
|
||||
}
|
||||
/*
|
||||
+ * call_script - call a script to do some work
|
||||
+ *
|
||||
@ -77,7 +83,7 @@
|
||||
* main - useradd command
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
@@ -2514,6 +2552,7 @@ int main (int argc, char **argv)
|
||||
@@ -2691,6 +2729,7 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
|
@ -5,21 +5,11 @@ Copy also skeleton files from /usr/etc/skel (boo#1173321)
|
||||
src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 38 insertions(+)
|
||||
|
||||
Index: etc/useradd
|
||||
===================================================================
|
||||
--- etc/useradd.orig
|
||||
+++ etc/useradd
|
||||
@@ -5,4 +5,5 @@ INACTIVE=-1
|
||||
EXPIRE=
|
||||
SHELL=/bin/bash
|
||||
SKEL=/etc/skel
|
||||
+USRSKEL=/usr/etc/skel
|
||||
CREATE_MAIL_SPOOL=yes
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -78,6 +78,9 @@
|
||||
@@ -82,6 +82,9 @@
|
||||
#ifndef SKEL_DIR
|
||||
#define SKEL_DIR "/etc/skel"
|
||||
#endif
|
||||
@ -29,15 +19,15 @@ Index: src/useradd.c
|
||||
#ifndef USER_DEFAULTS_FILE
|
||||
#define USER_DEFAULTS_FILE "/etc/default/useradd"
|
||||
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
|
||||
@@ -101,6 +104,7 @@ static const char *def_gname = "other";
|
||||
@@ -106,6 +109,7 @@ static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
static const char *def_shell = "";
|
||||
static const char *def_shell = "/bin/bash";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
+static const char *def_usrtemplate = USRSKELDIR;
|
||||
static const char *def_create_mail_spool = "no";
|
||||
static const char *def_create_mail_spool = "yes";
|
||||
|
||||
static long def_inactive = -1;
|
||||
@@ -202,6 +206,7 @@ static bool home_added = false;
|
||||
@@ -208,6 +212,7 @@ static bool home_added = false;
|
||||
#define DINACT "INACTIVE="
|
||||
#define DEXPIRE "EXPIRE="
|
||||
#define DSKEL "SKEL="
|
||||
@ -45,7 +35,7 @@ Index: src/useradd.c
|
||||
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
|
||||
|
||||
/* local function prototypes */
|
||||
@@ -469,6 +474,29 @@ static void get_defaults (void)
|
||||
@@ -481,6 +486,29 @@ static void get_defaults (void)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -75,7 +65,7 @@ Index: src/useradd.c
|
||||
* Create by default user mail spool or not ?
|
||||
*/
|
||||
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
||||
@@ -500,6 +528,7 @@ static void show_defaults (void)
|
||||
@@ -512,6 +540,7 @@ static void show_defaults (void)
|
||||
printf ("EXPIRE=%s\n", def_expire);
|
||||
printf ("SHELL=%s\n", def_shell);
|
||||
printf ("SKEL=%s\n", def_template);
|
||||
@ -83,7 +73,7 @@ Index: src/useradd.c
|
||||
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
|
||||
}
|
||||
|
||||
@@ -526,6 +555,7 @@ static int set_defaults (void)
|
||||
@@ -538,6 +567,7 @@ static int set_defaults (void)
|
||||
bool out_expire = false;
|
||||
bool out_shell = false;
|
||||
bool out_skel = false;
|
||||
@ -91,7 +81,7 @@ Index: src/useradd.c
|
||||
bool out_create_mail_spool = false;
|
||||
size_t len;
|
||||
int ret = -1;
|
||||
@@ -620,6 +650,9 @@ static int set_defaults (void)
|
||||
@@ -632,6 +662,9 @@ static int set_defaults (void)
|
||||
} else if (!out_skel && MATCH (buf, DSKEL)) {
|
||||
fprintf (ofp, DSKEL "%s\n", def_template);
|
||||
out_skel = true;
|
||||
@ -101,7 +91,7 @@ Index: src/useradd.c
|
||||
} else if (!out_create_mail_spool
|
||||
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
|
||||
fprintf (ofp,
|
||||
@@ -649,6 +682,8 @@ static int set_defaults (void)
|
||||
@@ -661,6 +694,8 @@ static int set_defaults (void)
|
||||
fprintf (ofp, DSHELL "%s\n", def_shell);
|
||||
if (!out_skel)
|
||||
fprintf (ofp, DSKEL "%s\n", def_template);
|
||||
@ -110,7 +100,7 @@ Index: src/useradd.c
|
||||
|
||||
if (!out_create_mail_spool)
|
||||
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
|
||||
@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
|
||||
@@ -2679,6 +2714,8 @@ int main (int argc, char **argv)
|
||||
if (home_added) {
|
||||
copy_tree (def_template, prefix_user_home, false, false,
|
||||
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
|
@ -2,7 +2,7 @@ Index: lib/getdef.c
|
||||
===================================================================
|
||||
--- lib/getdef.c.orig
|
||||
+++ lib/getdef.c
|
||||
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
|
||||
@@ -150,6 +150,8 @@ static struct itemdef def_table[] = {
|
||||
{"UID_MIN", NULL},
|
||||
{"UMASK", NULL},
|
||||
{"USERDEL_CMD", NULL},
|
||||
@ -15,7 +15,7 @@ Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -216,9 +216,25 @@ DEFAULT_HOME yes
|
||||
@@ -270,9 +270,25 @@ NONEXISTENT /nonexistent
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
@ -45,7 +45,7 @@ Index: src/userdel.c
|
||||
===================================================================
|
||||
--- src/userdel.c.orig
|
||||
+++ src/userdel.c
|
||||
@@ -126,7 +126,7 @@ static void close_files (void);
|
||||
@@ -131,7 +131,7 @@ static void close_files (void);
|
||||
static void fail_exit (int);
|
||||
static void open_files (void);
|
||||
static void update_user (void);
|
||||
@ -54,7 +54,7 @@ Index: src/userdel.c
|
||||
|
||||
#ifdef EXTRA_CHECK_HOME_DIR
|
||||
static bool path_prefix (const char *, const char *);
|
||||
@@ -768,13 +768,13 @@ static void update_user (void)
|
||||
@@ -774,13 +774,13 @@ static void update_user (void)
|
||||
* cron, at, or print jobs.
|
||||
*/
|
||||
|
||||
@ -70,7 +70,7 @@ Index: src/userdel.c
|
||||
if (NULL == cmd) {
|
||||
return;
|
||||
}
|
||||
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
|
||||
@@ -1225,9 +1225,10 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
/*
|
||||
@ -83,7 +83,7 @@ Index: src/userdel.c
|
||||
open_files ();
|
||||
update_user ();
|
||||
update_groups ();
|
||||
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
|
||||
@@ -1348,7 +1349,7 @@ int main (int argc, char **argv)
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
if(prefix[0] == '\0')
|
||||
@ -91,8 +91,8 @@ Index: src/userdel.c
|
||||
+ call_script ("USERDEL_CMD", user_name);
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_TCB
|
||||
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
|
||||
if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) {
|
||||
@@ -1363,6 +1364,9 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user