Accepting request 459155 from home:jmoellers:branches:Base:System

OBS-URL: https://build.opensuse.org/request/show/459155
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=30

shadow.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Feb 20 07:28:24 UTC 2017 - josef.moellers@suse.com
+
+- useradd: call external program "/sbin/pam_tally2" to reset
+  failed login counter in "/var/log/tallylog"
+  (bsc#980486, useradd-clear-tallylog.patch)
+
 -------------------------------------------------------------------
 Wed Nov  2 07:41:51 UTC 2016 - meissner@suse.com
 

shadow.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -50,6 +50,8 @@ Patch13:        shadow-4.1.5.1-userdel-helpfix.patch
 Patch14:        shadow-4.2.1-defs-chroot.patch
 Patch15:        shadow-4.2.1-merge-group.patch
 Patch16:        Fix-user-busy-errors-at-userdel.patch
+Patch17:        useradd-clear-tallylog.patch
+
 Requires:       aaa_base
 BuildRequires:  audit-devel
 BuildRequires:  libacl-devel
@@ -86,6 +88,7 @@ group accounts.
 %patch14 -p0
 %patch15 -p0
 %patch16 -p0
+%patch17 -p1
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO

useradd-clear-tallylog.patch

@@ -0,0 +1,91 @@
+Index: shadow-4.2.1/src/useradd.c
+===================================================================
+--- shadow-4.2.1.orig/src/useradd.c
++++ shadow-4.2.1/src/useradd.c
+@@ -51,7 +51,9 @@
+ #include <string.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
++#include <sys/wait.h>
+ #include <time.h>
++#include <unistd.h>
+ #include "chkname.h"
+ #include "defines.h"
+ #include "faillog.h"
+@@ -213,6 +215,7 @@ static void open_files (void);
+ static void open_shadow (void);
+ static void faillog_reset (uid_t);
+ static void lastlog_reset (uid_t);
++static void tallylog_reset (char *);
+ static void usr_update (void);
+ static void create_home (void);
+ static void create_mail (void);
+@@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid)
+ 	}
+ }
+ 
++static void tallylog_reset (char *user_name)
++{
++	static const char pam_tally2[] = "/sbin/pam_tally2";
++	const char *pname;
++	pid_t childpid;
++	int failed;
++	int status;
++
++	if (access(pam_tally2, X_OK) == -1)
++		return;
++
++	failed = 0;
++	switch (childpid = fork())
++	{
++	case -1: /* error */
++		failed = 1;
++		break;
++	case 0: /* child */
++		pname = strrchr(pam_tally2, '/');
++		if (pname == NULL)
++			pname = pam_tally2;
++		else
++			pname++;        /* Skip the '/' */
++		execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL);
++		/* If we come here, something has gone terribly wrong */
++		perror(pam_tally2);
++		exit(42);	/* don't continue, we now have 2 processe running! */
++		/* NOTREACHED */
++		break;
++	default: /* parent */
++		if (waitpid(childpid, &status, 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
++			failed = 3;
++		break;
++	}
++
++	if (failed)
++	{
++		fprintf (stderr,
++		         _("%s: failed to reset the tallylog entry of user \"%s\"\n"),
++		         Prog, user_name);
++		SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name));
++	}
++
++	return;
++}
++
+ /*
+  * usr_update - create the user entries
+  *
+@@ -2286,6 +2335,15 @@ int main (int argc, char **argv)
+ 
+ 	close_files ();
+ 
++	/*
++	 * tallylog_reset needs to be able to lookup
++	 * a valid existing user name,
++	 * so we canot call it before close_files()
++	 */
++	if ((!lflg) && (getpwuid (user_id) != NULL)) {
++		tallylog_reset (user_name);
++	}
++
+ #ifdef WITH_SELINUX
+ 	if (Zflg) {
+ 		if (set_seuser (user_name, user_selinux) != 0) {