rpm/shadow
SHA256
1
0
Fork 0
forked from pool/shadow
Code Pull Requests Activity

Accepting request 398913 from home:jubalh

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/398913
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=21
This commit is contained in:
Michael Vetter 2016-05-30 10:38:25 +00:00 committed by Git OBS Bridge
parent 5d813f9f9f
commit b4a2128e54
22 changed files with 368 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Fix-user-busy-errors-at-userdel.patch Normal file
View File

@ -0,0 +1,42 @@
From 546e2ae44955510b06a922647796ec54744f10ce Mon Sep 17 00:00:00 2001
From: Bastian Blank <bastian.blank@credativ.de>
Date: Tue, 17 Nov 2015 10:52:24 -0600
Subject: [PATCH 17/17] Fix user busy errors at userdel
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
libmisc/user_busy.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- libmisc/user_busy.c
+++ libmisc/user_busy.c
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (stat ("/", &sbroot) != 0) {
perror ("stat (\"/\")");
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
return 0;
}
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (check_status (name, tmp_d_name, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
}
if (check_status (name, task_path+6, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);

91
chkname-regex.diff
View File

@ -1,91 +0,0 @@
--- lib/getdef.c
+++ lib/getdef.c 2012/09/26 14:14:15
@@ -51,6 +51,7 @@
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
--- libmisc/chkname.c
+++ libmisc/chkname.c 2012/09/27 12:32:18
@@ -43,31 +43,55 @@
#ident "$Id: chkname.c 2828 2009-04-28 19:14:05Z nekral-guest $"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
- return false;
- }
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result)
+ {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
- }
+ return false;
+ }
+
+ if (regexec (&reg, name, 0, NULL, 0) != 0)
+ return false;
- return true;
+ return true;
}
bool is_valid_user_name (const char *name)
@@ -96,4 +120,3 @@
return is_valid_name (name);
}
-

83
chkname-regex.patch Normal file
View File

@ -0,0 +1,83 @@
--- lib/getdef.c
+++ lib/getdef.c
@@ -51,6 +51,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
+ {"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
{"CONSOLE", NULL},
--- libmisc/chkname.c
+++ libmisc/chkname.c
@@ -43,30 +43,57 @@
#ident "$Id$"
#include <ctype.h>
+#include <regex.h>
#include "defines.h"
#include "chkname.h"
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ const char *class;
+ regex_t reg;
+ int result;
+ char *buf;
+
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
+ This is the POSIX portable character class. The $ at the end is
+ needed for SAMBA. But user can also specify something else in
+ /etc/login.defs. */
+ class = getdef_str ("CHARACTER_CLASS");
+ if (!class)
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
+
+ if (asprintf (&buf, "^%s$", class) < 0)
+ return -1;
+
+ memset (&reg, 0, sizeof (regex_t));
+ result = regcomp (&reg, buf, 0);
+ free (buf);
+
+ if (result) {
+ size_t length = regerror (result, &reg, NULL, 0);
+ char *buffer = malloc (length);
+ if (buffer == NULL)
+ fputs ("running out of memory!\n", stderr);
+
+ /* else
+ {
+ regerror (result, &reg, buffer, length);
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
+
+ regfree(&reg);
return false;
}
- while ('\0' != *++name) {
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
- ( ('0' <= *name) && ('9' >= *name) ) ||
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
- return false;
- }
+ if (regexec (&reg, name, 0, NULL, 0) != 0) {
+ regfree(&reg);
+ return false;
}
+ regfree(&reg);
return true;
}

4
encryption_method_nis.diff → encryption_method_nis.patch
View File

@ -1,6 +1,6 @@
--- lib/getdef.c --- lib/getdef.c
+++ lib/getdef.c 2013/11/12 13:44:01 +++ lib/getdef.c
@@ -57,6 +57,7 @@ @@ -58,6 +58,7 @@ static struct itemdef def_table[] = {
{"CREATE_HOME", NULL}, {"CREATE_HOME", NULL},
{"DEFAULT_HOME", NULL}, {"DEFAULT_HOME", NULL},
{"ENCRYPT_METHOD", NULL}, {"ENCRYPT_METHOD", NULL},

8
getdef-new-defs.diff → getdef-new-defs.patch
View File

@ -1,6 +1,6 @@
--- lib/getdef.c --- lib/getdef.c
+++ lib/getdef.c 2012/11/13 16:26:34 +++ lib/getdef.c
@@ -64,6 +64,7 @@ @@ -65,6 +65,7 @@ static struct itemdef def_table[] = {
{"FAKE_SHELL", NULL}, {"FAKE_SHELL", NULL},
{"GID_MAX", NULL}, {"GID_MAX", NULL},
{"GID_MIN", NULL}, {"GID_MIN", NULL},
@ -8,7 +8,7 @@
{"HUSHLOGIN_FILE", NULL}, {"HUSHLOGIN_FILE", NULL},
{"KILLCHAR", NULL}, {"KILLCHAR", NULL},
{"LOGIN_RETRIES", NULL}, {"LOGIN_RETRIES", NULL},
@@ -93,7 +94,10 @@ @@ -100,7 +101,10 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL}, {"UID_MAX", NULL},
{"UID_MIN", NULL}, {"UID_MIN", NULL},
{"UMASK", NULL}, {"UMASK", NULL},
@ -19,7 +19,7 @@
{"USERGROUPS_ENAB", NULL}, {"USERGROUPS_ENAB", NULL},
#ifndef USE_PAM #ifndef USE_PAM
{"CHFN_AUTH", NULL}, {"CHFN_AUTH", NULL},
@@ -129,6 +133,10 @@ @@ -136,6 +140,10 @@ static struct itemdef def_table[] = {
{"TCB_SYMLINKS", NULL}, {"TCB_SYMLINKS", NULL},
{"USE_TCB", NULL}, {"USE_TCB", NULL},
#endif #endif

31
shadow-4.1.5.1-audit-owner.patch Normal file
View File

@ -0,0 +1,31 @@
--- src/usermod.c
+++ src/usermod.c
@@ -1808,6 +1808,14 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
+
if (rename (user_home, user_newhome) == 0) {
/* FIXME: rename above may have broken symlinks
* pointing to the user's home directory
@@ -2254,6 +2262,13 @@ int main (int argc, char **argv)
* ownership.
*
*/
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
if (chown_tree (dflg ? user_newhome : user_home,
user_id,
uflg ? user_newid : (uid_t)-1,

7
shadow-4.1.5.1-backup-mode.patch
View File

@ -1,7 +1,6 @@
diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c --- lib/commonio.c
--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200 +++ lib/commonio.c
+++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200 @@ -301,15 +301,12 @@ static int create_backup (const char *backup, FILE * fp)
@@ -301,15 +301,12 @@ static int create_backup (const char *ba
struct utimbuf ub; struct utimbuf ub;
FILE *bkfp; FILE *bkfp;
int c; int c;

6
shadow-4.1.5.1-errmsg.patch
View File

@ -1,6 +1,6 @@
--- src/useradd.c --- src/useradd.c
+++ src/useradd.c 2013/09/17 12:30:31 +++ src/useradd.c
@@ -1759,6 +1759,9 @@ @@ -1896,6 +1896,9 @@ static void create_home (void)
if (access (user_home, F_OK) != 0) { if (access (user_home, F_OK) != 0) {
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
if (set_selinux_file_context (user_home) != 0) { if (set_selinux_file_context (user_home) != 0) {
@ -10,7 +10,7 @@
fail_exit (E_HOMEDIR); fail_exit (E_HOMEDIR);
} }
#endif #endif
@@ -1788,6 +1791,9 @@ @@ -1925,6 +1928,9 @@ static void create_home (void)
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
/* Reset SELinux to create files with default contexts */ /* Reset SELinux to create files with default contexts */
if (reset_selinux_file_context () != 0) { if (reset_selinux_file_context () != 0) {

7
shadow-4.1.5.1-logmsg.patch
View File

@ -1,7 +1,6 @@
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c --- src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100 +++ src/useradd.c
+++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100 @@ -320,7 +320,7 @@ static void fail_exit (int code)
@@ -275,7 +275,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID, user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE); SHADOW_AUDIT_FAILURE);
#endif #endif

16
shadow-4.1.5.1-manfix.patch
View File

@ -1,16 +1,6 @@
diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml --- man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-06-14 15:25:44.000000000 +0200 +++ man/useradd.8.xml
+++ shadow-4.1.5.1/man/useradd.8.xml 2013-07-19 07:33:53.768619759 +0200 @@ -351,7 +351,7 @@
@@ -161,7 +161,7 @@
</varlistentry>
<varlistentry>
<term>
- <option>-d</option>, <option>--home</option>
+ <option>-d</option>, <option>--home-dir</option>
<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
@@ -362,7 +362,7 @@
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term> <term>

14
shadow-4.1.5.1-userdel-helpfix.patch Normal file
View File

@ -0,0 +1,14 @@
--- src/userdel.c
+++ src/userdel.c
@@ -143,8 +143,9 @@ static void usage (int status)
"\n"
"Options:\n"),
Prog);
- (void) fputs (_(" -f, --force force removal of files,\n"
- " even if not owned by user\n"),
+ (void) fputs (_(" -f, --force force some actions that would fail otherwise\n"
+ " e.g. removal of user still logged in\n"
+ " or files, even if not owned by the user\n"),
usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);

3
shadow-4.1.5.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb
size 2193325

23
shadow-4.2.1-defs-chroot.patch Normal file
View File

@ -0,0 +1,23 @@
--- src/useradd.c
+++ src/useradd.c
@@ -2054,8 +2054,8 @@ int main (int argc, char **argv)
#endif /* ACCT_TOOLS_SETUID */
/* Needed for userns check */
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ uid_t uid_min;
+ uid_t uid_max;
/*
* Get my name so that I can use it to report errors.
@@ -2073,6 +2073,9 @@ int main (int argc, char **argv)
audit_help_open ();
#endif
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
/*

12
shadow-4.2.1-merge-group.patch Normal file
View File

@ -0,0 +1,12 @@
--- lib/groupio.c
+++ lib/groupio.c
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
errno = ENOMEM;
return NULL;
}
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
- new_line[new_line_len] = '\0';
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
/* Concatenate the 2 list of members */
for (i=0; NULL != gptr1->gr_mem[i]; i++);

3
shadow-4.2.1.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41
size 1594536

108
shadow-login_defs.diff → shadow-login_defs.patch
View File

@ -1,31 +1,31 @@
--- etc/login.defs --- etc/login.defs
+++ etc/login.defs 2013/02/05 12:16:54 +++ etc/login.defs
@@ -1,8 +1,6 @@ @@ -1,8 +1,5 @@
# #
# /etc/login.defs - Configuration control definitions for the shadow package. # /etc/login.defs - Configuration control definitions for the shadow package.
# -#
-# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $ -# $Id$
-# -#
# #
# Delay in seconds before being allowed another attempt after a login failure # Delay in seconds before being allowed another attempt after a login failure
@@ -12,11 +10,6 @@ @@ -12,11 +9,6 @@
FAIL_DELAY 3 FAIL_DELAY 3
# #
-# Enable logging and display of /var/log/faillog login failure info. -# Enable logging and display of /var/log/faillog login(1) failure info.
-# -#
-FAILLOG_ENAB yes -FAILLOG_ENAB yes
- -
-# -#
# Enable display of unknown usernames when login failures are recorded. # Enable display of unknown usernames when login(1) failures are recorded.
# #
LOG_UNKFAIL_ENAB no LOG_UNKFAIL_ENAB no
@@ -27,34 +20,6 @@ @@ -27,34 +19,6 @@ LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no LOG_OK_LOGINS no
# #
-# Enable logging and display of /var/log/lastlog login time info. -# Enable logging and display of /var/log/lastlog login(1) time info.
-# -#
-LASTLOG_ENAB yes -LASTLOG_ENAB yes
- -
@ -48,45 +48,45 @@
-PORTTIME_CHECKS_ENAB yes -PORTTIME_CHECKS_ENAB yes
- -
-# -#
-# Enable setting of ulimit, umask, and niceness from passwd gecos field. -# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
-# -#
-QUOTAS_ENAB yes -QUOTAS_ENAB yes
- -
-# -#
# Enable "syslog" logging of su activity - in addition to sulog file logging. # Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp and sg. # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
# #
@@ -82,75 +47,31 @@ @@ -82,75 +46,31 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
# #
-# If defined, this file will be output before each login prompt. -# If defined, this file will be output before each login(1) prompt.
-# -#
-#ISSUE_FILE /etc/issue -#ISSUE_FILE /etc/issue
- -
-# -#
# If defined, file which maps tty line to TERM environment parameter. # If defined, file which maps tty line to TERM environment parameter.
# Each line of the file is in a format something like "vt100 tty01". # Each line of the file is in a format similar to "vt100 tty01".
# #
#TTYTYPE_FILE /etc/ttytype #TTYTYPE_FILE /etc/ttytype
# #
-# If defined, login failures will be logged here in a utmp format. -# If defined, login(1) failures will be logged here in a utmp format.
-# last, when invoked as lastb, will read /var/log/btmp, so... -# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
-# -#
-FTMP_FILE /var/log/btmp -FTMP_FILE /var/log/btmp
- -
-# -#
-# If defined, name of file whose presence which will inhibit non-root -# If defined, name of file whose presence will inhibit non-root
-# logins. The contents of this file should be a message indicating -# logins. The content of this file should be a message indicating
-# why logins are inhibited. -# why logins are inhibited.
-# -#
-NOLOGINS_FILE /etc/nologin -NOLOGINS_FILE /etc/nologin
- -
-# -#
-# If defined, the command name to display when running "su -". For -# If defined, the command name to display when running "su -". For
-# example, if this is defined as "su" then a "ps" will display the -# example, if this is defined as "su" then ps(1) will display the
-# command is "-su". If not defined, then "ps" would display the -# command as "-su". If not defined, then ps(1) will display the
-# name of the shell actually being run, e.g. something like "-sh". -# name of the shell actually being run, e.g. something like "-sh".
-# -#
-SU_NAME su -SU_NAME su
@ -122,7 +122,7 @@
-ENV_HZ HZ=100 -ENV_HZ HZ=100
-# For Linux/Alpha... -# For Linux/Alpha...
-#ENV_HZ HZ=1024 -#ENV_HZ HZ=1024
+#HUSHLOGIN_FILE .hushlogin +# HUSHLOGIN_FILE .hushlogin
+HUSHLOGIN_FILE /etc/hushlogins +HUSHLOGIN_FILE /etc/hushlogins
# #
@ -140,8 +140,8 @@
# #
# Terminal permissions # Terminal permissions
@@ -164,24 +85,20 @@ @@ -164,24 +84,20 @@ ENV_PATH PATH=/bin:/usr/bin
# TTYPERM to either 622 or 600. # set TTYPERM to either 622 or 600.
# #
TTYGROUP tty TTYGROUP tty
-TTYPERM 0600 -TTYPERM 0600
@ -164,9 +164,9 @@
KILLCHAR 025 KILLCHAR 025
-#ULIMIT 2097152 -#ULIMIT 2097152
# Default initial "umask" value used by login on non-PAM enabled systems. # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask on PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -197,49 +114,44 @@ @@ -197,35 +113,25 @@ UMASK 022
# #
# PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes. # PASS_MIN_DAYS Minimum number of days allowed between password changes.
@ -187,12 +187,12 @@
-SU_WHEEL_ONLY no -SU_WHEEL_ONLY no
- -
-# -#
-# If compiled with cracklib support, where are the dictionaries -# If compiled with cracklib support, sets the path to the dictionaries
-# -#
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict -CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
- -
-# -#
# Min/max values for automatic uid selection in useradd # Min/max values for automatic uid selection in useradd(8)
# #
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for +# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
+# UIDs for dynamically allocated administrative and system accounts. +# UIDs for dynamically allocated administrative and system accounts.
@ -206,9 +206,12 @@
-SYS_UID_MAX 999 -SYS_UID_MAX 999
+SYS_UID_MIN 100 +SYS_UID_MIN 100
+SYS_UID_MAX 499 +SYS_UID_MAX 499
# Extra per user uids
SUB_UID_MIN 100000
SUB_UID_MAX 600100000
@@ -234,11 +140,16 @@ SUB_UID_COUNT 65536
# #
# Min/max values for automatic gid selection in groupadd # Min/max values for automatic gid selection in groupadd(8)
# #
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for +# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
+# GIDs for dynamically allocated administrative and system groups. +# GIDs for dynamically allocated administrative and system groups.
@ -222,16 +225,19 @@
-SYS_GID_MAX 999 -SYS_GID_MAX 999
+SYS_GID_MIN 100 +SYS_GID_MIN 100
+SYS_GID_MAX 499 +SYS_GID_MAX 499
# Extra per user group ids
SUB_GID_MIN 100000
SUB_GID_MAX 600100000
@@ -247,7 +158,7 @@ SUB_GID_COUNT 65536
# #
# Max number of login retries if password is bad # Max number of login(1) retries if password is bad
# #
-LOGIN_RETRIES 5 -LOGIN_RETRIES 5
+LOGIN_RETRIES 3 +LOGIN_RETRIES 3
# #
# Max time in seconds for login # Max time in seconds for login(1)
@@ -247,28 +159,6 @@ @@ -255,28 +166,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60 LOGIN_TIMEOUT 60
# #
@ -252,15 +258,15 @@
-#PASS_MAX_LEN 8 -#PASS_MAX_LEN 8
- -
-# -#
-# Require password before chfn/chsh can make any changes. -# Require password before chfn(1)/chsh(1) can make any changes.
-# -#
-CHFN_AUTH yes -CHFN_AUTH yes
- -
-# -#
# Which fields may be changed by regular users using chfn - use # Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work # any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed. # phone, home phone). If not defined, no changes are allowed.
@@ -277,29 +167,6 @@ @@ -285,28 +174,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh CHFN_RESTRICT rwh
# #
@ -281,16 +287,15 @@
-# Note: If you use PAM, it is recommended to use a value consistent with -# Note: If you use PAM, it is recommended to use a value consistent with
-# the PAM modules configuration. -# the PAM modules configuration.
-# -#
-# This variable is deprecated. You should use ENCRYPT_METHOD. -# This variable is deprecated. You should use ENCRYPT_METHOD instead.
-# -#
-#MD5_CRYPT_ENAB no -#MD5_CRYPT_ENAB no
- -
-# -#
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined: # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
# If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password @@ -317,7 +184,8 @@ CHFN_RESTRICT rwh
@@ -309,7 +176,8 @@
# Note: If you use PAM, it is recommended to use a value consistent with # Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration. # the PAM modules configuration.
# #
@ -300,7 +305,7 @@
# #
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -345,16 +212,12 @@ @@ -353,16 +221,12 @@ CHFN_RESTRICT rwh
DEFAULT_HOME yes DEFAULT_HOME yes
# #
@ -319,18 +324,18 @@
#USERDEL_CMD /usr/sbin/userdel_local #USERDEL_CMD /usr/sbin/userdel_local
# #
@@ -364,7 +227,7 @@ @@ -372,7 +236,7 @@ ENVIRON_FILE /etc/environment
# #
# This also enables userdel to remove user groups if no members exist. # This also enables userdel(8) to remove user groups if no members exist.
# #
-USERGROUPS_ENAB yes -USERGROUPS_ENAB yes
+USERGROUPS_ENAB no +USERGROUPS_ENAB no
# #
# If set to a non-nul number, the shadow utilities will make sure that # If set to a non-zero number, the shadow utilities will make sure that
@@ -383,5 +246,41 @@ @@ -391,5 +255,40 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd command # This option is overridden with the -M or -m flags on the useradd(8)
# line. # command-line.
# #
-#CREATE_HOME yes -#CREATE_HOME yes
+CREATE_HOME no +CREATE_HOME no
@ -342,7 +347,7 @@
+# +#
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
+
+# +#
+# If defined, this command is run when adding a group. +# If defined, this command is run when adding a group.
+# It should rebuild any NIS database etc. to add the +# It should rebuild any NIS database etc. to add the
@ -370,4 +375,3 @@
+# account from it. +# account from it.
+# +#
+USERDEL_POSTCMD /usr/sbin/userdel-post.local +USERDEL_POSTCMD /usr/sbin/userdel-post.local

39
shadow.changes
View File

@ -1,3 +1,42 @@
-------------------------------------------------------------------
Mon May 30 09:41:55 UTC 2016 - mvetter@suse.com
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
Remove the files used to circumvent the check.
- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.secure
* shadow-subids.paranoid
-------------------------------------------------------------------
Thu May 19 12:28:47 UTC 2016 - christian.brauner@mailbox.org
- Update to shadow-4.2.1:
- add support for subuids/subgids via newuidmap/newgidmap
- Rename chkname-regex.diff to chkname-regex.patch
- Rename encryption_method_nis.diff to encryption_method_nis.patch
- Rename getdef-new-defs.diff to getdef-new-defs.patch
- Rename shadow-login_defs.diff to shadow-login_defs.patch
- Rename userdel-scripts.diff to userdel-script.patch
- Rename useradd-script.diff to useradd-script.patch
- Rename useradd-default.diff to useradd-default.patch
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
- Add fixes from Red Hat/Fedora:
- shadow-4.1.5.1-audit-owner.patch.patch:
- log owner changes for home directory
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
- give a hint about what happens when you force the removal of a user
- shadow-4.2.1-defs-chroot.patch.patch:
- initialize uid_t uid_min and uid_t uid_max not before we need them
- shadow-4.2.1-merge-group.patch.patch:
- simplify by using a single call to snprintf()
- Add upstream fix
- Fix-user-busy-errors-at-userdel.patch:
- call sub_uid_close()
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com

48
shadow.spec
View File

@ -20,10 +20,10 @@ Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause and GPL-2.0+ License: BSD-3-Clause and GPL-2.0+
Group: System/Base Group: System/Base
Name: shadow Name: shadow
Version: 4.1.5.1 Version: 4.2.1
Release: 0 Release: 0
Url: http://pkg-shadow.alioth.debian.org/ Url: http://pkg-shadow.alioth.debian.org/
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
Source1: pamd.tar.bz2 Source1: pamd.tar.bz2
Source2: README.changes-pwdutils Source2: README.changes-pwdutils
Source3: useradd.local Source3: useradd.local
@ -31,18 +31,23 @@ Source4: userdel-pre.local
Source5: userdel-post.local Source5: userdel-post.local
Source6: shadow.service Source6: shadow.service
Source7: shadow.timer Source7: shadow.timer
Patch: shadow-login_defs.diff Patch: shadow-login_defs.patch
Patch1: userdel-scripts.diff Patch1: userdel-script.patch
Patch2: useradd-script.diff Patch2: useradd-script.patch
Patch3: chkname-regex.diff Patch3: chkname-regex.patch
Patch4: useradd-default.diff Patch4: useradd-default.patch
Patch5: getdef-new-defs.diff Patch5: getdef-new-defs.patch
Patch6: shadow-4.1.5.1-manfix.patch Patch6: shadow-4.1.5.1-manfix.patch
Patch7: shadow-4.1.5.1-logmsg.patch Patch7: shadow-4.1.5.1-logmsg.patch
Patch8: shadow-4.1.5.1-errmsg.patch Patch8: shadow-4.1.5.1-errmsg.patch
Patch9: shadow-4.1.5.1-backup-mode.patch Patch9: shadow-4.1.5.1-backup-mode.patch
Patch10: encryption_method_nis.diff Patch10: encryption_method_nis.patch
Patch11: useradd-mkdirs.diff Patch11: useradd-mkdirs.patch
Patch12: shadow-4.1.5.1-audit-owner.patch
Patch13: shadow-4.1.5.1-userdel-helpfix.patch
Patch14: shadow-4.2.1-defs-chroot.patch
Patch15: shadow-4.2.1-merge-group.patch
Patch16: Fix-user-busy-errors-at-userdel.patch
BuildRequires: audit-devel BuildRequires: audit-devel
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: libattr-devel BuildRequires: libattr-devel
@ -67,12 +72,17 @@ group accounts.
%patch3 -p0 %patch3 -p0
%patch4 -p0 %patch4 -p0
%patch5 -p0 %patch5 -p0
%patch6 -p1 %patch6 -p0
%patch7 -p1 %patch7 -p0
%patch8 -p0 %patch8 -p0
%patch9 -p1 %patch9 -p0
%patch10 -p0 %patch10 -p0
%patch11 -p1 %patch11 -p0
%patch12 -p0
%patch13 -p0
%patch14 -p0
%patch15 -p0
%patch16 -p0
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO mv -v doc/HOWTO.utf8 doc/HOWTO
@ -181,6 +191,8 @@ rm -rf $RPM_BUILD_ROOT
%set_permissions /usr/bin/gpasswd %set_permissions /usr/bin/gpasswd
%set_permissions /usr/bin/newgrp %set_permissions /usr/bin/newgrp
%set_permissions /usr/bin/passwd %set_permissions /usr/bin/passwd
%set_permissions /usr/bin/newgidmap
%set_permissions /usr/bin/newuidmap
%service_add_post shadow.service shadow.timer %service_add_post shadow.service shadow.timer
@ -192,6 +204,8 @@ rm -rf $RPM_BUILD_ROOT
%verify_permissions /usr/bin/gpasswd %verify_permissions /usr/bin/gpasswd
%verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/newgrp
%verify_permissions /usr/bin/passwd %verify_permissions /usr/bin/passwd
%verify_permissions /usr/bin/newgidmap
%verify_permissions /usr/bin/newuidmap
%preun %preun
%service_del_preun shadow.service shadow.timer %service_del_preun shadow.service shadow.timer
@ -225,6 +239,8 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/lastlog %{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp %attr(4755,root,root) %{_bindir}/newgrp
%attr(4755,root,shadow) %{_bindir}/passwd %attr(4755,root,shadow) %{_bindir}/passwd
%attr(0755,root,shadow) %{_bindir}/newgidmap
%attr(0755,root,shadow) %{_bindir}/newuidmap
%{_bindir}/sg %{_bindir}/sg
%{_sbindir}/groupadd %{_sbindir}/groupadd
%{_sbindir}/groupdel %{_sbindir}/groupdel
@ -268,6 +284,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/usermod.8* %{_mandir}/man8/usermod.8*
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%{_mandir}/man8/vipw.8* %{_mandir}/man8/vipw.8*
%{_mandir}/man5/subuid.5*
%{_mandir}/man5/subgid.5*
%{_mandir}/man1/newgidmap.1*
%{_mandir}/man1/newuidmap.1*
%{_unitdir}/* %{_unitdir}/*

2
useradd-default.diff → useradd-default.patch
View File

@ -1,5 +1,5 @@
--- etc/useradd --- etc/useradd
+++ etc/useradd 2012/11/13 09:29:57 +++ etc/useradd
@@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
# useradd defaults file # useradd defaults file
-GROUP=1000 -GROUP=1000

10
useradd-mkdirs.diff → useradd-mkdirs.patch
View File

@ -1,8 +1,6 @@
diff --git a/src/useradd.c b/src/useradd.c --- src/useradd.c
index fa93853..a9f8caa 100644 +++ src/useradd.c
--- a/src/useradd.c @@ -1894,6 +1894,13 @@ static void usr_update (void)
+++ b/src/useradd.c
@@ -1757,6 +1757,13 @@ static void usr_update (void)
static void create_home (void) static void create_home (void)
{ {
if (access (user_home, F_OK) != 0) { if (access (user_home, F_OK) != 0) {
@ -16,7 +14,7 @@ index fa93853..a9f8caa 100644
#ifdef WITH_SELINUX #ifdef WITH_SELINUX
if (set_selinux_file_context (user_home) != 0) { if (set_selinux_file_context (user_home) != 0) {
fprintf (stderr, fprintf (stderr,
@@ -1765,19 +1772,42 @@ static void create_home (void) @@ -1902,19 +1909,42 @@ static void create_home (void)
fail_exit (E_HOMEDIR); fail_exit (E_HOMEDIR);
} }
#endif #endif

6
useradd-script.diff → useradd-script.patch
View File

@ -1,6 +1,6 @@
--- src/useradd.c --- src/useradd.c
+++ src/useradd.c 2012/09/26 13:06:50 +++ src/useradd.c
@@ -1845,6 +1845,30 @@ @@ -1982,6 +1982,30 @@ static void create_mail (void)
} }
/* /*
@ -31,7 +31,7 @@
* main - useradd command * main - useradd command
*/ */
int main (int argc, char **argv) int main (int argc, char **argv)
@@ -2076,6 +2100,7 @@ @@ -2242,6 +2266,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");
nscd_flush_cache ("group"); nscd_flush_cache ("group");

10
userdel-scripts.diff → userdel-script.patch
View File

@ -1,6 +1,6 @@
--- src/userdel.c --- src/userdel.c
+++ src/userdel.c 2012/09/25 13:46:38 +++ src/userdel.c
@@ -635,13 +635,13 @@ @@ -762,13 +762,13 @@ static void update_user (void)
* cron, at, or print jobs. * cron, at, or print jobs.
*/ */
@ -16,7 +16,7 @@
if (NULL == cmd) { if (NULL == cmd) {
return; return;
} }
@@ -1032,9 +1032,10 @@ @@ -1163,9 +1163,10 @@ int main (int argc, char **argv)
} }
/* /*
@ -29,7 +29,7 @@
open_files (); open_files ();
update_user (); update_user ();
update_groups (); update_groups ();
@@ -1137,7 +1138,7 @@ @@ -1268,7 +1269,7 @@ int main (int argc, char **argv)
* Cancel any crontabs or at jobs. Have to do this before we remove * Cancel any crontabs or at jobs. Have to do this before we remove
* the entry from /etc/passwd. * the entry from /etc/passwd.
*/ */
@ -38,7 +38,7 @@
close_files (); close_files ();
#ifdef WITH_TCB #ifdef WITH_TCB
@@ -1147,6 +1148,8 @@ @@ -1278,6 +1279,8 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd"); nscd_flush_cache ("passwd");
nscd_flush_cache ("group"); nscd_flush_cache ("group");