SHA256
1
0
forked from pool/shadow

Accepting request 872327 from Base:System

OBS-URL: https://build.opensuse.org/request/show/872327
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=42
This commit is contained in:
Dominique Leuenberger 2021-04-15 14:56:33 +00:00 committed by Git OBS Bridge
commit c2abc15313
4 changed files with 238 additions and 29 deletions

View File

@ -1,3 +1,29 @@
-------------------------------------------------------------------
Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
- Do not require libeconf-devel on products without /usr/etc.
-------------------------------------------------------------------
Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
- Split login.defs configuration file into own sub-package, which
allows to install util-linux or pam on small embedded/edge
systems or container without the need to pull in the full shadow
suite.
-------------------------------------------------------------------
Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt <fvogt@suse.com>
- Amend patches/useradd-userkeleton.patch to also write into
existing directories and prefer files from /etc
-------------------------------------------------------------------
Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink <werner@suse.de>
- Add patch useradd-userkeleton.patch to extend original C code
of useradd to handle /usr/etc/skel (boo#1173321)
- Remove /usr/etc/skel support in useradd.local script
-------------------------------------------------------------------
Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de>
@ -169,7 +195,7 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Fix segfault in useradd (bsc#1141113, Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
@ -186,6 +212,9 @@ Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
upstreamed https://github.com/shadow-maint/shadow/pull/112
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
upstreamed https://github.com/shadow-maint/shadow/issues/110
- Remove shadow-4.6-bsc1141113-useradd-segfault.patch
(SLE15 SP3 and openSUSE Leap 15.3 only)
upstreamed https://github.com/shadow-maint/shadow/issues/125
- Rebase userdel-script.patch
- Rebase useradd-script.patch
- Rebase shadow-util-linux.patch

View File

@ -1,7 +1,7 @@
#
# spec file for package shadow
#
# Copyright (c) 2020 SUSE LLC
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -61,6 +61,8 @@ Patch7: shadow-4.1.5.1-logmsg.patch
Patch13: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
# PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321)
Patch15: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
BuildRequires: audit-devel > 2.3
@ -68,7 +70,10 @@ BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libacl-devel
BuildRequires: libattr-devel
# It should be %%if %%{defined no_config}, but OBS cannot handle it:
%if 0%{?suse_version} >= 1550
BuildRequires: libeconf-devel
%endif
BuildRequires: libselinux-devel
BuildRequires: libsemanage-devel
BuildRequires: libtool
@ -80,6 +85,18 @@ Requires(pre): permissions
Requires(pre): user(root)
Provides: pwdutils = 3.2.20
Obsoletes: pwdutils <= 3.2.19
Requires: login_defs >= %{version}
Provides: useradd_or_adduser_dep
%description
This package includes the necessary programs for converting plain
password files to the shadow password format and to manage user and
group accounts.
%package -n login_defs
Summary: login.defs configuration file
Group: System/Base
BuildArch: noarch
# Virtual provides for supported variables in login.defs.
# It prevents references to unknown variables.
# Upgrade them only if shadow-util-linux.patch or
@ -87,12 +104,10 @@ Obsoletes: pwdutils <= 3.2.19
# Call shadow-login_defs-check.sh before!
Provides: login_defs-support-for-pam = 1.3.1
Provides: login_defs-support-for-util-linux = 2.36
Provides: useradd_or_adduser_dep
%description
This package includes the necessary programs for converting plain
password files to the shadow password format and to manage user and
group accounts.
%description -n login_defs
This package contains the default login.defs configuration file
as used by util-linux, pam and shadow.
%prep
%setup -q -a 1
@ -106,6 +121,7 @@ group accounts.
%patch7
%patch13
%patch14
%patch15
%if 0%{?suse_version} < 1330
%patch20 -p1
%endif
@ -215,10 +231,13 @@ fi
%pre
%service_add_pre shadow.service shadow.timer
for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
done
%pre -n login_defs
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:
%post
%set_permissions %{_bindir}/chage
%set_permissions %{_bindir}/chfn
@ -250,19 +269,22 @@ done
%service_del_postun shadow.service shadow.timer
%posttrans
%if %{defined no_config}
# Migration to /usr/etc
for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
done
%endif
%posttrans -n login_defs
# rpmsave file can be created by
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
# - Migration to /usr/etc (after SLE15 and Leap 15)
test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:
%files -f shadow.lang
%license COPYING
%doc NEWS doc/HOWTO README README.changes-pwdutils
%if %{defined no_config}
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
@ -332,7 +354,6 @@ done
%{_mandir}/man1/passwd.1%{?ext_man}
%{_mandir}/man1/sg.1%{?ext_man}
%{_mandir}/man3/shadow.3%{?ext_man}
%{_mandir}/man5/login.defs.5%{?ext_man}
%{_mandir}/man5/shadow.5%{?ext_man}
%{_mandir}/man8/chpasswd.8%{?ext_man}
%{_mandir}/man8/groupadd.8%{?ext_man}
@ -356,4 +377,12 @@ done
%{_unitdir}/*
%files -n login_defs
%if %{defined no_config}
%attr(0644,root,root) %{_distconfdir}/login.defs
%else
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
%endif
%{_mandir}/man5/login.defs.5%{?ext_man}
%changelog

165
useradd-userkeleton.patch Normal file
View File

@ -0,0 +1,165 @@
Copy also skeleton files from /usr/etc/skel (boo#1173321)
---
etc/useradd | 1 +
src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++
2 files changed, 38 insertions(+)
Index: etc/useradd
===================================================================
--- etc/useradd.orig
+++ etc/useradd
@@ -5,4 +5,5 @@ INACTIVE=-1
EXPIRE=
SHELL=/bin/bash
SKEL=/etc/skel
+USRSKEL=/usr/etc/skel
CREATE_MAIL_SPOOL=yes
Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -78,6 +78,9 @@
#ifndef SKEL_DIR
#define SKEL_DIR "/etc/skel"
#endif
+#ifndef USRSKELDIR
+#define USRSKELDIR "/usr/etc/skel"
+#endif
#ifndef USER_DEFAULTS_FILE
#define USER_DEFAULTS_FILE "/etc/default/useradd"
#define NEW_USER_FILE "/etc/default/nuaddXXXXXX"
@@ -101,6 +104,7 @@ static const char *def_gname = "other";
static const char *def_home = "/home";
static const char *def_shell = "";
static const char *def_template = SKEL_DIR;
+static const char *def_usrtemplate = USRSKELDIR;
static const char *def_create_mail_spool = "no";
static long def_inactive = -1;
@@ -202,6 +206,7 @@ static bool home_added = false;
#define DINACT "INACTIVE="
#define DEXPIRE "EXPIRE="
#define DSKEL "SKEL="
+#define DUSRSKEL "USRSKEL="
#define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL="
/* local function prototypes */
@@ -469,6 +474,29 @@ static void get_defaults (void)
}
/*
+ * Default Usr Skeleton information
+ */
+ else if (MATCH (buf, DUSRSKEL)) {
+ if ('\0' == *cp) {
+ cp = USRSKELDIR; /* XXX warning: const */
+ }
+
+ if(prefix[0]) {
+ size_t len;
+ int wlen;
+ char* _def_usrtemplate; /* avoid const warning */
+
+ len = strlen(prefix) + strlen(cp) + 2;
+ _def_usrtemplate = xmalloc(len);
+ wlen = snprintf(_def_usrtemplate, len, "%s/%s", prefix, cp);
+ assert (wlen == (int) len -1);
+ def_usrtemplate = _def_usrtemplate;
+ }
+ else {
+ def_usrtemplate = xstrdup (cp);
+ }
+ }
+ /*
* Create by default user mail spool or not ?
*/
else if (MATCH (buf, DCREATE_MAIL_SPOOL)) {
@@ -500,6 +528,7 @@ static void show_defaults (void)
printf ("EXPIRE=%s\n", def_expire);
printf ("SHELL=%s\n", def_shell);
printf ("SKEL=%s\n", def_template);
+ printf ("USRSKEL=%s\n", def_usrtemplate);
printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool);
}
@@ -526,6 +555,7 @@ static int set_defaults (void)
bool out_expire = false;
bool out_shell = false;
bool out_skel = false;
+ bool out_usrskel = false;
bool out_create_mail_spool = false;
size_t len;
int ret = -1;
@@ -620,6 +650,9 @@ static int set_defaults (void)
} else if (!out_skel && MATCH (buf, DSKEL)) {
fprintf (ofp, DSKEL "%s\n", def_template);
out_skel = true;
+ } else if (!out_usrskel && MATCH (buf, DUSRSKEL)) {
+ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
+ out_usrskel = true;
} else if (!out_create_mail_spool
&& MATCH (buf, DCREATE_MAIL_SPOOL)) {
fprintf (ofp,
@@ -649,6 +682,8 @@ static int set_defaults (void)
fprintf (ofp, DSHELL "%s\n", def_shell);
if (!out_skel)
fprintf (ofp, DSKEL "%s\n", def_template);
+ if (!out_usrskel)
+ fprintf (ofp, DUSRSKEL "%s\n", def_usrtemplate);
if (!out_create_mail_spool)
fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool);
@@ -2507,6 +2542,8 @@ int main (int argc, char **argv)
if (home_added) {
copy_tree (def_template, prefix_user_home, false, false,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
+ copy_tree (def_usrtemplate, prefix_user_home, false, false,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
_("%s: warning: the home directory %s already exists.\n"
Index: libmisc/copydir.c
===================================================================
--- libmisc/copydir.c.orig
+++ libmisc/copydir.c
@@ -416,6 +416,14 @@ static int copy_entry (const char *src,
old_uid, new_uid, old_gid, new_gid);
}
+ /*
+ * If the destination already exists do nothing.
+ * This is after the copy_dir above to still iterate into subdirectories.
+ */
+ if (LSTAT (dst, &sb) != -1) {
+ return 0;
+ }
+
#ifdef S_IFLNK
/*
* Copy any symbolic links
@@ -477,6 +485,7 @@ static int copy_dir (const char *src, co
gid_t old_gid, gid_t new_gid)
{
int err = 0;
+ struct stat dst_sb;
/*
* Create a new target directory, make it owned by
@@ -488,6 +497,16 @@ static int copy_dir (const char *src, co
return -1;
}
#endif /* WITH_SELINUX */
+
+ /*
+ * If the destination is already a directory, don't change it
+ * but copy into it (recursively).
+ */
+ if (LSTAT (dst, &dst_sb) == 0 && S_ISDIR(dst_sb.st_mode)) {
+ return (copy_tree (src, dst, false, reset_selinux,
+ old_uid, new_uid, old_gid, new_gid) != 0);
+ }
+
if ( (mkdir (dst, statp->st_mode) != 0)
|| (chown_if_needed (dst, statp,
old_uid, new_uid, old_gid, new_gid) != 0)

View File

@ -37,20 +37,6 @@ fi
# Main useradd tool creates this if specified on command line
[ -d $HOMEDIR ] || exit 0
#
# Copy also skeleton files from /usr/etc/skel (boo#1173321)
#
USRSKELDIR=/usr/etc/skel
if [ -d $USRSKELDIR ] ; then
for file in $(ls -A $USRSKELDIR); do
# Only copy if not exist yet, i.e. does *not* exist in /etc/skel, which is still
# being preferred ...
test -e $HOMEDIR/$file && continue
cp -a $USRSKELDIR/$file $HOMEDIR
chown -R $USER.$GID $HOMEDIR/$file
done
fi
# If SELinux is enabled, we have to run restorecon to assign
# appropriate fcontexts to the respective $HOME and files under it
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then