SHA256
3
0
forked from pool/shadow

- Update to 4.7:

* Spawn: don't loop forever on ECHILD
  * Do not fail locking if there is a stale lockfile (Tomas Mraz)
  * Use lckpwdf if prefix not set (Tomas Mraz)
  * Build: check correct DocBook version (Jan Tojnar)
  * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
  * Add support for btrfs subvolumes for home (Adam Majer)
  * Fix chpasswd long line handling (Nathan Ruiz)
  * Use secure_getenv for gettime (Chris Lamb)
  * Make sp_lstchg reproducible (Chris Lamb)
  * Do not crash commonio_close if db file is not open (Tomas Mraz)
  * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
  * French manpage update (Alban VIDAL)
  * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
  * Sync po files from shadow.pot (Alban VIDAL)
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
  * Fix segfault in useradd (Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
  * run pam_getenvlist after setup_env in su.c (Michael Vogt)
  * Support systems with only utmpx (A. Wilcox)
  * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
  * Update po/zh_CN translation (Lion Yang)
  * Create parent dirs for useradd -m (Michael Vetter)
  * Prevent usermod segv
  * Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=68
This commit is contained in:
Michael Vetter 2019-06-14 07:41:25 +00:00 committed by Git OBS Bridge
parent b149187807
commit 36577fca4e
12 changed files with 73 additions and 517 deletions

View File

@ -1,318 +0,0 @@
commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b
Author: Adam Majer <amajer@suse.de>
Date: Wed Jan 23 16:17:05 2019 +0100
Add autotools support for BtrFS option
Feature is enabled by default, if headers are available. It can be
turned off explictly.
commit 81ead2042afcdb8d423da855cf1528618a4e0c01
Author: Adam Majer <amajer@suse.de>
Date: Mon Jan 21 09:32:36 2019 +0100
Add support for btrfs subvolumes for user homes
new switch added to useradd command, --btrfs-subvolume-home. When
specified *and* the filesystem is detected as btrfs, it will create a
subvolume for user's home instead of a plain directory. This is done via
`btrfs subvolume` command. Specifying the new switch while trying to
create home on non-btrfs will result in an error.
userdel -r will handle and remove this subvolume transparently via
`btrfs subvolume` command. Previosuly this failed as you can't rmdir a
subvolume.
usermod, when moving user's home across devices, will detect if the home
is a subvolume and issue an error messages instead of copying it. Moving
user's home (as subvolume) on same btrfs works transparently.
--- a/configure.ac
+++ b/configure.ac
@@ -256,6 +256,9 @@ AC_ARG_WITH(audit,
AC_ARG_WITH(libpam,
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
[with_libpam=$withval], [with_libpam=maybe])
+AC_ARG_WITH(btrfs,
+ [AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
+ [with_selinux=$withval], [with_selinux=maybe])
AC_ARG_WITH(selinux,
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
[with_selinux=$withval], [with_selinux=maybe])
@@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
fi
+if test "$with_btrfs" != "no"; then
+ AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
+ [btrfs_headers="yes"], [btrfs_headers="no"])
+ if test "$btrfs_headers$with_btrfs" = "noyes" ; then
+ AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
+ fi
+
+ if test "$btrfs_headers" = "yes" ; then
+ AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
+ with_btrfs="yes"
+ fi
+fi
+AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
+
AC_SUBST(LIBSELINUX)
AC_SUBST(LIBSEMANAGE)
if test "$with_selinux" != "no"; then
@@ -672,6 +689,7 @@ if test "$with_libpam" = "yes"; then
echo " suid account management tools: $enable_acct_tools_setuid"
fi
echo " SELinux support: $with_selinux"
+echo " BtrFS support: $with_btrfs"
echo " ACL support: $with_acl"
echo " Extended Attributes support: $with_attr"
echo " tcb support (incomplete): $with_tcb"
--- a/lib/prototypes.h
+++ b/lib/prototypes.h
@@ -72,6 +72,14 @@ extern int expire (const struct passwd *
/* isexpired.c */
extern int isexpired (const struct passwd *, /*@null@*/const struct spwd *);
+/* btrfs.c */
+#ifdef WITH_BTRFS
+extern int btrfs_create_subvolume(const char *path);
+extern int btrfs_remove_subvolume(const char *path);
+extern int btrfs_is_subvolume(const char *path);
+extern int is_btrfs(const char *path);
+#endif
+
/* basename() renamed to Basename() to avoid libc name space confusion */
/* basename.c */
extern /*@observer@*/const char *Basename (const char *str);
--- a/libmisc/Makefile.am
+++ b/libmisc/Makefile.am
@@ -72,3 +72,8 @@ libmisc_a_SOURCES = \
xgetspnam.c \
xmalloc.c \
yesno.c
+
+if WITH_BTRFS
+libmisc_a_SOURCES += btrfs.c
+endif
+
--- /dev/null
+++ b/libmisc/btrfs.c
@@ -0,0 +1,94 @@
+#include <linux/btrfs_tree.h>
+#include <linux/magic.h>
+#include <sys/statfs.h>
+
+#include "prototypes.h"
+
+
+static int run_btrfs_subvolume_cmd(const char *subcmd, const char *arg1, const char *arg2)
+{
+ int status = 0;
+ const char *cmd = "/sbin/btrfs";
+ const char *argv[] = {
+ strrchr(cmd, '/'),
+ "subvolume",
+ subcmd,
+ arg1,
+ arg2,
+ NULL
+ };
+
+ if (argv[0] == NULL)
+ argv[0] = cmd;
+ else
+ argv[0] = argv[0] + 1;
+
+ if (access(cmd, X_OK)) {
+ return 1;
+ }
+
+ if (run_command(cmd, argv, NULL, &status))
+ return -1;
+ return status;
+}
+
+
+int btrfs_create_subvolume(const char *path)
+{
+ return run_btrfs_subvolume_cmd("create", path, NULL);
+}
+
+
+int btrfs_remove_subvolume(const char *path)
+{
+ return run_btrfs_subvolume_cmd("delete", "-C", path);
+}
+
+
+/* Adapted from btrfsprogs */
+/*
+ * This intentionally duplicates btrfs_util_is_subvolume_fd() instead of opening
+ * a file descriptor and calling it, because fstat() and fstatfs() don't accept
+ * file descriptors opened with O_PATH on old kernels (before v3.6 and before
+ * v3.12, respectively), but stat() and statfs() can be called on a path that
+ * the user doesn't have read or write permissions to.
+ *
+ * returns:
+ * 1 - btrfs subvolume
+ * 0 - not btrfs subvolume
+ * -1 - error
+ */
+int btrfs_is_subvolume(const char *path)
+{
+ struct stat st;
+ int ret;
+
+ ret = is_btrfs(path);
+ if (ret <= 0)
+ return ret;
+
+ ret = stat(path, &st);
+ if (ret == -1)
+ return -1;
+
+ if (st.st_ino != BTRFS_FIRST_FREE_OBJECTID || !S_ISDIR(st.st_mode)) {
+ return 0;
+ }
+
+ return 1;
+}
+
+
+/* Adapted from btrfsprogs */
+int is_btrfs(const char *path)
+{
+ struct statfs sfs;
+ int ret;
+
+ ret = statfs(path, &sfs);
+ if (ret == -1)
+ return -1;
+
+ return sfs.f_type == BTRFS_SUPER_MAGIC;
+}
+
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -164,6 +164,7 @@ static bool
oflg = false, /* permit non-unique user ID to be specified with -u */
rflg = false, /* create a system account */
sflg = false, /* shell program for new account */
+ subvolflg = false, /* create subvolume home on BTRFS */
uflg = false, /* specify user ID for new account */
Uflg = false; /* create a group having the same name as the user */
@@ -805,6 +806,9 @@ static void usage (int status)
Prog, Prog, Prog);
(void) fputs (_(" -b, --base-dir BASE_DIR base directory for the home directory of the\n"
" new account\n"), usageout);
+#ifdef WITH_BTRFS
+ (void) fputs (_(" --btrfs-subvolume-home use BTRFS subvolume for home directory\n"), usageout);
+#endif
(void) fputs (_(" -c, --comment COMMENT GECOS field of the new account\n"), usageout);
(void) fputs (_(" -d, --home-dir HOME_DIR home directory of the new account\n"), usageout);
(void) fputs (_(" -D, --defaults print or change default useradd configuration\n"), usageout);
@@ -1085,6 +1089,9 @@ static void process_flags (int argc, cha
int c;
static struct option long_options[] = {
{"base-dir", required_argument, NULL, 'b'},
+#ifdef WITH_BTRFS
+ {"btrfs-subvolume-home", no_argument, NULL, 200},
+#endif
{"comment", required_argument, NULL, 'c'},
{"home-dir", required_argument, NULL, 'd'},
{"defaults", no_argument, NULL, 'D'},
@@ -1131,6 +1138,9 @@ static void process_flags (int argc, cha
def_home = optarg;
bflg = true;
break;
+ case 200:
+ subvolflg = true;
+ break;
case 'c':
if (!VALID (optarg)) {
fprintf (stderr,
@@ -2049,6 +2059,37 @@ static void create_home (void)
strcat (path, "/");
strcat (path, cp);
if (access (path, F_OK) != 0) {
+ /* Check if parent directory is BTRFS, fail if requesting
+ subvolume but no BTRFS. The paths cound be different by the
+ trailing slash
+ */
+#if WITH_BTRFS
+ if (subvolflg && (strlen(prefix_user_home) - (int)strlen(path)) <= 1) {
+ char *btrfs_check = strdup(path);
+
+ if (!btrfs_check) {
+ fprintf (stderr,
+ _("%s: error while duplicating string in BTRFS check %s\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ btrfs_check[strlen(path) - strlen(cp) - 1] = '\0';
+ if (is_btrfs(btrfs_check) <= 0) {
+ fprintf (stderr,
+ _("%s: home directory \"%s\" must be mounted on BTRFS\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ // make subvolume to mount for user instead of directory
+ if (btrfs_create_subvolume(path)) {
+ fprintf (stderr,
+ _("%s: failed to create BTRFS subvolume: %s\n"),
+ Prog, path);
+ fail_exit (E_HOMEDIR);
+ }
+ }
+ else
+#endif
if (mkdir (path, 0) != 0) {
fprintf (stderr,
_("%s: cannot create directory %s\n"),
--- a/src/userdel.c
+++ b/src/userdel.c
@@ -1273,6 +1273,23 @@ int main (int argc, char **argv)
#endif /* EXTRA_CHECK_HOME_DIR */
if (rflg) {
+#ifdef WITH_BTRFS
+ int is_subvolume = btrfs_is_subvolume (user_home);
+ if (is_subvolume < 0) {
+ errors++;
+ /* continue */
+ }
+ else if (is_subvolume > 0) {
+ if (btrfs_remove_subvolume (user_home)) {
+ fprintf (stderr,
+ _("%s: error removing subvolume %s\n"),
+ Prog, user_home);
+ errors++;
+ /* continue */
+ }
+ }
+ else
+#endif
if (remove_tree (user_home, true) != 0) {
fprintf (stderr,
_("%s: error removing directory %s\n"),
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1818,6 +1818,15 @@ static void move_home (void)
return;
} else {
if (EXDEV == errno) {
+#ifdef WITH_BTRFS
+ if (btrfs_is_subvolume (prefix_user_home) > 0) {
+ fprintf (stderr,
+ _("%s: error: cannot move subvolume from %s to %s - different device\n"),
+ Prog, prefix_user_home, prefix_user_newhome);
+ fail_exit (E_HOMEDIR);
+ }
+#endif
+
if (copy_tree (prefix_user_home, prefix_user_newhome, true,
true,
user_id,

View File

@ -1,86 +0,0 @@
Bug: https://github.com/shadow-maint/shadow/issues/110
Containing following two fixes.
From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001
From: fariouche <fariouche@yahoo.fr>
Date: Tue, 8 May 2018 21:17:46 -0500
Subject: [PATCH 1/2] Fix usermod crash
Return newly allocated pointers when the caller will free them.
Closes #110
---
libmisc/prefix_flag.c | 2 +-
src/usermod.c | 10 ++++++----
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 6581235e..8ceffd26 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return prefix_getgrnam (grname);
+ return __gr_dup(prefix_getgrnam (grname));
}
else
return getgr_nam_gid(grname);
diff --git a/src/usermod.c b/src/usermod.c
index e571426f..7355ad31 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv)
prefix_user_home = xmalloc(len);
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
assert (wlen == (int) len -1);
+ if (user_newhome) {
+ len = strlen(prefix) + strlen(user_newhome) + 2;
+ prefix_user_newhome = xmalloc(len);
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+ assert (wlen == (int) len -1);
+ }
- len = strlen(prefix) + strlen(user_newhome) + 2;
- prefix_user_newhome = xmalloc(len);
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
- assert (wlen == (int) len -1);
}
else {
prefix_user_home = user_home;
From 48dcf7852e51b9d8e7926737cc7f7823978b7d7d Mon Sep 17 00:00:00 2001
From: Serge Hallyn <shallyn@cisco.com>
Date: Tue, 8 May 2018 21:37:55 -0500
Subject: [PATCH 2/2] usermod: prevent a segv
in the case where prefix does not exist.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
---
libmisc/prefix_flag.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c
index 8ceffd26..96b11faa 100644
--- a/libmisc/prefix_flag.c
+++ b/libmisc/prefix_flag.c
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
{
long long int gid;
char *endptr;
+ struct group *g;
if (NULL == grname) {
return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gid(const char *grname)
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return __gr_dup(prefix_getgrnam (grname));
+ g = prefix_getgrnam (grname);
+ return g ? __gr_dup(g) : NULL;
}
else
return getgr_nam_gid(grname);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583
size 1678100

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
=fk/F
-----END PGP SIGNATURE-----

3
shadow-4.7.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
size 1624340

11
shadow-4.7.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
=dbPQ
-----END PGP SIGNATURE-----

View File

@ -109,11 +109,11 @@ Index: lib/getdef.c
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -93,6 +95,7 @@ static struct itemdef def_table[] = {
{"GID_MIN", NULL},
{"HUSHLOGIN_FILE", NULL},
@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
{"KILLCHAR", NULL},
+ {"LOGIN_PLAIN_PROMPT", NULL},
{"LASTLOG_UID_MAX", NULL},
{"LOGIN_RETRIES", NULL},
+ {"LOGIN_PLAIN_PROMPT", NULL},
{"LOGIN_TIMEOUT", NULL},
{"LOG_OK_LOGINS", NULL},
{"LOG_UNKFAIL_ENAB", NULL},

View File

@ -1,3 +1,45 @@
-------------------------------------------------------------------
Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
- Update to 4.7:
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):
upstreamed: https://github.com/shadow-maint/shadow/pull/149
- Remove useradd-mkdirs.patch (bsc#865563):
upstreamed https://github.com/shadow-maint/shadow/pull/112
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
upstreamed https://github.com/shadow-maint/shadow/issues/110
- Rebase userdel-script.patch
- Rebase useradd-script.patch
- Rebase shadow-util-linux.patch
-------------------------------------------------------------------
Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

View File

@ -12,12 +12,12 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: shadow
Version: 4.6
Version: 4.7
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
@ -53,18 +53,12 @@ Patch6: shadow-4.1.5.1-userdel-helpfix.patch
Patch7: shadow-4.1.5.1-logmsg.patch
# PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix).
Patch10: encryption_method_nis.patch
# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehrens@suse.com -- Create all parts of the path.
Patch11: useradd-mkdirs.patch
# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvetter@suse.com -- Fixes crash in usermod when called with --prefix.
Patch12: shadow-4.6.0-fix-usermod-prefix-crash.patch
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
Patch13: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
# PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.majer@suse.de -- Add support for btrfs subvolumes for user homes.
Patch21: btrfs-subvolumes.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
@ -105,14 +99,11 @@ group accounts.
%patch6
%patch7
%patch10
%patch11 -p1
%patch12 -p1
%patch13
%patch14
%if 0%{?suse_version} < 1330
%patch20 -p1
%endif
%patch21 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO

View File

@ -1,73 +0,0 @@
https://github.com/shadow-maint/shadow/pull/112
useradd-mkdirs.patch adapted to two comments in https://github.com/shadow-maint/shadow/pull/2
* check for stdup failure
* create dirs with 0755 instead of 0777
diff -urEbwB shadow-4.6/src/useradd.c shadow-4.6.new-useradd-mkdirs/src/useradd.c
--- shadow-4.6/src/useradd.c 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6.new-useradd-mkdirs/src/useradd.c 2018-05-15 17:11:03.706371270 +0200
@@ -2018,6 +2018,19 @@
static void create_home (void)
{
if (access (prefix_user_home, F_OK) != 0) {
+ char path[strlen (prefix_user_home) + 2];
+ char *bhome, *cp;
+
+ path[0] = '\0';
+ bhome = strdup (prefix_user_home);
+ if (!bhome) {
+ fprintf (stderr,
+ _("%s: error while duplicating string %s\n"),
+ Prog, user_home);
+ fail_exit (E_HOMEDIR);
+ }
+ ++bhome;
+
#ifdef WITH_SELINUX
if (set_selinux_file_context (prefix_user_home) != 0) {
fprintf (stderr,
@@ -2026,11 +2039,20 @@
fail_exit (E_HOMEDIR);
}
#endif
- /* XXX - create missing parent directories. --marekm */
- if (mkdir (prefix_user_home, 0) != 0) {
+
+ /* Check for every part of the path, if the directory
+ exists. If not, create it with permissions 755 and
+ owner root:root.
+ */
+ cp = strtok (bhome, "/");
+ while (cp) {
+ strcat (path, "/");
+ strcat (path, cp);
+ if (access (path, F_OK) != 0) {
+ if (mkdir (path, 0) != 0) {
fprintf (stderr,
_("%s: cannot create directory %s\n"),
- Prog, prefix_user_home);
+ Prog, path);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
"adding home directory",
@@ -2039,6 +2061,20 @@
#endif
fail_exit (E_HOMEDIR);
}
+ if (chown (path, 0, 0) < 0) {
+ fprintf (stderr,
+ _("%s: warning: chown on `%s' failed: %m\n"),
+ Prog, path);
+ }
+ if (chmod (path, 0755) < 0) {
+ fprintf (stderr,
+ _("%s: warning: chmod on `%s' failed: %m\n"),
+ Prog, path);
+ }
+ }
+ cp = strtok (NULL, "/");
+ }
+
(void) chown (prefix_user_home, user_id, user_gid);
chmod (prefix_user_home,
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));

View File

@ -20,7 +20,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -125,6 +125,7 @@ static struct itemdef def_table[] = {
@@ -126,6 +126,7 @@ static struct itemdef def_table[] = {
{"UID_MAX", NULL},
{"UID_MIN", NULL},
{"UMASK", NULL},
@ -32,7 +32,7 @@ Index: src/useradd.c
===================================================================
--- src/useradd.c.orig
+++ src/useradd.c
@@ -2115,6 +2115,30 @@ static void create_mail (void)
@@ -2216,6 +2216,30 @@ static void create_mail (void)
}
/*
@ -63,9 +63,9 @@ Index: src/useradd.c
* main - useradd command
*/
int main (int argc, char **argv)
@@ -2390,6 +2414,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
@@ -2492,6 +2516,7 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ call_script (user_name);
+

View File

@ -2,7 +2,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -126,6 +126,8 @@ static struct itemdef def_table[] = {
@@ -127,6 +127,8 @@ static struct itemdef def_table[] = {
{"UID_MIN", NULL},
{"UMASK", NULL},
{"USERDEL_CMD", NULL},
@ -45,7 +45,7 @@ Index: src/userdel.c
===================================================================
--- src/userdel.c.orig
+++ src/userdel.c
@@ -125,7 +125,7 @@ static void close_files (void);
@@ -126,7 +126,7 @@ static void close_files (void);
static void fail_exit (int);
static void open_files (void);
static void update_user (void);
@ -54,7 +54,7 @@ Index: src/userdel.c
#ifdef EXTRA_CHECK_HOME_DIR
static bool path_prefix (const char *, const char *);
@@ -767,13 +767,13 @@ static void update_user (void)
@@ -768,13 +768,13 @@ static void update_user (void)
* cron, at, or print jobs.
*/
@ -70,7 +70,7 @@ Index: src/userdel.c
if (NULL == cmd) {
return;
}
@@ -1213,9 +1213,10 @@ int main (int argc, char **argv)
@@ -1214,9 +1214,10 @@ int main (int argc, char **argv)
}
/*
@ -83,7 +83,7 @@ Index: src/userdel.c
open_files ();
update_user ();
update_groups ();
@@ -1319,7 +1320,7 @@ int main (int argc, char **argv)
@@ -1337,7 +1338,7 @@ int main (int argc, char **argv)
* the entry from /etc/passwd.
*/
if(prefix[0] == '\0')
@ -92,9 +92,9 @@ Index: src/userdel.c
close_files ();
#ifdef WITH_TCB
@@ -1329,6 +1330,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("passwd");
@@ -1348,6 +1349,9 @@ int main (int argc, char **argv)
nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ /* Call the post script, for example to rebuild NIS database */
+ call_script ("USERDEL_POSTCMD", user_name);