upgrade
This commit is contained in:
parent
c2e7e463a1
commit
4c8c528414
20 changed files with 137 additions and 1639 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
|||
shadow-4.1.4.2.tar.bz2
|
||||
/shadow-4.1.4.3.tar.bz2
|
||||
/shadow-4.1.5.tar.bz2
|
||||
|
|
|
@ -1,151 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/copydir.c.acl shadow-4.1.4.2/libmisc/copydir.c
|
||||
--- shadow-4.1.4.2/libmisc/copydir.c.acl 2011-02-09 17:35:23.455413575 +0100
|
||||
+++ shadow-4.1.4.2/libmisc/copydir.c 2011-02-09 17:49:17.606330202 +0100
|
||||
@@ -45,6 +45,9 @@
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
+#include <attr/error_context.h>
|
||||
+#include <acl/libacl.h>
|
||||
+
|
||||
static /*@null@*/const char *src_orig;
|
||||
static /*@null@*/const char *dst_orig;
|
||||
|
||||
@@ -70,7 +73,7 @@ static int copy_symlink (const char *src
|
||||
#endif
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp);
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid);
|
||||
static int copy_file (const char *src, const char *dst,
|
||||
@@ -78,6 +81,28 @@ static int copy_file (const char *src, c
|
||||
long int uid, long int gid);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
+
|
||||
+void error (struct error_context *ctx, const char *fmt, ...)
|
||||
+{
|
||||
+ va_list ap;
|
||||
+
|
||||
+ /* ignore the case when destination does not support ACLs */
|
||||
+ if(errno==EOPNOTSUPP)
|
||||
+ return;
|
||||
+
|
||||
+ va_start (ap, fmt);
|
||||
+ (void) fprintf (stderr, _("%s: "), Prog);
|
||||
+ if (vfprintf (stderr, fmt, ap) != 0) {
|
||||
+ (void) fputs (_(": "), stderr);
|
||||
+ }
|
||||
+ (void) fprintf (stderr, "%s\n", strerror (errno));
|
||||
+ va_end (ap);
|
||||
+}
|
||||
+
|
||||
+struct error_context ctx = {
|
||||
+ error
|
||||
+};
|
||||
+
|
||||
/*
|
||||
* selinux_file_context - Set the security context before any file or
|
||||
* directory creation.
|
||||
@@ -369,7 +394,7 @@ static int copy_entry (const char *src,
|
||||
*/
|
||||
|
||||
else if (!S_ISREG (sb.st_mode)) {
|
||||
- err = copy_special (dst, &sb, mt, uid, gid);
|
||||
+ err = copy_special (src, dst, &sb, mt, uid, gid);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -413,8 +438,20 @@ static int copy_dir (const char *src, co
|
||||
|| (chown (dst,
|
||||
(uid == - 1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
- || (chmod (dst, statp->st_mode) != 0)
|
||||
- || (copy_tree (src, dst, uid, gid) != 0)
|
||||
+ || (chmod (dst, statp->st_mode) != 0)) {
|
||||
+ err = -1;
|
||||
+ return err;
|
||||
+ }
|
||||
+
|
||||
+ /* ignore the case when destination does not support ACLs */
|
||||
+ if (perm_copy_file (src, dst, &ctx) != 0) {
|
||||
+ if (errno!=EOPNOTSUPP) {
|
||||
+ err = -1;
|
||||
+ return err;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ((copy_tree (src, dst, uid, gid) != 0)
|
||||
|| (utimes (dst, mt) != 0)) {
|
||||
err = -1;
|
||||
}
|
||||
@@ -514,6 +551,13 @@ static int copy_symlink (const char *src
|
||||
|| (lchown (dst,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
|
||||
+ /* FIXME: there are no modes on symlinks, right?
|
||||
+ * ACL could be copied, but this would be much more
|
||||
+ * complex than calling perm_copy_file.
|
||||
+ * Ditto for Extended Attributes.
|
||||
+ * We currently only document that ACL and Extended
|
||||
+ * Attributes are not copied.
|
||||
+ */
|
||||
free (oldlink);
|
||||
return -1;
|
||||
}
|
||||
@@ -542,7 +586,7 @@ static int copy_symlink (const char *src
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp)
|
||||
{
|
||||
- /* TODO: selinux needed? */
|
||||
+ /* TODO: selinux, ACL, Extended Attributes needed? */
|
||||
|
||||
if (link (lp->ln_name, dst) != 0) {
|
||||
return -1;
|
||||
@@ -574,7 +618,7 @@ static int copy_hardlink (const char *sr
|
||||
*
|
||||
* Return 0 on success, -1 on error.
|
||||
*/
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid)
|
||||
{
|
||||
@@ -628,11 +672,18 @@ static int copy_file (const char *src, c
|
||||
|| (fchown (ofd,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
- || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
|
||||
+ || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
|
||||
(void) close (ifd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (perm_copy_fd (src, ifd, dst, ofd, &ctx) != 0) {
|
||||
+ if (errno!=EOPNOTSUPP) {
|
||||
+ (void) close (ifd);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
|
||||
if (write (ofd, buf, (size_t)cnt) != cnt) {
|
||||
return -1;
|
||||
diff -up shadow-4.1.4.2/src/Makefile.in.acl shadow-4.1.4.2/src/Makefile.in
|
||||
--- shadow-4.1.4.2/src/Makefile.in.acl 2009-07-24 03:16:00.000000000 +0200
|
||||
+++ shadow-4.1.4.2/src/Makefile.in 2011-02-09 17:35:23.470411800 +0100
|
||||
@@ -430,9 +430,9 @@ su_SOURCES = \
|
||||
|
||||
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
||||
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
all: all-am
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c
|
||||
--- shadow-4.1.4.2/libmisc/cleanup.c.fixes 2009-09-07 15:52:22.449035388 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/cleanup.c 2009-09-07 15:55:06.632033653 +0200
|
||||
@@ -107,7 +107,7 @@ void del_cleanup (cleanup_function pcf)
|
||||
assert (i<CLEANUP_FUNCTIONS);
|
||||
|
||||
/* Move the rest of the cleanup functions */
|
||||
- for (; i<CLEANUP_FUNCTIONS; i++) {
|
||||
+ for (; i<(CLEANUP_FUNCTIONS - 1); i++) {
|
||||
/* Make sure the cleanup function was specified only once */
|
||||
assert (cleanup_functions[i+1] != pcf);
|
||||
|
||||
diff -up shadow-4.1.4.2/libmisc/limits.c.fixes shadow-4.1.4.2/libmisc/limits.c
|
||||
--- shadow-4.1.4.2/libmisc/limits.c.fixes 2009-09-07 15:55:38.734034494 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/limits.c 2009-09-07 15:56:10.545044166 +0200
|
||||
@@ -167,7 +167,7 @@ static int check_logins (const char *nam
|
||||
* includes the user who is currently trying to log in.
|
||||
*/
|
||||
if (count > limit) {
|
||||
- SYSLOG ((LOG_WARN, "Too many logins (max %d) for %s\n",
|
||||
+ SYSLOG ((LOG_WARN, "Too many logins (max %lu) for %s\n",
|
||||
limit, name));
|
||||
return LOGIN_ERROR_LOGIN;
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/utmp.c.fixes shadow-4.1.4.2/libmisc/utmp.c
|
||||
--- shadow-4.1.4.2/libmisc/utmp.c.fixes 2009-09-07 15:56:30.534033865 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/utmp.c 2009-09-07 16:11:23.049069289 +0200
|
||||
@@ -56,7 +56,7 @@ static bool is_my_tty (const char *tty)
|
||||
/* full_tty shall be at least sizeof utmp.ut_line + 5 */
|
||||
char full_tty[200];
|
||||
/* tmptty shall be bigger than full_tty */
|
||||
- static char tmptty[sizeof (full_tty)+1];
|
||||
+ static char tmptty[sizeof (full_tty)+1] = "";
|
||||
|
||||
if ('/' != *tty) {
|
||||
(void) snprintf (full_tty, sizeof full_tty, "/dev/%s", tty);
|
||||
@@ -71,7 +71,7 @@ static bool is_my_tty (const char *tty)
|
||||
}
|
||||
}
|
||||
|
||||
- if (NULL == tmptty) {
|
||||
+ if ('\0' == tmptty[0]) {
|
||||
(void) puts (_("Unable to determine your tty name."));
|
||||
exit (EXIT_FAILURE);
|
||||
} else if (strncmp (tty, tmptty, sizeof (tmptty)) != 0) {
|
||||
@@ -200,7 +200,6 @@ static void updwtmpx (const char *filena
|
||||
strcpy (hostname, host);
|
||||
#ifdef HAVE_STRUCT_UTMP_UT_HOST
|
||||
} else if ( (NULL != ut)
|
||||
- && (NULL != ut->ut_host)
|
||||
&& ('\0' != ut->ut_host[0])) {
|
||||
hostname = (char *) xmalloc (sizeof (ut->ut_host) + 1);
|
||||
strncpy (hostname, ut->ut_host, sizeof (ut->ut_host));
|
|
@ -1,23 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/lib/gshadow.c.gshadow shadow-4.1.4.2/lib/gshadow.c
|
||||
--- shadow-4.1.4.2/lib/gshadow.c.gshadow 2009-06-12 19:50:23.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/gshadow.c 2011-01-05 16:28:55.207685148 +0100
|
||||
@@ -223,6 +223,7 @@ void endsgent (void)
|
||||
if (NULL == buf) {
|
||||
return NULL;
|
||||
}
|
||||
+ buflen = BUFSIZ;
|
||||
}
|
||||
|
||||
if (NULL == fp) {
|
||||
@@ -230,9 +231,9 @@ void endsgent (void)
|
||||
}
|
||||
|
||||
#ifdef USE_NIS
|
||||
- while (fgetsx (buf, (int) sizeof buf, fp) == buf)
|
||||
+ while (fgetsx (buf, (int) buflen, fp) == buf)
|
||||
#else
|
||||
- if (fgetsx (buf, (int) sizeof buf, fp) == buf)
|
||||
+ if (fgetsx (buf, (int) buflen, fp) == buf)
|
||||
#endif
|
||||
{
|
||||
while ( ((cp = strrchr (buf, '\n')) == NULL)
|
|
@ -1,108 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/lib/groupmem.c.leak shadow-4.1.4.2/lib/groupmem.c
|
||||
--- shadow-4.1.4.2/lib/groupmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/groupmem.c 2009-09-07 15:43:23.314129427 +0200
|
||||
@@ -51,10 +51,13 @@
|
||||
*gr = *grent;
|
||||
gr->gr_name = strdup (grent->gr_name);
|
||||
if (NULL == gr->gr_name) {
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
gr->gr_passwd = strdup (grent->gr_passwd);
|
||||
if (NULL == gr->gr_passwd) {
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -62,11 +65,21 @@
|
||||
|
||||
gr->gr_mem = (char **) malloc ((i + 1) * sizeof (char *));
|
||||
if (NULL == gr->gr_mem) {
|
||||
+ free(gr->gr_passwd);
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
for (i = 0; grent->gr_mem[i]; i++) {
|
||||
gr->gr_mem[i] = strdup (grent->gr_mem[i]);
|
||||
if (NULL == gr->gr_mem[i]) {
|
||||
+ int j;
|
||||
+ for (j=0; j<i; j++)
|
||||
+ free(gr->gr_mem[j]);
|
||||
+ free(gr->gr_mem);
|
||||
+ free(gr->gr_passwd);
|
||||
+ free(gr->gr_name);
|
||||
+ free(gr);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/copydir.c.leak shadow-4.1.4.2/libmisc/copydir.c
|
||||
--- shadow-4.1.4.2/libmisc/copydir.c.leak 2009-05-22 12:16:14.000000000 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/copydir.c 2009-09-07 15:41:49.217192095 +0200
|
||||
@@ -443,6 +443,7 @@ static char *readlink_malloc (const char
|
||||
nchars = readlink (filename, buffer, size);
|
||||
|
||||
if (nchars < 0) {
|
||||
+ free(buffer);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -up shadow-4.1.4.2/lib/pwmem.c.leak shadow-4.1.4.2/lib/pwmem.c
|
||||
--- shadow-4.1.4.2/lib/pwmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/pwmem.c 2009-09-07 15:41:49.218203063 +0200
|
||||
@@ -51,22 +51,37 @@
|
||||
*pw = *pwent;
|
||||
pw->pw_name = strdup (pwent->pw_name);
|
||||
if (NULL == pw->pw_name) {
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_passwd = strdup (pwent->pw_passwd);
|
||||
if (NULL == pw->pw_passwd) {
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_gecos = strdup (pwent->pw_gecos);
|
||||
if (NULL == pw->pw_gecos) {
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_dir = strdup (pwent->pw_dir);
|
||||
if (NULL == pw->pw_dir) {
|
||||
+ free(pw->pw_gecos);
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
pw->pw_shell = strdup (pwent->pw_shell);
|
||||
if (NULL == pw->pw_shell) {
|
||||
+ free(pw->pw_dir);
|
||||
+ free(pw->pw_gecos);
|
||||
+ free(pw->pw_passwd);
|
||||
+ free(pw->pw_name);
|
||||
+ free(pw);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
diff -up shadow-4.1.4.2/lib/shadowmem.c.leak shadow-4.1.4.2/lib/shadowmem.c
|
||||
--- shadow-4.1.4.2/lib/shadowmem.c.leak 2009-04-23 19:43:27.000000000 +0200
|
||||
+++ shadow-4.1.4.2/lib/shadowmem.c 2009-09-07 15:41:49.218203063 +0200
|
||||
@@ -52,10 +52,13 @@
|
||||
*sp = *spent;
|
||||
sp->sp_namp = strdup (spent->sp_namp);
|
||||
if (NULL == sp->sp_namp) {
|
||||
+ free(sp);
|
||||
return NULL;
|
||||
}
|
||||
sp->sp_pwdp = strdup (spent->sp_pwdp);
|
||||
if (NULL == sp->sp_pwdp) {
|
||||
+ free(sp->sp_namp);
|
||||
+ free(sp);
|
||||
return NULL;
|
||||
}
|
||||
|
|
@ -1,53 +0,0 @@
|
|||
diff -up shadow-4.1.4.2/man/useradd.8.redhat shadow-4.1.4.2/man/useradd.8
|
||||
--- shadow-4.1.4.2/man/useradd.8.redhat 2009-07-24 03:16:44.000000000 +0200
|
||||
+++ shadow-4.1.4.2/man/useradd.8 2011-02-09 11:04:24.851151246 +0100
|
||||
@@ -211,7 +211,7 @@ Create the user\'s home directory if it
|
||||
\fB\-k\fR
|
||||
option) will be copied to the home directory\&.
|
||||
.sp
|
||||
-By default, no home directories are created\&.
|
||||
+The home directories are created by default on RHEL/Fedora systems because of /etc/login.defs (\fBCREATE_HOME\fR) setting\&.
|
||||
.RE
|
||||
.PP
|
||||
\fB\-M\fR
|
||||
diff -up shadow-4.1.4.2/src/useradd.c.redhat shadow-4.1.4.2/src/useradd.c
|
||||
--- shadow-4.1.4.2/src/useradd.c.redhat 2009-06-06 00:16:58.000000000 +0200
|
||||
+++ shadow-4.1.4.2/src/useradd.c 2011-02-09 11:04:06.031036886 +0100
|
||||
@@ -90,7 +90,7 @@ char *Prog;
|
||||
static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
-static const char *def_shell = "";
|
||||
+static const char *def_shell = "/sbin/nologin";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "no";
|
||||
|
||||
@@ -102,7 +102,7 @@ static char def_file[] = USER_DEFAULTS_F
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
-static const char *user_pass = "!";
|
||||
+static const char *user_pass = "!!";
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -989,9 +989,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:",
|
||||
#else
|
||||
- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
|
||||
+ "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U",
|
||||
#endif
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1141,6 +1141,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
||||
+ case 'n':
|
||||
case 'N':
|
||||
Nflg = true;
|
||||
break;
|
|
@ -1,58 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/src/faillog.c.underflow shadow-4.1.4.3/src/faillog.c
|
||||
--- shadow-4.1.4.3/src/faillog.c.underflow 2011-02-13 12:58:16.000000000 -0500
|
||||
+++ shadow-4.1.4.3/src/faillog.c 2011-05-30 17:48:55.000000000 -0400
|
||||
@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
|
||||
return;
|
||||
}
|
||||
|
||||
- offset = pw->pw_uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ offset = (off_t) pw->pw_uid * sizeof (fl);
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid)
|
||||
off_t offset;
|
||||
struct faillog fl;
|
||||
|
||||
- offset = uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ offset = (off_t) uid * sizeof (fl);
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m
|
||||
struct faillog fl;
|
||||
|
||||
offset = (off_t) uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid,
|
||||
struct faillog fl;
|
||||
|
||||
offset = (off_t) uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
diff -up shadow-4.1.4.3/src/lastlog.c.underflow shadow-4.1.4.3/src/lastlog.c
|
||||
--- shadow-4.1.4.3/src/lastlog.c.underflow 2011-05-31 03:52:25.000000000 -0400
|
||||
+++ shadow-4.1.4.3/src/lastlog.c 2011-05-31 03:53:32.000000000 -0400
|
||||
@@ -102,9 +102,8 @@ static void print_one (/*@null@*/const s
|
||||
}
|
||||
|
||||
|
||||
- offset = pw->pw_uid * sizeof (ll);
|
||||
-
|
||||
- if (offset <= (statbuf.st_size - sizeof (ll))) {
|
||||
+ offset = (off_t) pw->pw_uid * sizeof (ll);
|
||||
+ if (offset + sizeof (ll) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (lastlogfile, offset, SEEK_SET);
|
||||
assert (0 == err);
|
|
@ -1,115 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/libmisc/find_new_gid.c.IDs shadow-4.1.4.3/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.4.3/libmisc/find_new_gid.c.IDs 2011-12-20 13:28:13.042668305 +0100
|
||||
+++ shadow-4.1.4.3/libmisc/find_new_gid.c 2011-12-20 13:35:40.011817589 +0100
|
||||
@@ -32,6 +32,7 @@
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
+#include <errno.h>
|
||||
|
||||
#include "prototypes.h"
|
||||
#include "groupio.h"
|
||||
@@ -65,8 +66,6 @@ int find_new_gid (bool sys_group,
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
}
|
||||
- used_gids = alloca (sizeof (bool) * (gid_max +1));
|
||||
- memset (used_gids, false, sizeof (bool) * (gid_max + 1));
|
||||
|
||||
if ( (NULL != preferred_gid)
|
||||
&& (*preferred_gid >= gid_min)
|
||||
@@ -80,6 +79,14 @@ int find_new_gid (bool sys_group,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ used_gids = malloc (sizeof (bool) * (gid_max +1));
|
||||
+ if(used_gids==NULL) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to allocate memory. %s\n"), Prog, strerror (errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ memset (used_gids, false, sizeof (bool) * (gid_max + 1));
|
||||
+
|
||||
/* if we did not find free preffered system gid, we start to look for
|
||||
* one in the range assigned to dynamic system IDs */
|
||||
if (sys_group)
|
||||
@@ -162,6 +169,7 @@ int find_new_gid (bool sys_group,
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN,
|
||||
"no more available GID on the system"));
|
||||
+ free(used_gids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -177,12 +185,14 @@ int find_new_gid (bool sys_group,
|
||||
_("%s: Can't get unique GID (no more available GIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available GID on the system"));
|
||||
+ free(used_gids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
*gid = group_id;
|
||||
+ free(used_gids);
|
||||
return 0;
|
||||
}
|
||||
|
||||
diff -up shadow-4.1.4.3/libmisc/find_new_uid.c.IDs shadow-4.1.4.3/libmisc/find_new_uid.c
|
||||
--- shadow-4.1.4.3/libmisc/find_new_uid.c.IDs 2011-02-13 18:58:11.000000000 +0100
|
||||
+++ shadow-4.1.4.3/libmisc/find_new_uid.c 2011-12-20 13:37:27.415023688 +0100
|
||||
@@ -32,6 +32,7 @@
|
||||
|
||||
#include <assert.h>
|
||||
#include <stdio.h>
|
||||
+#include <errno.h>
|
||||
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
@@ -65,8 +66,6 @@ int find_new_uid (bool sys_user,
|
||||
uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
|
||||
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
||||
}
|
||||
- used_uids = alloca (sizeof (bool) * (uid_max +1));
|
||||
- memset (used_uids, false, sizeof (bool) * (uid_max + 1));
|
||||
|
||||
if ( (NULL != preferred_uid)
|
||||
&& (*preferred_uid >= uid_min)
|
||||
@@ -80,6 +79,13 @@ int find_new_uid (bool sys_user,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ used_uids = malloc (sizeof (bool) * (uid_max +1));
|
||||
+ if(used_uids==NULL) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to allocate memory. %s\n"), Prog, strerror (errno));
|
||||
+ return -1;
|
||||
+ }
|
||||
+ memset (used_uids, false, sizeof (bool) * (uid_max + 1));
|
||||
|
||||
/*
|
||||
* Search the entire password file,
|
||||
@@ -158,6 +164,7 @@ int find_new_uid (bool sys_user,
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN,
|
||||
"no more available UID on the system"));
|
||||
+ free(used_uids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -173,12 +180,14 @@ int find_new_uid (bool sys_user,
|
||||
_("%s: Can't get unique UID (no more available UIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available UID on the system"));
|
||||
+ free(used_uids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
*uid = user_id;
|
||||
+ free(used_uids);
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,640 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/lib/Makefile.in.libsemanage shadow-4.1.4.3/lib/Makefile.in
|
||||
--- shadow-4.1.4.3/lib/Makefile.in.libsemanage 2011-02-15 23:18:15.000000000 +0100
|
||||
+++ shadow-4.1.4.3/lib/Makefile.in 2011-11-09 14:11:26.455362101 +0100
|
||||
@@ -52,7 +52,7 @@ am_libshadow_la_OBJECTS = commonio.lo en
|
||||
groupio.lo groupmem.lo gshadow.lo lockpw.lo nscd.lo port.lo \
|
||||
pwauth.lo pwio.lo pwmem.lo sgetgrent.lo sgetpwent.lo \
|
||||
sgetspent.lo sgroupio.lo shadow.lo shadowio.lo shadowmem.lo \
|
||||
- utent.lo
|
||||
+ utent.lo selinux.lo
|
||||
libshadow_la_OBJECTS = $(am_libshadow_la_OBJECTS)
|
||||
libshadow_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
|
||||
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
|
||||
@@ -202,7 +202,6 @@ libdir = @libdir@
|
||||
libexecdir = @libexecdir@
|
||||
localedir = @localedir@
|
||||
localstatedir = @localstatedir@
|
||||
-lt_ECHO = @lt_ECHO@
|
||||
mandir = @mandir@
|
||||
mkdir_p = @mkdir_p@
|
||||
oldincludedir = @oldincludedir@
|
||||
@@ -261,7 +260,8 @@ libshadow_la_SOURCES = \
|
||||
shadowio.c \
|
||||
shadowio.h \
|
||||
shadowmem.c \
|
||||
- utent.c
|
||||
+ utent.c \
|
||||
+ selinux.c
|
||||
|
||||
|
||||
# These files are unneeded for some reason, listed in
|
||||
@@ -349,6 +349,7 @@ distclean-compile:
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadow.Plo@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadowio.Plo@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/shadowmem.Plo@am__quote@
|
||||
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/selinux.Plo@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utent.Plo@am__quote@
|
||||
|
||||
.c.o:
|
||||
diff -up shadow-4.1.4.3/libmisc/Makefile.in.libsemanage shadow-4.1.4.3/libmisc/Makefile.in
|
||||
--- shadow-4.1.4.3/libmisc/Makefile.in.libsemanage 2011-02-15 23:18:16.000000000 +0100
|
||||
+++ shadow-4.1.4.3/libmisc/Makefile.in 2011-11-09 14:11:26.456362098 +0100
|
||||
@@ -64,7 +64,7 @@ am_libmisc_a_OBJECTS = addgrps.$(OBJEXT)
|
||||
pam_pass_non_interractive.$(OBJEXT) pwd2spwd.$(OBJEXT) \
|
||||
pwdcheck.$(OBJEXT) pwd_init.$(OBJEXT) rlogin.$(OBJEXT) \
|
||||
salt.$(OBJEXT) setugid.$(OBJEXT) setupenv.$(OBJEXT) \
|
||||
- shell.$(OBJEXT) system.$(OBJEXT) strtoday.$(OBJEXT) \
|
||||
+ shell.$(OBJEXT) strtoday.$(OBJEXT) \
|
||||
sub.$(OBJEXT) sulog.$(OBJEXT) ttytype.$(OBJEXT) tz.$(OBJEXT) \
|
||||
ulimit.$(OBJEXT) user_busy.$(OBJEXT) utmp.$(OBJEXT) \
|
||||
valid.$(OBJEXT) xgetpwnam.$(OBJEXT) xgetpwuid.$(OBJEXT) \
|
||||
@@ -284,7 +284,6 @@ libmisc_a_SOURCES = \
|
||||
setugid.c \
|
||||
setupenv.c \
|
||||
shell.c \
|
||||
- system.c \
|
||||
strtoday.c \
|
||||
sub.c \
|
||||
sulog.c \
|
||||
@@ -394,7 +393,6 @@ distclean-compile:
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtoday.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sub.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sulog.Po@am__quote@
|
||||
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/system.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ttytype.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tz.Po@am__quote@
|
||||
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ulimit.Po@am__quote@
|
||||
diff -up shadow-4.1.4.3/libmisc/system.c.libsemanage shadow-4.1.4.3/libmisc/system.c
|
||||
--- shadow-4.1.4.3/libmisc/system.c.libsemanage 2011-02-13 18:58:11.000000000 +0100
|
||||
+++ shadow-4.1.4.3/libmisc/system.c 2011-11-09 14:11:26.457362095 +0100
|
||||
@@ -1,72 +0,0 @@
|
||||
-/*
|
||||
- * Copyright (c) 2009 , Dan Walsh <dwalsh@redhat.com>
|
||||
- * All rights reserved.
|
||||
- *
|
||||
- * Redistribution and use in source and binary forms, with or without
|
||||
- * modification, are permitted provided that the following conditions
|
||||
- * are met:
|
||||
- * 1. Redistributions of source code must retain the above copyright
|
||||
- * notice, this list of conditions and the following disclaimer.
|
||||
- * 2. Redistributions in binary form must reproduce the above copyright
|
||||
- * notice, this list of conditions and the following disclaimer in the
|
||||
- * documentation and/or other materials provided with the distribution.
|
||||
- * 3. The name of the copyright holders or contributors may not be used to
|
||||
- * endorse or promote products derived from this software without
|
||||
- * specific prior written permission.
|
||||
- *
|
||||
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
- * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
- * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
- * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
- */
|
||||
-#include <config.h>
|
||||
-
|
||||
-#ident "$Id: system.c 2849 2009-04-30 21:08:49Z nekral-guest $"
|
||||
-
|
||||
-#include <stdio.h>
|
||||
-#include <sys/wait.h>
|
||||
-#include <fcntl.h>
|
||||
-#include "prototypes.h"
|
||||
-#include "defines.h"
|
||||
-
|
||||
-int safe_system (const char *command,
|
||||
- const char *argv[],
|
||||
- const char *env[],
|
||||
- int ignore_stderr)
|
||||
-{
|
||||
- int status = -1;
|
||||
- int fd;
|
||||
- pid_t pid;
|
||||
-
|
||||
- pid = fork();
|
||||
- if (pid < 0) {
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
- if (pid) { /* Parent */
|
||||
- if (waitpid (pid, &status, 0) > 0) {
|
||||
- return status;
|
||||
- } else {
|
||||
- return -1;
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- fd = open ("/dev/null", O_RDWR);
|
||||
- /* Child */
|
||||
- dup2 (fd, 0); // Close Stdin
|
||||
- if (ignore_stderr) {
|
||||
- dup2 (fd, 2); // Close Stderr
|
||||
- }
|
||||
-
|
||||
- execve (command, (char *const *) argv, (char *const *) env);
|
||||
- fprintf (stderr, _("Failed to exec '%s'\n"), argv[0]);
|
||||
- exit (EXIT_FAILURE);
|
||||
-}
|
||||
-
|
||||
diff -up shadow-4.1.4.3/lib/prototypes.h.libsemanage shadow-4.1.4.3/lib/prototypes.h
|
||||
--- shadow-4.1.4.3/lib/prototypes.h.libsemanage 2011-02-13 18:58:23.000000000 +0100
|
||||
+++ shadow-4.1.4.3/lib/prototypes.h 2011-11-09 14:11:26.457362095 +0100
|
||||
@@ -331,12 +331,6 @@ extern void spw_free (/*@out@*/ /*@only@
|
||||
/* shell.c */
|
||||
extern int shell (const char *file, /*@null@*/const char *arg, char *const envp[]);
|
||||
|
||||
-/* system.c */
|
||||
-extern int safe_system (const char *command,
|
||||
- const char *argv[],
|
||||
- const char *env[],
|
||||
- int ignore_stderr);
|
||||
-
|
||||
/* strtoday.c */
|
||||
extern long strtoday (const char *);
|
||||
|
||||
@@ -403,4 +397,8 @@ extern /*@null@*/ /*@only@*/struct spwd
|
||||
/* yesno.c */
|
||||
extern bool yes_or_no (bool read_only);
|
||||
|
||||
+/* selinux.c */
|
||||
+int set_seuser(const char *login_name, const char *seuser_name);
|
||||
+int del_seuser(const char *login_name);
|
||||
+
|
||||
#endif /* _PROTOTYPES_H */
|
||||
diff -up shadow-4.1.4.3/lib/selinux.c.libsemanage shadow-4.1.4.3/lib/selinux.c
|
||||
--- shadow-4.1.4.3/lib/selinux.c.libsemanage 2011-11-09 14:11:26.458362092 +0100
|
||||
+++ shadow-4.1.4.3/lib/selinux.c 2011-11-09 14:11:26.458362092 +0100
|
||||
@@ -0,0 +1,341 @@
|
||||
+/*
|
||||
+ shadow-utils
|
||||
+
|
||||
+ su-selinux.c
|
||||
+
|
||||
+ Copyright (C) Jakub Hrozek <jhrozek@redhat.com> 2010
|
||||
+ Copyright (C) Peter Vrabec <pvrabec@redhat.com> 2011
|
||||
+
|
||||
+ This program is free software; you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; either version 3 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful,
|
||||
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+ GNU General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
+*/
|
||||
+
|
||||
+#include <config.h>
|
||||
+
|
||||
+#include "defines.h"
|
||||
+
|
||||
+#include <stdio.h>
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <semanage/semanage.h>
|
||||
+
|
||||
+
|
||||
+#ifndef DEFAULT_SERANGE
|
||||
+#define DEFAULT_SERANGE "s0"
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
+static void semanage_error_callback(void *varg,
|
||||
+ semanage_handle_t *handle,
|
||||
+ const char *fmt, ...)
|
||||
+{
|
||||
+ int ret;
|
||||
+ char * message = NULL;
|
||||
+ va_list ap;
|
||||
+
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+ ret = vasprintf(&message, fmt, ap);
|
||||
+ va_end(ap);
|
||||
+ if (ret < 0) {
|
||||
+ /* ENOMEM */
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ switch (semanage_msg_get_level(handle)) {
|
||||
+ case SEMANAGE_MSG_ERR:
|
||||
+ case SEMANAGE_MSG_WARN:
|
||||
+ fprintf(stderr, "[libsemanage]: %s\n", message);
|
||||
+ break;
|
||||
+ case SEMANAGE_MSG_INFO:
|
||||
+ /* nop */
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ free(message);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static semanage_handle_t *semanage_init(void)
|
||||
+{
|
||||
+ int ret;
|
||||
+ semanage_handle_t *handle = NULL;
|
||||
+
|
||||
+ handle = semanage_handle_create();
|
||||
+ if (!handle) {
|
||||
+ fprintf(stderr, _("Cannot create SELinux management handle\n"));
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ semanage_msg_set_callback(handle, semanage_error_callback, NULL);
|
||||
+
|
||||
+ ret = semanage_is_managed(handle);
|
||||
+ if (ret != 1) {
|
||||
+ fprintf(stderr, _("SELinux policy not managed\n"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_access_check(handle);
|
||||
+ if (ret < SEMANAGE_CAN_READ) {
|
||||
+ fprintf(stderr, _("Cannot read SELinux policy store\n"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_connect(handle);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot estabilish SELinux management connection\n"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_begin_transaction(handle);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot begin SELinux transaction\n"));
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ return handle;
|
||||
+fail:
|
||||
+ semanage_handle_destroy(handle);
|
||||
+ return NULL;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int semanage_user_mod(semanage_handle_t *handle,
|
||||
+ semanage_seuser_key_t *key,
|
||||
+ const char *login_name,
|
||||
+ const char *seuser_name)
|
||||
+{
|
||||
+ int ret;
|
||||
+ semanage_seuser_t *seuser = NULL;
|
||||
+
|
||||
+ semanage_seuser_query(handle, key, &seuser);
|
||||
+ if (seuser == NULL) {
|
||||
+ fprintf(stderr, _("Could not query seuser for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not set serange for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not set sename for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_modify_local(handle, key, seuser);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not modify login mapping for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+done:
|
||||
+ semanage_seuser_free(seuser);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+static int semanage_user_add(semanage_handle_t *handle,
|
||||
+ semanage_seuser_key_t *key,
|
||||
+ const char *login_name,
|
||||
+ const char *seuser_name)
|
||||
+{
|
||||
+ int ret;
|
||||
+ semanage_seuser_t *seuser = NULL;
|
||||
+
|
||||
+ ret = semanage_seuser_create(handle, &seuser);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot create SELinux login mapping for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_set_name(handle, seuser, login_name);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not set name for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_set_mlsrange(handle, seuser, DEFAULT_SERANGE);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not set serange for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_set_sename(handle, seuser, seuser_name);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not set SELinux user for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_modify_local(handle, key, seuser);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not add login mapping for %s\n"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+done:
|
||||
+ semanage_seuser_free(seuser);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+int set_seuser(const char *login_name, const char *seuser_name)
|
||||
+{
|
||||
+ semanage_handle_t *handle = NULL;
|
||||
+ semanage_seuser_key_t *key = NULL;
|
||||
+ int ret;
|
||||
+ int seuser_exists = 0;
|
||||
+
|
||||
+ if (seuser_name == NULL) {
|
||||
+ /* don't care, just let system pick the defaults */
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ handle = semanage_init();
|
||||
+ if (!handle) {
|
||||
+ fprintf(stderr, _("Cannot init SELinux management\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_key_create(handle, login_name, &key);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot create SELinux user key\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_exists(handle, key, &seuser_exists);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr, _("Cannot verify the SELinux user\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (seuser_exists) {
|
||||
+ ret = semanage_user_mod(handle, key, login_name, seuser_name);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot modify SELinux user mapping\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ } else {
|
||||
+ ret = semanage_user_add(handle, key, login_name, seuser_name);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot add SELinux user mapping\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_commit(handle);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr,_("Cannot commit SELinux transaction\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+
|
||||
+done:
|
||||
+ semanage_seuser_key_free(key);
|
||||
+ semanage_handle_destroy(handle);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+
|
||||
+
|
||||
+
|
||||
+int del_seuser(const char *login_name)
|
||||
+{
|
||||
+ semanage_handle_t *handle = NULL;
|
||||
+ semanage_seuser_key_t *key = NULL;
|
||||
+ int ret;
|
||||
+ int exists = 0;
|
||||
+
|
||||
+ handle = semanage_init();
|
||||
+ if (!handle) {
|
||||
+ fprintf(stderr, _("Cannot init SELinux management\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_key_create(handle, login_name, &key);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Cannot create SELinux user key\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_exists(handle, key, &exists);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr, _("Cannot verify the SELinux user\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (!exists) {
|
||||
+ fprintf(stderr, _("Login mapping for %s is not defined, OK if default mapping was used\n"),
|
||||
+ login_name);
|
||||
+ ret = 0; /* probably default mapping */
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_exists_local(handle, key, &exists);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr, _("Cannot verify the SELinux user\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ if (!exists) {
|
||||
+ fprintf(stderr, _("Login mapping for %s is defined in policy, cannot be deleted\n"),
|
||||
+ login_name);
|
||||
+ ret = 0; /* Login mapping defined in policy can't be deleted */
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_seuser_del_local(handle, key);
|
||||
+ if (ret != 0) {
|
||||
+ fprintf(stderr, _("Could not delete login mapping for %s"), login_name);
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = semanage_commit(handle);
|
||||
+ if (ret < 0) {
|
||||
+ fprintf(stderr, _("Cannot commit SELinux transaction\n"));
|
||||
+ ret = 1;
|
||||
+ goto done;
|
||||
+ }
|
||||
+
|
||||
+ ret = 0;
|
||||
+done:
|
||||
+ semanage_handle_destroy(handle);
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
diff -up shadow-4.1.4.3/man/userdel.8.libsemanage shadow-4.1.4.3/man/userdel.8
|
||||
--- shadow-4.1.4.3/man/userdel.8.libsemanage 2011-11-09 14:19:27.772753117 +0100
|
||||
+++ shadow-4.1.4.3/man/userdel.8 2011-11-09 14:21:13.947365740 +0100
|
||||
@@ -243,6 +243,11 @@ can\*(Aqt update group file
|
||||
.RS 4
|
||||
can\*(Aqt remove home directory
|
||||
.RE
|
||||
+.PP
|
||||
+\fI14\fR
|
||||
+.RS 4
|
||||
+can\*(Aqt update SELinux user mapping
|
||||
+.PP
|
||||
.SH "CAVEATS"
|
||||
.PP
|
||||
|
||||
diff -up shadow-4.1.4.3/src/Makefile.in.libsemanage shadow-4.1.4.3/src/Makefile.in
|
||||
--- shadow-4.1.4.3/src/Makefile.in.libsemanage 2011-11-09 14:11:26.431362175 +0100
|
||||
+++ shadow-4.1.4.3/src/Makefile.in 2011-11-09 14:11:26.459362089 +0100
|
||||
@@ -431,9 +431,9 @@ su_SOURCES = \
|
||||
|
||||
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
||||
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage
|
||||
+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage
|
||||
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl -lsemanage
|
||||
vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
all: all-am
|
||||
|
||||
diff -up shadow-4.1.4.3/src/useradd.c.libsemanage shadow-4.1.4.3/src/useradd.c
|
||||
--- shadow-4.1.4.3/src/useradd.c.libsemanage 2011-11-09 14:11:26.424362196 +0100
|
||||
+++ shadow-4.1.4.3/src/useradd.c 2011-11-09 14:11:26.460362086 +0100
|
||||
@@ -1999,16 +1999,7 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg && *user_selinux) {
|
||||
if (is_selinux_enabled () > 0) {
|
||||
- const char *argv[7];
|
||||
-
|
||||
- argv[0] = "/usr/sbin/semanage";
|
||||
- argv[1] = "login";
|
||||
- argv[2] = "-a";
|
||||
- argv[3] = "-s";
|
||||
- argv[4] = user_selinux;
|
||||
- argv[5] = user_name;
|
||||
- argv[6] = NULL;
|
||||
- if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
+ if (set_seuser(user_name, user_selinux)) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
Prog, user_name, user_selinux);
|
||||
diff -up shadow-4.1.4.3/src/userdel.c.libsemanage shadow-4.1.4.3/src/userdel.c
|
||||
--- shadow-4.1.4.3/src/userdel.c.libsemanage 2011-11-09 14:11:26.425362193 +0100
|
||||
+++ shadow-4.1.4.3/src/userdel.c 2011-11-09 14:18:59.274855167 +0100
|
||||
@@ -70,6 +70,7 @@
|
||||
#define E_USER_BUSY 8 /* user currently logged in */
|
||||
#define E_GRP_UPDATE 10 /* can't update group file */
|
||||
#define E_HOMEDIR 12 /* can't remove home directory */
|
||||
+#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
|
||||
|
||||
/*
|
||||
* Global variables
|
||||
@@ -1002,13 +1003,17 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg) {
|
||||
if (is_selinux_enabled () > 0) {
|
||||
- const char *args[5];
|
||||
- args[0] = "/usr/sbin/semanage";
|
||||
- args[1] = "login";
|
||||
- args[2] = "-d";
|
||||
- args[3] = user_name;
|
||||
- args[4] = NULL;
|
||||
- safe_system (args[0], args, NULL, 1);
|
||||
+ if (del_seuser(user_name)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
|
||||
+ Prog, user_name);
|
||||
+ #ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
||||
+ "removing SELinux user mapping",
|
||||
+ user_name, (unsigned int) user_id, 0);
|
||||
+ #endif
|
||||
+ fail_exit (E_SE_UPDATE);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
#endif
|
||||
diff -up shadow-4.1.4.3/src/usermod.c.libsemanage shadow-4.1.4.3/src/usermod.c
|
||||
--- shadow-4.1.4.3/src/usermod.c.libsemanage 2011-11-09 14:11:26.426362190 +0100
|
||||
+++ shadow-4.1.4.3/src/usermod.c 2011-11-09 14:11:26.463362076 +0100
|
||||
@@ -1787,28 +1787,16 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_SELINUX
|
||||
if (Zflg && *user_selinux) {
|
||||
if (is_selinux_enabled () > 0) {
|
||||
- const char *argv[7];
|
||||
-
|
||||
- argv[0] = "/usr/sbin/semanage";
|
||||
- argv[1] = "login";
|
||||
- argv[2] = "-m";
|
||||
- argv[3] = "-s";
|
||||
- argv[4] = user_selinux;
|
||||
- argv[5] = user_name;
|
||||
- argv[6] = NULL;
|
||||
- if (safe_system (argv[0], argv, NULL, 1)) {
|
||||
- argv[2] = "-a";
|
||||
- if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
- Prog, user_name, user_selinux);
|
||||
+ if (set_seuser(user_name, user_selinux)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
+ Prog, user_name, user_selinux);
|
||||
#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
- "modifying User mapping ",
|
||||
- user_name, (unsigned int) user_id, 0);
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "modifying User mapping ",
|
||||
+ user_name, (unsigned int) user_id, 0);
|
||||
#endif
|
||||
- fail_exit (E_SE_UPDATE);
|
||||
- }
|
||||
+ fail_exit (E_SE_UPDATE);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/man/useradd.8.man shadow-4.1.4.3/man/useradd.8
|
||||
--- shadow-4.1.4.3/man/useradd.8.man 2011-11-09 14:30:51.402072168 +0100
|
||||
+++ shadow-4.1.4.3/man/useradd.8 2011-11-10 11:09:14.266810444 +0100
|
||||
@@ -220,12 +220,12 @@ Create the user\*(Aqs home directory if
|
||||
\fB\-k\fR
|
||||
option) will be copied to the home directory\&.
|
||||
.sp
|
||||
-The home directories are created by default on RHEL/Fedora systems because of /etc/login.defs (\fBCREATE_HOME\fR) setting\&.
|
||||
+useradd will create the home directory unless \fBCREATE_HOME\fR in /etc/login.defs is set to no\&.
|
||||
.RE
|
||||
.PP
|
||||
\fB\-M\fR
|
||||
.RS 4
|
||||
-Do no create the user\*(Aqs home directory, even if the system wide setting from
|
||||
+Do not create the user\*(Aqs home directory, even if the system wide setting from
|
||||
/etc/login\&.defs
|
||||
(\fBCREATE_HOME\fR) is set to
|
||||
\fIyes\fR\&.
|
||||
@@ -255,7 +255,7 @@ variable in
|
||||
Allow the creation of a user account with a duplicate (non\-unique) UID\&.
|
||||
.sp
|
||||
This option is only valid in combination with the
|
||||
-\fB\-o\fR
|
||||
+\fB\-u\fR
|
||||
option\&.
|
||||
.RE
|
||||
.PP
|
|
@ -1,32 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/man/ru/Makefile.in.nopam shadow-4.1.4.3/man/ru/Makefile.in
|
||||
--- shadow-4.1.4.3/man/ru/Makefile.in.nopam 2011-05-20 22:42:23.145018292 +0200
|
||||
+++ shadow-4.1.4.3/man/ru/Makefile.in 2011-05-20 22:43:56.654017229 +0200
|
||||
@@ -150,7 +150,6 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
||||
PACKAGE_NAME = @PACKAGE_NAME@
|
||||
PACKAGE_STRING = @PACKAGE_STRING@
|
||||
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||
-PACKAGE_URL = @PACKAGE_URL@
|
||||
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||
POSUB = @POSUB@
|
||||
@@ -222,13 +221,13 @@ target_alias = @target_alias@
|
||||
top_build_prefix = @top_build_prefix@
|
||||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
-man_MANS = $(man_nopam) chage.1 chfn.1 chgpasswd.8 chpasswd.8 chsh.1 \
|
||||
- expiry.1 faillog.5 faillog.8 getspnam.3 gpasswd.1 groupadd.8 \
|
||||
- groupdel.8 groupmems.8 groupmod.8 groups.1 grpck.8 grpconv.8 \
|
||||
- grpunconv.8 gshadow.5 lastlog.8 login.1 login.defs.5 logoutd.8 \
|
||||
- newgrp.1 newusers.8 nologin.8 passwd.1 passwd.5 pwck.8 \
|
||||
- pwconv.8 pwunconv.8 sg.1 shadow.3 shadow.5 su.1 suauth.5 \
|
||||
- useradd.8 userdel.8 usermod.8 vigr.8 vipw.8 $(am__append_1)
|
||||
+man_MANS = chage.1 chfn.1 chgpasswd.8 chpasswd.8 chsh.1 expiry.1 \
|
||||
+ faillog.5 faillog.8 getspnam.3 gpasswd.1 groupadd.8 groupdel.8 \
|
||||
+ groupmems.8 groupmod.8 groups.1 grpck.8 grpconv.8 grpunconv.8 \
|
||||
+ gshadow.5 lastlog.8 login.1 login.defs.5 logoutd.8 newgrp.1 \
|
||||
+ newusers.8 nologin.8 passwd.1 passwd.5 pwck.8 pwconv.8 \
|
||||
+ pwunconv.8 sg.1 shadow.3 shadow.5 su.1 suauth.5 useradd.8 \
|
||||
+ userdel.8 usermod.8 vigr.8 vipw.8 $(am__append_1)
|
||||
man_nopam = \
|
||||
limits.5 \
|
||||
login.access.5 \
|
|
@ -1,15 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/lib/commonio.c.selinux shadow-4.1.4.3/lib/commonio.c
|
||||
--- shadow-4.1.4.3/lib/commonio.c.selinux 2011-02-13 18:58:23.000000000 +0100
|
||||
+++ shadow-4.1.4.3/lib/commonio.c 2011-11-16 17:09:46.615837659 +0100
|
||||
@@ -921,10 +921,10 @@ int commonio_close (struct commonio_db *
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (db->scontext != NULL) {
|
||||
- if (NULL != old_context) {
|
||||
if (setfscreatecon (old_context) < 0) {
|
||||
errors++;
|
||||
}
|
||||
+ if (NULL != old_context) {
|
||||
freecon (old_context);
|
||||
old_context = NULL;
|
||||
}
|
|
@ -1,294 +0,0 @@
|
|||
diff -up shadow-4.1.4.3/man/useradd.8.semange shadow-4.1.4.3/man/useradd.8
|
||||
--- shadow-4.1.4.3/man/useradd.8.semange 2011-08-02 12:57:47.971838218 +0200
|
||||
+++ shadow-4.1.4.3/man/useradd.8 2011-08-02 12:57:47.985838145 +0200
|
||||
@@ -640,6 +640,11 @@ can\*(Aqt create home directory
|
||||
.RS 4
|
||||
can\*(Aqt create mail spool
|
||||
.RE
|
||||
+.PP
|
||||
+\fI14\fR
|
||||
+.RS 4
|
||||
+can\'t update SELinux user mapping
|
||||
+.RE
|
||||
.SH "SEE ALSO"
|
||||
.PP
|
||||
|
||||
diff -up shadow-4.1.4.3/man/userdel.8.semange shadow-4.1.4.3/man/userdel.8
|
||||
--- shadow-4.1.4.3/man/userdel.8.semange 2011-02-16 00:14:13.000000000 +0100
|
||||
+++ shadow-4.1.4.3/man/userdel.8 2011-08-02 12:57:47.985838145 +0200
|
||||
@@ -76,6 +76,11 @@ variable in the
|
||||
login\&.defs
|
||||
file\&.
|
||||
.RE
|
||||
+.PP
|
||||
+\fB\-Z\fR, \fB\-\-selinux-user\fR
|
||||
+.RS 4
|
||||
+Remove SELinux user assigned to the user´s login from SELinux login mapping.
|
||||
+.RE
|
||||
.SH "CONFIGURATION"
|
||||
.PP
|
||||
The following configuration variables in
|
||||
diff -up shadow-4.1.4.3/src/useradd.c.semange shadow-4.1.4.3/src/useradd.c
|
||||
--- shadow-4.1.4.3/src/useradd.c.semange 2011-08-02 12:57:47.968838234 +0200
|
||||
+++ shadow-4.1.4.3/src/useradd.c 2011-08-02 12:58:17.626684439 +0200
|
||||
@@ -164,6 +164,7 @@ static bool home_added = false;
|
||||
#define E_GRP_UPDATE 10 /* can't update group file */
|
||||
#define E_HOMEDIR 12 /* can't create home directory */
|
||||
#define E_MAIL_SPOOL 13 /* can't create mail spool */
|
||||
+#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
|
||||
|
||||
#define DGROUP "GROUP="
|
||||
#define HOME "HOME="
|
||||
@@ -181,9 +182,6 @@ static int set_defaults (void);
|
||||
static int get_groups (char *);
|
||||
static void usage (void);
|
||||
static void new_pwent (struct passwd *);
|
||||
-#ifdef WITH_SELINUX
|
||||
-static void selinux_update_mapping (void);
|
||||
-#endif
|
||||
|
||||
static long scale_age (long);
|
||||
static void new_spent (struct spwd *);
|
||||
@@ -1710,32 +1708,6 @@ static void usr_update (void)
|
||||
}
|
||||
}
|
||||
|
||||
-#ifdef WITH_SELINUX
|
||||
-static void selinux_update_mapping (void) {
|
||||
- if (is_selinux_enabled () <= 0) return;
|
||||
-
|
||||
- if (*user_selinux) { /* must be done after passwd write() */
|
||||
- const char *argv[7];
|
||||
- argv[0] = "/usr/sbin/semanage";
|
||||
- argv[1] = "login";
|
||||
- argv[2] = "-a";
|
||||
- argv[3] = "-s";
|
||||
- argv[4] = user_selinux;
|
||||
- argv[5] = user_name;
|
||||
- argv[6] = NULL;
|
||||
- if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
- Prog, user_name, user_selinux);
|
||||
-#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_ADD_USER, Prog,
|
||||
- "adding SELinux user mapping",
|
||||
- user_name, (unsigned int) user_id, 0);
|
||||
-#endif
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-#endif
|
||||
/*
|
||||
* create_home - create the user's home directory
|
||||
*
|
||||
@@ -2025,7 +1997,30 @@ int main (int argc, char **argv)
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
- selinux_update_mapping ();
|
||||
+ if (Zflg && *user_selinux) {
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ const char *argv[7];
|
||||
+
|
||||
+ argv[0] = "/usr/sbin/semanage";
|
||||
+ argv[1] = "login";
|
||||
+ argv[2] = "-a";
|
||||
+ argv[3] = "-s";
|
||||
+ argv[4] = user_selinux;
|
||||
+ argv[5] = user_name;
|
||||
+ argv[6] = NULL;
|
||||
+ if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
+ Prog, user_name, user_selinux);
|
||||
+ #ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
||||
+ "adding SELinux user mapping",
|
||||
+ user_name, (unsigned int) user_id, 0);
|
||||
+ #endif
|
||||
+ fail_exit (E_SE_UPDATE);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
#endif
|
||||
|
||||
nscd_flush_cache ("passwd");
|
||||
diff -up shadow-4.1.4.3/src/userdel.c.semange shadow-4.1.4.3/src/userdel.c
|
||||
--- shadow-4.1.4.3/src/userdel.c.semange 2011-02-13 18:58:16.000000000 +0100
|
||||
+++ shadow-4.1.4.3/src/userdel.c 2011-08-02 12:57:47.988838130 +0200
|
||||
@@ -82,6 +82,7 @@ static char *user_home;
|
||||
|
||||
static bool fflg = false;
|
||||
static bool rflg = false;
|
||||
+static bool Zflg = false;
|
||||
|
||||
static bool is_shadow_pwd;
|
||||
|
||||
@@ -120,6 +121,9 @@ static void usage (void)
|
||||
" even if not owned by user\n"
|
||||
" -h, --help display this help message and exit\n"
|
||||
" -r, --remove remove home directory and mail spool\n"
|
||||
+#ifdef WITH_SELINUX
|
||||
+ " -Z, --selinux-user remove SELinux user from SELinux user mapping\n"
|
||||
+#endif
|
||||
"\n"), stderr);
|
||||
exit (E_USAGE);
|
||||
}
|
||||
@@ -766,9 +770,17 @@ int main (int argc, char **argv)
|
||||
{"force", no_argument, NULL, 'f'},
|
||||
{"help", no_argument, NULL, 'h'},
|
||||
{"remove", no_argument, NULL, 'r'},
|
||||
+#ifdef WITH_SELINUX
|
||||
+ {"selinux-user", required_argument, NULL, 'Z'},
|
||||
+#endif
|
||||
{NULL, 0, NULL, '\0'}
|
||||
};
|
||||
- while ((c = getopt_long (argc, argv, "fhr",
|
||||
+ while ((c = getopt_long (argc, argv,
|
||||
+#ifdef WITH_SELINUX
|
||||
+ "fhrZ",
|
||||
+#else
|
||||
+ "fhr",
|
||||
+#endif
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
case 'f': /* force remove even if not owned by user */
|
||||
@@ -777,6 +789,19 @@ int main (int argc, char **argv)
|
||||
case 'r': /* remove home dir and mailbox */
|
||||
rflg = true;
|
||||
break;
|
||||
+#ifdef WITH_SELINUX
|
||||
+ case 'Z':
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ Zflg = true;
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: -Z requires SELinux enabled kernel\n"),
|
||||
+ Prog);
|
||||
+
|
||||
+ exit (E_BAD_ARG);
|
||||
+ }
|
||||
+ break;
|
||||
+#endif
|
||||
default:
|
||||
usage ();
|
||||
}
|
||||
@@ -975,14 +1000,16 @@ int main (int argc, char **argv)
|
||||
#endif
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
- if (is_selinux_enabled () > 0) {
|
||||
- const char *args[5];
|
||||
- args[0] = "/usr/sbin/semanage";
|
||||
- args[1] = "login";
|
||||
- args[2] = "-d";
|
||||
- args[3] = user_name;
|
||||
- args[4] = NULL;
|
||||
- safe_system (args[0], args, NULL, 1);
|
||||
+ if (Zflg) {
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ const char *args[5];
|
||||
+ args[0] = "/usr/sbin/semanage";
|
||||
+ args[1] = "login";
|
||||
+ args[2] = "-d";
|
||||
+ args[3] = user_name;
|
||||
+ args[4] = NULL;
|
||||
+ safe_system (args[0], args, NULL, 1);
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
|
||||
diff -up shadow-4.1.4.3/src/usermod.c.semange shadow-4.1.4.3/src/usermod.c
|
||||
--- shadow-4.1.4.3/src/usermod.c.semange 2011-02-13 18:58:16.000000000 +0100
|
||||
+++ shadow-4.1.4.3/src/usermod.c 2011-08-02 12:57:47.989838125 +0200
|
||||
@@ -82,6 +82,9 @@
|
||||
#define E_GRP_UPDATE 10 /* can't update group file */
|
||||
/* #define E_NOSPACE 11 insufficient space to move home dir */
|
||||
#define E_HOMEDIR 12 /* unable to complete home dir move */
|
||||
+#define E_SE_UPDATE 13 /* can't update SELinux user mapping */
|
||||
+
|
||||
+
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
/*
|
||||
* Global variables
|
||||
@@ -151,9 +154,6 @@ static void date_to_str (char *buf, size
|
||||
static int get_groups (char *);
|
||||
static void usage (void);
|
||||
static void new_pwent (struct passwd *);
|
||||
-#ifdef WITH_SELINUX
|
||||
-static void selinux_update_mapping (void);
|
||||
-#endif
|
||||
|
||||
static void new_spent (struct spwd *);
|
||||
static void fail_exit (int);
|
||||
@@ -1785,8 +1785,32 @@ int main (int argc, char **argv)
|
||||
nscd_flush_cache ("group");
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
- if (Zflg) {
|
||||
- selinux_update_mapping ();
|
||||
+ if (Zflg && *user_selinux) {
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ const char *argv[7];
|
||||
+
|
||||
+ argv[0] = "/usr/sbin/semanage";
|
||||
+ argv[1] = "login";
|
||||
+ argv[2] = "-m";
|
||||
+ argv[3] = "-s";
|
||||
+ argv[4] = user_selinux;
|
||||
+ argv[5] = user_name;
|
||||
+ argv[6] = NULL;
|
||||
+ if (safe_system (argv[0], argv, NULL, 1)) {
|
||||
+ argv[2] = "-a";
|
||||
+ if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
+ Prog, user_name, user_selinux);
|
||||
+ #ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "modifying User mapping ",
|
||||
+ user_name, (unsigned int) user_id, 0);
|
||||
+ #endif
|
||||
+ fail_exit (E_SE_UPDATE);
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -1816,34 +1840,3 @@ int main (int argc, char **argv)
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
-#ifdef WITH_SELINUX
|
||||
-static void selinux_update_mapping (void) {
|
||||
- const char *argv[7];
|
||||
-
|
||||
- if (is_selinux_enabled () <= 0) return;
|
||||
-
|
||||
- if (*user_selinux) {
|
||||
- argv[0] = "/usr/sbin/semanage";
|
||||
- argv[1] = "login";
|
||||
- argv[2] = "-m";
|
||||
- argv[3] = "-s";
|
||||
- argv[4] = user_selinux;
|
||||
- argv[5] = user_name;
|
||||
- argv[6] = NULL;
|
||||
- if (safe_system (argv[0], argv, NULL, 1)) {
|
||||
- argv[2] = "-a";
|
||||
- if (safe_system (argv[0], argv, NULL, 0)) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
- Prog, user_name, user_selinux);
|
||||
-#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
- "modifying User mapping ",
|
||||
- user_name, (unsigned int) user_id, 0);
|
||||
-#endif
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-}
|
||||
-#endif
|
||||
-
|
|
@ -1,6 +1,6 @@
|
|||
diff -up shadow-4.1.4.3/libmisc/chkname.c.goodname shadow-4.1.4.3/libmisc/chkname.c
|
||||
--- shadow-4.1.4.3/libmisc/chkname.c.goodname 2011-02-13 18:58:11.000000000 +0100
|
||||
+++ shadow-4.1.4.3/libmisc/chkname.c 2011-05-18 20:38:50.639341048 +0200
|
||||
diff -up shadow-4.1.5/libmisc/chkname.c.goodname shadow-4.1.5/libmisc/chkname.c
|
||||
--- shadow-4.1.5/libmisc/chkname.c.goodname 2009-04-28 21:14:04.000000000 +0200
|
||||
+++ shadow-4.1.5/libmisc/chkname.c 2012-03-19 09:52:12.910605026 +0100
|
||||
@@ -49,20 +49,28 @@
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
|
@ -40,24 +40,24 @@ diff -up shadow-4.1.4.3/libmisc/chkname.c.goodname shadow-4.1.4.3/libmisc/chknam
|
|||
return false;
|
||||
}
|
||||
}
|
||||
diff -up shadow-4.1.4.3/man/groupadd.8.goodname shadow-4.1.4.3/man/groupadd.8
|
||||
--- shadow-4.1.4.3/man/groupadd.8.goodname 2011-02-16 00:12:34.000000000 +0100
|
||||
+++ shadow-4.1.4.3/man/groupadd.8 2011-05-18 20:42:53.204324534 +0200
|
||||
@@ -162,9 +162,7 @@ Shadow password suite configuration\&.
|
||||
diff -up shadow-4.1.5/man/groupadd.8.goodname shadow-4.1.5/man/groupadd.8
|
||||
--- shadow-4.1.5/man/groupadd.8.goodname 2012-02-12 22:27:42.000000000 +0100
|
||||
+++ shadow-4.1.5/man/groupadd.8 2012-03-19 09:56:17.113723732 +0100
|
||||
@@ -181,9 +181,7 @@ Shadow password suite configuration\&.
|
||||
.RE
|
||||
.SH "CAVEATS"
|
||||
.PP
|
||||
-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
|
||||
-.PP
|
||||
-Groupnames may only be up to characters long\&.
|
||||
-Groupnames may only be up to 16 characters long\&.
|
||||
+Groupnames may only be up to 32 characters long\&.
|
||||
.PP
|
||||
You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
|
||||
.PP
|
||||
diff -up shadow-4.1.4.3/man/useradd.8.goodname shadow-4.1.4.3/man/useradd.8
|
||||
--- shadow-4.1.4.3/man/useradd.8.goodname 2011-05-18 20:38:50.635376546 +0200
|
||||
+++ shadow-4.1.4.3/man/useradd.8 2011-05-18 20:38:50.641332694 +0200
|
||||
@@ -414,8 +414,6 @@ Similarly, if the username already exist
|
||||
diff -up shadow-4.1.5/man/useradd.8.goodname shadow-4.1.5/man/useradd.8
|
||||
--- shadow-4.1.5/man/useradd.8.goodname 2012-02-12 22:28:02.000000000 +0100
|
||||
+++ shadow-4.1.5/man/useradd.8 2012-03-19 09:52:12.911605018 +0100
|
||||
@@ -421,8 +421,6 @@ Similarly, if the username already exist
|
||||
\fBuseradd\fR
|
||||
will deny the user account creation request\&.
|
||||
.PP
|
45
shadow-4.1.5-grremove.patch
Normal file
45
shadow-4.1.5-grremove.patch
Normal file
|
@ -0,0 +1,45 @@
|
|||
diff -up shadow-4.1.5/src/userdel.c.grremove shadow-4.1.5/src/userdel.c
|
||||
--- shadow-4.1.5/src/userdel.c.grremove 2012-03-20 12:19:13.260854838 +0100
|
||||
+++ shadow-4.1.5/src/userdel.c 2012-03-20 12:38:26.235622957 +0100
|
||||
@@ -333,22 +333,22 @@ static void remove_usergroup (void)
|
||||
* We can remove this group, it is not the primary
|
||||
* group of any remaining user.
|
||||
*/
|
||||
- if (gr_remove (grp->gr_name) == 0) {
|
||||
+ if (gr_remove (user_name) == 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot remove entry '%s' from %s\n"),
|
||||
- Prog, grp->gr_name, gr_dbname ());
|
||||
+ Prog, user_name, gr_dbname ());
|
||||
fail_exit (E_GRP_UPDATE);
|
||||
}
|
||||
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_GROUP, Prog,
|
||||
"deleting group",
|
||||
- grp->gr_name, AUDIT_NO_ID,
|
||||
+ user_name, AUDIT_NO_ID,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
#endif /* WITH_AUDIT */
|
||||
SYSLOG ((LOG_INFO,
|
||||
"removed group '%s' owned by '%s'\n",
|
||||
- grp->gr_name, user_name));
|
||||
+ user_name, user_name));
|
||||
|
||||
#ifdef SHADOWGRP
|
||||
if (sgr_locate (user_name) != NULL) {
|
||||
@@ -361,12 +361,12 @@ static void remove_usergroup (void)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_DEL_GROUP, Prog,
|
||||
"deleting shadow group",
|
||||
- grp->gr_name, AUDIT_NO_ID,
|
||||
+ user_name, AUDIT_NO_ID,
|
||||
SHADOW_AUDIT_SUCCESS);
|
||||
#endif /* WITH_AUDIT */
|
||||
SYSLOG ((LOG_INFO,
|
||||
"removed shadow group '%s' owned by '%s'\n",
|
||||
- grp->gr_name, user_name));
|
||||
+ user_name, user_name));
|
||||
|
||||
}
|
||||
#endif /* SHADOWGRP */
|
12
shadow-4.1.5-man.patch
Normal file
12
shadow-4.1.5-man.patch
Normal file
|
@ -0,0 +1,12 @@
|
|||
diff -up shadow-4.1.5/man/useradd.8.man shadow-4.1.5/man/useradd.8
|
||||
--- shadow-4.1.5/man/useradd.8.man 2012-03-19 13:06:48.000000000 +0100
|
||||
+++ shadow-4.1.5/man/useradd.8 2012-03-19 13:07:44.540169270 +0100
|
||||
@@ -215,7 +215,7 @@ is not enabled, no home directories are
|
||||
.PP
|
||||
\fB\-M\fR
|
||||
.RS 4
|
||||
-Do no create the user\*(Aqs home directory, even if the system wide setting from
|
||||
+Do not create the user\*(Aqs home directory, even if the system wide setting from
|
||||
/etc/login\&.defs
|
||||
(\fBCREATE_HOME\fR) is set to
|
||||
\fIyes\fR\&.
|
42
shadow-4.1.5-redhat.patch
Normal file
42
shadow-4.1.5-redhat.patch
Normal file
|
@ -0,0 +1,42 @@
|
|||
diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8
|
||||
diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
|
||||
--- shadow-4.1.5/src/useradd.c.redhat 2011-12-09 23:23:15.000000000 +0100
|
||||
+++ shadow-4.1.5/src/useradd.c 2012-03-19 09:50:05.227588669 +0100
|
||||
@@ -93,7 +93,7 @@ const char *Prog;
|
||||
static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
-static const char *def_shell = "";
|
||||
+static const char *def_shell = "/sbin/nologin";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "no";
|
||||
|
||||
@@ -103,7 +103,7 @@ static const char *def_expire = "";
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
-static const char *user_pass = "!";
|
||||
+static const char *user_pass = "!!";
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
||||
+ case 'n':
|
||||
case 'N':
|
||||
Nflg = true;
|
||||
break;
|
|
@ -1,16 +1,16 @@
|
|||
diff -up shadow-4.1.4.3/libmisc/find_new_gid.c.uflg shadow-4.1.4.3/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.4.3/libmisc/find_new_gid.c.uflg 2011-05-20 21:18:24.474018778 +0200
|
||||
+++ shadow-4.1.4.3/libmisc/find_new_gid.c 2011-05-20 21:18:43.178018729 +0200
|
||||
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
|
||||
gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||
diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.5/libmisc/find_new_gid.c.uflg 2011-07-30 01:10:27.000000000 +0200
|
||||
+++ shadow-4.1.5/libmisc/find_new_gid.c 2012-03-19 12:51:46.090554116 +0100
|
||||
@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group,
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
+ gid_min = (gid_t) 1;
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
}
|
||||
@@ -80,6 +80,10 @@ int find_new_gid (bool sys_group,
|
||||
if (gid_max < gid_min) {
|
||||
@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group,
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -1,29 +1,18 @@
|
|||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.1.4.3
|
||||
Release: 14%{?dist}
|
||||
Version: 4.1.5
|
||||
Release: 1%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
|
||||
Source1: shadow-utils.login.defs
|
||||
Source2: shadow-utils.useradd
|
||||
Patch0: shadow-4.1.4.2-redhat.patch
|
||||
Patch1: shadow-4.1.4.3-goodname.patch
|
||||
Patch2: shadow-4.1.4.2-leak.patch
|
||||
Patch3: shadow-4.1.4.2-fixes.patch
|
||||
Patch4: shadow-4.1.4.2-infoParentDir.patch
|
||||
Patch5: shadow-4.1.4.3-semange.patch
|
||||
Patch6: shadow-4.1.4.2-acl.patch
|
||||
Patch7: shadow-4.1.4.2-underflow.patch
|
||||
Patch8: shadow-4.1.4.3-uflg.patch
|
||||
Patch9: shadow-4.1.4.2-gshadow.patch
|
||||
Patch10: shadow-4.1.4.3-nopam.patch
|
||||
Patch11: shadow-4.1.4.3-IDs.patch
|
||||
#696213 #674878 #739147
|
||||
Patch12: shadow-4.1.4.3-man.patch
|
||||
#749205
|
||||
Patch13: shadow-4.1.4.3-libsemanage.patch
|
||||
Patch14: shadow-4.1.4.3-selinux.patch
|
||||
Patch0: shadow-4.1.5-redhat.patch
|
||||
Patch1: shadow-4.1.5-goodname.patch
|
||||
Patch2: shadow-4.1.4.2-infoParentDir.patch
|
||||
Patch3: shadow-4.1.5-uflg.patch
|
||||
Patch4: shadow-4.1.5-man.patch
|
||||
Patch5: shadow-4.1.5-grremove.patch
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
|
@ -54,19 +43,11 @@ are used for managing group accounts.
|
|||
%setup -q -n shadow-%{version}
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .leak
|
||||
%patch3 -p1 -b .fixes
|
||||
%patch4 -p1 -b .infoParentDir
|
||||
%patch5 -p1 -b .semange
|
||||
%patch6 -p1 -b .acl
|
||||
%patch7 -p1 -b .underflow
|
||||
%patch8 -p1 -b .uflg
|
||||
%patch9 -p1 -b .gshadow
|
||||
%patch10 -p1 -b .nopam
|
||||
%patch11 -p1 -b .IDs
|
||||
%patch12 -p1 -b .man
|
||||
%patch13 -p1 -b .libsemanage
|
||||
%patch14 -p1 -b .selinux
|
||||
%patch2 -p1 -b .infoParentDir
|
||||
%patch3 -p1 -b .uflg
|
||||
%patch4 -p1 -b .man
|
||||
%patch5 -p1 -b .grremove
|
||||
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
|
@ -176,23 +157,6 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
|||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
done
|
||||
|
||||
# Make sure old configuration files specifying UID_MIN=500 are not overwritten
|
||||
# on upgrades. Remove the scriptlets after upgrades from Fedora 15 are no
|
||||
# longer supported.
|
||||
%pre
|
||||
if [ "$1" -gt 1 ]; then
|
||||
hash=$(md5sum %{_sysconfdir}/login.defs | cut -d ' ' -f 1)
|
||||
if [ "$hash" = 111354806cbbee33a73fa4d538055510 ]; then
|
||||
cp -a %{_sysconfdir}/login.defs{,.rpm-saved-in-pre}
|
||||
fi
|
||||
fi
|
||||
|
||||
%post
|
||||
if [ -e %{_sysconfdir}/login.defs.rpm-saved-in-pre ]; then
|
||||
mv %{_sysconfdir}/login.defs{,.rpmnew}
|
||||
mv %{_sysconfdir}/login.defs{.rpm-saved-in-pre,}
|
||||
fi
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
|
@ -238,6 +202,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%changelog
|
||||
* Mon Mar 19 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.5-1
|
||||
- upgrade
|
||||
|
||||
* Tue Feb 07 2012 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.3-14
|
||||
- compile with PIE and RELRO flags (#784349)
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
b8608d8294ac88974f27b20f991c0e79 shadow-4.1.4.3.tar.bz2
|
||||
d5f7a588fadb79faeb4b08b1eee82e9a shadow-4.1.5.tar.bz2
|
||||
|
|
Loading…
Reference in a new issue