vbatts/shadow-utils-newxidmap
1
0
Fork 0
Code Issues Pull requests Releases Activity

Update patches for rebase

Browse source
This commit is contained in:
Tomas Mraz 2016-08-23 16:06:06 +02:00
parent f8ab516d30
commit 6c18d5356b
6 changed files with 134 additions and 452 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

249
shadow-4.2.1-lastlog-unexpire.patch
View file

@ -1,249 +0,0 @@
diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100
@@ -105,6 +105,17 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-C</option>, <option>--clear</option>
+ </term>
+ <listitem>
+ <para>
+ Clear lastlog record of an user. This option can be used only together
+ with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
@@ -123,6 +134,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-S</option>, <option>--set</option>
+ </term>
+ <listitem>
+ <para>
+ Set lastlog record of an user to the current time. This option can be
+ used only together with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
<option>-t</option>, <option>--time</option>&nbsp;<replaceable>DAYS</replaceable>
diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100
@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf
static bool uflg = false; /* print only an user of range of users */
static bool tflg = false; /* print is restricted to most recent days */
static bool bflg = false; /* print excludes most recent days */
+static bool Cflg = false; /* clear record for user */
+static bool Sflg = false; /* set record for user */
#define NOW (time ((time_t *) 0))
@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
"Options:\n"),
Prog);
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
(void) fputs ("\n", usageout);
@@ -194,6 +198,80 @@ static void print (void)
}
}
+static void update_one (/*@null@*/const struct passwd *pw)
+{
+ off_t offset;
+ struct lastlog ll;
+ int err;
+
+ if (NULL == pw) {
+ return;
+ }
+
+ offset = (off_t) pw->pw_uid * sizeof (ll);
+ /* fseeko errors are not really relevant for us. */
+ err = fseeko (lastlogfile, offset, SEEK_SET);
+ assert (0 == err);
+
+ memzero (&ll, sizeof (ll));
+
+ if (Sflg) {
+ ll.ll_time = NOW;
+#ifdef HAVE_LL_HOST
+ strcpy (ll.ll_host, "localhost");
+#endif
+ strcpy (ll.ll_line, "lastlog");
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "clearing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+#endif
+ }
+#ifdef WITH_AUDIT
+ else {
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "refreshing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ }
+#endif
+
+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
+ fprintf (stderr,
+ _("%s: Failed to update the entry for UID %lu\n"),
+ Prog, (unsigned long int)pw->pw_uid);
+ exit (EXIT_FAILURE);
+ }
+}
+
+static void update (void)
+{
+ const struct passwd *pwent;
+
+ if (!uflg) /* safety measure */
+ return;
+
+ if (has_umin && has_umax && (umin == umax)) {
+ update_one (getpwuid ((uid_t)umin));
+ } else {
+ setpwent ();
+ while ( (pwent = getpwent ()) != NULL ) {
+ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
+ continue;
+ }
+ update_one (pwent);
+ }
+ endpwent ();
+ }
+
+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
+ fprintf (stderr,
+ _("%s: Failed to update the lastlog file\n"),
+ Prog);
+ exit (EXIT_FAILURE);
+ }
+}
+
int main (int argc, char **argv)
{
/*
@@ -208,18 +286,24 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv);
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+
{
int c;
static struct option const longopts[] = {
{"before", required_argument, NULL, 'b'},
+ {"clear", no_argument, NULL, 'C'},
{"help", no_argument, NULL, 'h'},
{"root", required_argument, NULL, 'R'},
+ {"set", no_argument, NULL, 'S'},
{"time", required_argument, NULL, 't'},
{"user", required_argument, NULL, 'u'},
{NULL, 0, NULL, '\0'}
};
- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
NULL)) != -1) {
switch (c) {
case 'b':
@@ -235,11 +319,21 @@ int main (int argc, char **argv)
bflg = true;
break;
}
+ case 'C':
+ {
+ Cflg = true;
+ break;
+ }
case 'h':
usage (EXIT_SUCCESS);
/*@notreached@*/break;
case 'R': /* no-op, handled in process_root_flag () */
break;
+ case 'S':
+ {
+ Sflg = true;
+ break;
+ }
case 't':
{
unsigned long days;
@@ -294,9 +388,21 @@ int main (int argc, char **argv)
Prog, argv[optind]);
usage (EXIT_FAILURE);
}
+ if (Cflg && Sflg) {
+ fprintf (stderr,
+ _("%s: Option -C cannot be used together with option -S\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
+ if ((Cflg || Sflg) && !uflg) {
+ fprintf (stderr,
+ _("%s: Options -C and -S require option -u to specify the user\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
}
- lastlogfile = fopen (LASTLOG_FILE, "r");
+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
if (NULL == lastlogfile) {
perror (LASTLOG_FILE);
exit (EXIT_FAILURE);
@@ -310,7 +416,10 @@ int main (int argc, char **argv)
exit (EXIT_FAILURE);
}
- print ();
+ if (Cflg || Sflg)
+ update ();
+ else
+ print ();
(void) fclose (lastlogfile);
diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200
+++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100
@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
login_SOURCES = \
login.c \
login_nopam.c
diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200
+++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100
@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
$(top_builddir)/lib/libshadow.la
lastlog_SOURCES = lastlog.c
lastlog_OBJECTS = lastlog.$(OBJEXT)
-lastlog_LDADD = $(LDADD)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la

48
shadow-4.2.1-user-busy.patch
View file

@ -1,48 +0,0 @@
From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001
From: Bastian Blank <bastian.blank@credativ.de>
Date: Tue, 17 Nov 2015 10:52:24 -0600
Subject: [PATCH] Fix user busy errors at userdel
From: Bastian Blank <bastian.blank@credativ.de>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
libmisc/user_busy.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
index db7174a..0db32c3 100644
--- a/libmisc/user_busy.c
+++ b/libmisc/user_busy.c
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (stat ("/", &sbroot) != 0) {
perror ("stat (\"/\")");
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
return 0;
}
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (check_status (name, tmp_d_name, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
}
if (check_status (name, task_path+6, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
--
2.5.0

190
shadow-4.2.1-audit-update.patch → shadow-4.3.1-audit-update.patch
View file

@ -1,6 +1,6 @@
diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/audit_help.c
--- shadow-4.2.1/libmisc/audit_help.c.audit-update 2014-03-01 18:50:05.000000000 +0100
+++ shadow-4.2.1/libmisc/audit_help.c 2014-11-26 15:06:24.663660558 +0100
diff -up shadow-4.3.1/libmisc/audit_help.c.audit-update shadow-4.3.1/libmisc/audit_help.c
--- shadow-4.3.1/libmisc/audit_help.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/libmisc/audit_help.c 2016-08-22 17:21:15.442291139 +0200
@@ -68,7 +68,7 @@ void audit_help_open (void)
* This function will log a message to the audit system using a predefined
* message format. Parameter usage is as follows:
@ -50,9 +50,9 @@ diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/aud
void audit_logger_message (const char *message, shadow_audit_result result)
{
if (audit_fd < 0) {
diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/cleanup_group.c
--- shadow-4.2.1/libmisc/cleanup_group.c.audit-update 2014-03-01 18:50:05.000000000 +0100
+++ shadow-4.2.1/libmisc/cleanup_group.c 2014-11-26 15:06:24.663660558 +0100
diff -up shadow-4.3.1/libmisc/cleanup_group.c.audit-update shadow-4.3.1/libmisc/cleanup_group.c
--- shadow-4.3.1/libmisc/cleanup_group.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/libmisc/cleanup_group.c 2016-08-22 17:21:15.443291142 +0200
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
gr_dbname (),
info->action));
@ -131,9 +131,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/
SHADOW_AUDIT_FAILURE);
#endif
}
diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/cleanup_user.c
--- shadow-4.2.1/libmisc/cleanup_user.c.audit-update 2014-03-01 18:50:05.000000000 +0100
+++ shadow-4.2.1/libmisc/cleanup_user.c 2014-11-26 15:06:24.663660558 +0100
diff -up shadow-4.3.1/libmisc/cleanup_user.c.audit-update shadow-4.3.1/libmisc/cleanup_user.c
--- shadow-4.3.1/libmisc/cleanup_user.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/libmisc/cleanup_user.c 2016-08-22 17:21:15.443291142 +0200
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
pw_dbname (),
info->action));
@ -181,9 +181,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/c
SHADOW_AUDIT_FAILURE);
#endif
}
diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.h
--- shadow-4.2.1/lib/prototypes.h.audit-update 2014-11-26 15:06:24.644660498 +0100
+++ shadow-4.2.1/lib/prototypes.h 2014-11-26 15:06:24.663660558 +0100
diff -up shadow-4.3.1/lib/prototypes.h.audit-update shadow-4.3.1/lib/prototypes.h
--- shadow-4.3.1/lib/prototypes.h.audit-update 2016-08-22 17:21:15.406291044 +0200
+++ shadow-4.3.1/lib/prototypes.h 2016-08-22 17:21:15.443291142 +0200
@@ -208,12 +208,21 @@ extern int audit_fd;
extern void audit_help_open (void);
/* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
@ -206,9 +206,9 @@ diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.
void audit_logger_message (const char *message, shadow_audit_result result);
#endif
diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
--- shadow-4.2.1/src/gpasswd.c.audit-update 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/gpasswd.c 2014-11-26 15:06:24.664660561 +0100
diff -up shadow-4.3.1/src/gpasswd.c.audit-update shadow-4.3.1/src/gpasswd.c
--- shadow-4.3.1/src/gpasswd.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/gpasswd.c 2016-08-22 17:21:15.444291144 +0200
@@ -137,7 +137,7 @@ static void usage (int status)
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
@ -218,7 +218,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
(void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout);
(void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout);
#ifdef SHADOWGRP
@@ -397,21 +397,14 @@ static void open_files (void)
@@ -396,21 +396,14 @@ static void open_files (void)
static void log_gpasswd_failure (const char *suffix)
{
@ -243,7 +243,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
} else if (dflg) {
@@ -419,13 +412,9 @@ static void log_gpasswd_failure (const c
@@ -418,13 +411,9 @@ static void log_gpasswd_failure (const c
"%s failed to remove user %s from group %s%s",
myname, user, group, suffix));
#ifdef WITH_AUDIT
@ -260,7 +260,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
} else if (rflg) {
@@ -433,13 +422,9 @@ static void log_gpasswd_failure (const c
@@ -432,13 +421,9 @@ static void log_gpasswd_failure (const c
"%s failed to remove password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
@ -277,7 +277,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
} else if (Rflg) {
@@ -447,13 +432,9 @@ static void log_gpasswd_failure (const c
@@ -446,13 +431,9 @@ static void log_gpasswd_failure (const c
"%s failed to restrict access to group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
@ -294,7 +294,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
} else if (Aflg || Mflg) {
@@ -463,13 +444,9 @@ static void log_gpasswd_failure (const c
@@ -462,13 +443,9 @@ static void log_gpasswd_failure (const c
"%s failed to set the administrators of group %s to %s%s",
myname, group, admins, suffix));
#ifdef WITH_AUDIT
@ -311,7 +311,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -479,13 +456,9 @@ static void log_gpasswd_failure (const c
@@ -478,13 +455,9 @@ static void log_gpasswd_failure (const c
"%s failed to set the members of group %s to %s%s",
myname, group, members, suffix));
#ifdef WITH_AUDIT
@ -328,7 +328,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -494,13 +467,9 @@ static void log_gpasswd_failure (const c
@@ -493,13 +466,9 @@ static void log_gpasswd_failure (const c
"%s failed to change password of group %s%s",
myname, group, suffix));
#ifdef WITH_AUDIT
@ -345,7 +345,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_FAILURE);
#endif
}
@@ -531,21 +500,14 @@ static void log_gpasswd_failure_gshadow
@@ -530,21 +499,14 @@ static void log_gpasswd_failure_gshadow
static void log_gpasswd_success (const char *suffix)
{
@ -370,7 +370,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
} else if (dflg) {
@@ -553,13 +515,9 @@ static void log_gpasswd_success (const c
@@ -552,13 +514,9 @@ static void log_gpasswd_success (const c
"user %s removed by %s from group %s%s",
user, myname, group, suffix));
#ifdef WITH_AUDIT
@ -387,7 +387,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
} else if (rflg) {
@@ -567,13 +525,9 @@ static void log_gpasswd_success (const c
@@ -566,13 +524,9 @@ static void log_gpasswd_success (const c
"password of group %s removed by %s%s",
group, myname, suffix));
#ifdef WITH_AUDIT
@ -404,7 +404,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Rflg) {
@@ -581,13 +535,9 @@ static void log_gpasswd_success (const c
@@ -580,13 +534,9 @@ static void log_gpasswd_success (const c
"access to group %s restricted by %s%s",
group, myname, suffix));
#ifdef WITH_AUDIT
@ -421,7 +421,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
} else if (Aflg || Mflg) {
@@ -597,13 +547,9 @@ static void log_gpasswd_success (const c
@@ -596,13 +546,9 @@ static void log_gpasswd_success (const c
"administrators of group %s set by %s to %s%s",
group, myname, admins, suffix));
#ifdef WITH_AUDIT
@ -438,7 +438,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
}
@@ -613,13 +559,9 @@ static void log_gpasswd_success (const c
@@ -612,13 +558,9 @@ static void log_gpasswd_success (const c
"members of group %s set by %s to %s%s",
group, myname, members, suffix));
#ifdef WITH_AUDIT
@ -455,7 +455,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
}
@@ -628,13 +570,9 @@ static void log_gpasswd_success (const c
@@ -627,13 +569,9 @@ static void log_gpasswd_success (const c
"password of group %s changed by %s%s",
group, myname, suffix));
#ifdef WITH_AUDIT
@ -472,9 +472,9 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
}
diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
--- shadow-4.2.1/src/groupadd.c.audit-update 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/groupadd.c 2014-11-26 15:06:24.664660561 +0100
diff -up shadow-4.3.1/src/groupadd.c.audit-update shadow-4.3.1/src/groupadd.c
--- shadow-4.3.1/src/groupadd.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/groupadd.c 2016-08-22 17:21:15.444291144 +0200
@@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@ -579,7 +579,7 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@@ -349,7 +352,7 @@ static void open_files (void)
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
- exit (E_GRP_UPDATE);
@ -650,10 +650,10 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
}
}
diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
--- shadow-4.2.1/src/groupdel.c.audit-update 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/groupdel.c 2014-11-26 15:06:24.665660564 +0100
@@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta
diff -up shadow-4.3.1/src/groupdel.c.audit-update shadow-4.3.1/src/groupdel.c
--- shadow-4.3.1/src/groupdel.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/groupdel.c 2016-08-22 17:21:15.445291147 +0200
@@ -102,6 +102,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@ -669,7 +669,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
/*
* grp_update - update group file entries
*
@@ -126,7 +135,7 @@ static void grp_update (void)
@@ -128,7 +137,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, gr_dbname ());
@ -678,7 +678,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
#ifdef SHADOWGRP
@@ -138,7 +147,7 @@ static void grp_update (void)
@@ -140,7 +149,7 @@ static void grp_update (void)
fprintf (stderr,
_("%s: cannot remove entry '%s' from %s\n"),
Prog, group_name, sgr_dbname ());
@ -687,7 +687,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
}
#endif /* SHADOWGRP */
@@ -157,12 +166,12 @@ static void close_files (void)
@@ -159,12 +168,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, gr_dbname ());
@ -702,7 +702,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
group_name, (unsigned int) group_id,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -182,12 +191,12 @@ static void close_files (void)
@@ -184,12 +193,12 @@ static void close_files (void)
fprintf (stderr,
_("%s: failure while writing changes to %s\n"),
Prog, sgr_dbname ());
@ -718,7 +718,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
group_name, (unsigned int) group_id,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -201,13 +210,6 @@ static void close_files (void)
@@ -203,13 +212,6 @@ static void close_files (void)
}
#endif /* SHADOWGRP */
@ -732,7 +732,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
del_cleanup (cleanup_report_del_group);
}
@@ -224,7 +226,7 @@ static void open_files (void)
@@ -226,7 +228,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
@ -741,7 +741,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
add_cleanup (cleanup_unlock_group, NULL);
#ifdef SHADOWGRP
@@ -233,7 +235,7 @@ static void open_files (void)
@@ -235,7 +237,7 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
@ -750,7 +750,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
add_cleanup (cleanup_unlock_gshadow, NULL);
}
@@ -251,7 +253,7 @@ static void open_files (void)
@@ -253,7 +255,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
@ -759,7 +759,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
#ifdef SHADOWGRP
if (is_shadow_grp) {
@@ -260,7 +262,7 @@ static void open_files (void)
@@ -262,7 +264,7 @@ static void open_files (void)
_("%s: cannot open %s\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
@ -768,7 +768,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
}
#endif /* SHADOWGRP */
@@ -301,7 +303,7 @@ static void group_busy (gid_t gid)
@@ -303,7 +305,7 @@ static void group_busy (gid_t gid)
fprintf (stderr,
_("%s: cannot remove the primary group of user '%s'\n"),
Prog, pwd->pw_name);
@ -777,7 +777,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
/*
@@ -379,7 +381,7 @@ int main (int argc, char **argv)
@@ -384,7 +386,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot setup cleanup service.\n"),
Prog);
@ -786,7 +786,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
process_flags (argc, argv);
@@ -393,7 +395,7 @@ int main (int argc, char **argv)
@@ -398,7 +400,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: Cannot determine your user name.\n"),
Prog);
@ -795,7 +795,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh);
@@ -414,7 +416,7 @@ int main (int argc, char **argv)
@@ -419,7 +421,7 @@ int main (int argc, char **argv)
if (NULL != pamh) {
(void) pam_end (pamh, retval);
}
@ -804,7 +804,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
(void) pam_end (pamh, retval);
#endif /* USE_PAM */
@@ -434,7 +436,7 @@ int main (int argc, char **argv)
@@ -439,7 +441,7 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group '%s' does not exist\n"),
Prog, group_name);
@ -813,7 +813,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
group_id = grp->gr_gid;
@@ -458,7 +460,7 @@ int main (int argc, char **argv)
@@ -463,7 +465,7 @@ int main (int argc, char **argv)
_("%s: %s is the NIS master\n"),
Prog, nis_master);
}
@ -822,9 +822,9 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
}
#endif
diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c
--- shadow-4.2.1/src/groupmod.c.audit-update 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/groupmod.c 2014-11-26 15:06:24.665660564 +0100
diff -up shadow-4.3.1/src/groupmod.c.audit-update shadow-4.3.1/src/groupmod.c
--- shadow-4.3.1/src/groupmod.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/groupmod.c 2016-08-22 17:21:15.445291147 +0200
@@ -438,7 +438,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
@ -1018,9 +1018,9 @@ diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c
// FIXME: add a system cleanup
add_cleanup (cleanup_report_mod_group, &info_group);
diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c
--- shadow-4.2.1/src/chage.c.audit-update 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/chage.c 2014-11-26 15:06:24.663660558 +0100
diff -up shadow-4.3.1/src/chage.c.audit-update shadow-4.3.1/src/chage.c
--- shadow-4.3.1/src/chage.c.audit-update 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/chage.c 2016-08-22 17:21:15.446291149 +0200
@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int
#ifdef WITH_AUDIT
@ -1108,9 +1108,9 @@ diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c
user_name, (unsigned int) user_uid, 1);
}
#endif
diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
--- shadow-4.2.1/src/newgrp.c.audit-update 2014-11-26 15:06:24.660660548 +0100
+++ shadow-4.2.1/src/newgrp.c 2014-11-26 15:06:24.666660567 +0100
diff -up shadow-4.3.1/src/newgrp.c.audit-update shadow-4.3.1/src/newgrp.c
--- shadow-4.3.1/src/newgrp.c.audit-update 2016-08-22 17:21:15.439291131 +0200
+++ shadow-4.3.1/src/newgrp.c 2016-08-22 17:21:15.446291149 +0200
@@ -206,11 +206,12 @@ static void check_perms (const struct gr
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
@ -1161,7 +1161,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
exit (EXIT_FAILURE);
}
@@ -317,15 +306,27 @@ static void syslog_sg (const char *name,
@@ -320,15 +309,27 @@ static void syslog_sg (const char *name,
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
if (group) {
@ -1193,7 +1193,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
@@ -451,7 +452,7 @@ int main (int argc, char **argv)
@@ -456,7 +457,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL,
@ -1202,7 +1202,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
@@ -567,15 +568,26 @@ int main (int argc, char **argv)
@@ -572,15 +573,26 @@ int main (int argc, char **argv)
perror ("getgroups");
#ifdef WITH_AUDIT
if (group) {
@ -1233,7 +1233,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
@@ -716,10 +728,10 @@ int main (int argc, char **argv)
@@ -721,10 +733,10 @@ int main (int argc, char **argv)
perror ("setgid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1246,7 +1246,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
@@ -728,10 +740,10 @@ int main (int argc, char **argv)
@@ -733,10 +745,10 @@ int main (int argc, char **argv)
perror ("setuid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1259,7 +1259,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
@@ -745,10 +757,10 @@ int main (int argc, char **argv)
@@ -750,10 +762,10 @@ int main (int argc, char **argv)
execl (SHELL, "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@ -1272,7 +1272,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -812,11 +824,11 @@ int main (int argc, char **argv)
@@ -817,11 +829,11 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
@ -1286,7 +1286,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
#endif
/*
* Exec the login shell and go away. We are trying to get back to
@@ -840,15 +852,24 @@ int main (int argc, char **argv)
@@ -845,15 +857,24 @@ int main (int argc, char **argv)
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
@ -1315,9 +1315,9 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
--- shadow-4.2.1/src/useradd.c.audit-update 2014-11-26 15:06:24.648660511 +0100
+++ shadow-4.2.1/src/useradd.c 2014-11-26 15:14:02.446087183 +0100
diff -up shadow-4.3.1/src/useradd.c.audit-update shadow-4.3.1/src/useradd.c
--- shadow-4.3.1/src/useradd.c.audit-update 2016-08-22 17:21:15.410291055 +0200
+++ shadow-4.3.1/src/useradd.c 2016-08-22 17:21:15.447291152 +0200
@@ -222,6 +222,8 @@ static void create_mail (void);
*/
static void fail_exit (int code)
@ -1636,7 +1636,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif
@@ -2098,12 +2034,6 @@ int main (int argc, char **argv)
@@ -2100,12 +2036,6 @@ int main (int argc, char **argv)
*/
if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
@ -1649,7 +1649,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
@@ -2119,12 +2049,6 @@ int main (int argc, char **argv)
@@ -2121,12 +2051,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
Prog, user_name);
@ -1662,7 +1662,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
}
@@ -2154,12 +2078,6 @@ int main (int argc, char **argv)
@@ -2156,12 +2080,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: UID %lu is not unique\n"),
Prog, (unsigned long) user_id);
@ -1675,7 +1675,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
fail_exit (E_UID_IN_USE);
}
}
@@ -2223,9 +2141,10 @@ int main (int argc, char **argv)
@@ -2225,9 +2143,10 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
@ -1689,9 +1689,9 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
#endif /* WITH_AUDIT */
rv = E_SE_UPDATE;
}
diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
--- shadow-4.2.1/src/userdel.c.audit-update 2014-11-26 15:06:24.655660533 +0100
+++ shadow-4.2.1/src/userdel.c 2014-11-26 15:16:01.892459425 +0100
diff -up shadow-4.3.1/src/userdel.c.audit-update shadow-4.3.1/src/userdel.c
--- shadow-4.3.1/src/userdel.c.audit-update 2016-08-22 17:21:15.418291076 +0200
+++ shadow-4.3.1/src/userdel.c 2016-08-22 17:21:15.447291152 +0200
@@ -214,9 +214,9 @@ static void update_groups (void)
* Update the DBM group file with the new entry as well.
*/
@ -1766,7 +1766,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
fail_exit (E_PW_UPDATE);
}
pw_locked = true;
if (pw_open (O_RDWR) == 0) {
if (pw_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, pw_dbname ());
-#ifdef WITH_AUDIT
@ -1817,7 +1817,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
fail_exit (E_GRP_UPDATE);
}
gr_locked = true;
if (gr_open (O_RDWR) == 0) {
if (gr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_USER, Prog,
@ -1841,7 +1841,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
fail_exit (E_GRP_UPDATE);
}
sgr_locked= true;
if (sgr_open (O_RDWR) == 0) {
if (sgr_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr, _("%s: cannot open %s\n"),
Prog, sgr_dbname ());
-#ifdef WITH_AUDIT
@ -1866,7 +1866,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
fail_exit (E_SUB_UID_UPDATE);
}
sub_uid_locked = true;
if (sub_uid_open (O_RDWR) == 0) {
if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
-#ifdef WITH_AUDIT
@ -1891,7 +1891,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
fail_exit (E_SUB_GID_UPDATE);
}
sub_gid_locked = true;
if (sub_gid_open (O_RDWR) == 0) {
if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
fprintf (stderr,
_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
-#ifdef WITH_AUDIT
@ -2019,9 +2019,9 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
--- shadow-4.2.1/src/usermod.c.audit-update 2014-11-26 15:06:24.661660551 +0100
+++ shadow-4.2.1/src/usermod.c 2014-11-26 15:17:38.580760741 +0100
diff -up shadow-4.3.1/src/usermod.c.audit-update shadow-4.3.1/src/usermod.c
--- shadow-4.3.1/src/usermod.c.audit-update 2016-08-22 17:21:15.441291136 +0200
+++ shadow-4.3.1/src/usermod.c 2016-08-22 17:21:15.448291155 +0200
@@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas
#ifdef WITH_AUDIT
@ -2256,7 +2256,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_name));
@@ -1810,8 +1821,8 @@ static void move_home (void)
@@ -1758,8 +1769,8 @@ static void move_home (void)
#ifdef WITH_AUDIT
if (uflg || gflg) {
@ -2267,7 +2267,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
@@ -1829,8 +1840,8 @@ static void move_home (void)
@@ -1777,8 +1788,8 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
#ifdef WITH_AUDIT
@ -2278,7 +2278,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_newname, (unsigned int) user_newid,
1);
#endif
@@ -1849,9 +1860,9 @@ static void move_home (void)
@@ -1797,9 +1808,9 @@ static void move_home (void)
Prog, user_home);
}
#ifdef WITH_AUDIT
@ -2290,7 +2290,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_newname,
(unsigned int) user_newid,
1);
@@ -2055,8 +2066,8 @@ static void move_mailbox (void)
@@ -2003,8 +2014,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
@ -2301,7 +2301,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
@@ -2074,8 +2085,8 @@ static void move_mailbox (void)
@@ -2022,8 +2033,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
@ -2312,7 +2312,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
@@ -2217,8 +2228,8 @@ int main (int argc, char **argv)
@@ -2215,8 +2226,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
@ -2323,7 +2323,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -2230,8 +2241,8 @@ int main (int argc, char **argv)
@@ -2228,8 +2239,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
@ -2334,7 +2334,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
@@ -2269,8 +2280,8 @@ int main (int argc, char **argv)
@@ -2267,8 +2278,8 @@ int main (int argc, char **argv)
*/
#ifdef WITH_AUDIT
if (uflg || gflg) {

12
shadow-4.2.1-defs-chroot.patch → shadow-4.3.1-defs-chroot.patch
View file

@ -1,18 +1,18 @@
diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c
--- shadow-4.2.1/src/useradd.c.defs-chroot 2014-12-01 15:14:58.000000000 +0100
+++ shadow-4.2.1/src/useradd.c 2015-08-27 15:46:21.935698862 +0200
diff -up shadow-4.3.1/src/useradd.c.defs-chroot shadow-4.3.1/src/useradd.c
--- shadow-4.3.1/src/useradd.c.defs-chroot 2016-08-22 17:13:29.420068883 +0200
+++ shadow-4.3.1/src/useradd.c 2016-08-22 17:15:14.040343275 +0200
@@ -1938,8 +1938,8 @@ int main (int argc, char **argv)
#endif /* ACCT_TOOLS_SETUID */
/* Needed for userns check */
#ifdef ENABLE_SUBIDS
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ uid_t uid_min;
+ uid_t uid_max;
#endif
/*
* Get my name so that I can use it to report errors.
@@ -1957,6 +1957,9 @@ int main (int argc, char **argv)
@@ -1958,6 +1958,9 @@ int main (int argc, char **argv)
audit_help_open ();
#endif

52
shadow-4.2.1-manfix.patch → shadow-4.3.1-manfix.patch
View file

@ -1,6 +1,6 @@
diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
--- shadow-4.2.1/man/groupmems.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/groupmems.8.xml 2015-11-06 14:21:03.013060324 +0100
diff -up shadow-4.3.1/man/groupmems.8.xml.manfix shadow-4.3.1/man/groupmems.8.xml
--- shadow-4.3.1/man/groupmems.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/groupmems.8.xml 2016-08-22 17:08:48.486332066 +0200
@@ -179,20 +179,10 @@
<refsect1 id='setup'>
<title>SETUP</title>
@ -25,9 +25,9 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm
</refsect1>
<refsect1 id='configuration'>
diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
diff -up shadow-4.3.1/man/chage.1.xml.manfix shadow-4.3.1/man/chage.1.xml
--- shadow-4.3.1/man/chage.1.xml.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/chage.1.xml 2016-08-22 17:08:48.486332066 +0200
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
@ -38,9 +38,9 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
</para>
</listitem>
</varlistentry>
diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5
--- shadow-4.2.1/man/ja/man5/login.defs.5.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/ja/man5/login.defs.5 2016-01-08 09:58:29.591702354 +0100
diff -up shadow-4.3.1/man/ja/man5/login.defs.5.manfix shadow-4.3.1/man/ja/man5/login.defs.5
--- shadow-4.3.1/man/ja/man5/login.defs.5.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/ja/man5/login.defs.5 2016-08-22 17:08:48.486332066 +0200
@@ -147,10 +147,6 @@ 以下の参照表は、
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
@ -52,9 +52,9 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100
+++ shadow-4.2.1/man/login.defs.5.xml 2016-01-08 09:59:35.854169787 +0100
diff -up shadow-4.3.1/man/login.defs.5.xml.manfix shadow-4.3.1/man/login.defs.5.xml
--- shadow-4.3.1/man/login.defs.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/login.defs.5.xml 2016-08-22 17:08:48.487332069 +0200
@@ -162,6 +162,17 @@
long numeric parameters is machine-dependent.
</para>
@ -105,7 +105,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
@@ -350,34 +342,6 @@
@@ -350,34 +343,6 @@
</varlistentry>
<!-- id: no variables -->
<!-- lastlog: no variables -->
@ -191,9 +191,9 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<varlistentry>
<term>useradd</term>
<listitem>
diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
--- shadow-4.2.1/man/shadow.5.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/shadow.5.xml 2015-10-27 16:54:29.304231353 +0100
diff -up shadow-4.3.1/man/shadow.5.xml.manfix shadow-4.3.1/man/shadow.5.xml
--- shadow-4.3.1/man/shadow.5.xml.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/shadow.5.xml 2016-08-22 17:08:48.487332069 +0200
@@ -208,8 +208,8 @@
</para>
<para>
@ -205,10 +205,10 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
</para>
<para>
An empty field means that there are no enforcement of an
diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
@@ -347,11 +347,16 @@
diff -up shadow-4.3.1/man/useradd.8.xml.manfix shadow-4.3.1/man/useradd.8.xml
--- shadow-4.3.1/man/useradd.8.xml.manfix 2016-08-22 17:08:48.446331961 +0200
+++ shadow-4.3.1/man/useradd.8.xml 2016-08-22 17:08:48.487332069 +0200
@@ -347,6 +347,11 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
@ -220,15 +220,9 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>-M</option>
+ <option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100
diff -up shadow-4.3.1/man/usermod.8.xml.manfix shadow-4.3.1/man/usermod.8.xml
--- shadow-4.3.1/man/usermod.8.xml.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/usermod.8.xml 2016-08-22 17:08:48.487332069 +0200
@@ -132,7 +132,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will

35
shadow-4.2.1-selinux-perms.patch → shadow-4.3.1-selinux-perms.patch
View file

@ -1,6 +1,6 @@
diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c
--- shadow-4.2.1/src/chgpasswd.c.selinux-perms 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/chgpasswd.c 2016-05-30 11:57:53.635841186 +0200
diff -up shadow-4.3.1/src/chgpasswd.c.selinux-perms shadow-4.3.1/src/chgpasswd.c
--- shadow-4.3.1/src/chgpasswd.c.selinux-perms 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/chgpasswd.c 2016-08-22 17:25:46.825011776 +0200
@@ -39,6 +39,13 @@
#include <pwd.h>
#include <stdio.h>
@ -147,9 +147,9 @@ diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c
/*
* The updated group file entry is then put back and will
* be written to the group file later, after all the
diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c
--- shadow-4.2.1/src/chpasswd.c.selinux-perms 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/chpasswd.c 2016-05-30 11:58:23.034484807 +0200
diff -up shadow-4.3.1/src/chpasswd.c.selinux-perms shadow-4.3.1/src/chpasswd.c
--- shadow-4.3.1/src/chpasswd.c.selinux-perms 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/chpasswd.c 2016-08-22 17:25:46.825011776 +0200
@@ -39,6 +39,13 @@
#include <pwd.h>
#include <stdio.h>
@ -257,25 +257,10 @@ diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c
/*
* The updated password file entry is then put back and will
* be written to the password file later, after all the
diff -up shadow-4.2.1/src/Makefile.am.selinux-perms shadow-4.2.1/src/Makefile.am
--- shadow-4.2.1/src/Makefile.am.selinux-perms 2016-05-27 16:04:00.896475284 +0200
+++ shadow-4.2.1/src/Makefile.am 2016-05-27 16:04:00.899475353 +0200
@@ -84,9 +84,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
diff -up shadow-4.2.1/src/Makefile.in.selinux-perms shadow-4.2.1/src/Makefile.in
--- shadow-4.2.1/src/Makefile.in.selinux-perms 2016-05-27 16:04:00.896475284 +0200
+++ shadow-4.2.1/src/Makefile.in 2016-05-27 16:04:00.899475353 +0200
@@ -521,9 +521,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(
diff -up shadow-4.3.1/src/Makefile.am.selinux-perms shadow-4.3.1/src/Makefile.am
--- shadow-4.3.1/src/Makefile.am.selinux-perms 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/src/Makefile.am 2016-08-22 17:25:46.825011776 +0200
@@ -87,9 +87,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)