diff --git a/.gitignore b/.gitignore index f5997c1..e78a553 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ shadow-4.1.4.2.tar.bz2 /shadow-4.1.5.tar.bz2 /shadow-4.1.5.1.tar.bz2 /shadow-4.1.5.1.tar.bz2.sig +/shadow-4.2.1.tar.xz +/shadow-4.2.1.tar.xz.sig diff --git a/shadow-4.1.5.1-crypt-null.patch b/shadow-4.1.5.1-crypt-null.patch deleted file mode 100644 index fba72e7..0000000 --- a/shadow-4.1.5.1-crypt-null.patch +++ /dev/null @@ -1,195 +0,0 @@ -diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c ---- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200 -+++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200 -@@ -49,11 +49,10 @@ - if (!cp) { - /* - * Single Unix Spec: crypt() may return a null pointer, -- * and set errno to indicate an error. The caller doesn't -- * expect us to return NULL, so... -+ * and set errno to indicate an error. In this case return -+ * the NULL so the caller can handle appropriately. - */ -- perror ("crypt"); -- exit (EXIT_FAILURE); -+ return cp; - } - - /* The GNU crypt does not return NULL if the algorithm is not -diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c ---- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200 -+++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200 -@@ -95,6 +95,7 @@ bool valid (const char *password, const - */ - - if ( (NULL != ent->pw_name) -+ && (NULL != encrypted) - && (strcmp (encrypted, ent->pw_passwd) == 0)) { - return true; - } else { -diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c ---- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200 -+++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200 -@@ -73,6 +73,7 @@ int pw_auth (const char *cipher, - char prompt[1024]; - char *clear = NULL; - const char *cp; -+ const char *encrypted; - int retval; - - #ifdef SKEY -@@ -177,7 +178,11 @@ int pw_auth (const char *cipher, - * the results there as well. - */ - -- retval = strcmp (pw_encrypt (input, cipher), cipher); -+ encrypted = pw_encrypt (input, cipher); -+ if (encrypted!=NULL) -+ retval = strcmp (encrypted, cipher); -+ else -+ retval = -1; - - #ifdef SKEY - /* -diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c ---- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 -+++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200 -@@ -469,6 +469,10 @@ int main (int argc, char **argv) - #endif - cp = pw_encrypt (newpwd, - crypt_make_salt (crypt_method, arg)); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } - } - - /* -diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c ---- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 -+++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200 -@@ -492,6 +492,10 @@ int main (int argc, char **argv) - #endif - cp = pw_encrypt (newpwd, - crypt_make_salt(crypt_method, arg)); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } - } - - /* -diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c ---- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100 -+++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200 -@@ -939,6 +939,10 @@ static void change_passwd (struct group - } - - cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); -+ if (cp==NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } - memzero (pass, sizeof pass); - #ifdef SHADOWGRP - if (is_shadowgrp) { -diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c ---- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200 -+++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200 -@@ -184,7 +184,8 @@ static void check_perms (const struct gr - cpasswd = pw_encrypt (cp, grp->gr_passwd); - strzero (cp); - -- if (grp->gr_passwd[0] == '\0' || -+ if (cpasswd == NULL || -+ grp->gr_passwd[0] == '\0' || - strcmp (cpasswd, grp->gr_passwd) != 0) { - #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c ---- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100 -+++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200 -@@ -387,6 +387,7 @@ static int add_user (const char *name, u - static void update_passwd (struct passwd *pwd, const char *password) - { - void *crypt_arg = NULL; -+ char *cp; - if (crypt_method != NULL) { - #ifdef USE_SHA_CRYPT - if (sflg) { -@@ -398,9 +399,13 @@ static void update_passwd (struct passwd - if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) { - pwd->pw_passwd = (char *)password; - } else { -- pwd->pw_passwd = pw_encrypt (password, -- crypt_make_salt (crypt_method, -- crypt_arg)); -+ cp=pw_encrypt (password, crypt_make_salt (crypt_method, -+ crypt_arg)); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } -+ pwd->pw_passwd = cp; - } - } - #endif /* !USE_PAM */ -@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw - { - const struct spwd *sp; - struct spwd spent; -+ char *cp; - - #ifndef USE_PAM - void *crypt_arg = NULL; -@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw - } else { - const char *salt = crypt_make_salt (crypt_method, - crypt_arg); -- spent.sp_pwdp = pw_encrypt (password, salt); -+ cp = pw_encrypt (password, salt); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } -+ spent.sp_pwdp = cp; - } - spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE; - if (0 == spent.sp_lstchg) { -@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw - spent.sp_pwdp = (char *)password; - } else { - const char *salt = crypt_make_salt (crypt_method, crypt_arg); -- spent.sp_pwdp = pw_encrypt (password, salt); -+ cp = pw_encrypt (password, salt); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } -+ spent.sp_pwdp = cp; - } - #else - /* -diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c ---- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100 -+++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200 -@@ -242,7 +242,7 @@ static int new_password (const struct pa - } - - cipher = pw_encrypt (clear, crypt_passwd); -- if (strcmp (cipher, crypt_passwd) != 0) { -+ if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) { - strzero (clear); - strzero (cipher); - SYSLOG ((LOG_WARN, "incorrect password for %s", -@@ -349,6 +349,10 @@ static int new_password (const struct pa - * Encrypt the password, then wipe the cleartext password. - */ - cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL)); -+ if (cp == NULL) { -+ perror ("crypt"); -+ exit (EXIT_FAILURE); -+ } - memzero (pass, sizeof pass); - - #ifdef HAVE_LIBCRACK_HIST diff --git a/shadow-4.1.5.1-date-parsing.patch b/shadow-4.1.5.1-date-parsing.patch deleted file mode 100644 index 38ec091..0000000 --- a/shadow-4.1.5.1-date-parsing.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff -up shadow-4.1.5.1/libmisc/getdate.c.date-parsing shadow-4.1.5.1/libmisc/getdate.c ---- shadow-4.1.5.1/libmisc/getdate.c.date-parsing 2008-06-14 00:07:51.000000000 +0200 -+++ shadow-4.1.5.1/libmisc/getdate.c 2014-08-29 13:41:22.553267506 +0200 -@@ -261,6 +261,7 @@ static int yyHaveDay; - static int yyHaveRel; - static int yyHaveTime; - static int yyHaveZone; -+static int yyHaveYear; - static int yyTimezone; - static int yyDay; - static int yyHour; -@@ -1730,6 +1731,7 @@ yyreduce: - yyDay = (yyvsp[(3) - (5)].Number); - yyYear = (yyvsp[(5) - (5)].Number); - } -+ yyHaveYear++; - } - break; - -@@ -1740,6 +1742,7 @@ yyreduce: - yyYear = (yyvsp[(1) - (3)].Number); - yyMonth = -(yyvsp[(2) - (3)].Number); - yyDay = -(yyvsp[(3) - (3)].Number); -+ yyHaveYear++; - } - break; - -@@ -1750,6 +1753,7 @@ yyreduce: - yyDay = (yyvsp[(1) - (3)].Number); - yyMonth = (yyvsp[(2) - (3)].Number); - yyYear = -(yyvsp[(3) - (3)].Number); -+ yyHaveYear++; - } - break; - -@@ -1767,6 +1771,7 @@ yyreduce: - yyMonth = (yyvsp[(1) - (4)].Number); - yyDay = (yyvsp[(2) - (4)].Number); - yyYear = (yyvsp[(4) - (4)].Number); -+ yyHaveYear++; - } - break; - -@@ -1784,6 +1789,7 @@ yyreduce: - yyMonth = (yyvsp[(2) - (3)].Number); - yyDay = (yyvsp[(1) - (3)].Number); - yyYear = (yyvsp[(3) - (3)].Number); -+ yyHaveYear++; - } - break; - -@@ -1928,7 +1934,8 @@ yyreduce: - case 49: - #line 397 "getdate.y" - { -- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0)) -+ if ((yyHaveTime != 0 || (yyvsp[(1) - (1)].Number) >= 100) && !yyHaveYear -+ && (yyHaveDate != 0) && (yyHaveRel == 0)) - yyYear = (yyvsp[(1) - (1)].Number); - else - { -@@ -2556,7 +2563,7 @@ yylex (void) - return LookupWord (buff); - } - if (c != '(') -- return *yyInput++; -+ return (unsigned char)*yyInput++; - Count = 0; - do - { -diff -up shadow-4.1.5.1/libmisc/getdate.y.date-parsing shadow-4.1.5.1/libmisc/getdate.y ---- shadow-4.1.5.1/libmisc/getdate.y.date-parsing 2008-05-26 10:57:51.000000000 +0200 -+++ shadow-4.1.5.1/libmisc/getdate.y 2014-08-29 13:40:37.502229879 +0200 -@@ -152,6 +152,7 @@ static int yyHaveDay; - static int yyHaveRel; - static int yyHaveTime; - static int yyHaveZone; -+static int yyHaveYear; - static int yyTimezone; - static int yyDay; - static int yyHour; -@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER { - yyDay = $3; - yyYear = $5; - } -+ yyHaveYear++; - } - | tUNUMBER tSNUMBER tSNUMBER { - /* ISO 8601 format. yyyy-mm-dd. */ - yyYear = $1; - yyMonth = -$2; - yyDay = -$3; -+ yyHaveYear++; - } - | tUNUMBER tMONTH tSNUMBER { - /* e.g. 17-JUN-1992. */ - yyDay = $1; - yyMonth = $2; - yyYear = -$3; -+ yyHaveYear++; - } - | tMONTH tUNUMBER { - yyMonth = $1; -@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER { - yyMonth = $1; - yyDay = $2; - yyYear = $4; -+ yyHaveYear++; - } - | tUNUMBER tMONTH { - yyMonth = $2; -@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER { - yyMonth = $2; - yyDay = $1; - yyYear = $3; -+ yyHaveYear++; - } - ; - -@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT { - - number : tUNUMBER - { -- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0)) -+ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear -+ && (yyHaveDate != 0) && (yyHaveRel == 0)) - yyYear = $1; - else - { -@@ -802,7 +809,7 @@ yylex (void) - return LookupWord (buff); - } - if (c != '(') -- return *yyInput++; -+ return (unsigned char)*yyInput++; - Count = 0; - do - { diff --git a/shadow-4.1.5.1-goodname.patch b/shadow-4.1.5.1-goodname.patch index 06c0de6..15c98a7 100644 --- a/shadow-4.1.5.1-goodname.patch +++ b/shadow-4.1.5.1-goodname.patch @@ -72,41 +72,6 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd. Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. -diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8 ---- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/groupadd.8 2014-09-09 17:28:46.330300342 +0200 -@@ -190,9 +190,7 @@ Shadow password suite configuration\&. - .RE - .SH "CAVEATS" - .PP --Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? --.PP --Groupnames may only be up to 16 characters long\&. -+Groupnames may only be up to 32 characters long\&. - .PP - You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. - .PP -diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8 ---- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/useradd.8 2014-09-09 17:28:46.330300342 +0200 -@@ -224,7 +224,7 @@ is not enabled, no home directories are - .PP - \fB\-M\fR - .RS 4 --Do no create the user\*(Aqs home directory, even if the system wide setting from -+Do not create the user\*(Aqs home directory, even if the system wide setting from - /etc/login\&.defs - (\fBCREATE_HOME\fR) is set to - \fIyes\fR\&. -@@ -430,8 +430,6 @@ Similarly, if the username already exist - \fBuseradd\fR - will deny the user account creation request\&. - .PP --Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? --.PP - Usernames may only be up to 32 characters long\&. - .SH "CONFIGURATION" - .PP diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml --- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200 +++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200 diff --git a/shadow-4.1.5.1-info-parent-dir.patch b/shadow-4.1.5.1-info-parent-dir.patch index d2bc009..b05e5bb 100644 --- a/shadow-4.1.5.1-info-parent-dir.patch +++ b/shadow-4.1.5.1-info-parent-dir.patch @@ -1,15 +1,3 @@ -diff -up shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir shadow-4.1.5.1/man/man8/newusers.8 ---- shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir 2012-05-25 13:59:09.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/newusers.8 2012-09-19 18:47:17.203525237 +0200 -@@ -99,7 +99,7 @@ This field is copied in the GECOS field - .RS 4 - This field is used to define the home directory of the user\&. - .sp --If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. -+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&. - .sp - If the home directory of an existing user is changed, - \fBnewusers\fR diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml --- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200 +++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200 diff --git a/shadow-4.1.5.1-manfix.patch b/shadow-4.1.5.1-manfix.patch deleted file mode 100644 index 2963c98..0000000 --- a/shadow-4.1.5.1-manfix.patch +++ /dev/null @@ -1,272 +0,0 @@ -diff -up shadow-4.1.5.1/man/chage.1.xml.manfix shadow-4.1.5.1/man/chage.1.xml ---- shadow-4.1.5.1/man/chage.1.xml.manfix 2012-05-25 13:45:27.000000000 +0200 -+++ shadow-4.1.5.1/man/chage.1.xml 2014-08-29 13:36:57.713167654 +0200 -@@ -102,6 +102,9 @@ - Set the number of days since January 1st, 1970 when the password - was last changed. The date may also be expressed in the format - YYYY-MM-DD (or the format more commonly used in your area). -+ If the LAST_DAY is set to -+ 0 the user is forced to change his password -+ on the next log on. - - - -diff -up shadow-4.1.5.1/man/login.defs.5.xml.manfix shadow-4.1.5.1/man/login.defs.5.xml ---- shadow-4.1.5.1/man/login.defs.5.xml.manfix 2012-05-25 13:45:28.000000000 +0200 -+++ shadow-4.1.5.1/man/login.defs.5.xml 2014-08-29 13:31:38.364812323 +0200 -@@ -160,6 +160,17 @@ - long numeric parameters is machine-dependent. - - -+ -+ Please note that the parameters in this configuration file control the -+ behavior of the tools from the shadow-utils component. None of these -+ tools uses the PAM mechanism, and the utilities that use PAM (such as the -+ passwd command) should be configured elsewhere. The only values that -+ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS -+ for pam_unix module, FAIL_DELAY for pam_faildelay module, -+ and UMASK for pam_umask module. Refer to -+ pam(8) for more information. -+ -+ - The following configuration items are provided: - - -diff -up shadow-4.1.5.1/man/man1/chage.1.manfix shadow-4.1.5.1/man/man1/chage.1 ---- shadow-4.1.5.1/man/man1/chage.1.manfix 2012-05-25 13:58:18.000000000 +0200 -+++ shadow-4.1.5.1/man/man1/chage.1 2014-08-29 13:36:31.303559366 +0200 -@@ -45,7 +45,11 @@ command are: - .PP - \fB\-d\fR, \fB\-\-lastday\fR \fILAST_DAY\fR - .RS 4 --Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. -+Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. If the -+\fILAST_DAY\fR -+is set to -+\fB0\fR -+the user is forced to change his password on the next log on\&. - .RE - .PP - \fB\-E\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR -diff -up shadow-4.1.5.1/man/man5/login.defs.5.manfix shadow-4.1.5.1/man/man5/login.defs.5 ---- shadow-4.1.5.1/man/man5/login.defs.5.manfix 2012-05-25 13:59:03.000000000 +0200 -+++ shadow-4.1.5.1/man/man5/login.defs.5 2014-08-29 13:31:38.364812323 +0200 -@@ -46,6 +46,14 @@ value\&. Numbers (both regular and long) - \fI0\fR) or hexadecimal values (precede the value with - \fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&. - .PP -+Please note that the parameters in this configuration file control the -+behavior of the tools from the shadow-utils component\&. None of these -+tools uses the PAM mechanism, and the utilities that use PAM (such as the -+passwd command) should be configured elsewhere\&. The only values that -+affect PAM modules are \fBENCRYPT_METHOD\fR and \fBSHA_CRYPT_MAX_ROUNDS\fR for pam_unix module, -+\fBFAIL_DELAY\fR for pam_faildelay module, and \fBUMASK\fR for pam_umask module\&. Refer to -+pam(8) for more information\&. -+.PP - The following configuration items are provided: - .PP - \fBCHFN_AUTH\fR (boolean) -@@ -625,20 +633,6 @@ will create by default a group with the - .PP - The following cross references show which programs in the shadow password suite use which parameters\&. - .PP --chfn --.RS 4 -- --CHFN_AUTH --CHFN_RESTRICT --LOGIN_STRING --.RE --.PP --chgpasswd --.RS 4 --ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB --SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS --.RE --.PP - chpasswd - .RS 4 - -@@ -646,11 +640,6 @@ ENCRYPT_METHOD MD5_CRYPT_ENAB - SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS - .RE - .PP --chsh --.RS 4 --CHSH_AUTH LOGIN_STRING --.RE --.PP - gpasswd - .RS 4 - ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB -@@ -692,29 +681,6 @@ grpunconv - MAX_MEMBERS_PER_GROUP - .RE - .PP --login --.RS 4 -- --CONSOLE --CONSOLE_GROUPS DEFAULT_HOME --ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE --ERASECHAR FAIL_DELAY --FAILLOG_ENAB --FAKE_SHELL --FTMP_FILE --HUSHLOGIN_FILE --ISSUE_FILE --KILLCHAR --LASTLOG_ENAB --LOGIN_RETRIES --LOGIN_STRING --LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB --MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB --TTYGROUP TTYPERM TTYTYPE_FILE --ULIMIT UMASK --USERGROUPS_ENAB --.RE --.PP - newgrp / sg - .RS 4 - SYSLOG_SG_ENAB -@@ -727,12 +693,6 @@ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUND - SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK - .RE - .PP --passwd --.RS 4 --ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN --SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS --.RE --.PP - pwck - .RS 4 - PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE -@@ -743,26 +703,6 @@ pwconv - PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE - .RE - .PP --su --.RS 4 -- --CONSOLE --CONSOLE_GROUPS DEFAULT_HOME --ENV_HZ ENVIRON_FILE --ENV_PATH ENV_SUPATH --ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB --SULOG_FILE SU_NAME --SU_WHEEL_ONLY --SYSLOG_SU_ENAB --USERGROUPS_ENAB --.RE --.PP --sulogin --.RS 4 --ENV_HZ --ENV_TZ --.RE --.PP - useradd - .RS 4 - CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK -diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/useradd.8 ---- shadow-4.1.5.1/man/man8/useradd.8.manfix 2014-08-29 13:31:38.347811932 +0200 -+++ shadow-4.1.5.1/man/man8/useradd.8 2014-08-29 13:31:38.364812323 +0200 -@@ -85,7 +85,7 @@ by default\&. - Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&. - .RE - .PP --\fB\-d\fR, \fB\-\-home\fR \fIHOME_DIR\fR -+\fB\-d\fR, \fB\-\-home\-dir\fR \fIHOME_DIR\fR - .RS 4 - The new user will be created using - \fIHOME_DIR\fR -@@ -220,9 +220,13 @@ option) will be copied to the home direc - By default, if this option is not specified and - \fBCREATE_HOME\fR - is not enabled, no home directories are created\&. -+.sp -+The directory where the user\*(Aqs home directory is created must -+exist and have proper SELinux context and permissions\&. Otherwise -+the user\*(Aqs home directory cannot be created or accessed\&. - .RE - .PP --\fB\-M\fR -+\fB\-M\fR, \fB\-\-no\-create\-home\fR - .RS 4 - Do not create the user\*(Aqs home directory, even if the system wide setting from - /etc/login\&.defs -diff -up shadow-4.1.5.1/man/man8/usermod.8.manfix shadow-4.1.5.1/man/man8/usermod.8 ---- shadow-4.1.5.1/man/man8/usermod.8.manfix 2012-05-25 13:59:33.000000000 +0200 -+++ shadow-4.1.5.1/man/man8/usermod.8 2014-08-29 13:35:27.343086211 +0200 -@@ -63,7 +63,7 @@ The user\*(Aqs new login directory\&. - .sp - If the - \fB\-m\fR --option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. -+option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. If the current home directory does not exist the new home directory will not be created\&. - .RE - .PP - \fB\-e\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR -@@ -143,7 +143,7 @@ Move the content of the user\*(Aqs home - This option is only valid in combination with the - \fB\-d\fR - (or --\fB\-\-home\fR) option\&. -+\fB\-\-home\fR) option\&. If the current home directory does not exist the new home directory will not be created\&. - .sp - - \fBusermod\fR -diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml ---- shadow-4.1.5.1/man/useradd.8.xml.manfix 2014-08-29 13:31:38.347811932 +0200 -+++ shadow-4.1.5.1/man/useradd.8.xml 2014-08-29 13:31:38.364812323 +0200 -@@ -161,7 +161,7 @@ - - - -- , -+ , - HOME_DIR - - -@@ -358,11 +358,16 @@ - is not enabled, no home - directories are created. - -+ -+ The directory where the user's home directory is created must -+ exist and have proper SELinux context and permissions. Otherwise -+ the user's home directory cannot be created or accessed. -+ - - - - -- -+ , - - - -diff -up shadow-4.1.5.1/man/usermod.8.xml.manfix shadow-4.1.5.1/man/usermod.8.xml ---- shadow-4.1.5.1/man/usermod.8.xml.manfix 2012-05-25 13:45:29.000000000 +0200 -+++ shadow-4.1.5.1/man/usermod.8.xml 2014-08-29 13:33:40.814632618 +0200 -@@ -132,7 +132,8 @@ - If the - option is given, the contents of the current home directory will - be moved to the new home directory, which is created if it does -- not already exist. -+ not already exist. If the current home directory does not exist -+ the new home directory will not be created. - - - -@@ -261,7 +262,8 @@ - - - Move the content of the user's home directory to the new -- location. -+ location. If the current home directory does not exist -+ the new home directory will not be created. - - - This option is only valid in combination with the diff --git a/shadow-4.1.5.1-merge-group.patch b/shadow-4.1.5.1-merge-group.patch deleted file mode 100644 index f5cea10..0000000 --- a/shadow-4.1.5.1-merge-group.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -up shadow-4.1.5.1/lib/groupio.c.merge-group shadow-4.1.5.1/lib/groupio.c ---- shadow-4.1.5.1/lib/groupio.c.merge-group 2011-02-16 21:32:24.000000000 +0100 -+++ shadow-4.1.5.1/lib/groupio.c 2013-01-29 13:56:43.049275513 +0100 -@@ -330,12 +330,12 @@ static /*@null@*/struct commonio_entry * - - /* Concatenate the 2 lines */ - new_line_len = strlen (gr1->line) + strlen (gr2->line) +1; -- new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*)); -+ new_line = (char *)malloc (new_line_len + 1); - if (NULL == new_line) { - errno = ENOMEM; - return NULL; - } -- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line); -+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line); - new_line[new_line_len] = '\0'; - - /* Concatenate the 2 list of members */ -@@ -353,7 +353,7 @@ static /*@null@*/struct commonio_entry * - members++; - } - } -- new_members = (char **)malloc ( (members+1) * sizeof(char*) ); -+ new_members = (char **)calloc (members+1, sizeof(char*)); - if (NULL == new_members) { - free (new_line); - errno = ENOMEM; diff --git a/shadow-4.1.5.1-audit-update.patch b/shadow-4.2.1-audit-update.patch similarity index 86% rename from shadow-4.1.5.1-audit-update.patch rename to shadow-4.2.1-audit-update.patch index 17930bf..8f2edf8 100644 --- a/shadow-4.1.5.1-audit-update.patch +++ b/shadow-4.2.1-audit-update.patch @@ -1,31 +1,6 @@ -diff -urp shadow-4.1.5.1.orig/lib/prototypes.h shadow-4.1.5.1/lib/prototypes.h ---- shadow-4.1.5.1.orig/lib/prototypes.h 2014-09-13 15:45:54.953829562 -0400 -+++ shadow-4.1.5.1/lib/prototypes.h 2014-10-14 08:39:23.785884075 -0400 -@@ -195,12 +195,21 @@ extern int audit_fd; - extern void audit_help_open (void); - /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ - #define AUDIT_NO_ID ((unsigned int) -1) -+#ifndef AUDIT_GRP_MGMT -+#define AUDIT_GRP_MGMT 1132 /* Group account was modified */ -+#endif -+#ifndef AUDIT_GRP_CHAUTHTOK -+#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */ -+#endif - typedef enum { - SHADOW_AUDIT_FAILURE = 0, - SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result; - extern void audit_logger (int type, const char *pgname, const char *op, - const char *name, unsigned int id, - shadow_audit_result result); -+void audit_logger_with_group (int type, unused const char *pgname, -+ const char *op, const char *name, unsigned int id, -+ const char *grp, shadow_audit_result result); - void audit_logger_message (const char *message, shadow_audit_result result); - #endif - -diff -urp shadow-4.1.5.1.orig/libmisc/audit_help.c shadow-4.1.5.1/libmisc/audit_help.c ---- shadow-4.1.5.1.orig/libmisc/audit_help.c 2010-08-21 07:41:28.000000000 -0400 -+++ shadow-4.1.5.1/libmisc/audit_help.c 2014-10-14 08:39:23.785884075 -0400 +diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/audit_help.c +--- shadow-4.2.1/libmisc/audit_help.c.audit-update 2014-03-01 18:50:05.000000000 +0100 ++++ shadow-4.2.1/libmisc/audit_help.c 2014-11-26 15:06:24.663660558 +0100 @@ -68,7 +68,7 @@ void audit_help_open (void) * This function will log a message to the audit system using a predefined * message format. Parameter usage is as follows: @@ -75,9 +50,9 @@ diff -urp shadow-4.1.5.1.orig/libmisc/audit_help.c shadow-4.1.5.1/libmisc/audit_ void audit_logger_message (const char *message, shadow_audit_result result) { if (audit_fd < 0) { -diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_group.c shadow-4.1.5.1/libmisc/cleanup_group.c ---- shadow-4.1.5.1.orig/libmisc/cleanup_group.c 2008-12-23 17:45:18.000000000 -0500 -+++ shadow-4.1.5.1/libmisc/cleanup_group.c 2014-10-14 09:00:33.594753105 -0400 +diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/cleanup_group.c +--- shadow-4.2.1/libmisc/cleanup_group.c.audit-update 2014-03-01 18:50:05.000000000 +0100 ++++ shadow-4.2.1/libmisc/cleanup_group.c 2014-11-26 15:06:24.663660558 +0100 @@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle gr_dbname (), info->action)); @@ -156,9 +131,9 @@ diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_group.c shadow-4.1.5.1/libmisc/cle SHADOW_AUDIT_FAILURE); #endif } -diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_user.c shadow-4.1.5.1/libmisc/cleanup_user.c ---- shadow-4.1.5.1.orig/libmisc/cleanup_user.c 2008-12-23 17:45:18.000000000 -0500 -+++ shadow-4.1.5.1/libmisc/cleanup_user.c 2014-10-14 09:01:51.878745031 -0400 +diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/cleanup_user.c +--- shadow-4.2.1/libmisc/cleanup_user.c.audit-update 2014-03-01 18:50:05.000000000 +0100 ++++ shadow-4.2.1/libmisc/cleanup_user.c 2014-11-26 15:06:24.663660558 +0100 @@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl pw_dbname (), info->action)); @@ -206,99 +181,34 @@ diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_user.c shadow-4.1.5.1/libmisc/clea SHADOW_AUDIT_FAILURE); #endif } -diff -urp shadow-4.1.5.1.orig/src/chage.c shadow-4.1.5.1/src/chage.c ---- shadow-4.1.5.1.orig/src/chage.c 2011-11-19 17:54:47.000000000 -0500 -+++ shadow-4.1.5.1/src/chage.c 2014-10-14 08:39:23.787884075 -0400 -@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int - - #ifdef WITH_AUDIT - if (E_SUCCESS != code) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change age", -- user_name, (unsigned int) user_uid, 0); -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-age", -+ user_name, (unsigned int) user_uid, -+ SHADOW_AUDIT_FAILURE); - } +diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.h +--- shadow-4.2.1/lib/prototypes.h.audit-update 2014-11-26 15:06:24.644660498 +0100 ++++ shadow-4.2.1/lib/prototypes.h 2014-11-26 15:06:24.663660558 +0100 +@@ -208,12 +208,21 @@ extern int audit_fd; + extern void audit_help_open (void); + /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ + #define AUDIT_NO_ID ((unsigned int) -1) ++#ifndef AUDIT_GRP_MGMT ++#define AUDIT_GRP_MGMT 1132 /* Group account was modified */ ++#endif ++#ifndef AUDIT_GRP_CHAUTHTOK ++#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */ ++#endif + typedef enum { + SHADOW_AUDIT_FAILURE = 0, + SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result; + extern void audit_logger (int type, const char *pgname, const char *op, + const char *name, unsigned int id, + shadow_audit_result result); ++void audit_logger_with_group (int type, unused const char *pgname, ++ const char *op, const char *name, unsigned int id, ++ const char *grp, shadow_audit_result result); + void audit_logger_message (const char *message, shadow_audit_result result); #endif -@@ -873,11 +874,7 @@ int main (int argc, char **argv) - fprintf (stderr, _("%s: Permission denied.\n"), Prog); - fail_exit (E_NOPERM); - } --#ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "display aging info", -- user_name, (unsigned int) user_uid, 1); --#endif -+ /* Displaying fields is not of interest to audit */ - list_fields (); - fail_exit (E_SUCCESS); - } -@@ -896,41 +893,43 @@ int main (int argc, char **argv) - } - #ifdef WITH_AUDIT - else { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change all aging information", -- user_name, (unsigned int) user_uid, 1); -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-all-aging-information", -+ user_name, (unsigned int) user_uid, -+ SHADOW_AUDIT_SUCCESS); - } - #endif - } else { - #ifdef WITH_AUDIT - if (Mflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change max age", -- user_name, (unsigned int) user_uid, 1); -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-max-age", -+ user_name, (unsigned int) user_uid, -+ SHADOW_AUDIT_SUCCESS); - } - if (mflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change min age", -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-min-age", - user_name, (unsigned int) user_uid, 1); - } - if (dflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change last change date", -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-last-change-date", - user_name, (unsigned int) user_uid, 1); - } - if (Wflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change passwd warning", -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-passwd-warning", - user_name, (unsigned int) user_uid, 1); - } - if (Iflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change inactive days", -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-inactive-days", - user_name, (unsigned int) user_uid, 1); - } - if (Eflg) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "change passwd expiration", -+ audit_logger (AUDIT_USER_MGMT, Prog, -+ "change-passwd-expiration", - user_name, (unsigned int) user_uid, 1); - } - #endif -diff -urp shadow-4.1.5.1.orig/src/gpasswd.c shadow-4.1.5.1/src/gpasswd.c ---- shadow-4.1.5.1.orig/src/gpasswd.c 2014-09-13 15:45:54.989829559 -0400 -+++ shadow-4.1.5.1/src/gpasswd.c 2014-10-14 08:43:07.393861012 -0400 +diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c +--- shadow-4.2.1/src/gpasswd.c.audit-update 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/gpasswd.c 2014-11-26 15:06:24.664660561 +0100 @@ -137,7 +137,7 @@ static void usage (int status) (void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -562,9 +472,9 @@ diff -urp shadow-4.1.5.1.orig/src/gpasswd.c shadow-4.1.5.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -diff -urp shadow-4.1.5.1.orig/src/groupadd.c shadow-4.1.5.1/src/groupadd.c ---- shadow-4.1.5.1.orig/src/groupadd.c 2011-11-18 16:23:30.000000000 -0500 -+++ shadow-4.1.5.1/src/groupadd.c 2014-10-14 08:39:23.800884073 -0400 +diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c +--- shadow-4.2.1/src/groupadd.c.audit-update 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/groupadd.c 2014-11-26 15:06:24.664660561 +0100 @@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -740,9 +650,9 @@ diff -urp shadow-4.1.5.1.orig/src/groupadd.c shadow-4.1.5.1/src/groupadd.c } } -diff -urp shadow-4.1.5.1.orig/src/groupdel.c shadow-4.1.5.1/src/groupdel.c ---- shadow-4.1.5.1.orig/src/groupdel.c 2011-11-18 16:23:30.000000000 -0500 -+++ shadow-4.1.5.1/src/groupdel.c 2014-10-14 08:39:23.801884073 -0400 +diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c +--- shadow-4.2.1/src/groupdel.c.audit-update 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/groupdel.c 2014-11-26 15:06:24.665660564 +0100 @@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -912,9 +822,9 @@ diff -urp shadow-4.1.5.1.orig/src/groupdel.c shadow-4.1.5.1/src/groupdel.c } #endif -diff -urp shadow-4.1.5.1.orig/src/groupmod.c shadow-4.1.5.1/src/groupmod.c ---- shadow-4.1.5.1.orig/src/groupmod.c 2011-11-18 16:23:30.000000000 -0500 -+++ shadow-4.1.5.1/src/groupmod.c 2014-10-14 08:49:28.517821702 -0400 +diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c +--- shadow-4.2.1/src/groupmod.c.audit-update 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/groupmod.c 2014-11-26 15:06:24.665660564 +0100 @@ -438,7 +438,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } @@ -1108,10 +1018,100 @@ diff -urp shadow-4.1.5.1.orig/src/groupmod.c shadow-4.1.5.1/src/groupmod.c // FIXME: add a system cleanup add_cleanup (cleanup_report_mod_group, &info_group); -diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c ---- shadow-4.1.5.1.orig/src/newgrp.c 2014-09-13 15:45:55.010829557 -0400 -+++ shadow-4.1.5.1/src/newgrp.c 2014-10-14 08:39:23.802884073 -0400 -@@ -197,11 +197,12 @@ static void check_perms (const struct gr +diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c +--- shadow-4.2.1/src/chage.c.audit-update 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/chage.c 2014-11-26 15:06:24.663660558 +0100 +@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int + + #ifdef WITH_AUDIT + if (E_SUCCESS != code) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change age", +- user_name, (unsigned int) user_uid, 0); ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-age", ++ user_name, (unsigned int) user_uid, ++ SHADOW_AUDIT_FAILURE); + } + #endif + +@@ -873,11 +874,7 @@ int main (int argc, char **argv) + fprintf (stderr, _("%s: Permission denied.\n"), Prog); + fail_exit (E_NOPERM); + } +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "display aging info", +- user_name, (unsigned int) user_uid, 1); +-#endif ++ /* Displaying fields is not of interest to audit */ + list_fields (); + fail_exit (E_SUCCESS); + } +@@ -896,41 +893,43 @@ int main (int argc, char **argv) + } + #ifdef WITH_AUDIT + else { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change all aging information", +- user_name, (unsigned int) user_uid, 1); ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-all-aging-information", ++ user_name, (unsigned int) user_uid, ++ SHADOW_AUDIT_SUCCESS); + } + #endif + } else { + #ifdef WITH_AUDIT + if (Mflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change max age", +- user_name, (unsigned int) user_uid, 1); ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-max-age", ++ user_name, (unsigned int) user_uid, ++ SHADOW_AUDIT_SUCCESS); + } + if (mflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change min age", ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-min-age", + user_name, (unsigned int) user_uid, 1); + } + if (dflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change last change date", ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-last-change-date", + user_name, (unsigned int) user_uid, 1); + } + if (Wflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change passwd warning", ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-passwd-warning", + user_name, (unsigned int) user_uid, 1); + } + if (Iflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change inactive days", ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-inactive-days", + user_name, (unsigned int) user_uid, 1); + } + if (Eflg) { +- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +- "change passwd expiration", ++ audit_logger (AUDIT_USER_MGMT, Prog, ++ "change-passwd-expiration", + user_name, (unsigned int) user_uid, 1); + } + #endif +diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c +--- shadow-4.2.1/src/newgrp.c.audit-update 2014-11-26 15:06:24.660660548 +0100 ++++ shadow-4.2.1/src/newgrp.c 2014-11-26 15:06:24.666660567 +0100 +@@ -206,11 +206,12 @@ static void check_perms (const struct gr strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1126,7 +1126,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif SYSLOG ((LOG_INFO, "Invalid password for group '%s' from '%s'", -@@ -212,11 +213,12 @@ static void check_perms (const struct gr +@@ -221,11 +222,12 @@ static void check_perms (const struct gr } #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1141,7 +1141,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif } -@@ -227,19 +229,6 @@ failure: +@@ -236,19 +238,6 @@ failure: * harm. -- JWP */ closelog (); @@ -1161,7 +1161,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c exit (EXIT_FAILURE); } -@@ -308,15 +297,27 @@ static void syslog_sg (const char *name, +@@ -317,15 +306,27 @@ static void syslog_sg (const char *name, is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT if (group) { @@ -1193,7 +1193,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -442,7 +443,7 @@ int main (int argc, char **argv) +@@ -451,7 +452,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, @@ -1202,7 +1202,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); -@@ -558,15 +559,26 @@ int main (int argc, char **argv) +@@ -567,15 +568,26 @@ int main (int argc, char **argv) perror ("getgroups"); #ifdef WITH_AUDIT if (group) { @@ -1233,7 +1233,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -707,10 +719,10 @@ int main (int argc, char **argv) +@@ -716,10 +728,10 @@ int main (int argc, char **argv) perror ("setgid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1246,7 +1246,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -719,10 +731,10 @@ int main (int argc, char **argv) +@@ -728,10 +740,10 @@ int main (int argc, char **argv) perror ("setuid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1259,7 +1259,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -736,10 +748,10 @@ int main (int argc, char **argv) +@@ -745,10 +757,10 @@ int main (int argc, char **argv) execl (SHELL, "sh", "-c", command, (char *) 0); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1272,7 +1272,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif perror (SHELL); exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); -@@ -803,11 +815,11 @@ int main (int argc, char **argv) +@@ -812,11 +824,11 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT @@ -1286,7 +1286,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c #endif /* * Exec the login shell and go away. We are trying to get back to -@@ -831,15 +843,24 @@ int main (int argc, char **argv) +@@ -840,15 +852,24 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { @@ -1315,10 +1315,10 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c ---- shadow-4.1.5.1.orig/src/useradd.c 2014-09-13 15:45:54.957829561 -0400 -+++ shadow-4.1.5.1/src/useradd.c 2014-10-14 08:52:53.066800605 -0400 -@@ -205,6 +205,8 @@ static void create_mail (void); +diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c +--- shadow-4.2.1/src/useradd.c.audit-update 2014-11-26 15:06:24.648660511 +0100 ++++ shadow-4.2.1/src/useradd.c 2014-11-26 15:14:02.446087183 +0100 +@@ -222,6 +222,8 @@ static void create_mail (void); */ static void fail_exit (int code) { @@ -1327,7 +1327,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c if (home_added) { if (rmdir (user_home) != 0) { fprintf (stderr, -@@ -218,12 +220,6 @@ static void fail_exit (int code) +@@ -235,12 +237,6 @@ static void fail_exit (int code) if (spw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); @@ -1340,7 +1340,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c /* continue */ } } -@@ -231,12 +227,6 @@ static void fail_exit (int code) +@@ -248,12 +244,6 @@ static void fail_exit (int code) if (pw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); @@ -1353,7 +1353,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c /* continue */ } } -@@ -244,12 +234,6 @@ static void fail_exit (int code) +@@ -261,12 +251,6 @@ static void fail_exit (int code) if (gr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); @@ -1366,7 +1366,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c /* continue */ } } -@@ -258,20 +242,19 @@ static void fail_exit (int code) +@@ -275,12 +259,6 @@ static void fail_exit (int code) if (sgr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); @@ -1379,7 +1379,33 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c /* continue */ } } - #endif +@@ -290,12 +268,6 @@ static void fail_exit (int code) + if (sub_uid_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_ADD_USER, Prog, +- "unlocking subordinate user file", +- user_name, AUDIT_NO_ID, +- SHADOW_AUDIT_FAILURE); +-#endif + /* continue */ + } + } +@@ -303,20 +275,19 @@ static void fail_exit (int code) + if (sub_gid_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); + SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_ADD_USER, Prog, +- "unlocking subordinate group file", +- user_name, AUDIT_NO_ID, +- SHADOW_AUDIT_FAILURE); +-#endif + /* continue */ + } + } + #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, @@ -1394,7 +1420,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -578,7 +561,7 @@ static int set_defaults (void) +@@ -623,7 +594,7 @@ static int set_defaults (void) } #ifdef WITH_AUDIT audit_logger (AUDIT_USYS_CONFIG, Prog, @@ -1403,7 +1429,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c NULL, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -848,12 +831,6 @@ static void grp_update (void) +@@ -893,12 +864,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1416,7 +1442,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -867,18 +844,12 @@ static void grp_update (void) +@@ -912,18 +877,12 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), ngrp->gr_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1438,7 +1464,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -923,12 +894,6 @@ static void grp_update (void) +@@ -968,12 +927,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1451,7 +1477,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -942,18 +907,13 @@ static void grp_update (void) +@@ -987,18 +940,13 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), nsgrp->sg_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1474,7 +1500,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1296,7 +1256,7 @@ static void process_flags (int argc, cha +@@ -1341,7 +1289,7 @@ static void process_flags (int argc, cha Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1483,7 +1509,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1385,7 +1345,7 @@ static void close_files (void) +@@ -1444,7 +1392,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1492,7 +1518,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1398,7 +1358,7 @@ static void close_files (void) +@@ -1457,7 +1405,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1501,7 +1527,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1410,7 +1370,7 @@ static void close_files (void) +@@ -1469,7 +1417,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1510,7 +1536,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1424,7 +1384,7 @@ static void close_files (void) +@@ -1483,7 +1431,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1519,7 +1545,25 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1584,7 +1544,7 @@ static void grp_add (void) +@@ -1499,7 +1447,7 @@ static void close_files (void) + SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, +- "unlocking subordinate user file", ++ "unlocking-subordinate-user-file", + user_name, AUDIT_NO_ID, + SHADOW_AUDIT_FAILURE); + #endif +@@ -1513,7 +1461,7 @@ static void close_files (void) + SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, +- "unlocking subordinate group file", ++ "unlocking-subordinate-group-file", + user_name, AUDIT_NO_ID, + SHADOW_AUDIT_FAILURE); + #endif +@@ -1705,7 +1653,7 @@ static void grp_add (void) Prog, gr_dbname (), grp.gr_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1528,7 +1572,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1600,7 +1560,7 @@ static void grp_add (void) +@@ -1721,7 +1669,7 @@ static void grp_add (void) Prog, sgr_dbname (), sgrp.sg_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1537,7 +1581,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1610,7 +1570,7 @@ static void grp_add (void) +@@ -1731,7 +1679,7 @@ static void grp_add (void) SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1546,7 +1590,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -1725,17 +1685,11 @@ static void usr_update (void) +@@ -1846,12 +1794,6 @@ static void usr_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, spw_dbname (), spent.sp_namp); @@ -1558,6 +1602,9 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c -#endif fail_exit (E_PW_UPDATE); } + #ifdef ENABLE_SUBIDS +@@ -1873,7 +1815,7 @@ static void usr_update (void) + #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, - "adding user", @@ -1565,7 +1612,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -1771,12 +1725,6 @@ static void create_home (void) +@@ -1908,12 +1850,6 @@ static void create_home (void) fprintf (stderr, _("%s: cannot create directory %s\n"), Prog, user_home); @@ -1578,7 +1625,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_HOMEDIR); } chown (user_home, user_id, user_gid); -@@ -1784,8 +1732,8 @@ static void create_home (void) +@@ -1921,8 +1857,8 @@ static void create_home (void) 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); home_added = true; #ifdef WITH_AUDIT @@ -1589,7 +1636,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -1951,12 +1899,6 @@ int main (int argc, char **argv) +@@ -2098,12 +2034,6 @@ int main (int argc, char **argv) */ if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); @@ -1602,7 +1649,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_NAME_IN_USE); } -@@ -1972,12 +1914,6 @@ int main (int argc, char **argv) +@@ -2119,12 +2049,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); @@ -1615,7 +1662,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_NAME_IN_USE); } } -@@ -2007,12 +1943,6 @@ int main (int argc, char **argv) +@@ -2154,12 +2078,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); @@ -1628,7 +1675,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c fail_exit (E_UID_IN_USE); } } -@@ -2057,9 +1987,10 @@ int main (int argc, char **argv) +@@ -2223,9 +2141,10 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -1642,10 +1689,10 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c #endif /* WITH_AUDIT */ rv = E_SE_UPDATE; } -diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c ---- shadow-4.1.5.1.orig/src/userdel.c 2014-09-13 15:45:55.001829558 -0400 -+++ shadow-4.1.5.1/src/userdel.c 2014-10-14 08:44:52.714850149 -0400 -@@ -201,9 +201,9 @@ static void update_groups (void) +diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c +--- shadow-4.2.1/src/userdel.c.audit-update 2014-11-26 15:06:24.655660533 +0100 ++++ shadow-4.2.1/src/userdel.c 2014-11-26 15:16:01.892459425 +0100 +@@ -214,9 +214,9 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ #ifdef WITH_AUDIT @@ -1658,7 +1705,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n", -@@ -263,9 +263,9 @@ static void update_groups (void) +@@ -276,9 +276,9 @@ static void update_groups (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1671,7 +1718,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n", -@@ -342,9 +342,9 @@ static void remove_usergroup (void) +@@ -355,9 +355,9 @@ static void remove_usergroup (void) } #ifdef WITH_AUDIT @@ -1684,7 +1731,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -360,9 +360,9 @@ static void remove_usergroup (void) +@@ -373,9 +373,9 @@ static void remove_usergroup (void) fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1697,7 +1744,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -478,7 +478,7 @@ static void fail_exit (int code) +@@ -537,7 +537,7 @@ static void fail_exit (int code) #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1706,7 +1753,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -498,24 +498,12 @@ static void open_files (void) +@@ -557,24 +557,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); @@ -1731,7 +1778,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { -@@ -523,12 +511,6 @@ static void open_files (void) +@@ -582,12 +570,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); @@ -1744,7 +1791,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c fail_exit (E_PW_UPDATE); } spw_locked = true; -@@ -536,12 +518,6 @@ static void open_files (void) +@@ -595,12 +577,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -1757,7 +1804,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c fail_exit (E_PW_UPDATE); } } -@@ -549,23 +525,11 @@ static void open_files (void) +@@ -608,23 +584,11 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -1781,7 +1828,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP -@@ -574,24 +538,12 @@ static void open_files (void) +@@ -633,24 +597,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -1806,8 +1853,58 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c fail_exit (E_GRP_UPDATE); } } -@@ -622,7 +574,7 @@ static void update_user (void) +@@ -661,24 +613,12 @@ static void open_files (void) + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, sub_uid_dbname ()); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_DEL_USER, Prog, +- "locking subordinate user file", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif /* WITH_AUDIT */ + fail_exit (E_SUB_UID_UPDATE); + } + sub_uid_locked = true; + if (sub_uid_open (O_RDWR) == 0) { + fprintf (stderr, + _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_DEL_USER, Prog, +- "opening subordinate user file", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif /* WITH_AUDIT */ + fail_exit (E_SUB_UID_UPDATE); + } } +@@ -687,24 +627,12 @@ static void open_files (void) + fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, sub_gid_dbname ()); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_DEL_USER, Prog, +- "locking subordinate group file", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif /* WITH_AUDIT */ + fail_exit (E_SUB_GID_UPDATE); + } + sub_gid_locked = true; + if (sub_gid_open (O_RDWR) == 0) { + fprintf (stderr, + _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); +-#ifdef WITH_AUDIT +- audit_logger (AUDIT_DEL_USER, Prog, +- "opening subordinate group file", +- user_name, (unsigned int) user_id, +- SHADOW_AUDIT_FAILURE); +-#endif /* WITH_AUDIT */ + fail_exit (E_SUB_GID_UPDATE); + } + } +@@ -749,7 +677,7 @@ static void update_user (void) + #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, - "deleting user entries", @@ -1815,7 +1912,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ -@@ -716,7 +668,7 @@ static int remove_mailbox (void) +@@ -843,7 +771,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1824,7 +1921,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -732,7 +684,7 @@ static int remove_mailbox (void) +@@ -859,7 +787,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1833,7 +1930,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -742,8 +694,8 @@ static int remove_mailbox (void) +@@ -869,8 +797,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1844,7 +1941,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -760,7 +712,7 @@ static int remove_mailbox (void) +@@ -887,7 +815,7 @@ static int remove_mailbox (void) mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1853,7 +1950,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -775,7 +727,7 @@ static int remove_mailbox (void) +@@ -902,7 +830,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1862,7 +1959,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -785,8 +737,8 @@ static int remove_mailbox (void) +@@ -912,8 +840,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1873,7 +1970,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -980,7 +932,7 @@ int main (int argc, char **argv) +@@ -1111,7 +1039,7 @@ int main (int argc, char **argv) Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1882,7 +1979,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1024,7 +976,7 @@ int main (int argc, char **argv) +@@ -1155,7 +1083,7 @@ int main (int argc, char **argv) if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1891,7 +1988,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1101,8 +1053,8 @@ int main (int argc, char **argv) +@@ -1232,8 +1160,8 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT else { @@ -1902,7 +1999,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -1111,7 +1063,7 @@ int main (int argc, char **argv) +@@ -1242,7 +1170,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, @@ -1911,7 +2008,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } -@@ -1124,8 +1076,8 @@ int main (int argc, char **argv) +@@ -1255,8 +1183,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -1922,10 +2019,10 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c ---- shadow-4.1.5.1.orig/src/usermod.c 2014-09-13 15:45:55.013829557 -0400 -+++ shadow-4.1.5.1/src/usermod.c 2014-10-14 08:50:05.817817855 -0400 -@@ -352,8 +352,8 @@ static char *new_pw_passwd (char *pw_pas +diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c +--- shadow-4.2.1/src/usermod.c.audit-update 2014-11-26 15:06:24.661660551 +0100 ++++ shadow-4.2.1/src/usermod.c 2014-11-26 15:17:38.580760741 +0100 +@@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -1936,7 +2033,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); strcpy (buf, "!"); -@@ -372,8 +372,8 @@ static char *new_pw_passwd (char *pw_pas +@@ -467,8 +467,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -1947,7 +2044,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); s = pw_pass; -@@ -384,7 +384,7 @@ static char *new_pw_passwd (char *pw_pas +@@ -479,7 +479,7 @@ static char *new_pw_passwd (char *pw_pas } else if (pflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -1956,7 +2053,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user '%s' password", user_newname)); -@@ -413,8 +413,8 @@ static void new_pwent (struct passwd *pw +@@ -508,8 +508,8 @@ static void new_pwent (struct passwd *pw fail_exit (E_NAME_IN_USE); } #ifdef WITH_AUDIT @@ -1967,7 +2064,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -434,8 +434,8 @@ static void new_pwent (struct passwd *pw +@@ -529,8 +529,8 @@ static void new_pwent (struct passwd *pw if (uflg) { #ifdef WITH_AUDIT @@ -1978,7 +2075,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -445,8 +445,8 @@ static void new_pwent (struct passwd *pw +@@ -540,8 +540,8 @@ static void new_pwent (struct passwd *pw } if (gflg) { #ifdef WITH_AUDIT @@ -1989,7 +2086,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -456,8 +456,8 @@ static void new_pwent (struct passwd *pw +@@ -551,8 +551,8 @@ static void new_pwent (struct passwd *pw } if (cflg) { #ifdef WITH_AUDIT @@ -2000,7 +2097,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif pwent->pw_gecos = user_newcomment; -@@ -465,8 +465,8 @@ static void new_pwent (struct passwd *pw +@@ -560,8 +560,8 @@ static void new_pwent (struct passwd *pw if (dflg) { #ifdef WITH_AUDIT @@ -2011,7 +2108,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -476,8 +476,8 @@ static void new_pwent (struct passwd *pw +@@ -571,8 +571,8 @@ static void new_pwent (struct passwd *pw } if (sflg) { #ifdef WITH_AUDIT @@ -2022,7 +2119,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -507,8 +507,8 @@ static void new_spent (struct spwd *spen +@@ -602,8 +602,8 @@ static void new_spent (struct spwd *spen if (fflg) { #ifdef WITH_AUDIT @@ -2033,7 +2130,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -524,8 +524,8 @@ static void new_spent (struct spwd *spen +@@ -619,8 +619,8 @@ static void new_spent (struct spwd *spen date_to_str (old_exp, sizeof(old_exp), user_expire * DAY); #ifdef WITH_AUDIT @@ -2044,8 +2141,8 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -592,9 +592,9 @@ static /*@noreturn@*/void fail_exit (int - } +@@ -703,9 +703,9 @@ static /*@noreturn@*/void fail_exit (int + #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2057,7 +2154,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif exit (code); } -@@ -648,9 +648,12 @@ static void update_group (void) +@@ -759,9 +759,12 @@ static void update_group (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2073,7 +2170,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in group '%s'", -@@ -664,9 +667,11 @@ static void update_group (void) +@@ -775,9 +778,11 @@ static void update_group (void) ngrp->gr_mem = del_list (ngrp->gr_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2088,7 +2185,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from group '%s'", -@@ -679,9 +684,11 @@ static void update_group (void) +@@ -790,9 +795,11 @@ static void update_group (void) ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2103,7 +2200,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to group '%s'", user_newname, ngrp->gr_name)); -@@ -756,9 +763,10 @@ static void update_gshadow (void) +@@ -867,9 +874,10 @@ static void update_gshadow (void) nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2117,7 +2214,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change admin '%s' to '%s' in shadow group '%s'", -@@ -778,9 +786,10 @@ static void update_gshadow (void) +@@ -889,9 +897,10 @@ static void update_gshadow (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2131,7 +2228,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in shadow group '%s'", -@@ -794,9 +803,10 @@ static void update_gshadow (void) +@@ -905,9 +914,10 @@ static void update_gshadow (void) nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2145,7 +2242,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'", -@@ -809,9 +819,10 @@ static void update_gshadow (void) +@@ -920,9 +930,10 @@ static void update_gshadow (void) nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2159,7 +2256,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_name)); -@@ -1515,8 +1526,8 @@ static void move_home (void) +@@ -1810,8 +1821,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { @@ -2170,7 +2267,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1534,8 +1545,8 @@ static void move_home (void) +@@ -1829,8 +1840,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT @@ -2181,7 +2278,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif -@@ -1554,9 +1565,9 @@ static void move_home (void) +@@ -1849,9 +1860,9 @@ static void move_home (void) Prog, user_home); } #ifdef WITH_AUDIT @@ -2193,7 +2290,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); -@@ -1760,8 +1771,8 @@ static void move_mailbox (void) +@@ -2055,8 +2066,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2204,7 +2301,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1779,8 +1790,8 @@ static void move_mailbox (void) +@@ -2074,8 +2085,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2215,7 +2312,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1910,8 +1921,8 @@ int main (int argc, char **argv) +@@ -2217,8 +2228,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -2226,7 +2323,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1923,8 +1934,8 @@ int main (int argc, char **argv) +@@ -2230,8 +2241,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2237,7 +2334,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1962,8 +1973,8 @@ int main (int argc, char **argv) +@@ -2269,8 +2280,8 @@ int main (int argc, char **argv) */ #ifdef WITH_AUDIT if (uflg || gflg) { diff --git a/shadow-4.2.1-date-parsing.patch b/shadow-4.2.1-date-parsing.patch new file mode 100644 index 0000000..91a85ac --- /dev/null +++ b/shadow-4.2.1-date-parsing.patch @@ -0,0 +1,68 @@ +diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y +--- shadow-4.2.1/libmisc/getdate.y.date-parsing 2014-03-01 18:50:05.000000000 +0100 ++++ shadow-4.2.1/libmisc/getdate.y 2014-11-26 14:58:21.208153924 +0100 +@@ -152,6 +152,7 @@ static int yyHaveDay; + static int yyHaveRel; + static int yyHaveTime; + static int yyHaveZone; ++static int yyHaveYear; + static int yyTimezone; + static int yyDay; + static int yyHour; +@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER { + yyDay = $3; + yyYear = $5; + } ++ yyHaveYear++; + } + | tUNUMBER tSNUMBER tSNUMBER { + /* ISO 8601 format. yyyy-mm-dd. */ + yyYear = $1; + yyMonth = -$2; + yyDay = -$3; ++ yyHaveYear++; + } + | tUNUMBER tMONTH tSNUMBER { + /* e.g. 17-JUN-1992. */ + yyDay = $1; + yyMonth = $2; + yyYear = -$3; ++ yyHaveYear++; + } + | tMONTH tUNUMBER { + yyMonth = $1; +@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER { + yyMonth = $1; + yyDay = $2; + yyYear = $4; ++ yyHaveYear++; + } + | tUNUMBER tMONTH { + yyMonth = $2; +@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER { + yyMonth = $2; + yyDay = $1; + yyYear = $3; ++ yyHaveYear++; + } + ; + +@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT { + + number : tUNUMBER + { +- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0)) ++ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear ++ && (yyHaveDate != 0) && (yyHaveRel == 0)) + yyYear = $1; + else + { +@@ -802,7 +809,7 @@ yylex (void) + return LookupWord (buff); + } + if (c != '(') +- return *yyInput++; ++ return (unsigned char)*yyInput++; + Count = 0; + do + { diff --git a/shadow-4.2.1-manfix.patch b/shadow-4.2.1-manfix.patch new file mode 100644 index 0000000..4c6520e --- /dev/null +++ b/shadow-4.2.1-manfix.patch @@ -0,0 +1,78 @@ +diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml +--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100 +@@ -102,6 +102,9 @@ + Set the number of days since January 1st, 1970 when the password + was last changed. The date may also be expressed in the format + YYYY-MM-DD (or the format more commonly used in your area). ++ If the LAST_DAY is set to ++ 0 the user is forced to change his password ++ on the next log on. + + + +diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml +--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100 ++++ shadow-4.2.1/man/login.defs.5.xml 2014-11-26 15:34:51.257978963 +0100 +@@ -162,6 +162,17 @@ + long numeric parameters is machine-dependent. + + ++ ++ Please note that the parameters in this configuration file control the ++ behavior of the tools from the shadow-utils component. None of these ++ tools uses the PAM mechanism, and the utilities that use PAM (such as the ++ passwd command) should be configured elsewhere. The only values that ++ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS ++ for pam_unix module, FAIL_DELAY for pam_faildelay module, ++ and UMASK for pam_umask module. Refer to ++ pam(8) for more information. ++ ++ + The following configuration items are provided: + + +diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml +--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100 ++++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100 +@@ -347,11 +347,16 @@ + is not enabled, no home + directories are created. + ++ ++ The directory where the user's home directory is created must ++ exist and have proper SELinux context and permissions. Otherwise ++ the user's home directory cannot be created or accessed. ++ + + + + +- ++ , + + + +diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml +--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100 +@@ -132,7 +132,8 @@ + If the + option is given, the contents of the current home directory will + be moved to the new home directory, which is created if it does +- not already exist. ++ not already exist. If the current home directory does not exist ++ the new home directory will not be created. + + + +@@ -256,7 +257,8 @@ + + + Move the content of the user's home directory to the new +- location. ++ location. If the current home directory does not exist ++ the new home directory will not be created. + + + This option is only valid in combination with the diff --git a/shadow-4.2.1-merge-group.patch b/shadow-4.2.1-merge-group.patch new file mode 100644 index 0000000..1adcabd --- /dev/null +++ b/shadow-4.2.1-merge-group.patch @@ -0,0 +1,13 @@ +diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c +--- shadow-4.2.1/lib/groupio.c.merge-group 2014-11-26 14:33:54.039581662 +0100 ++++ shadow-4.2.1/lib/groupio.c 2014-11-26 14:46:02.841852886 +0100 +@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry * + errno = ENOMEM; + return NULL; + } +- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line); +- new_line[new_line_len] = '\0'; ++ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line); + + /* Concatenate the 2 list of members */ + for (i=0; NULL != gptr1->gr_mem[i]; i++); diff --git a/shadow-utils.spec b/shadow-utils.spec index faf9749..0e04237 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,11 +1,11 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.1.5.1 -Release: 22%{?dist} +Version: 4.2.1 +Release: 1%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ -Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 -Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2.sig +Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz +Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig Source1: shadow-utils.login.defs Source2: shadow-utils.useradd Source4: shadow-bsd.txt @@ -17,20 +17,19 @@ Patch3: shadow-4.1.5-uflg.patch Patch6: shadow-4.1.5.1-selinux.patch Patch7: shadow-4.1.5-2ndskip.patch Patch8: shadow-4.1.5.1-backup-mode.patch -Patch9: shadow-4.1.5.1-merge-group.patch +Patch9: shadow-4.2.1-merge-group.patch Patch10: shadow-4.1.5.1-orig-context.patch Patch11: shadow-4.1.5.1-logmsg.patch Patch12: shadow-4.1.5.1-errmsg.patch Patch13: shadow-4.1.5.1-audit-owner.patch Patch14: shadow-4.1.5.1-default-range.patch -Patch15: shadow-4.1.5.1-manfix.patch -Patch16: shadow-4.1.5.1-crypt-null.patch +Patch15: shadow-4.2.1-manfix.patch Patch17: shadow-4.1.5.1-userdel-helpfix.patch Patch18: shadow-4.1.5.1-id-alloc.patch -Patch19: shadow-4.1.5.1-date-parsing.patch +Patch19: shadow-4.2.1-date-parsing.patch Patch20: shadow-4.1.5.1-ingroup.patch Patch21: shadow-4.1.5.1-move-home.patch -Patch22: shadow-4.1.5.1-audit-update.patch +Patch22: shadow-4.2.1-audit-update.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -38,6 +37,7 @@ BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: audit-libs-devel >= 1.6.5 BuildRequires: libsemanage-devel BuildRequires: libacl-devel libattr-devel +BuildRequires: bison flex gnome-doc-utils #BuildRequires: autoconf, automake, libtool, gettext-devel Requires: libselinux >= 1.25.2-1 Requires: audit-libs >= 1.6.5 @@ -74,7 +74,6 @@ are used for managing group accounts. %patch13 -p1 -b .audit-owner %patch14 -p1 -b .default-range %patch15 -p1 -b .manfix -%patch16 -p1 -b .crypt-null %patch17 -p1 -b .userdel %patch18 -p1 -b .id-alloc %patch19 -p1 -b .date-parsing @@ -87,6 +86,8 @@ cp -f doc/HOWTO.utf8 doc/HOWTO cp -a %{SOURCE4} %{SOURCE5} . +rm libmisc/getdate.c + #rm po/*.gmo #rm po/stamp-po #aclocal @@ -107,6 +108,7 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" %configure \ --enable-shadowgrp \ + --enable-man \ --with-audit \ --with-sha-crypt \ --with-selinux \ @@ -207,6 +209,8 @@ rm -rf $RPM_BUILD_ROOT %attr(4755,root,root) %{_bindir}/gpasswd %{_bindir}/lastlog %attr(4755,root,root) %{_bindir}/newgrp +%attr(4755,root,root) %{_bindir}/newgidmap +%attr(4755,root,root) %{_bindir}/newuidmap %{_sbindir}/adduser %attr(0750,root,root) %{_sbindir}/user* %attr(0750,root,root) %{_sbindir}/group* @@ -221,10 +225,14 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man1/gpasswd.1* %{_mandir}/man1/sg.1* %{_mandir}/man1/newgrp.1* +%{_mandir}/man1/newgidmap.1* +%{_mandir}/man1/newuidmap.1* %{_mandir}/man3/shadow.3* %{_mandir}/man5/shadow.5* %{_mandir}/man5/login.defs.5* %{_mandir}/man5/gshadow.5* +%{_mandir}/man5/subuid.5* +%{_mandir}/man5/subgid.5* %{_mandir}/man8/adduser.8* %{_mandir}/man8/group*.8* %{_mandir}/man8/user*.8* @@ -238,6 +246,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Nov 26 2014 Tomáš Mráz - 2:4.2.1-1 +- new upstream release with support for subordinate uids and gids + * Tue Nov 25 2014 Tomáš Mráz - 2:4.1.5.1-22 - small adjustments to the audit patch diff --git a/sources b/sources index 888eac7..9a96021 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -a00449aa439c69287b6d472191dc2247 shadow-4.1.5.1.tar.bz2 -f16f31f6f5a607b1ffb1aa1aac4c37f2 shadow-4.1.5.1.tar.bz2.sig +2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz +6752051fb07fc4be58c3d7b929bf2341 shadow-4.2.1.tar.xz.sig