new upstream release with support for subordinate uids and gids

This commit is contained in:
Tomas Mraz 2014-11-26 15:58:28 +01:00
parent 04260e2340
commit 8b4e03b994
13 changed files with 514 additions and 924 deletions

2
.gitignore vendored
View file

@ -3,3 +3,5 @@ shadow-4.1.4.2.tar.bz2
/shadow-4.1.5.tar.bz2 /shadow-4.1.5.tar.bz2
/shadow-4.1.5.1.tar.bz2 /shadow-4.1.5.1.tar.bz2
/shadow-4.1.5.1.tar.bz2.sig /shadow-4.1.5.1.tar.bz2.sig
/shadow-4.2.1.tar.xz
/shadow-4.2.1.tar.xz.sig

View file

@ -1,195 +0,0 @@
diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c
--- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200
+++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200
@@ -49,11 +49,10 @@
if (!cp) {
/*
* Single Unix Spec: crypt() may return a null pointer,
- * and set errno to indicate an error. The caller doesn't
- * expect us to return NULL, so...
+ * and set errno to indicate an error. In this case return
+ * the NULL so the caller can handle appropriately.
*/
- perror ("crypt");
- exit (EXIT_FAILURE);
+ return cp;
}
/* The GNU crypt does not return NULL if the algorithm is not
diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c
--- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200
+++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200
@@ -95,6 +95,7 @@ bool valid (const char *password, const
*/
if ( (NULL != ent->pw_name)
+ && (NULL != encrypted)
&& (strcmp (encrypted, ent->pw_passwd) == 0)) {
return true;
} else {
diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c
--- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200
+++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200
@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
char prompt[1024];
char *clear = NULL;
const char *cp;
+ const char *encrypted;
int retval;
#ifdef SKEY
@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
* the results there as well.
*/
- retval = strcmp (pw_encrypt (input, cipher), cipher);
+ encrypted = pw_encrypt (input, cipher);
+ if (encrypted!=NULL)
+ retval = strcmp (encrypted, cipher);
+ else
+ retval = -1;
#ifdef SKEY
/*
diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c
--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200
@@ -469,6 +469,10 @@ int main (int argc, char **argv)
#endif
cp = pw_encrypt (newpwd,
crypt_make_salt (crypt_method, arg));
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
}
/*
diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c
--- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200
@@ -492,6 +492,10 @@ int main (int argc, char **argv)
#endif
cp = pw_encrypt (newpwd,
crypt_make_salt(crypt_method, arg));
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
}
/*
diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c
--- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100
+++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200
@@ -939,6 +939,10 @@ static void change_passwd (struct group
}
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+ if (cp==NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
memzero (pass, sizeof pass);
#ifdef SHADOWGRP
if (is_shadowgrp) {
diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c
--- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200
+++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200
@@ -184,7 +184,8 @@ static void check_perms (const struct gr
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
- if (grp->gr_passwd[0] == '\0' ||
+ if (cpasswd == NULL ||
+ grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c
--- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
+++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200
@@ -387,6 +387,7 @@ static int add_user (const char *name, u
static void update_passwd (struct passwd *pwd, const char *password)
{
void *crypt_arg = NULL;
+ char *cp;
if (crypt_method != NULL) {
#ifdef USE_SHA_CRYPT
if (sflg) {
@@ -398,9 +399,13 @@ static void update_passwd (struct passwd
if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
pwd->pw_passwd = (char *)password;
} else {
- pwd->pw_passwd = pw_encrypt (password,
- crypt_make_salt (crypt_method,
- crypt_arg));
+ cp=pw_encrypt (password, crypt_make_salt (crypt_method,
+ crypt_arg));
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
+ pwd->pw_passwd = cp;
}
}
#endif /* !USE_PAM */
@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw
{
const struct spwd *sp;
struct spwd spent;
+ char *cp;
#ifndef USE_PAM
void *crypt_arg = NULL;
@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw
} else {
const char *salt = crypt_make_salt (crypt_method,
crypt_arg);
- spent.sp_pwdp = pw_encrypt (password, salt);
+ cp = pw_encrypt (password, salt);
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
+ spent.sp_pwdp = cp;
}
spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
if (0 == spent.sp_lstchg) {
@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw
spent.sp_pwdp = (char *)password;
} else {
const char *salt = crypt_make_salt (crypt_method, crypt_arg);
- spent.sp_pwdp = pw_encrypt (password, salt);
+ cp = pw_encrypt (password, salt);
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
+ spent.sp_pwdp = cp;
}
#else
/*
diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c
--- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100
+++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200
@@ -242,7 +242,7 @@ static int new_password (const struct pa
}
cipher = pw_encrypt (clear, crypt_passwd);
- if (strcmp (cipher, crypt_passwd) != 0) {
+ if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {
strzero (clear);
strzero (cipher);
SYSLOG ((LOG_WARN, "incorrect password for %s",
@@ -349,6 +349,10 @@ static int new_password (const struct pa
* Encrypt the password, then wipe the cleartext password.
*/
cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
+ if (cp == NULL) {
+ perror ("crypt");
+ exit (EXIT_FAILURE);
+ }
memzero (pass, sizeof pass);
#ifdef HAVE_LIBCRACK_HIST

View file

@ -1,138 +0,0 @@
diff -up shadow-4.1.5.1/libmisc/getdate.c.date-parsing shadow-4.1.5.1/libmisc/getdate.c
--- shadow-4.1.5.1/libmisc/getdate.c.date-parsing 2008-06-14 00:07:51.000000000 +0200
+++ shadow-4.1.5.1/libmisc/getdate.c 2014-08-29 13:41:22.553267506 +0200
@@ -261,6 +261,7 @@ static int yyHaveDay;
static int yyHaveRel;
static int yyHaveTime;
static int yyHaveZone;
+static int yyHaveYear;
static int yyTimezone;
static int yyDay;
static int yyHour;
@@ -1730,6 +1731,7 @@ yyreduce:
yyDay = (yyvsp[(3) - (5)].Number);
yyYear = (yyvsp[(5) - (5)].Number);
}
+ yyHaveYear++;
}
break;
@@ -1740,6 +1742,7 @@ yyreduce:
yyYear = (yyvsp[(1) - (3)].Number);
yyMonth = -(yyvsp[(2) - (3)].Number);
yyDay = -(yyvsp[(3) - (3)].Number);
+ yyHaveYear++;
}
break;
@@ -1750,6 +1753,7 @@ yyreduce:
yyDay = (yyvsp[(1) - (3)].Number);
yyMonth = (yyvsp[(2) - (3)].Number);
yyYear = -(yyvsp[(3) - (3)].Number);
+ yyHaveYear++;
}
break;
@@ -1767,6 +1771,7 @@ yyreduce:
yyMonth = (yyvsp[(1) - (4)].Number);
yyDay = (yyvsp[(2) - (4)].Number);
yyYear = (yyvsp[(4) - (4)].Number);
+ yyHaveYear++;
}
break;
@@ -1784,6 +1789,7 @@ yyreduce:
yyMonth = (yyvsp[(2) - (3)].Number);
yyDay = (yyvsp[(1) - (3)].Number);
yyYear = (yyvsp[(3) - (3)].Number);
+ yyHaveYear++;
}
break;
@@ -1928,7 +1934,8 @@ yyreduce:
case 49:
#line 397 "getdate.y"
{
- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
+ if ((yyHaveTime != 0 || (yyvsp[(1) - (1)].Number) >= 100) && !yyHaveYear
+ && (yyHaveDate != 0) && (yyHaveRel == 0))
yyYear = (yyvsp[(1) - (1)].Number);
else
{
@@ -2556,7 +2563,7 @@ yylex (void)
return LookupWord (buff);
}
if (c != '(')
- return *yyInput++;
+ return (unsigned char)*yyInput++;
Count = 0;
do
{
diff -up shadow-4.1.5.1/libmisc/getdate.y.date-parsing shadow-4.1.5.1/libmisc/getdate.y
--- shadow-4.1.5.1/libmisc/getdate.y.date-parsing 2008-05-26 10:57:51.000000000 +0200
+++ shadow-4.1.5.1/libmisc/getdate.y 2014-08-29 13:40:37.502229879 +0200
@@ -152,6 +152,7 @@ static int yyHaveDay;
static int yyHaveRel;
static int yyHaveTime;
static int yyHaveZone;
+static int yyHaveYear;
static int yyTimezone;
static int yyDay;
static int yyHour;
@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER {
yyDay = $3;
yyYear = $5;
}
+ yyHaveYear++;
}
| tUNUMBER tSNUMBER tSNUMBER {
/* ISO 8601 format. yyyy-mm-dd. */
yyYear = $1;
yyMonth = -$2;
yyDay = -$3;
+ yyHaveYear++;
}
| tUNUMBER tMONTH tSNUMBER {
/* e.g. 17-JUN-1992. */
yyDay = $1;
yyMonth = $2;
yyYear = -$3;
+ yyHaveYear++;
}
| tMONTH tUNUMBER {
yyMonth = $1;
@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER {
yyMonth = $1;
yyDay = $2;
yyYear = $4;
+ yyHaveYear++;
}
| tUNUMBER tMONTH {
yyMonth = $2;
@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER {
yyMonth = $2;
yyDay = $1;
yyYear = $3;
+ yyHaveYear++;
}
;
@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT {
number : tUNUMBER
{
- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
+ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear
+ && (yyHaveDate != 0) && (yyHaveRel == 0))
yyYear = $1;
else
{
@@ -802,7 +809,7 @@ yylex (void)
return LookupWord (buff);
}
if (c != '(')
- return *yyInput++;
+ return (unsigned char)*yyInput++;
Count = 0;
do
{

View file

@ -72,41 +72,6 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para> </para>
<para> <para>
diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8
--- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200
+++ shadow-4.1.5.1/man/man8/groupadd.8 2014-09-09 17:28:46.330300342 +0200
@@ -190,9 +190,7 @@ Shadow password suite configuration\&.
.RE
.SH "CAVEATS"
.PP
-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
-.PP
-Groupnames may only be up to 16 characters long\&.
+Groupnames may only be up to 32 characters long\&.
.PP
You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
.PP
diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8
--- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200
+++ shadow-4.1.5.1/man/man8/useradd.8 2014-09-09 17:28:46.330300342 +0200
@@ -224,7 +224,7 @@ is not enabled, no home directories are
.PP
\fB\-M\fR
.RS 4
-Do no create the user\*(Aqs home directory, even if the system wide setting from
+Do not create the user\*(Aqs home directory, even if the system wide setting from
/etc/login\&.defs
(\fBCREATE_HOME\fR) is set to
\fIyes\fR\&.
@@ -430,8 +430,6 @@ Similarly, if the username already exist
\fBuseradd\fR
will deny the user account creation request\&.
.PP
-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
-.PP
Usernames may only be up to 32 characters long\&.
.SH "CONFIGURATION"
.PP
diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200 --- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200 +++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200

View file

@ -1,15 +1,3 @@
diff -up shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir shadow-4.1.5.1/man/man8/newusers.8
--- shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir 2012-05-25 13:59:09.000000000 +0200
+++ shadow-4.1.5.1/man/man8/newusers.8 2012-09-19 18:47:17.203525237 +0200
@@ -99,7 +99,7 @@ This field is copied in the GECOS field
.RS 4
This field is used to define the home directory of the user\&.
.sp
-If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
.sp
If the home directory of an existing user is changed,
\fBnewusers\fR
diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200 --- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200
+++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200 +++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200

View file

@ -1,272 +0,0 @@
diff -up shadow-4.1.5.1/man/chage.1.xml.manfix shadow-4.1.5.1/man/chage.1.xml
--- shadow-4.1.5.1/man/chage.1.xml.manfix 2012-05-25 13:45:27.000000000 +0200
+++ shadow-4.1.5.1/man/chage.1.xml 2014-08-29 13:36:57.713167654 +0200
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
+ If the <replaceable>LAST_DAY</replaceable> is set to
+ <emphasis>0</emphasis> the user is forced to change his password
+ on the next log on.
</para>
</listitem>
</varlistentry>
diff -up shadow-4.1.5.1/man/login.defs.5.xml.manfix shadow-4.1.5.1/man/login.defs.5.xml
--- shadow-4.1.5.1/man/login.defs.5.xml.manfix 2012-05-25 13:45:28.000000000 +0200
+++ shadow-4.1.5.1/man/login.defs.5.xml 2014-08-29 13:31:38.364812323 +0200
@@ -160,6 +160,17 @@
long numeric parameters is machine-dependent.
</para>
+ <para>
+ Please note that the parameters in this configuration file control the
+ behavior of the tools from the shadow-utils component. None of these
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
+ passwd command) should be configured elsewhere. The only values that
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
+ pam(8) for more information.
+ </para>
+
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
diff -up shadow-4.1.5.1/man/man1/chage.1.manfix shadow-4.1.5.1/man/man1/chage.1
--- shadow-4.1.5.1/man/man1/chage.1.manfix 2012-05-25 13:58:18.000000000 +0200
+++ shadow-4.1.5.1/man/man1/chage.1 2014-08-29 13:36:31.303559366 +0200
@@ -45,7 +45,11 @@ command are:
.PP
\fB\-d\fR, \fB\-\-lastday\fR \fILAST_DAY\fR
.RS 4
-Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&.
+Set the number of days since January 1st, 1970 when the password was last changed\&. The date may also be expressed in the format YYYY\-MM\-DD (or the format more commonly used in your area)\&. If the
+\fILAST_DAY\fR
+is set to
+\fB0\fR
+the user is forced to change his password on the next log on\&.
.RE
.PP
\fB\-E\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR
diff -up shadow-4.1.5.1/man/man5/login.defs.5.manfix shadow-4.1.5.1/man/man5/login.defs.5
--- shadow-4.1.5.1/man/man5/login.defs.5.manfix 2012-05-25 13:59:03.000000000 +0200
+++ shadow-4.1.5.1/man/man5/login.defs.5 2014-08-29 13:31:38.364812323 +0200
@@ -46,6 +46,14 @@ value\&. Numbers (both regular and long)
\fI0\fR) or hexadecimal values (precede the value with
\fI0x\fR)\&. The maximum value of the regular and long numeric parameters is machine\-dependent\&.
.PP
+Please note that the parameters in this configuration file control the
+behavior of the tools from the shadow-utils component\&. None of these
+tools uses the PAM mechanism, and the utilities that use PAM (such as the
+passwd command) should be configured elsewhere\&. The only values that
+affect PAM modules are \fBENCRYPT_METHOD\fR and \fBSHA_CRYPT_MAX_ROUNDS\fR for pam_unix module,
+\fBFAIL_DELAY\fR for pam_faildelay module, and \fBUMASK\fR for pam_umask module\&. Refer to
+pam(8) for more information\&.
+.PP
The following configuration items are provided:
.PP
\fBCHFN_AUTH\fR (boolean)
@@ -625,20 +633,6 @@ will create by default a group with the
.PP
The following cross references show which programs in the shadow password suite use which parameters\&.
.PP
-chfn
-.RS 4
-
-CHFN_AUTH
-CHFN_RESTRICT
-LOGIN_STRING
-.RE
-.PP
-chgpasswd
-.RS 4
-ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
-.RE
-.PP
chpasswd
.RS 4
@@ -646,11 +640,6 @@ ENCRYPT_METHOD MD5_CRYPT_ENAB
SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
.RE
.PP
-chsh
-.RS 4
-CHSH_AUTH LOGIN_STRING
-.RE
-.PP
gpasswd
.RS 4
ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
@@ -692,29 +681,6 @@ grpunconv
MAX_MEMBERS_PER_GROUP
.RE
.PP
-login
-.RS 4
-
-CONSOLE
-CONSOLE_GROUPS DEFAULT_HOME
-ENV_HZ ENV_PATH ENV_SUPATH ENV_TZ ENVIRON_FILE
-ERASECHAR FAIL_DELAY
-FAILLOG_ENAB
-FAKE_SHELL
-FTMP_FILE
-HUSHLOGIN_FILE
-ISSUE_FILE
-KILLCHAR
-LASTLOG_ENAB
-LOGIN_RETRIES
-LOGIN_STRING
-LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
-MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB QUOTAS_ENAB
-TTYGROUP TTYPERM TTYTYPE_FILE
-ULIMIT UMASK
-USERGROUPS_ENAB
-.RE
-.PP
newgrp / sg
.RS 4
SYSLOG_SG_ENAB
@@ -727,12 +693,6 @@ SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUND
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK
.RE
.PP
-passwd
-.RS 4
-ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
-SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS
-.RE
-.PP
pwck
.RS 4
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
@@ -743,26 +703,6 @@ pwconv
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
.RE
.PP
-su
-.RS 4
-
-CONSOLE
-CONSOLE_GROUPS DEFAULT_HOME
-ENV_HZ ENVIRON_FILE
-ENV_PATH ENV_SUPATH
-ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE QUOTAS_ENAB
-SULOG_FILE SU_NAME
-SU_WHEEL_ONLY
-SYSLOG_SU_ENAB
-USERGROUPS_ENAB
-.RE
-.PP
-sulogin
-.RS 4
-ENV_HZ
-ENV_TZ
-.RE
-.PP
useradd
.RS 4
CREATE_HOME GID_MAX GID_MIN MAIL_DIR MAX_MEMBERS_PER_GROUP PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN UMASK
diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/useradd.8
--- shadow-4.1.5.1/man/man8/useradd.8.manfix 2014-08-29 13:31:38.347811932 +0200
+++ shadow-4.1.5.1/man/man8/useradd.8 2014-08-29 13:31:38.364812323 +0200
@@ -85,7 +85,7 @@ by default\&.
Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&.
.RE
.PP
-\fB\-d\fR, \fB\-\-home\fR \fIHOME_DIR\fR
+\fB\-d\fR, \fB\-\-home\-dir\fR \fIHOME_DIR\fR
.RS 4
The new user will be created using
\fIHOME_DIR\fR
@@ -220,9 +220,13 @@ option) will be copied to the home direc
By default, if this option is not specified and
\fBCREATE_HOME\fR
is not enabled, no home directories are created\&.
+.sp
+The directory where the user\*(Aqs home directory is created must
+exist and have proper SELinux context and permissions\&. Otherwise
+the user\*(Aqs home directory cannot be created or accessed\&.
.RE
.PP
-\fB\-M\fR
+\fB\-M\fR, \fB\-\-no\-create\-home\fR
.RS 4
Do not create the user\*(Aqs home directory, even if the system wide setting from
/etc/login\&.defs
diff -up shadow-4.1.5.1/man/man8/usermod.8.manfix shadow-4.1.5.1/man/man8/usermod.8
--- shadow-4.1.5.1/man/man8/usermod.8.manfix 2012-05-25 13:59:33.000000000 +0200
+++ shadow-4.1.5.1/man/man8/usermod.8 2014-08-29 13:35:27.343086211 +0200
@@ -63,7 +63,7 @@ The user\*(Aqs new login directory\&.
.sp
If the
\fB\-m\fR
-option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&.
+option is given, the contents of the current home directory will be moved to the new home directory, which is created if it does not already exist\&. If the current home directory does not exist the new home directory will not be created\&.
.RE
.PP
\fB\-e\fR, \fB\-\-expiredate\fR \fIEXPIRE_DATE\fR
@@ -143,7 +143,7 @@ Move the content of the user\*(Aqs home
This option is only valid in combination with the
\fB\-d\fR
(or
-\fB\-\-home\fR) option\&.
+\fB\-\-home\fR) option\&. If the current home directory does not exist the new home directory will not be created\&.
.sp
\fBusermod\fR
diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2014-08-29 13:31:38.347811932 +0200
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-08-29 13:31:38.364812323 +0200
@@ -161,7 +161,7 @@
</varlistentry>
<varlistentry>
<term>
- <option>-d</option>, <option>--home</option>
+ <option>-d</option>, <option>--home-dir</option>
<replaceable>HOME_DIR</replaceable>
</term>
<listitem>
@@ -358,11 +358,16 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
+ <para>
+ The directory where the user's home directory is created must
+ exist and have proper SELinux context and permissions. Otherwise
+ the user's home directory cannot be created or accessed.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>-M</option>
+ <option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
diff -up shadow-4.1.5.1/man/usermod.8.xml.manfix shadow-4.1.5.1/man/usermod.8.xml
--- shadow-4.1.5.1/man/usermod.8.xml.manfix 2012-05-25 13:45:29.000000000 +0200
+++ shadow-4.1.5.1/man/usermod.8.xml 2014-08-29 13:33:40.814632618 +0200
@@ -132,7 +132,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
- not already exist.
+ not already exist. If the current home directory does not exist
+ the new home directory will not be created.
</para>
</listitem>
</varlistentry>
@@ -261,7 +262,8 @@
<listitem>
<para>
Move the content of the user's home directory to the new
- location.
+ location. If the current home directory does not exist
+ the new home directory will not be created.
</para>
<para>
This option is only valid in combination with the

View file

@ -1,27 +0,0 @@
diff -up shadow-4.1.5.1/lib/groupio.c.merge-group shadow-4.1.5.1/lib/groupio.c
--- shadow-4.1.5.1/lib/groupio.c.merge-group 2011-02-16 21:32:24.000000000 +0100
+++ shadow-4.1.5.1/lib/groupio.c 2013-01-29 13:56:43.049275513 +0100
@@ -330,12 +330,12 @@ static /*@null@*/struct commonio_entry *
/* Concatenate the 2 lines */
new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
- new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*));
+ new_line = (char *)malloc (new_line_len + 1);
if (NULL == new_line) {
errno = ENOMEM;
return NULL;
}
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
new_line[new_line_len] = '\0';
/* Concatenate the 2 list of members */
@@ -353,7 +353,7 @@ static /*@null@*/struct commonio_entry *
members++;
}
}
- new_members = (char **)malloc ( (members+1) * sizeof(char*) );
+ new_members = (char **)calloc (members+1, sizeof(char*));
if (NULL == new_members) {
free (new_line);
errno = ENOMEM;

View file

@ -0,0 +1,68 @@
diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y
--- shadow-4.2.1/libmisc/getdate.y.date-parsing 2014-03-01 18:50:05.000000000 +0100
+++ shadow-4.2.1/libmisc/getdate.y 2014-11-26 14:58:21.208153924 +0100
@@ -152,6 +152,7 @@ static int yyHaveDay;
static int yyHaveRel;
static int yyHaveTime;
static int yyHaveZone;
+static int yyHaveYear;
static int yyTimezone;
static int yyDay;
static int yyHour;
@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER {
yyDay = $3;
yyYear = $5;
}
+ yyHaveYear++;
}
| tUNUMBER tSNUMBER tSNUMBER {
/* ISO 8601 format. yyyy-mm-dd. */
yyYear = $1;
yyMonth = -$2;
yyDay = -$3;
+ yyHaveYear++;
}
| tUNUMBER tMONTH tSNUMBER {
/* e.g. 17-JUN-1992. */
yyDay = $1;
yyMonth = $2;
yyYear = -$3;
+ yyHaveYear++;
}
| tMONTH tUNUMBER {
yyMonth = $1;
@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER {
yyMonth = $1;
yyDay = $2;
yyYear = $4;
+ yyHaveYear++;
}
| tUNUMBER tMONTH {
yyMonth = $2;
@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER {
yyMonth = $2;
yyDay = $1;
yyYear = $3;
+ yyHaveYear++;
}
;
@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT {
number : tUNUMBER
{
- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
+ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear
+ && (yyHaveDate != 0) && (yyHaveRel == 0))
yyYear = $1;
else
{
@@ -802,7 +809,7 @@ yylex (void)
return LookupWord (buff);
}
if (c != '(')
- return *yyInput++;
+ return (unsigned char)*yyInput++;
Count = 0;
do
{

78
shadow-4.2.1-manfix.patch Normal file
View file

@ -0,0 +1,78 @@
diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
YYYY-MM-DD (or the format more commonly used in your area).
+ If the <replaceable>LAST_DAY</replaceable> is set to
+ <emphasis>0</emphasis> the user is forced to change his password
+ on the next log on.
</para>
</listitem>
</varlistentry>
diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100
+++ shadow-4.2.1/man/login.defs.5.xml 2014-11-26 15:34:51.257978963 +0100
@@ -162,6 +162,17 @@
long numeric parameters is machine-dependent.
</para>
+ <para>
+ Please note that the parameters in this configuration file control the
+ behavior of the tools from the shadow-utils component. None of these
+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
+ passwd command) should be configured elsewhere. The only values that
+ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
+ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
+ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
+ pam(8) for more information.
+ </para>
+
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
@@ -347,11 +347,16 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
+ <para>
+ The directory where the user's home directory is created must
+ exist and have proper SELinux context and permissions. Otherwise
+ the user's home directory cannot be created or accessed.
+ </para>
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>-M</option>
+ <option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100
@@ -132,7 +132,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will
be moved to the new home directory, which is created if it does
- not already exist.
+ not already exist. If the current home directory does not exist
+ the new home directory will not be created.
</para>
</listitem>
</varlistentry>
@@ -256,7 +257,8 @@
<listitem>
<para>
Move the content of the user's home directory to the new
- location.
+ location. If the current home directory does not exist
+ the new home directory will not be created.
</para>
<para>
This option is only valid in combination with the

View file

@ -0,0 +1,13 @@
diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c
--- shadow-4.2.1/lib/groupio.c.merge-group 2014-11-26 14:33:54.039581662 +0100
+++ shadow-4.2.1/lib/groupio.c 2014-11-26 14:46:02.841852886 +0100
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *
errno = ENOMEM;
return NULL;
}
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
- new_line[new_line_len] = '\0';
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
/* Concatenate the 2 list of members */
for (i=0; NULL != gptr1->gr_mem[i]; i++);

View file

@ -1,11 +1,11 @@
Summary: Utilities for managing accounts and shadow password files Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils Name: shadow-utils
Version: 4.1.5.1 Version: 4.2.1
Release: 22%{?dist} Release: 1%{?dist}
Epoch: 2 Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/ URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2.sig Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
Source1: shadow-utils.login.defs Source1: shadow-utils.login.defs
Source2: shadow-utils.useradd Source2: shadow-utils.useradd
Source4: shadow-bsd.txt Source4: shadow-bsd.txt
@ -17,20 +17,19 @@ Patch3: shadow-4.1.5-uflg.patch
Patch6: shadow-4.1.5.1-selinux.patch Patch6: shadow-4.1.5.1-selinux.patch
Patch7: shadow-4.1.5-2ndskip.patch Patch7: shadow-4.1.5-2ndskip.patch
Patch8: shadow-4.1.5.1-backup-mode.patch Patch8: shadow-4.1.5.1-backup-mode.patch
Patch9: shadow-4.1.5.1-merge-group.patch Patch9: shadow-4.2.1-merge-group.patch
Patch10: shadow-4.1.5.1-orig-context.patch Patch10: shadow-4.1.5.1-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch Patch11: shadow-4.1.5.1-logmsg.patch
Patch12: shadow-4.1.5.1-errmsg.patch Patch12: shadow-4.1.5.1-errmsg.patch
Patch13: shadow-4.1.5.1-audit-owner.patch Patch13: shadow-4.1.5.1-audit-owner.patch
Patch14: shadow-4.1.5.1-default-range.patch Patch14: shadow-4.1.5.1-default-range.patch
Patch15: shadow-4.1.5.1-manfix.patch Patch15: shadow-4.2.1-manfix.patch
Patch16: shadow-4.1.5.1-crypt-null.patch
Patch17: shadow-4.1.5.1-userdel-helpfix.patch Patch17: shadow-4.1.5.1-userdel-helpfix.patch
Patch18: shadow-4.1.5.1-id-alloc.patch Patch18: shadow-4.1.5.1-id-alloc.patch
Patch19: shadow-4.1.5.1-date-parsing.patch Patch19: shadow-4.2.1-date-parsing.patch
Patch20: shadow-4.1.5.1-ingroup.patch Patch20: shadow-4.1.5.1-ingroup.patch
Patch21: shadow-4.1.5.1-move-home.patch Patch21: shadow-4.1.5.1-move-home.patch
Patch22: shadow-4.1.5.1-audit-update.patch Patch22: shadow-4.2.1-audit-update.patch
License: BSD and GPLv2+ License: BSD and GPLv2+
Group: System Environment/Base Group: System Environment/Base
@ -38,6 +37,7 @@ BuildRequires: libselinux-devel >= 1.25.2-1
BuildRequires: audit-libs-devel >= 1.6.5 BuildRequires: audit-libs-devel >= 1.6.5
BuildRequires: libsemanage-devel BuildRequires: libsemanage-devel
BuildRequires: libacl-devel libattr-devel BuildRequires: libacl-devel libattr-devel
BuildRequires: bison flex gnome-doc-utils
#BuildRequires: autoconf, automake, libtool, gettext-devel #BuildRequires: autoconf, automake, libtool, gettext-devel
Requires: libselinux >= 1.25.2-1 Requires: libselinux >= 1.25.2-1
Requires: audit-libs >= 1.6.5 Requires: audit-libs >= 1.6.5
@ -74,7 +74,6 @@ are used for managing group accounts.
%patch13 -p1 -b .audit-owner %patch13 -p1 -b .audit-owner
%patch14 -p1 -b .default-range %patch14 -p1 -b .default-range
%patch15 -p1 -b .manfix %patch15 -p1 -b .manfix
%patch16 -p1 -b .crypt-null
%patch17 -p1 -b .userdel %patch17 -p1 -b .userdel
%patch18 -p1 -b .id-alloc %patch18 -p1 -b .id-alloc
%patch19 -p1 -b .date-parsing %patch19 -p1 -b .date-parsing
@ -87,6 +86,8 @@ cp -f doc/HOWTO.utf8 doc/HOWTO
cp -a %{SOURCE4} %{SOURCE5} . cp -a %{SOURCE4} %{SOURCE5} .
rm libmisc/getdate.c
#rm po/*.gmo #rm po/*.gmo
#rm po/stamp-po #rm po/stamp-po
#aclocal #aclocal
@ -107,6 +108,7 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%configure \ %configure \
--enable-shadowgrp \ --enable-shadowgrp \
--enable-man \
--with-audit \ --with-audit \
--with-sha-crypt \ --with-sha-crypt \
--with-selinux \ --with-selinux \
@ -207,6 +209,8 @@ rm -rf $RPM_BUILD_ROOT
%attr(4755,root,root) %{_bindir}/gpasswd %attr(4755,root,root) %{_bindir}/gpasswd
%{_bindir}/lastlog %{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp %attr(4755,root,root) %{_bindir}/newgrp
%attr(4755,root,root) %{_bindir}/newgidmap
%attr(4755,root,root) %{_bindir}/newuidmap
%{_sbindir}/adduser %{_sbindir}/adduser
%attr(0750,root,root) %{_sbindir}/user* %attr(0750,root,root) %{_sbindir}/user*
%attr(0750,root,root) %{_sbindir}/group* %attr(0750,root,root) %{_sbindir}/group*
@ -221,10 +225,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/gpasswd.1* %{_mandir}/man1/gpasswd.1*
%{_mandir}/man1/sg.1* %{_mandir}/man1/sg.1*
%{_mandir}/man1/newgrp.1* %{_mandir}/man1/newgrp.1*
%{_mandir}/man1/newgidmap.1*
%{_mandir}/man1/newuidmap.1*
%{_mandir}/man3/shadow.3* %{_mandir}/man3/shadow.3*
%{_mandir}/man5/shadow.5* %{_mandir}/man5/shadow.5*
%{_mandir}/man5/login.defs.5* %{_mandir}/man5/login.defs.5*
%{_mandir}/man5/gshadow.5* %{_mandir}/man5/gshadow.5*
%{_mandir}/man5/subuid.5*
%{_mandir}/man5/subgid.5*
%{_mandir}/man8/adduser.8* %{_mandir}/man8/adduser.8*
%{_mandir}/man8/group*.8* %{_mandir}/man8/group*.8*
%{_mandir}/man8/user*.8* %{_mandir}/man8/user*.8*
@ -238,6 +246,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8* %{_mandir}/man8/vigr.8*
%changelog %changelog
* Wed Nov 26 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-1
- new upstream release with support for subordinate uids and gids
* Tue Nov 25 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.1.5.1-22 * Tue Nov 25 2014 Tomáš Mráz <tmraz@redhat.com> - 2:4.1.5.1-22
- small adjustments to the audit patch - small adjustments to the audit patch

View file

@ -1,2 +1,2 @@
a00449aa439c69287b6d472191dc2247 shadow-4.1.5.1.tar.bz2 2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz
f16f31f6f5a607b1ffb1aa1aac4c37f2 shadow-4.1.5.1.tar.bz2.sig 6752051fb07fc4be58c3d7b929bf2341 shadow-4.2.1.tar.xz.sig