From b1dccbc445d9c9d8db3ae105b3f835a493be7da9 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Wed, 3 Feb 2016 14:01:19 +0100 Subject: [PATCH] add possibility to clear or set lastlog record for user via lastlog --- shadow-4.2.1-lastlog-unexpire.patch | 249 ++++++++++++++++++++++++++++ shadow-utils.spec | 7 +- 2 files changed, 255 insertions(+), 1 deletion(-) create mode 100644 shadow-4.2.1-lastlog-unexpire.patch diff --git a/shadow-4.2.1-lastlog-unexpire.patch b/shadow-4.2.1-lastlog-unexpire.patch new file mode 100644 index 0000000..2596820 --- /dev/null +++ b/shadow-4.2.1-lastlog-unexpire.patch @@ -0,0 +1,249 @@ +diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml +--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100 +@@ -105,6 +105,17 @@ + + + ++ , ++ ++ ++ ++ Clear lastlog record of an user. This option can be used only together ++ with ()). ++ ++ ++ ++ ++ + , + + +@@ -123,6 +134,17 @@ + + + ++ ++ ++ , ++ ++ ++ ++ Set lastlog record of an user to the current time. This option can be ++ used only together with ()). ++ ++ ++ + + + ,  DAYS +diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c +--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100 ++++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100 +@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf + static bool uflg = false; /* print only an user of range of users */ + static bool tflg = false; /* print is restricted to most recent days */ + static bool bflg = false; /* print excludes most recent days */ ++static bool Cflg = false; /* clear record for user */ ++static bool Sflg = false; /* set record for user */ + + #define NOW (time ((time_t *) 0)) + +@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta + "Options:\n"), + Prog); + (void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout); ++ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout); + (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); ++ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout); + (void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout); + (void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout); + (void) fputs ("\n", usageout); +@@ -194,6 +198,80 @@ static void print (void) + } + } + ++static void update_one (/*@null@*/const struct passwd *pw) ++{ ++ off_t offset; ++ struct lastlog ll; ++ int err; ++ ++ if (NULL == pw) { ++ return; ++ } ++ ++ offset = (off_t) pw->pw_uid * sizeof (ll); ++ /* fseeko errors are not really relevant for us. */ ++ err = fseeko (lastlogfile, offset, SEEK_SET); ++ assert (0 == err); ++ ++ memzero (&ll, sizeof (ll)); ++ ++ if (Sflg) { ++ ll.ll_time = NOW; ++#ifdef HAVE_LL_HOST ++ strcpy (ll.ll_host, "localhost"); ++#endif ++ strcpy (ll.ll_line, "lastlog"); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ACCT_UNLOCK, Prog, ++ "clearing-lastlog", ++ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); ++#endif ++ } ++#ifdef WITH_AUDIT ++ else { ++ audit_logger (AUDIT_ACCT_UNLOCK, Prog, ++ "refreshing-lastlog", ++ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); ++ } ++#endif ++ ++ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) { ++ fprintf (stderr, ++ _("%s: Failed to update the entry for UID %lu\n"), ++ Prog, (unsigned long int)pw->pw_uid); ++ exit (EXIT_FAILURE); ++ } ++} ++ ++static void update (void) ++{ ++ const struct passwd *pwent; ++ ++ if (!uflg) /* safety measure */ ++ return; ++ ++ if (has_umin && has_umax && (umin == umax)) { ++ update_one (getpwuid ((uid_t)umin)); ++ } else { ++ setpwent (); ++ while ( (pwent = getpwent ()) != NULL ) { ++ if ((has_umin && (pwent->pw_uid < (uid_t)umin)) ++ || (has_umax && (pwent->pw_uid > (uid_t)umax))) { ++ continue; ++ } ++ update_one (pwent); ++ } ++ endpwent (); ++ } ++ ++ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) { ++ fprintf (stderr, ++ _("%s: Failed to update the lastlog file\n"), ++ Prog); ++ exit (EXIT_FAILURE); ++ } ++} ++ + int main (int argc, char **argv) + { + /* +@@ -208,18 +286,24 @@ int main (int argc, char **argv) + + process_root_flag ("-R", argc, argv); + ++#ifdef WITH_AUDIT ++ audit_help_open (); ++#endif ++ + { + int c; + static struct option const longopts[] = { + {"before", required_argument, NULL, 'b'}, ++ {"clear", no_argument, NULL, 'C'}, + {"help", no_argument, NULL, 'h'}, + {"root", required_argument, NULL, 'R'}, ++ {"set", no_argument, NULL, 'S'}, + {"time", required_argument, NULL, 't'}, + {"user", required_argument, NULL, 'u'}, + {NULL, 0, NULL, '\0'} + }; + +- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts, ++ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts, + NULL)) != -1) { + switch (c) { + case 'b': +@@ -235,11 +319,21 @@ int main (int argc, char **argv) + bflg = true; + break; + } ++ case 'C': ++ { ++ Cflg = true; ++ break; ++ } + case 'h': + usage (EXIT_SUCCESS); + /*@notreached@*/break; + case 'R': /* no-op, handled in process_root_flag () */ + break; ++ case 'S': ++ { ++ Sflg = true; ++ break; ++ } + case 't': + { + unsigned long days; +@@ -294,9 +388,21 @@ int main (int argc, char **argv) + Prog, argv[optind]); + usage (EXIT_FAILURE); + } ++ if (Cflg && Sflg) { ++ fprintf (stderr, ++ _("%s: Option -C cannot be used together with option -S\n"), ++ Prog); ++ usage (EXIT_FAILURE); ++ } ++ if ((Cflg || Sflg) && !uflg) { ++ fprintf (stderr, ++ _("%s: Options -C and -S require option -u to specify the user\n"), ++ Prog); ++ usage (EXIT_FAILURE); ++ } + } + +- lastlogfile = fopen (LASTLOG_FILE, "r"); ++ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r"); + if (NULL == lastlogfile) { + perror (LASTLOG_FILE); + exit (EXIT_FAILURE); +@@ -310,7 +416,10 @@ int main (int argc, char **argv) + exit (EXIT_FAILURE); + } + +- print (); ++ if (Cflg || Sflg) ++ update (); ++ else ++ print (); + + (void) fclose (lastlogfile); + +diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am +--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200 ++++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100 +@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) + grpck_LDADD = $(LDADD) $(LIBSELINUX) + grpconv_LDADD = $(LDADD) $(LIBSELINUX) + grpunconv_LDADD = $(LDADD) $(LIBSELINUX) ++lastlog_LDADD = $(LDADD) $(LIBAUDIT) + login_SOURCES = \ + login.c \ + login_nopam.c +diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in +--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200 ++++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100 +@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1) + $(top_builddir)/lib/libshadow.la + lastlog_SOURCES = lastlog.c + lastlog_OBJECTS = lastlog.$(OBJEXT) +-lastlog_LDADD = $(LDADD) ++lastlog_LDADD = $(LDADD) $(LIBAUDIT) + lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/lib/libshadow.la diff --git a/shadow-utils.spec b/shadow-utils.spec index 21eb936..404d754 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.2.1 -Release: 5%{?dist} +Release: 6%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz @@ -33,6 +33,7 @@ Patch22: shadow-4.2.1-audit-update.patch Patch23: shadow-4.2.1-usermod-unlock.patch Patch24: shadow-4.2.1-no-lock-dos.patch Patch25: shadow-4.2.1-defs-chroot.patch +Patch26: shadow-4.2.1-lastlog-unexpire.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -86,6 +87,7 @@ are used for managing group accounts. %patch23 -p1 -b .unlock %patch24 -p1 -b .no-lock-dos %patch25 -p1 -b .defs-chroot +%patch26 -p1 -b .unexpire iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -252,6 +254,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog +* Wed Feb 3 2016 Tomáš Mráz - 2:4.2.1-6 +- add possibility to clear or set lastlog record for user via lastlog + * Fri Jan 8 2016 Tomáš Mráz - 2:4.2.1-5 - do not use obscure permissions for binaries - remove unused commands from login.defs(5) cross-reference