add possibility to clear or set lastlog record for user via lastlog
This commit is contained in:
parent
05ccc5cb0b
commit
b1dccbc445
2 changed files with 255 additions and 1 deletions
249
shadow-4.2.1-lastlog-unexpire.patch
Normal file
249
shadow-4.2.1-lastlog-unexpire.patch
Normal file
|
@ -0,0 +1,249 @@
|
||||||
|
diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
|
||||||
|
--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100
|
||||||
|
+++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100
|
||||||
|
@@ -105,6 +105,17 @@
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
+ <option>-C</option>, <option>--clear</option>
|
||||||
|
+ </term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>
|
||||||
|
+ Clear lastlog record of an user. This option can be used only together
|
||||||
|
+ with <option>-u</option> (<option>--user</option>)).
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term>
|
||||||
|
<option>-h</option>, <option>--help</option>
|
||||||
|
</term>
|
||||||
|
<listitem>
|
||||||
|
@@ -123,6 +134,17 @@
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
+ <varlistentry>
|
||||||
|
+ <term>
|
||||||
|
+ <option>-S</option>, <option>--set</option>
|
||||||
|
+ </term>
|
||||||
|
+ <listitem>
|
||||||
|
+ <para>
|
||||||
|
+ Set lastlog record of an user to the current time. This option can be
|
||||||
|
+ used only together with <option>-u</option> (<option>--user</option>)).
|
||||||
|
+ </para>
|
||||||
|
+ </listitem>
|
||||||
|
+ </varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term>
|
||||||
|
<option>-t</option>, <option>--time</option> <replaceable>DAYS</replaceable>
|
||||||
|
diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
|
||||||
|
--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100
|
||||||
|
+++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100
|
||||||
|
@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf
|
||||||
|
static bool uflg = false; /* print only an user of range of users */
|
||||||
|
static bool tflg = false; /* print is restricted to most recent days */
|
||||||
|
static bool bflg = false; /* print excludes most recent days */
|
||||||
|
+static bool Cflg = false; /* clear record for user */
|
||||||
|
+static bool Sflg = false; /* set record for user */
|
||||||
|
|
||||||
|
#define NOW (time ((time_t *) 0))
|
||||||
|
|
||||||
|
@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
|
||||||
|
"Options:\n"),
|
||||||
|
Prog);
|
||||||
|
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
|
||||||
|
+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
|
||||||
|
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
||||||
|
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
||||||
|
+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
|
||||||
|
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
|
||||||
|
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
|
||||||
|
(void) fputs ("\n", usageout);
|
||||||
|
@@ -194,6 +198,80 @@ static void print (void)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void update_one (/*@null@*/const struct passwd *pw)
|
||||||
|
+{
|
||||||
|
+ off_t offset;
|
||||||
|
+ struct lastlog ll;
|
||||||
|
+ int err;
|
||||||
|
+
|
||||||
|
+ if (NULL == pw) {
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ offset = (off_t) pw->pw_uid * sizeof (ll);
|
||||||
|
+ /* fseeko errors are not really relevant for us. */
|
||||||
|
+ err = fseeko (lastlogfile, offset, SEEK_SET);
|
||||||
|
+ assert (0 == err);
|
||||||
|
+
|
||||||
|
+ memzero (&ll, sizeof (ll));
|
||||||
|
+
|
||||||
|
+ if (Sflg) {
|
||||||
|
+ ll.ll_time = NOW;
|
||||||
|
+#ifdef HAVE_LL_HOST
|
||||||
|
+ strcpy (ll.ll_host, "localhost");
|
||||||
|
+#endif
|
||||||
|
+ strcpy (ll.ll_line, "lastlog");
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||||
|
+ "clearing-lastlog",
|
||||||
|
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||||
|
+#endif
|
||||||
|
+ }
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ else {
|
||||||
|
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||||
|
+ "refreshing-lastlog",
|
||||||
|
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Failed to update the entry for UID %lu\n"),
|
||||||
|
+ Prog, (unsigned long int)pw->pw_uid);
|
||||||
|
+ exit (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void update (void)
|
||||||
|
+{
|
||||||
|
+ const struct passwd *pwent;
|
||||||
|
+
|
||||||
|
+ if (!uflg) /* safety measure */
|
||||||
|
+ return;
|
||||||
|
+
|
||||||
|
+ if (has_umin && has_umax && (umin == umax)) {
|
||||||
|
+ update_one (getpwuid ((uid_t)umin));
|
||||||
|
+ } else {
|
||||||
|
+ setpwent ();
|
||||||
|
+ while ( (pwent = getpwent ()) != NULL ) {
|
||||||
|
+ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||||
|
+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+ update_one (pwent);
|
||||||
|
+ }
|
||||||
|
+ endpwent ();
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Failed to update the lastlog file\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ exit (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int main (int argc, char **argv)
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
@@ -208,18 +286,24 @@ int main (int argc, char **argv)
|
||||||
|
|
||||||
|
process_root_flag ("-R", argc, argv);
|
||||||
|
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+ audit_help_open ();
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
{
|
||||||
|
int c;
|
||||||
|
static struct option const longopts[] = {
|
||||||
|
{"before", required_argument, NULL, 'b'},
|
||||||
|
+ {"clear", no_argument, NULL, 'C'},
|
||||||
|
{"help", no_argument, NULL, 'h'},
|
||||||
|
{"root", required_argument, NULL, 'R'},
|
||||||
|
+ {"set", no_argument, NULL, 'S'},
|
||||||
|
{"time", required_argument, NULL, 't'},
|
||||||
|
{"user", required_argument, NULL, 'u'},
|
||||||
|
{NULL, 0, NULL, '\0'}
|
||||||
|
};
|
||||||
|
|
||||||
|
- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
|
||||||
|
+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
|
||||||
|
NULL)) != -1) {
|
||||||
|
switch (c) {
|
||||||
|
case 'b':
|
||||||
|
@@ -235,11 +319,21 @@ int main (int argc, char **argv)
|
||||||
|
bflg = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
+ case 'C':
|
||||||
|
+ {
|
||||||
|
+ Cflg = true;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
case 'h':
|
||||||
|
usage (EXIT_SUCCESS);
|
||||||
|
/*@notreached@*/break;
|
||||||
|
case 'R': /* no-op, handled in process_root_flag () */
|
||||||
|
break;
|
||||||
|
+ case 'S':
|
||||||
|
+ {
|
||||||
|
+ Sflg = true;
|
||||||
|
+ break;
|
||||||
|
+ }
|
||||||
|
case 't':
|
||||||
|
{
|
||||||
|
unsigned long days;
|
||||||
|
@@ -294,9 +388,21 @@ int main (int argc, char **argv)
|
||||||
|
Prog, argv[optind]);
|
||||||
|
usage (EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
+ if (Cflg && Sflg) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Option -C cannot be used together with option -S\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ usage (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+ if ((Cflg || Sflg) && !uflg) {
|
||||||
|
+ fprintf (stderr,
|
||||||
|
+ _("%s: Options -C and -S require option -u to specify the user\n"),
|
||||||
|
+ Prog);
|
||||||
|
+ usage (EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
- lastlogfile = fopen (LASTLOG_FILE, "r");
|
||||||
|
+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
|
||||||
|
if (NULL == lastlogfile) {
|
||||||
|
perror (LASTLOG_FILE);
|
||||||
|
exit (EXIT_FAILURE);
|
||||||
|
@@ -310,7 +416,10 @@ int main (int argc, char **argv)
|
||||||
|
exit (EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
- print ();
|
||||||
|
+ if (Cflg || Sflg)
|
||||||
|
+ update ();
|
||||||
|
+ else
|
||||||
|
+ print ();
|
||||||
|
|
||||||
|
(void) fclose (lastlogfile);
|
||||||
|
|
||||||
|
diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
|
||||||
|
--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200
|
||||||
|
+++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100
|
||||||
|
@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
|
||||||
|
grpck_LDADD = $(LDADD) $(LIBSELINUX)
|
||||||
|
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||||
|
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||||
|
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
|
||||||
|
login_SOURCES = \
|
||||||
|
login.c \
|
||||||
|
login_nopam.c
|
||||||
|
diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
|
||||||
|
--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200
|
||||||
|
+++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100
|
||||||
|
@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
|
||||||
|
$(top_builddir)/lib/libshadow.la
|
||||||
|
lastlog_SOURCES = lastlog.c
|
||||||
|
lastlog_OBJECTS = lastlog.$(OBJEXT)
|
||||||
|
-lastlog_LDADD = $(LDADD)
|
||||||
|
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
|
||||||
|
lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
|
||||||
|
$(top_builddir)/libmisc/libmisc.a \
|
||||||
|
$(top_builddir)/lib/libshadow.la
|
|
@ -1,7 +1,7 @@
|
||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.2.1
|
Version: 4.2.1
|
||||||
Release: 5%{?dist}
|
Release: 6%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
||||||
|
@ -33,6 +33,7 @@ Patch22: shadow-4.2.1-audit-update.patch
|
||||||
Patch23: shadow-4.2.1-usermod-unlock.patch
|
Patch23: shadow-4.2.1-usermod-unlock.patch
|
||||||
Patch24: shadow-4.2.1-no-lock-dos.patch
|
Patch24: shadow-4.2.1-no-lock-dos.patch
|
||||||
Patch25: shadow-4.2.1-defs-chroot.patch
|
Patch25: shadow-4.2.1-defs-chroot.patch
|
||||||
|
Patch26: shadow-4.2.1-lastlog-unexpire.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
|
@ -86,6 +87,7 @@ are used for managing group accounts.
|
||||||
%patch23 -p1 -b .unlock
|
%patch23 -p1 -b .unlock
|
||||||
%patch24 -p1 -b .no-lock-dos
|
%patch24 -p1 -b .no-lock-dos
|
||||||
%patch25 -p1 -b .defs-chroot
|
%patch25 -p1 -b .defs-chroot
|
||||||
|
%patch26 -p1 -b .unexpire
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
@ -252,6 +254,9 @@ rm -rf $RPM_BUILD_ROOT
|
||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 3 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-6
|
||||||
|
- add possibility to clear or set lastlog record for user via lastlog
|
||||||
|
|
||||||
* Fri Jan 8 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-5
|
* Fri Jan 8 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-5
|
||||||
- do not use obscure permissions for binaries
|
- do not use obscure permissions for binaries
|
||||||
- remove unused commands from login.defs(5) cross-reference
|
- remove unused commands from login.defs(5) cross-reference
|
||||||
|
|
Loading…
Reference in a new issue