Compare commits
31 commits
f24
...
newxidmap-
Author | SHA1 | Date | |
---|---|---|---|
3815c0b5ba | |||
7f73f07a1a | |||
3544220035 | |||
6a08374eef | |||
f0fc249a12 | |||
|
8362f15341 | ||
|
0aa8060034 | ||
|
38a12ac864 | ||
|
4cb5077b68 | ||
|
8d62f944dd | ||
|
eb66bf0ca5 | ||
|
41955fa9ab | ||
|
2d4f6e1972 | ||
|
a6650f241c | ||
|
95d0ea6880 | ||
|
8633999acf | ||
|
9659143d38 | ||
|
b90f1c3912 | ||
|
2c7fd6de84 | ||
|
46349c33e5 | ||
|
3a17ec0f47 | ||
|
ec99eade4e | ||
|
ba9340caf5 | ||
|
bb62fd7837 | ||
|
457acab6b4 | ||
|
86cbf7e19d | ||
|
6c18d5356b | ||
|
f8ab516d30 | ||
|
c50e17082d | ||
|
abed79ee4e | ||
|
f884cd4c94 |
42 changed files with 2291 additions and 2331 deletions
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -5,3 +5,8 @@ shadow-4.1.4.2.tar.bz2
|
|||
/shadow-4.1.5.1.tar.bz2.sig
|
||||
/shadow-4.2.1.tar.xz
|
||||
/shadow-4.2.1.tar.xz.sig
|
||||
/shadow-4.3.1.tar.gz
|
||||
/shadow-4.5.tar.xz
|
||||
/shadow-4.5.tar.xz.asc
|
||||
/shadow-4.6.tar.xz
|
||||
/shadow-4.6.tar.xz.asc
|
||||
|
|
|
@ -1,100 +0,0 @@
|
|||
diff -up shadow-4.1.5/src/grpconv.c.2ndskip shadow-4.1.5/src/grpconv.c
|
||||
--- shadow-4.1.5/src/grpconv.c.2ndskip 2012-06-18 13:08:34.438910815 +0200
|
||||
+++ shadow-4.1.5/src/grpconv.c 2012-06-18 13:12:51.270764552 +0200
|
||||
@@ -143,6 +143,7 @@ int main (int argc, char **argv)
|
||||
struct group grent;
|
||||
const struct sgrp *sg;
|
||||
struct sgrp sgent;
|
||||
+ char *np;
|
||||
|
||||
Prog = Basename (argv[0]);
|
||||
|
||||
@@ -184,20 +185,25 @@ int main (int argc, char **argv)
|
||||
* Remove /etc/gshadow entries for groups not in /etc/group.
|
||||
*/
|
||||
(void) sgr_rewind ();
|
||||
- while ((sg = sgr_next ()) != NULL) {
|
||||
- if (gr_locate (sg->sg_name) != NULL) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (sgr_remove (sg->sg_name) == 0) {
|
||||
- /*
|
||||
- * This shouldn't happen (the entry exists) but...
|
||||
- */
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
||||
- Prog, sg->sg_name, sgr_dbname ());
|
||||
- fail_exit (3);
|
||||
+ sg = sgr_next ();
|
||||
+ np=NULL;
|
||||
+ while (sg != NULL) {
|
||||
+ np = strdup(sg->sg_name);
|
||||
+ sg = sgr_next ();
|
||||
+
|
||||
+ if(gr_locate (np) == NULL) {
|
||||
+ if (sgr_remove (np) == 0) {
|
||||
+ /*
|
||||
+ * This shouldn't happen (the entry exists) but...
|
||||
+ */
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
||||
+ Prog, np, sgr_dbname ());
|
||||
+ free(np);
|
||||
+ fail_exit (3);
|
||||
+ }
|
||||
}
|
||||
+ free(np);
|
||||
}
|
||||
|
||||
/*
|
||||
diff -up shadow-4.1.5/src/pwconv.c.2ndskip shadow-4.1.5/src/pwconv.c
|
||||
--- shadow-4.1.5/src/pwconv.c.2ndskip 2012-06-18 11:23:33.938511797 +0200
|
||||
+++ shadow-4.1.5/src/pwconv.c 2012-06-18 12:57:18.396426194 +0200
|
||||
@@ -173,6 +173,7 @@ int main (int argc, char **argv)
|
||||
struct passwd pwent;
|
||||
const struct spwd *sp;
|
||||
struct spwd spent;
|
||||
+ char *np;
|
||||
|
||||
Prog = Basename (argv[0]);
|
||||
|
||||
@@ -223,20 +224,25 @@ int main (int argc, char **argv)
|
||||
* Remove /etc/shadow entries for users not in /etc/passwd.
|
||||
*/
|
||||
(void) spw_rewind ();
|
||||
- while ((sp = spw_next ()) != NULL) {
|
||||
- if (pw_locate (sp->sp_namp) != NULL) {
|
||||
- continue;
|
||||
- }
|
||||
-
|
||||
- if (spw_remove (sp->sp_namp) == 0) {
|
||||
- /*
|
||||
- * This shouldn't happen (the entry exists) but...
|
||||
- */
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot remove entry '%s' from %s\n"),
|
||||
- Prog, sp->sp_namp, spw_dbname ());
|
||||
- fail_exit (E_FAILURE);
|
||||
+ sp = spw_next ();
|
||||
+ np = NULL;
|
||||
+ while (sp != NULL) {
|
||||
+ np = strdup(sp->sp_namp);
|
||||
+ sp = spw_next ();
|
||||
+
|
||||
+ if (pw_locate (np) == NULL) {
|
||||
+ if (spw_remove (np) == 0) {
|
||||
+ /*
|
||||
+ * This shouldn't happen (the entry exists) but...
|
||||
+ */
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot remove entry '%s' from %s\n"),
|
||||
+ Prog, np, spw_dbname ());
|
||||
+ free(np);
|
||||
+ fail_exit (E_FAILURE);
|
||||
+ }
|
||||
}
|
||||
+ free(np);
|
||||
}
|
||||
|
||||
/*
|
|
@ -1,23 +0,0 @@
|
|||
diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.5/libmisc/find_new_gid.c.uflg 2011-07-30 01:10:27.000000000 +0200
|
||||
+++ shadow-4.1.5/libmisc/find_new_gid.c 2012-03-19 12:51:46.090554116 +0100
|
||||
@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group,
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
+ gid_min = (gid_t) 1;
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
if (gid_max < gid_min) {
|
||||
@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group,
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ /* if we did not find free preffered system gid, we start to look for
|
||||
+ * one in the range assigned to dynamic system IDs */
|
||||
+ if (sys_group)
|
||||
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
|
||||
/*
|
||||
* Search the entire group file,
|
|
@ -1,32 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
|
||||
--- shadow-4.1.5.1/src/usermod.c.audit 2011-11-21 23:02:16.000000000 +0100
|
||||
+++ shadow-4.1.5.1/src/usermod.c 2013-06-14 14:54:20.237026550 +0200
|
||||
@@ -1513,6 +1513,14 @@ static void move_home (void)
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (rename (user_home, user_newhome) == 0) {
|
||||
/* FIXME: rename above may have broken symlinks
|
||||
* pointing to the user's home directory
|
||||
@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
|
||||
* ownership.
|
||||
*
|
||||
*/
|
||||
+#ifdef WITH_AUDIT
|
||||
+ if (uflg || gflg) {
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "changing home directory owner",
|
||||
+ user_newname, (unsigned int) user_newid, 1);
|
||||
+ }
|
||||
+#endif
|
||||
if (chown_tree (dflg ? user_newhome : user_home,
|
||||
user_id,
|
||||
uflg ? user_newid : (uid_t)-1,
|
|
@ -1,20 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c
|
||||
--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200
|
||||
+++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200
|
||||
@@ -301,15 +301,12 @@ static int create_backup (const char *ba
|
||||
struct utimbuf ub;
|
||||
FILE *bkfp;
|
||||
int c;
|
||||
- mode_t mask;
|
||||
|
||||
if (fstat (fileno (fp), &sb) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
- mask = umask (077);
|
||||
- bkfp = fopen (backup, "w");
|
||||
- (void) umask (mask);
|
||||
+ bkfp = fopen_set_perms (backup, "w", &sb);
|
||||
if (NULL == bkfp) {
|
||||
return -1;
|
||||
}
|
|
@ -1,6 +1,7 @@
|
|||
diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
|
||||
--- shadow-4.1.5.1/lib/semanage.c.default-range 2012-01-08 17:35:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/lib/semanage.c 2013-06-14 15:14:51.970237594 +0200
|
||||
Index: shadow-4.5/lib/semanage.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/semanage.c
|
||||
+++ shadow-4.5/lib/semanage.c
|
||||
@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
|
||||
goto done;
|
||||
}
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
|
||||
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/src/useradd.c 2013-06-14 14:22:59.529661095 +0200
|
||||
@@ -1760,6 +1760,9 @@ static void create_home (void)
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (user_home, NULL) != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot set SELinux context for home directory %s\n"),
|
||||
+ Prog, user_home);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
@@ -1789,6 +1792,9 @@ static void create_home (void)
|
||||
#ifdef WITH_SELINUX
|
||||
/* Reset SELinux to create files with default contexts */
|
||||
if (reset_selinux_file_context () != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot reset SELinux file creation context\n"),
|
||||
+ Prog);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
File diff suppressed because it is too large
Load diff
|
@ -1,7 +1,8 @@
|
|||
diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
|
||||
--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200
|
||||
+++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200
|
||||
@@ -216,7 +216,15 @@
|
||||
Index: shadow-4.5/man/newusers.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/newusers.8.xml
|
||||
+++ shadow-4.5/man/newusers.8.xml
|
||||
@@ -218,7 +218,15 @@
|
||||
<para>
|
||||
If this field does not specify an existing directory, the
|
||||
specified directory is created, with ownership set to the
|
||||
|
|
|
@ -1,63 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/src/newgrp.c.ingroup shadow-4.1.5.1/src/newgrp.c
|
||||
--- shadow-4.1.5.1/src/newgrp.c.ingroup 2014-08-29 13:31:38.000000000 +0200
|
||||
+++ shadow-4.1.5.1/src/newgrp.c 2014-08-29 14:04:57.183849650 +0200
|
||||
@@ -83,15 +83,29 @@ static void usage (void)
|
||||
}
|
||||
}
|
||||
|
||||
+static bool ingroup(const char *name, struct group *gr)
|
||||
+{
|
||||
+ char **look;
|
||||
+ bool notfound = true;
|
||||
+
|
||||
+ look = gr->gr_mem;
|
||||
+ while (*look && notfound)
|
||||
+ notfound = strcmp (*look++, name);
|
||||
+
|
||||
+ return !notfound;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
- * find_matching_group - search all groups of a given group id for
|
||||
+ * find_matching_group - search all groups of a gr's group id for
|
||||
* membership of a given username
|
||||
+ * but check gr itself first
|
||||
*/
|
||||
-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
|
||||
+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
|
||||
{
|
||||
- struct group *gr;
|
||||
- char **look;
|
||||
- bool notfound = true;
|
||||
+ gid_t gid = gr->gr_gid;
|
||||
+
|
||||
+ if (ingroup(name, gr))
|
||||
+ return gr;
|
||||
|
||||
setgrent ();
|
||||
while ((gr = getgrent ()) != NULL) {
|
||||
@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
|
||||
* A group with matching GID was found.
|
||||
* Test for membership of 'name'.
|
||||
*/
|
||||
- look = gr->gr_mem;
|
||||
- while ((NULL != *look) && notfound) {
|
||||
- notfound = (strcmp (*look, name) != 0);
|
||||
- look++;
|
||||
- }
|
||||
- if (!notfound) {
|
||||
+ if (ingroup(name, gr))
|
||||
break;
|
||||
- }
|
||||
}
|
||||
endgrent ();
|
||||
return gr;
|
||||
@@ -616,7 +624,7 @@ int main (int argc, char **argv)
|
||||
* groups of the same GID like the requested group for
|
||||
* membership of the current user.
|
||||
*/
|
||||
- grp = find_matching_group (name, grp->gr_gid);
|
||||
+ grp = find_matching_group (name, grp);
|
||||
if (NULL == grp) {
|
||||
/*
|
||||
* No matching group found. As we already know that
|
|
@ -1,7 +1,8 @@
|
|||
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
|
||||
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100
|
||||
@@ -275,7 +275,7 @@ static void fail_exit (int code)
|
||||
Index: shadow-4.5/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/useradd.c
|
||||
+++ shadow-4.5/src/useradd.c
|
||||
@@ -323,7 +323,7 @@ static void fail_exit (int code)
|
||||
user_name, AUDIT_NO_ID,
|
||||
SHADOW_AUDIT_FAILURE);
|
||||
#endif
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/src/usermod.c.move-home shadow-4.1.5.1/src/usermod.c
|
||||
--- shadow-4.1.5.1/src/usermod.c.move-home 2014-08-29 13:31:38.000000000 +0200
|
||||
+++ shadow-4.1.5.1/src/usermod.c 2014-08-29 14:14:13.860671177 +0200
|
||||
@@ -1571,6 +1571,11 @@ static void move_home (void)
|
||||
Prog, user_home, user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The previous home directory (%s) does "
|
||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||
+ Prog, user_home);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,99 +0,0 @@
|
|||
diff -up shadow-4.1.5.1/lib/semanage.c.selinux shadow-4.1.5.1/lib/semanage.c
|
||||
--- shadow-4.1.5.1/lib/semanage.c.selinux 2012-01-08 17:35:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/lib/semanage.c 2014-09-10 10:11:55.417506128 +0200
|
||||
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
|
||||
|
||||
ret = 0;
|
||||
|
||||
+ /* drop obsolete matchpathcon cache */
|
||||
+ matchpathcon_fini();
|
||||
+
|
||||
done:
|
||||
semanage_seuser_key_free (key);
|
||||
semanage_handle_destroy (handle);
|
||||
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
+
|
||||
+ /* drop obsolete matchpathcon cache */
|
||||
+ matchpathcon_fini();
|
||||
+
|
||||
done:
|
||||
semanage_handle_destroy (handle);
|
||||
return ret;
|
||||
diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c
|
||||
--- shadow-4.1.5.1/src/useradd.c.selinux 2014-09-10 10:10:18.791280619 +0200
|
||||
+++ shadow-4.1.5.1/src/useradd.c 2014-09-10 10:10:18.798280781 +0200
|
||||
@@ -1850,6 +1850,7 @@ static void create_mail (void)
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
+ int rv = E_SUCCESS;
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
pam_handle_t *pamh = NULL;
|
||||
@@ -2037,10 +2038,33 @@ int main (int argc, char **argv)
|
||||
|
||||
usr_update ();
|
||||
|
||||
+ close_files ();
|
||||
+
|
||||
+ nscd_flush_cache ("passwd");
|
||||
+ nscd_flush_cache ("group");
|
||||
+
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if (Zflg && *user_selinux) {
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ if (set_seuser (user_name, user_selinux) != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
+ Prog, user_name, user_selinux);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
||||
+ "adding SELinux user mapping",
|
||||
+ user_name, (unsigned int) user_id, 0);
|
||||
+#endif /* WITH_AUDIT */
|
||||
+ rv = E_SE_UPDATE;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (mflg) {
|
||||
create_home ();
|
||||
if (home_added) {
|
||||
- copy_tree (def_template, user_home, false, false,
|
||||
+ copy_tree (def_template, user_home, false, true,
|
||||
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
} else {
|
||||
fprintf (stderr,
|
||||
@@ -2056,27 +2080,6 @@ int main (int argc, char **argv)
|
||||
create_mail ();
|
||||
}
|
||||
|
||||
- close_files ();
|
||||
-
|
||||
-#ifdef WITH_SELINUX
|
||||
- if (Zflg) {
|
||||
- if (set_seuser (user_name, user_selinux) != 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
- Prog, user_name, user_selinux);
|
||||
-#ifdef WITH_AUDIT
|
||||
- audit_logger (AUDIT_ADD_USER, Prog,
|
||||
- "adding SELinux user mapping",
|
||||
- user_name, (unsigned int) user_id, 0);
|
||||
-#endif /* WITH_AUDIT */
|
||||
- fail_exit (E_SE_UPDATE);
|
||||
- }
|
||||
- }
|
||||
-#endif /* WITH_SELINUX */
|
||||
-
|
||||
- nscd_flush_cache ("passwd");
|
||||
- nscd_flush_cache ("group");
|
||||
-
|
||||
- return E_SUCCESS;
|
||||
+ return rv;
|
||||
}
|
||||
|
|
@ -1,7 +1,8 @@
|
|||
diff -up shadow-4.1.5.1/src/userdel.c.userdel shadow-4.1.5.1/src/userdel.c
|
||||
--- shadow-4.1.5.1/src/userdel.c.userdel 2012-05-25 13:51:55.000000000 +0200
|
||||
+++ shadow-4.1.5.1/src/userdel.c 2014-02-12 11:40:30.707686132 +0100
|
||||
@@ -130,8 +130,9 @@ static void usage (int status)
|
||||
Index: shadow-4.5/src/userdel.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/userdel.c
|
||||
+++ shadow-4.5/src/userdel.c
|
||||
@@ -143,8 +143,9 @@ static void usage (int status)
|
||||
"\n"
|
||||
"Options:\n"),
|
||||
Prog);
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y
|
||||
--- shadow-4.2.1/libmisc/getdate.y.date-parsing 2014-03-01 18:50:05.000000000 +0100
|
||||
+++ shadow-4.2.1/libmisc/getdate.y 2014-11-26 14:58:21.208153924 +0100
|
||||
Index: shadow-4.5/libmisc/getdate.y
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/libmisc/getdate.y
|
||||
+++ shadow-4.5/libmisc/getdate.y
|
||||
@@ -152,6 +152,7 @@ static int yyHaveDay;
|
||||
static int yyHaveRel;
|
||||
static int yyHaveTime;
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c
|
||||
--- shadow-4.2.1/src/useradd.c.defs-chroot 2014-12-01 15:14:58.000000000 +0100
|
||||
+++ shadow-4.2.1/src/useradd.c 2015-08-27 15:46:21.935698862 +0200
|
||||
@@ -1938,8 +1938,8 @@ int main (int argc, char **argv)
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
|
||||
/* Needed for userns check */
|
||||
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+ uid_t uid_min;
|
||||
+ uid_t uid_max;
|
||||
|
||||
/*
|
||||
* Get my name so that I can use it to report errors.
|
||||
@@ -1957,6 +1957,9 @@ int main (int argc, char **argv)
|
||||
audit_help_open ();
|
||||
#endif
|
||||
|
||||
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
+
|
||||
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
|
||||
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
|
||||
/*
|
|
@ -1,249 +0,0 @@
|
|||
diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
|
||||
--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100
|
||||
@@ -105,6 +105,17 @@
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
+ <option>-C</option>, <option>--clear</option>
|
||||
+ </term>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ Clear lastlog record of an user. This option can be used only together
|
||||
+ with <option>-u</option> (<option>--user</option>)).
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <term>
|
||||
<option>-h</option>, <option>--help</option>
|
||||
</term>
|
||||
<listitem>
|
||||
@@ -123,6 +134,17 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
+ <varlistentry>
|
||||
+ <term>
|
||||
+ <option>-S</option>, <option>--set</option>
|
||||
+ </term>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ Set lastlog record of an user to the current time. This option can be
|
||||
+ used only together with <option>-u</option> (<option>--user</option>)).
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
<option>-t</option>, <option>--time</option> <replaceable>DAYS</replaceable>
|
||||
diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
|
||||
--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100
|
||||
@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf
|
||||
static bool uflg = false; /* print only an user of range of users */
|
||||
static bool tflg = false; /* print is restricted to most recent days */
|
||||
static bool bflg = false; /* print excludes most recent days */
|
||||
+static bool Cflg = false; /* clear record for user */
|
||||
+static bool Sflg = false; /* set record for user */
|
||||
|
||||
#define NOW (time ((time_t *) 0))
|
||||
|
||||
@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
|
||||
"Options:\n"),
|
||||
Prog);
|
||||
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
|
||||
+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
|
||||
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
|
||||
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
|
||||
+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
|
||||
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
|
||||
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
|
||||
(void) fputs ("\n", usageout);
|
||||
@@ -194,6 +198,80 @@ static void print (void)
|
||||
}
|
||||
}
|
||||
|
||||
+static void update_one (/*@null@*/const struct passwd *pw)
|
||||
+{
|
||||
+ off_t offset;
|
||||
+ struct lastlog ll;
|
||||
+ int err;
|
||||
+
|
||||
+ if (NULL == pw) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
+ offset = (off_t) pw->pw_uid * sizeof (ll);
|
||||
+ /* fseeko errors are not really relevant for us. */
|
||||
+ err = fseeko (lastlogfile, offset, SEEK_SET);
|
||||
+ assert (0 == err);
|
||||
+
|
||||
+ memzero (&ll, sizeof (ll));
|
||||
+
|
||||
+ if (Sflg) {
|
||||
+ ll.ll_time = NOW;
|
||||
+#ifdef HAVE_LL_HOST
|
||||
+ strcpy (ll.ll_host, "localhost");
|
||||
+#endif
|
||||
+ strcpy (ll.ll_line, "lastlog");
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
+ "clearing-lastlog",
|
||||
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
+#endif
|
||||
+ }
|
||||
+#ifdef WITH_AUDIT
|
||||
+ else {
|
||||
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
+ "refreshing-lastlog",
|
||||
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: Failed to update the entry for UID %lu\n"),
|
||||
+ Prog, (unsigned long int)pw->pw_uid);
|
||||
+ exit (EXIT_FAILURE);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void update (void)
|
||||
+{
|
||||
+ const struct passwd *pwent;
|
||||
+
|
||||
+ if (!uflg) /* safety measure */
|
||||
+ return;
|
||||
+
|
||||
+ if (has_umin && has_umax && (umin == umax)) {
|
||||
+ update_one (getpwuid ((uid_t)umin));
|
||||
+ } else {
|
||||
+ setpwent ();
|
||||
+ while ( (pwent = getpwent ()) != NULL ) {
|
||||
+ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
|
||||
+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
|
||||
+ continue;
|
||||
+ }
|
||||
+ update_one (pwent);
|
||||
+ }
|
||||
+ endpwent ();
|
||||
+ }
|
||||
+
|
||||
+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: Failed to update the lastlog file\n"),
|
||||
+ Prog);
|
||||
+ exit (EXIT_FAILURE);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
/*
|
||||
@@ -208,18 +286,24 @@ int main (int argc, char **argv)
|
||||
|
||||
process_root_flag ("-R", argc, argv);
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_help_open ();
|
||||
+#endif
|
||||
+
|
||||
{
|
||||
int c;
|
||||
static struct option const longopts[] = {
|
||||
{"before", required_argument, NULL, 'b'},
|
||||
+ {"clear", no_argument, NULL, 'C'},
|
||||
{"help", no_argument, NULL, 'h'},
|
||||
{"root", required_argument, NULL, 'R'},
|
||||
+ {"set", no_argument, NULL, 'S'},
|
||||
{"time", required_argument, NULL, 't'},
|
||||
{"user", required_argument, NULL, 'u'},
|
||||
{NULL, 0, NULL, '\0'}
|
||||
};
|
||||
|
||||
- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
|
||||
+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
|
||||
NULL)) != -1) {
|
||||
switch (c) {
|
||||
case 'b':
|
||||
@@ -235,11 +319,21 @@ int main (int argc, char **argv)
|
||||
bflg = true;
|
||||
break;
|
||||
}
|
||||
+ case 'C':
|
||||
+ {
|
||||
+ Cflg = true;
|
||||
+ break;
|
||||
+ }
|
||||
case 'h':
|
||||
usage (EXIT_SUCCESS);
|
||||
/*@notreached@*/break;
|
||||
case 'R': /* no-op, handled in process_root_flag () */
|
||||
break;
|
||||
+ case 'S':
|
||||
+ {
|
||||
+ Sflg = true;
|
||||
+ break;
|
||||
+ }
|
||||
case 't':
|
||||
{
|
||||
unsigned long days;
|
||||
@@ -294,9 +388,21 @@ int main (int argc, char **argv)
|
||||
Prog, argv[optind]);
|
||||
usage (EXIT_FAILURE);
|
||||
}
|
||||
+ if (Cflg && Sflg) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: Option -C cannot be used together with option -S\n"),
|
||||
+ Prog);
|
||||
+ usage (EXIT_FAILURE);
|
||||
+ }
|
||||
+ if ((Cflg || Sflg) && !uflg) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: Options -C and -S require option -u to specify the user\n"),
|
||||
+ Prog);
|
||||
+ usage (EXIT_FAILURE);
|
||||
+ }
|
||||
}
|
||||
|
||||
- lastlogfile = fopen (LASTLOG_FILE, "r");
|
||||
+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
|
||||
if (NULL == lastlogfile) {
|
||||
perror (LASTLOG_FILE);
|
||||
exit (EXIT_FAILURE);
|
||||
@@ -310,7 +416,10 @@ int main (int argc, char **argv)
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
- print ();
|
||||
+ if (Cflg || Sflg)
|
||||
+ update ();
|
||||
+ else
|
||||
+ print ();
|
||||
|
||||
(void) fclose (lastlogfile);
|
||||
|
||||
diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
|
||||
--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200
|
||||
+++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100
|
||||
@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
|
||||
grpck_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
|
||||
login_SOURCES = \
|
||||
login.c \
|
||||
login_nopam.c
|
||||
diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
|
||||
--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200
|
||||
+++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100
|
||||
@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
|
||||
$(top_builddir)/lib/libshadow.la
|
||||
lastlog_SOURCES = lastlog.c
|
||||
lastlog_OBJECTS = lastlog.$(OBJEXT)
|
||||
-lastlog_LDADD = $(LDADD)
|
||||
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
|
||||
lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
|
||||
$(top_builddir)/libmisc/libmisc.a \
|
||||
$(top_builddir)/lib/libshadow.la
|
|
@ -1,13 +0,0 @@
|
|||
diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c
|
||||
--- shadow-4.2.1/lib/groupio.c.merge-group 2014-11-26 14:33:54.039581662 +0100
|
||||
+++ shadow-4.2.1/lib/groupio.c 2014-11-26 14:46:02.841852886 +0100
|
||||
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
|
||||
- new_line[new_line_len] = '\0';
|
||||
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
|
||||
|
||||
/* Concatenate the 2 list of members */
|
||||
for (i=0; NULL != gptr1->gr_mem[i]; i++);
|
|
@ -1,6 +1,7 @@
|
|||
diff -up shadow-4.2.1/lib/commonio.c.no-lock-dos shadow-4.2.1/lib/commonio.c
|
||||
--- shadow-4.2.1/lib/commonio.c.no-lock-dos 2015-08-27 15:09:17.101537812 +0200
|
||||
+++ shadow-4.2.1/lib/commonio.c 2015-08-27 15:11:06.643011248 +0200
|
||||
Index: shadow-4.5/lib/commonio.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/commonio.c
|
||||
+++ shadow-4.5/lib/commonio.c
|
||||
@@ -140,7 +140,10 @@ static int do_lock_file (const char *fil
|
||||
int retval;
|
||||
char buf[32];
|
||||
|
|
91
shadow-4.2.1-null-tm.patch
Normal file
91
shadow-4.2.1-null-tm.patch
Normal file
|
@ -0,0 +1,91 @@
|
|||
Index: shadow-4.5/src/faillog.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/faillog.c
|
||||
+++ shadow-4.5/src/faillog.c
|
||||
@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const s
|
||||
}
|
||||
|
||||
tm = localtime (&fl.fail_time);
|
||||
+ if (tm == NULL) {
|
||||
+ cp = "(unknown)";
|
||||
+ } else {
|
||||
#ifdef HAVE_STRFTIME
|
||||
- strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
|
||||
- cp = ptime;
|
||||
+ strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
|
||||
+ cp = ptime;
|
||||
#endif
|
||||
+ }
|
||||
printf ("%-9s %5d %5d ",
|
||||
pw->pw_name, fl.fail_cnt, fl.fail_max);
|
||||
/* FIXME: cp is not defined ifndef HAVE_STRFTIME */
|
||||
Index: shadow-4.5/src/chage.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/chage.c
|
||||
+++ shadow-4.5/src/chage.c
|
||||
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
|
||||
struct tm *tp;
|
||||
|
||||
tp = gmtime (&date);
|
||||
+ if (tp == NULL) {
|
||||
+ (void) snprintf (buf, maxsize, "(unknown)");
|
||||
+ return;
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
|
||||
#else
|
||||
Index: shadow-4.5/src/lastlog.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/lastlog.c
|
||||
+++ shadow-4.5/src/lastlog.c
|
||||
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
|
||||
|
||||
ll_time = ll.ll_time;
|
||||
tm = localtime (&ll_time);
|
||||
+ if (tm == NULL) {
|
||||
+ cp = "(unknown)";
|
||||
+ } else {
|
||||
#ifdef HAVE_STRFTIME
|
||||
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
- cp = ptime;
|
||||
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
+ cp = ptime;
|
||||
#else
|
||||
- cp = asctime (tm);
|
||||
- cp[24] = '\0';
|
||||
+ cp = asctime (tm);
|
||||
+ cp[24] = '\0';
|
||||
#endif
|
||||
+ }
|
||||
|
||||
if (ll.ll_time == (time_t) 0) {
|
||||
cp = _("**Never logged in**\0");
|
||||
Index: shadow-4.5/src/passwd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/passwd.c
|
||||
+++ shadow-4.5/src/passwd.c
|
||||
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
|
||||
struct tm *tm;
|
||||
|
||||
tm = gmtime (&t);
|
||||
+ if (tm == NULL) {
|
||||
+ return "(unknown)";
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
|
||||
#else /* !HAVE_STRFTIME */
|
||||
Index: shadow-4.5/src/usermod.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/usermod.c
|
||||
+++ shadow-4.5/src/usermod.c
|
||||
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
|
||||
} else {
|
||||
time_t t = (time_t) date;
|
||||
tp = gmtime (&t);
|
||||
+ if (tp == NULL) {
|
||||
+ strncpy (buf, "unknown", maxsize);
|
||||
+ return;
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
strftime (buf, maxsize, "%Y-%m-%d", tp);
|
||||
#else
|
|
@ -1,48 +0,0 @@
|
|||
From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001
|
||||
From: Bastian Blank <bastian.blank@credativ.de>
|
||||
Date: Tue, 17 Nov 2015 10:52:24 -0600
|
||||
Subject: [PATCH] Fix user busy errors at userdel
|
||||
|
||||
From: Bastian Blank <bastian.blank@credativ.de>
|
||||
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
||||
---
|
||||
libmisc/user_busy.c | 9 +++++++++
|
||||
1 file changed, 9 insertions(+)
|
||||
|
||||
diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
|
||||
index db7174a..0db32c3 100644
|
||||
--- a/libmisc/user_busy.c
|
||||
+++ b/libmisc/user_busy.c
|
||||
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
if (stat ("/", &sbroot) != 0) {
|
||||
perror ("stat (\"/\")");
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
|
||||
if (check_status (name, tmp_d_name, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
||||
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
}
|
||||
if (check_status (name, task_path+6, uid) != 0) {
|
||||
(void) closedir (proc);
|
||||
+#ifdef ENABLE_SUBIDS
|
||||
+ sub_uid_close();
|
||||
+#endif
|
||||
fprintf (stderr,
|
||||
_("%s: user %s is currently used by process %d\n"),
|
||||
Prog, name, pid);
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
|
||||
--- shadow-4.2.1/man/groupmems.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/groupmems.8.xml 2015-11-06 14:21:03.013060324 +0100
|
||||
Index: shadow-4.5/man/groupmems.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/groupmems.8.xml
|
||||
+++ shadow-4.5/man/groupmems.8.xml
|
||||
@@ -179,20 +179,10 @@
|
||||
<refsect1 id='setup'>
|
||||
<title>SETUP</title>
|
||||
|
@ -25,9 +26,10 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm
|
|||
</refsect1>
|
||||
|
||||
<refsect1 id='configuration'>
|
||||
diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
|
||||
--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
|
||||
Index: shadow-4.5/man/chage.1.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/chage.1.xml
|
||||
+++ shadow-4.5/man/chage.1.xml
|
||||
@@ -102,6 +102,9 @@
|
||||
Set the number of days since January 1st, 1970 when the password
|
||||
was last changed. The date may also be expressed in the format
|
||||
|
@ -38,10 +40,25 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
|
|||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5
|
||||
--- shadow-4.2.1/man/ja/man5/login.defs.5.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/ja/man5/login.defs.5 2016-01-08 09:58:29.591702354 +0100
|
||||
@@ -147,10 +147,6 @@ 以下の参照表は、
|
||||
@@ -119,6 +122,13 @@
|
||||
system again.
|
||||
</para>
|
||||
<para>
|
||||
+ For example the following can be used to set an account to expire
|
||||
+ in 180 days:
|
||||
+ </para>
|
||||
+ <programlisting>
|
||||
+ chage -E $(date -d +180days +%Y-%m-%d)
|
||||
+ </programlisting>
|
||||
+ <para>
|
||||
Passing the number <emphasis remap='I'>-1</emphasis> as the
|
||||
<replaceable>EXPIRE_DATE</replaceable> will remove an account
|
||||
expiration date.
|
||||
Index: shadow-4.5/man/ja/man5/login.defs.5
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/ja/man5/login.defs.5
|
||||
+++ shadow-4.5/man/ja/man5/login.defs.5
|
||||
@@ -147,10 +147,6 @@ PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_
|
||||
shadow パスワード機能のどのプログラムが
|
||||
どのパラメータを使用するかを示したものである。
|
||||
.na
|
||||
|
@ -52,9 +69,10 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l
|
|||
.IP groupadd 12
|
||||
GID_MAX GID_MIN
|
||||
.IP newusers 12
|
||||
diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
|
||||
--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100
|
||||
+++ shadow-4.2.1/man/login.defs.5.xml 2016-01-08 09:59:35.854169787 +0100
|
||||
Index: shadow-4.5/man/login.defs.5.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/login.defs.5.xml
|
||||
+++ shadow-4.5/man/login.defs.5.xml
|
||||
@@ -162,6 +162,17 @@
|
||||
long numeric parameters is machine-dependent.
|
||||
</para>
|
||||
|
@ -73,7 +91,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
<para>The following configuration items are provided:</para>
|
||||
|
||||
<variablelist remap='IP'>
|
||||
@@ -252,26 +263,6 @@
|
||||
@@ -252,16 +263,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
|
@ -87,20 +105,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
- </listitem>
|
||||
- </varlistentry>
|
||||
- <varlistentry>
|
||||
- <term>chgpasswd</term>
|
||||
- <listitem>
|
||||
- <para>
|
||||
- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
|
||||
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
|
||||
- SHA_CRYPT_MIN_ROUNDS</phrase>
|
||||
- </para>
|
||||
- </listitem>
|
||||
- </varlistentry>
|
||||
- <varlistentry>
|
||||
<term>chpasswd</term>
|
||||
<term>chgpasswd</term>
|
||||
<listitem>
|
||||
<para>
|
||||
@@ -282,14 +273,6 @@
|
||||
@@ -282,14 +283,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -115,7 +123,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
|
||||
<!-- faillog: no variables -->
|
||||
<varlistentry>
|
||||
@@ -350,34 +333,6 @@
|
||||
@@ -350,34 +343,6 @@
|
||||
</varlistentry>
|
||||
<!-- id: no variables -->
|
||||
<!-- lastlog: no variables -->
|
||||
|
@ -150,7 +158,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
<!-- logoutd: no variables -->
|
||||
<varlistentry>
|
||||
<term>newgrp / sg</term>
|
||||
@@ -405,17 +360,6 @@
|
||||
@@ -405,17 +370,6 @@
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<!-- nologin: no variables -->
|
||||
|
@ -168,7 +176,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
<varlistentry>
|
||||
<term>pwck</term>
|
||||
<listitem>
|
||||
@@ -442,32 +386,6 @@
|
||||
@@ -442,32 +396,6 @@
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
@ -201,9 +209,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
|
|||
<varlistentry>
|
||||
<term>useradd</term>
|
||||
<listitem>
|
||||
diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
|
||||
--- shadow-4.2.1/man/shadow.5.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/shadow.5.xml 2015-10-27 16:54:29.304231353 +0100
|
||||
Index: shadow-4.5/man/shadow.5.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/shadow.5.xml
|
||||
+++ shadow-4.5/man/shadow.5.xml
|
||||
@@ -208,8 +208,8 @@
|
||||
</para>
|
||||
<para>
|
||||
|
@ -215,10 +224,11 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
|
|||
</para>
|
||||
<para>
|
||||
An empty field means that there are no enforcement of an
|
||||
diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
|
||||
--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
|
||||
+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
|
||||
@@ -347,11 +347,16 @@
|
||||
Index: shadow-4.5/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/useradd.8.xml
|
||||
+++ shadow-4.5/man/useradd.8.xml
|
||||
@@ -347,6 +347,11 @@
|
||||
<option>CREATE_HOME</option> is not enabled, no home
|
||||
directories are created.
|
||||
</para>
|
||||
|
@ -230,15 +240,10 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
<term>
|
||||
- <option>-M</option>
|
||||
+ <option>-M</option>, <option>--no-create-home</option>
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
|
||||
--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
|
||||
+++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100
|
||||
Index: shadow-4.5/man/usermod.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/usermod.8.xml
|
||||
+++ shadow-4.5/man/usermod.8.xml
|
||||
@@ -132,7 +132,8 @@
|
||||
If the <option>-m</option>
|
||||
option is given, the contents of the current home directory will
|
277
shadow-4.3.1-selinux-perms.patch
Normal file
277
shadow-4.3.1-selinux-perms.patch
Normal file
|
@ -0,0 +1,277 @@
|
|||
Index: shadow-4.5/src/chgpasswd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/chgpasswd.c
|
||||
+++ shadow-4.5/src/chgpasswd.c
|
||||
@@ -39,6 +39,13 @@
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/avc.h>
|
||||
+#endif
|
||||
+#ifdef WITH_LIBAUDIT
|
||||
+#include <libaudit.h>
|
||||
+#endif
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
@@ -76,6 +83,9 @@ static bool sgr_locked = false;
|
||||
#endif
|
||||
static bool gr_locked = false;
|
||||
|
||||
+/* The name of the caller */
|
||||
+static char *myname = NULL;
|
||||
+
|
||||
/* local function prototypes */
|
||||
static void fail_exit (int code);
|
||||
static /*@noreturn@*/void usage (int status);
|
||||
@@ -300,6 +310,63 @@ static void check_perms (void)
|
||||
#endif /* ACCT_TOOLS_SETUID */
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+static int
|
||||
+log_callback (int type, const char *fmt, ...)
|
||||
+{
|
||||
+ int audit_fd;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_fd = audit_open();
|
||||
+
|
||||
+ if (audit_fd >= 0) {
|
||||
+ char *buf;
|
||||
+
|
||||
+ if (vasprintf (&buf, fmt, ap) < 0)
|
||||
+ goto ret;
|
||||
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
||||
+ NULL, 0);
|
||||
+ audit_close(audit_fd);
|
||||
+ free(buf);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
||||
+ret:
|
||||
+ va_end(ap);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+selinux_check_root (void)
|
||||
+{
|
||||
+ int status = -1;
|
||||
+ security_context_t user_context;
|
||||
+ union selinux_callback old_callback;
|
||||
+
|
||||
+ if (is_selinux_enabled() < 1)
|
||||
+ return;
|
||||
+
|
||||
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
||||
+ /* setup callbacks */
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
||||
+ if ((status = getprevcon(&user_context)) < 0) {
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
||||
+
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ freecon(user_context);
|
||||
+ if (status != 0 && security_getenforce() != 0)
|
||||
+ exit(1);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* open_files - lock and open the group databases
|
||||
*/
|
||||
@@ -393,6 +460,7 @@ int main (int argc, char **argv)
|
||||
|
||||
const struct group *gr;
|
||||
struct group newgr;
|
||||
+ struct passwd *pw = NULL;
|
||||
int errors = 0;
|
||||
int line = 0;
|
||||
|
||||
@@ -408,8 +476,33 @@ int main (int argc, char **argv)
|
||||
|
||||
OPENLOG ("chgpasswd");
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_help_open ();
|
||||
+#endif
|
||||
+
|
||||
+ /*
|
||||
+ * Determine the name of the user that invoked this command. This
|
||||
+ * is really hit or miss because there are so many ways that command
|
||||
+ * can be executed and so many ways to trip up the routines that
|
||||
+ * report the user name.
|
||||
+ */
|
||||
+ pw = get_my_pwent ();
|
||||
+ if (NULL == pw) {
|
||||
+ fprintf (stderr, _("%s: Cannot determine your user name.\n"),
|
||||
+ Prog);
|
||||
+ SYSLOG ((LOG_WARN,
|
||||
+ "Cannot determine the user name of the caller (UID %lu)",
|
||||
+ (unsigned long) getuid ()));
|
||||
+ exit (E_NOPERM);
|
||||
+ }
|
||||
+ myname = xstrdup (pw->pw_name);
|
||||
+
|
||||
check_perms ();
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ selinux_check_root ();
|
||||
+#endif
|
||||
+
|
||||
#ifdef SHADOWGRP
|
||||
is_shadow_grp = sgr_file_present ();
|
||||
#endif
|
||||
@@ -536,6 +629,15 @@ int main (int argc, char **argv)
|
||||
newgr.gr_passwd = cp;
|
||||
}
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ {
|
||||
+
|
||||
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
|
||||
+ "change-password",
|
||||
+ myname, AUDIT_NO_ID, gr->gr_name,
|
||||
+ SHADOW_AUDIT_SUCCESS);
|
||||
+ }
|
||||
+#endif
|
||||
/*
|
||||
* The updated group file entry is then put back and will
|
||||
* be written to the group file later, after all the
|
||||
Index: shadow-4.5/src/chpasswd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/chpasswd.c
|
||||
+++ shadow-4.5/src/chpasswd.c
|
||||
@@ -39,6 +39,13 @@
|
||||
#include <pwd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/avc.h>
|
||||
+#endif
|
||||
+#ifdef WITH_LIBAUDIT
|
||||
+#include <libaudit.h>
|
||||
+#endif
|
||||
#ifdef USE_PAM
|
||||
#include "pam_defs.h"
|
||||
#endif /* USE_PAM */
|
||||
@@ -297,6 +304,63 @@ static void check_perms (void)
|
||||
#endif /* USE_PAM */
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+static int
|
||||
+log_callback (int type, const char *fmt, ...)
|
||||
+{
|
||||
+ int audit_fd;
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start(ap, fmt);
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_fd = audit_open();
|
||||
+
|
||||
+ if (audit_fd >= 0) {
|
||||
+ char *buf;
|
||||
+
|
||||
+ if (vasprintf (&buf, fmt, ap) < 0)
|
||||
+ goto ret;
|
||||
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
|
||||
+ NULL, 0);
|
||||
+ audit_close(audit_fd);
|
||||
+ free(buf);
|
||||
+ goto ret;
|
||||
+ }
|
||||
+
|
||||
+#endif
|
||||
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
|
||||
+ret:
|
||||
+ va_end(ap);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+selinux_check_root (void)
|
||||
+{
|
||||
+ int status = -1;
|
||||
+ security_context_t user_context;
|
||||
+ union selinux_callback old_callback;
|
||||
+
|
||||
+ if (is_selinux_enabled() < 1)
|
||||
+ return;
|
||||
+
|
||||
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
|
||||
+ /* setup callbacks */
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
|
||||
+ if ((status = getprevcon(&user_context)) < 0) {
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
|
||||
+
|
||||
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
|
||||
+ freecon(user_context);
|
||||
+ if (status != 0 && security_getenforce() != 0)
|
||||
+ exit(1);
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
/*
|
||||
* open_files - lock and open the password databases
|
||||
*/
|
||||
@@ -405,8 +469,16 @@ int main (int argc, char **argv)
|
||||
|
||||
OPENLOG ("chpasswd");
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_help_open ();
|
||||
+#endif
|
||||
+
|
||||
check_perms ();
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ selinux_check_root ();
|
||||
+#endif
|
||||
+
|
||||
#ifdef USE_PAM
|
||||
if (!use_pam)
|
||||
#endif /* USE_PAM */
|
||||
@@ -566,6 +638,11 @@ int main (int argc, char **argv)
|
||||
newpw.pw_passwd = cp;
|
||||
}
|
||||
|
||||
+#ifdef WITH_AUDIT
|
||||
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
||||
+ "updating-password",
|
||||
+ pw->pw_name, (unsigned int) pw->pw_uid, 1);
|
||||
+#endif
|
||||
/*
|
||||
* The updated password file entry is then put back and will
|
||||
* be written to the password file later, after all the
|
||||
Index: shadow-4.5/src/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/Makefile.am
|
||||
+++ shadow-4.5/src/Makefile.am
|
||||
@@ -87,9 +87,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID)
|
||||
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
||||
+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
||||
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
|
||||
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
||||
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
41
shadow-4.5-crypt_h.patch
Normal file
41
shadow-4.5-crypt_h.patch
Normal file
|
@ -0,0 +1,41 @@
|
|||
Index: shadow-4.5/configure.ac
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/configure.ac
|
||||
+++ shadow-4.5/configure.ac
|
||||
@@ -32,9 +32,9 @@ AC_HEADER_STDC
|
||||
AC_HEADER_SYS_WAIT
|
||||
AC_HEADER_STDBOOL
|
||||
|
||||
-AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
|
||||
- utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
|
||||
- utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
|
||||
+AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h \
|
||||
+ utmp.h utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h \
|
||||
+ paths.h utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
|
||||
locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
|
||||
attr/error_context.h)
|
||||
|
||||
Index: shadow-4.5/lib/defines.h
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/lib/defines.h
|
||||
+++ shadow-4.5/lib/defines.h
|
||||
@@ -4,6 +4,8 @@
|
||||
#ifndef _DEFINES_H_
|
||||
#define _DEFINES_H_
|
||||
|
||||
+#include "config.h"
|
||||
+
|
||||
#if HAVE_STDBOOL_H
|
||||
# include <stdbool.h>
|
||||
#else
|
||||
@@ -94,6 +96,10 @@ char *strchr (), *strrchr (), *strtok ()
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
|
||||
+#if HAVE_CRYPT_H
|
||||
+# include <crypt.h> /* crypt(3) may be defined in here */
|
||||
+#endif
|
||||
+
|
||||
#if TIME_WITH_SYS_TIME
|
||||
# include <sys/time.h>
|
||||
# include <time.h>
|
|
@ -1,7 +1,8 @@
|
|||
diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
|
||||
--- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200
|
||||
+++ shadow-4.1.5.1/libmisc/chkname.c 2014-09-09 17:35:17.207303124 +0200
|
||||
@@ -47,27 +47,42 @@
|
||||
Index: shadow-4.5/libmisc/chkname.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/libmisc/chkname.c
|
||||
+++ shadow-4.5/libmisc/chkname.c
|
||||
@@ -47,27 +47,46 @@
|
||||
#include "chkname.h"
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
|
@ -18,16 +19,18 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
|
|||
+ * as a non-POSIX, extension, allow "$" as the last char for
|
||||
+ * sake of Samba 3.x "add machine script"
|
||||
+ *
|
||||
+ * Also do not allow fully numeric names.
|
||||
+ * Also do not allow fully numeric names or just "." or "..".
|
||||
+ */
|
||||
+ int numeric;
|
||||
+
|
||||
+ if ( ('\0' == *name) ||
|
||||
+ if ('\0' == *name ||
|
||||
+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
|
||||
+ '\0' == name[1])) ||
|
||||
+ !((*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ (*name == '_') || (*name == '.')
|
||||
+ )) {
|
||||
+ *name == '_' ||
|
||||
+ *name == '.')) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -39,13 +42,14 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
|
|||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
- )) {
|
||||
+ if (!( (*name >= 'a' && *name <= 'z') ||
|
||||
+ if (!((*name >= 'a' && *name <= 'z') ||
|
||||
+ (*name >= 'A' && *name <= 'Z') ||
|
||||
+ (*name >= '0' && *name <= '9') ||
|
||||
+ (*name == '_') || (*name == '.') || (*name == '-') ||
|
||||
+ (*name == '$' && *(name + 1) == '\0')
|
||||
+ )) {
|
||||
+ *name == '_' ||
|
||||
+ *name == '.' ||
|
||||
+ *name == '-' ||
|
||||
+ (*name == '$' && name[1] == '\0')
|
||||
)) {
|
||||
return false;
|
||||
}
|
||||
+ numeric &= isdigit(*name);
|
||||
|
@ -56,10 +60,11 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
|
|||
}
|
||||
|
||||
bool is_valid_user_name (const char *name)
|
||||
diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
|
||||
--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200
|
||||
+++ shadow-4.1.5.1/man/groupadd.8.xml 2014-09-09 17:28:46.330300342 +0200
|
||||
@@ -259,12 +259,6 @@
|
||||
Index: shadow-4.5/man/groupadd.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/groupadd.8.xml
|
||||
+++ shadow-4.5/man/groupadd.8.xml
|
||||
@@ -256,12 +256,6 @@
|
||||
<refsect1 id='caveats'>
|
||||
<title>CAVEATS</title>
|
||||
<para>
|
||||
|
@ -72,19 +77,11 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
|
|||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||
</para>
|
||||
<para>
|
||||
diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
|
||||
--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200
|
||||
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200
|
||||
@@ -366,7 +366,7 @@
|
||||
</term>
|
||||
<listitem>
|
||||
<para>
|
||||
- Do no create the user's home directory, even if the system
|
||||
+ Do not create the user's home directory, even if the system
|
||||
wide setting from <filename>/etc/login.defs</filename>
|
||||
(<option>CREATE_HOME</option>) is set to
|
||||
<replaceable>yes</replaceable>.
|
||||
@@ -654,12 +654,6 @@
|
||||
Index: shadow-4.5/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/man/useradd.8.xml
|
||||
+++ shadow-4.5/man/useradd.8.xml
|
||||
@@ -633,12 +633,6 @@
|
||||
</para>
|
||||
|
||||
<para>
|
84
shadow-4.5-long-entry.patch
Normal file
84
shadow-4.5-long-entry.patch
Normal file
|
@ -0,0 +1,84 @@
|
|||
diff -up shadow-4.5/lib/defines.h.long-entry shadow-4.5/lib/defines.h
|
||||
--- shadow-4.5/lib/defines.h.long-entry 2014-09-01 16:36:40.000000000 +0200
|
||||
+++ shadow-4.5/lib/defines.h 2018-04-20 11:53:07.419308212 +0200
|
||||
@@ -382,4 +382,7 @@ extern char *strerror ();
|
||||
# endif
|
||||
#endif
|
||||
|
||||
+/* Maximum length of passwd entry */
|
||||
+#define PASSWD_ENTRY_MAX_LENGTH 32768
|
||||
+
|
||||
#endif /* _DEFINES_H_ */
|
||||
diff -up shadow-4.5/lib/pwio.c.long-entry shadow-4.5/lib/pwio.c
|
||||
--- shadow-4.5/lib/pwio.c.long-entry 2015-11-17 17:45:15.000000000 +0100
|
||||
+++ shadow-4.5/lib/pwio.c 2018-04-20 12:10:24.400837235 +0200
|
||||
@@ -79,7 +79,10 @@ static int passwd_put (const void *ent,
|
||||
|| (pw->pw_gid == (gid_t)-1)
|
||||
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|
||||
|| (valid_field (pw->pw_dir, ":\n") == -1)
|
||||
- || (valid_field (pw->pw_shell, ":\n") == -1)) {
|
||||
+ || (valid_field (pw->pw_shell, ":\n") == -1)
|
||||
+ || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
|
||||
+ strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
|
||||
+ strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up shadow-4.5/lib/sgetpwent.c.long-entry shadow-4.5/lib/sgetpwent.c
|
||||
--- shadow-4.5/lib/sgetpwent.c.long-entry 2014-09-01 16:36:40.000000000 +0200
|
||||
+++ shadow-4.5/lib/sgetpwent.c 2018-04-20 12:16:31.911513808 +0200
|
||||
@@ -57,7 +57,7 @@
|
||||
struct passwd *sgetpwent (const char *buf)
|
||||
{
|
||||
static struct passwd pwent;
|
||||
- static char pwdbuf[1024];
|
||||
+ static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
register int i;
|
||||
register char *cp;
|
||||
char *fields[NFIELDS];
|
||||
@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu
|
||||
* the password structure remain valid.
|
||||
*/
|
||||
|
||||
- if (strlen (buf) >= sizeof pwdbuf)
|
||||
+ if (strlen (buf) >= sizeof pwdbuf) {
|
||||
+ fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
|
||||
return 0; /* fail if too long */
|
||||
+ }
|
||||
strcpy (pwdbuf, buf);
|
||||
|
||||
/*
|
||||
diff -up shadow-4.5/lib/sgetspent.c.long-entry shadow-4.5/lib/sgetspent.c
|
||||
--- shadow-4.5/lib/sgetspent.c.long-entry 2014-09-01 16:36:40.000000000 +0200
|
||||
+++ shadow-4.5/lib/sgetspent.c 2018-04-20 12:16:54.505056257 +0200
|
||||
@@ -48,7 +48,7 @@
|
||||
*/
|
||||
struct spwd *sgetspent (const char *string)
|
||||
{
|
||||
- static char spwbuf[1024];
|
||||
+ static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
static struct spwd spwd;
|
||||
char *fields[FIELDS];
|
||||
char *cp;
|
||||
@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri
|
||||
*/
|
||||
|
||||
if (strlen (string) >= sizeof spwbuf) {
|
||||
+ fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
|
||||
return 0; /* fail if too long */
|
||||
}
|
||||
strcpy (spwbuf, string);
|
||||
diff -up shadow-4.5/lib/shadowio.c.long-entry shadow-4.5/lib/shadowio.c
|
||||
--- shadow-4.5/lib/shadowio.c.long-entry 2016-12-07 06:30:41.000000001 +0100
|
||||
+++ shadow-4.5/lib/shadowio.c 2018-04-20 12:12:03.292171667 +0200
|
||||
@@ -79,7 +79,9 @@ static int shadow_put (const void *ent,
|
||||
|
||||
if ( (NULL == sp)
|
||||
|| (valid_field (sp->sp_namp, ":\n") == -1)
|
||||
- || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
|
||||
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)
|
||||
+ || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
|
||||
+ 1000 > PASSWD_ENTRY_MAX_LENGTH)) {
|
||||
return -1;
|
||||
}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
|
||||
--- shadow-4.2.1/src/usermod.c.unlock 2016-02-03 11:54:14.977664838 +0100
|
||||
+++ shadow-4.2.1/src/usermod.c 2016-02-09 11:52:08.244957222 +0100
|
||||
Index: shadow-4.5/src/usermod.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/usermod.c
|
||||
+++ shadow-4.5/src/usermod.c
|
||||
@@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
|
||||
strcat (buf, pw_pass);
|
||||
pw_pass = buf;
|
||||
|
@ -60,4 +61,4 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
|
|||
+ fail_exit(E_PW_UPDATE);
|
||||
|
||||
if (pflg) {
|
||||
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
|
||||
spent->sp_lstchg = (long) gettime () / SCALE;
|
File diff suppressed because it is too large
Load diff
21
shadow-4.6-getenforce.patch
Normal file
21
shadow-4.6-getenforce.patch
Normal file
|
@ -0,0 +1,21 @@
|
|||
diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
|
||||
--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200
|
||||
+++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200
|
||||
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
||||
}
|
||||
return 0;
|
||||
error:
|
||||
- if (security_getenforce () != 0) {
|
||||
+ if (security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
||||
selinux_checked = true;
|
||||
}
|
||||
if (selinux_enabled) {
|
||||
- if (setfscreatecon (NULL) != 0) {
|
||||
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
||||
return 1;
|
||||
}
|
||||
}
|
15
shadow-4.6-move-home.patch
Normal file
15
shadow-4.6-move-home.patch
Normal file
|
@ -0,0 +1,15 @@
|
|||
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
|
||||
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
|
||||
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
|
||||
@@ -1845,6 +1845,11 @@ static void move_home (void)
|
||||
Prog, prefix_user_home, prefix_user_newhome);
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: The previous home directory (%s) does "
|
||||
+ "not exist or is inaccessible. Move cannot be completed.\n"),
|
||||
+ Prog, prefix_user_home);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c
|
||||
--- shadow-4.1.5.1/lib/commonio.c.orig-context 2012-09-19 20:27:16.000000000 +0200
|
||||
+++ shadow-4.1.5.1/lib/commonio.c 2013-02-20 15:20:55.064962324 +0100
|
||||
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
|
||||
diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
|
||||
--- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
|
||||
snprintf (buf, sizeof buf, "%s-", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
|
@ -10,7 +10,7 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
|
|||
errors++;
|
||||
}
|
||||
#endif
|
||||
@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db *
|
||||
@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
|
@ -19,9 +19,9 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
|
|||
errors++;
|
||||
}
|
||||
#endif
|
||||
diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c
|
||||
--- shadow-4.1.5.1/libmisc/copydir.c.orig-context 2012-02-13 20:16:32.000000000 +0100
|
||||
+++ shadow-4.1.5.1/libmisc/copydir.c 2013-02-20 15:19:01.495623232 +0100
|
||||
diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
|
||||
--- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
|
||||
*/
|
||||
|
||||
|
@ -58,10 +58,10 @@ diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/co
|
|||
return -1;
|
||||
}
|
||||
#endif /* WITH_SELINUX */
|
||||
diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h
|
||||
--- shadow-4.1.5.1/lib/prototypes.h.orig-context 2012-01-08 17:04:29.000000000 +0100
|
||||
+++ shadow-4.1.5.1/lib/prototypes.h 2013-02-20 15:24:17.251126575 +0100
|
||||
@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m
|
||||
diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
|
||||
--- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
|
||||
|
||||
/* selinux.c */
|
||||
#ifdef WITH_SELINUX
|
||||
|
@ -70,9 +70,9 @@ diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototy
|
|||
extern int reset_selinux_file_context (void);
|
||||
#endif
|
||||
|
||||
diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
|
||||
--- shadow-4.1.5.1/lib/selinux.c.orig-context 2012-01-08 17:35:44.000000000 +0100
|
||||
+++ shadow-4.1.5.1/lib/selinux.c 2013-02-20 15:16:40.383716877 +0100
|
||||
diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
|
||||
--- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200
|
||||
@@ -50,7 +50,7 @@ static bool selinux_enabled;
|
||||
* Callers may have to Reset SELinux to create files with default
|
||||
* contexts with reset_selinux_file_context
|
||||
|
@ -114,15 +114,15 @@ diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
|
|||
}
|
||||
|
||||
/*
|
||||
diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c
|
||||
--- shadow-4.1.5.1/src/useradd.c.orig-context 2012-09-19 20:23:33.000000000 +0200
|
||||
+++ shadow-4.1.5.1/src/useradd.c 2013-02-20 15:19:31.221235459 +0100
|
||||
@@ -1759,7 +1759,7 @@ static void create_home (void)
|
||||
diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200
|
||||
@@ -2020,7 +2020,7 @@ static void create_home (void)
|
||||
{
|
||||
if (access (user_home, F_OK) != 0) {
|
||||
if (access (prefix_user_home, F_OK) != 0) {
|
||||
#ifdef WITH_SELINUX
|
||||
- if (set_selinux_file_context (user_home) != 0) {
|
||||
+ if (set_selinux_file_context (user_home, NULL) != 0) {
|
||||
fail_exit (E_HOMEDIR);
|
||||
}
|
||||
#endif
|
||||
- if (set_selinux_file_context (prefix_user_home) != 0) {
|
||||
+ if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: cannot set SELinux context for home directory %s\n"),
|
||||
Prog, user_home);
|
|
@ -1,8 +1,7 @@
|
|||
diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8
|
||||
diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
|
||||
--- shadow-4.1.5/src/useradd.c.redhat 2011-12-09 23:23:15.000000000 +0100
|
||||
+++ shadow-4.1.5/src/useradd.c 2012-03-19 09:50:05.227588669 +0100
|
||||
@@ -93,7 +93,7 @@ const char *Prog;
|
||||
diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200
|
||||
@@ -98,7 +98,7 @@ const char *Prog;
|
||||
static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
|
@ -11,7 +10,7 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
|
|||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "no";
|
||||
|
||||
@@ -103,7 +103,7 @@ static const char *def_expire = "";
|
||||
@@ -108,7 +108,7 @@ static const char *def_expire = "";
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
|
@ -20,19 +19,19 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
|
|||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha
|
||||
@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha
|
||||
@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
115
shadow-4.6-selinux.patch
Normal file
115
shadow-4.6-selinux.patch
Normal file
|
@ -0,0 +1,115 @@
|
|||
diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
|
||||
--- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200
|
||||
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
|
||||
|
||||
ret = 0;
|
||||
|
||||
+ /* drop obsolete matchpathcon cache */
|
||||
+ matchpathcon_fini();
|
||||
+
|
||||
done:
|
||||
semanage_seuser_key_free (key);
|
||||
semanage_handle_destroy (handle);
|
||||
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
+
|
||||
+ /* drop obsolete matchpathcon cache */
|
||||
+ matchpathcon_fini();
|
||||
+
|
||||
done:
|
||||
semanage_handle_destroy (handle);
|
||||
return ret;
|
||||
diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
|
||||
--- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200
|
||||
+++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200
|
||||
@@ -2120,6 +2120,7 @@ static void create_mail (void)
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
{
|
||||
+ int rv = E_SUCCESS;
|
||||
#ifdef ACCT_TOOLS_SETUID
|
||||
#ifdef USE_PAM
|
||||
pam_handle_t *pamh = NULL;
|
||||
@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
|
||||
|
||||
usr_update ();
|
||||
|
||||
- if (mflg) {
|
||||
- create_home ();
|
||||
- if (home_added) {
|
||||
- copy_tree (def_template, prefix_user_home, false, false,
|
||||
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
- } else {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the home directory already exists.\n"
|
||||
- "Not copying any file from skel directory into it.\n"),
|
||||
- Prog);
|
||||
- }
|
||||
-
|
||||
- }
|
||||
-
|
||||
- /* Do not create mail directory for system accounts */
|
||||
- if (!rflg) {
|
||||
- create_mail ();
|
||||
- }
|
||||
-
|
||||
close_files ();
|
||||
|
||||
+ nscd_flush_cache ("passwd");
|
||||
+ nscd_flush_cache ("group");
|
||||
+
|
||||
/*
|
||||
* tallylog_reset needs to be able to lookup
|
||||
* a valid existing user name,
|
||||
@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
- if (Zflg) {
|
||||
- if (set_seuser (user_name, user_selinux) != 0) {
|
||||
+ if (Zflg && *user_selinux) {
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ if (set_seuser (user_name, user_selinux) != 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
|
||||
Prog, user_name, user_selinux);
|
||||
@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
|
||||
"adding SELinux user mapping",
|
||||
user_name, (unsigned int) user_id, 0);
|
||||
#endif /* WITH_AUDIT */
|
||||
- fail_exit (E_SE_UPDATE);
|
||||
+ rv = E_SE_UPDATE;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
-#endif /* WITH_SELINUX */
|
||||
+#endif
|
||||
|
||||
- nscd_flush_cache ("passwd");
|
||||
- nscd_flush_cache ("group");
|
||||
+ if (mflg) {
|
||||
+ create_home ();
|
||||
+ if (home_added) {
|
||||
+ copy_tree (def_template, prefix_user_home, false, true,
|
||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the home directory already exists.\n"
|
||||
+ "Not copying any file from skel directory into it.\n"),
|
||||
+ Prog);
|
||||
+ }
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+ /* Do not create mail directory for system accounts */
|
||||
+ if (!rflg) {
|
||||
+ create_mail ();
|
||||
+ }
|
||||
|
||||
- return E_SUCCESS;
|
||||
+ return rv;
|
||||
}
|
||||
|
42
shadow-4.6-usermod-crash.patch
Normal file
42
shadow-4.6-usermod-crash.patch
Normal file
|
@ -0,0 +1,42 @@
|
|||
diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
|
||||
--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200
|
||||
+++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200
|
||||
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
|
||||
{
|
||||
long long int gid;
|
||||
char *endptr;
|
||||
+ struct group *g;
|
||||
|
||||
if (NULL == grname) {
|
||||
return NULL;
|
||||
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
|
||||
&& (gid == (gid_t)gid)) {
|
||||
return prefix_getgrgid ((gid_t) gid);
|
||||
}
|
||||
- return prefix_getgrnam (grname);
|
||||
+ g = prefix_getgrnam (grname);
|
||||
+ return g ? __gr_dup(g) : NULL;
|
||||
}
|
||||
else
|
||||
return getgr_nam_gid(grname);
|
||||
diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
|
||||
--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200
|
||||
+++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200
|
||||
@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
|
||||
prefix_user_home = xmalloc(len);
|
||||
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
|
||||
assert (wlen == (int) len -1);
|
||||
+ if (user_newhome) {
|
||||
+ len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
+ prefix_user_newhome = xmalloc(len);
|
||||
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
+ assert (wlen == (int) len -1);
|
||||
+ }
|
||||
|
||||
- len = strlen(prefix) + strlen(user_newhome) + 2;
|
||||
- prefix_user_newhome = xmalloc(len);
|
||||
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
|
||||
- assert (wlen == (int) len -1);
|
||||
}
|
||||
else {
|
||||
prefix_user_home = user_home;
|
|
@ -1,54 +1,55 @@
|
|||
# they warn against doing this ...
|
||||
%define _disable_source_fetch 0
|
||||
%define srcname shadow-utils
|
||||
|
||||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.2.1
|
||||
Release: 8%{?dist}
|
||||
Name: %{srcname}46
|
||||
Version: 4.6
|
||||
Release: 2%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
|
||||
Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
|
||||
Source1: shadow-utils.login.defs
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source2: shadow-utils.useradd
|
||||
Source3: shadow-utils.login.defs
|
||||
Source4: shadow-bsd.txt
|
||||
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
|
||||
Patch0: shadow-4.1.5-redhat.patch
|
||||
Patch1: shadow-4.1.5.1-goodname.patch
|
||||
Patch0: shadow-4.6-redhat.patch
|
||||
Patch1: shadow-4.5-goodname.patch
|
||||
Patch2: shadow-4.1.5.1-info-parent-dir.patch
|
||||
Patch3: shadow-4.1.5-uflg.patch
|
||||
Patch6: shadow-4.1.5.1-selinux.patch
|
||||
Patch7: shadow-4.1.5-2ndskip.patch
|
||||
Patch8: shadow-4.1.5.1-backup-mode.patch
|
||||
Patch9: shadow-4.2.1-merge-group.patch
|
||||
Patch10: shadow-4.1.5.1-orig-context.patch
|
||||
Patch6: shadow-4.6-selinux.patch
|
||||
Patch10: shadow-4.6-orig-context.patch
|
||||
Patch11: shadow-4.1.5.1-logmsg.patch
|
||||
Patch12: shadow-4.1.5.1-errmsg.patch
|
||||
Patch13: shadow-4.1.5.1-audit-owner.patch
|
||||
Patch14: shadow-4.1.5.1-default-range.patch
|
||||
Patch15: shadow-4.2.1-manfix.patch
|
||||
Patch15: shadow-4.3.1-manfix.patch
|
||||
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
|
||||
Patch18: shadow-4.1.5.1-id-alloc.patch
|
||||
Patch19: shadow-4.2.1-date-parsing.patch
|
||||
Patch20: shadow-4.1.5.1-ingroup.patch
|
||||
Patch21: shadow-4.1.5.1-move-home.patch
|
||||
Patch22: shadow-4.2.1-audit-update.patch
|
||||
Patch23: shadow-4.2.1-usermod-unlock.patch
|
||||
Patch21: shadow-4.6-move-home.patch
|
||||
Patch22: shadow-4.6-audit-update.patch
|
||||
Patch23: shadow-4.5-usermod-unlock.patch
|
||||
Patch24: shadow-4.2.1-no-lock-dos.patch
|
||||
Patch25: shadow-4.2.1-defs-chroot.patch
|
||||
Patch26: shadow-4.2.1-lastlog-unexpire.patch
|
||||
Patch27: shadow-4.2.1-user-busy.patch
|
||||
Patch28: shadow-4.3.1-selinux-perms.patch
|
||||
Patch29: shadow-4.2.1-null-tm.patch
|
||||
Patch31: shadow-4.6-getenforce.patch
|
||||
Patch32: shadow-4.5-crypt_h.patch
|
||||
Patch33: shadow-4.5-long-entry.patch
|
||||
Patch34: shadow-4.6-usermod-crash.patch
|
||||
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
BuildRequires: audit-libs-devel >= 1.6.5
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: libacl-devel libattr-devel
|
||||
BuildRequires: bison flex gnome-doc-utils
|
||||
#BuildRequires: autoconf, automake, libtool, gettext-devel
|
||||
BuildRequires: libacl-devel, libattr-devel
|
||||
BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds
|
||||
BuildRequires: autoconf, automake, libtool, gettext-devel
|
||||
Requires: libselinux >= 1.25.2-1
|
||||
Requires: audit-libs >= 1.6.5
|
||||
Requires: setup
|
||||
Requires(pre): coreutils
|
||||
Requires(post): coreutils
|
||||
Requires: %{name}-newxidmap = %{version}-%{release}
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
|
||||
%description
|
||||
|
@ -63,50 +64,40 @@ for all users. The useradd, userdel, and usermod commands are used for
|
|||
managing user accounts. The groupadd, groupdel, and groupmod commands
|
||||
are used for managing group accounts.
|
||||
|
||||
%package newxidmap
|
||||
Summary: only the newuidmapp and newgidmap from shadow-utils
|
||||
%description newxidmap
|
||||
%{summary}.
|
||||
|
||||
%prep
|
||||
%setup -q -n shadow-%{version}
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .info-parent-dir
|
||||
%patch3 -p1 -b .uflg
|
||||
%patch6 -p1 -b .selinux
|
||||
%patch7 -p1 -b .2ndskip
|
||||
%patch8 -p1 -b .backup-mode
|
||||
%patch9 -p1 -b .merge-group
|
||||
%patch10 -p1 -b .orig-context
|
||||
%patch11 -p1 -b .logmsg
|
||||
%patch12 -p1 -b .errmsg
|
||||
%patch13 -p1 -b .audit-owner
|
||||
%patch14 -p1 -b .default-range
|
||||
%patch15 -p1 -b .manfix
|
||||
%patch17 -p1 -b .userdel
|
||||
%patch18 -p1 -b .id-alloc
|
||||
%patch19 -p1 -b .date-parsing
|
||||
%patch20 -p1 -b .ingroup
|
||||
%patch21 -p1 -b .move-home
|
||||
%patch22 -p1 -b .audit-update
|
||||
%patch23 -p1 -b .unlock
|
||||
%patch24 -p1 -b .no-lock-dos
|
||||
%patch25 -p1 -b .defs-chroot
|
||||
%patch26 -p1 -b .unexpire
|
||||
%patch27 -p1 -b .user-busy
|
||||
%patch28 -p1 -b .selinux-perms
|
||||
%patch29 -p1 -b .null-tm
|
||||
%patch31 -p1 -b .getenforce
|
||||
%patch32 -p1 -b .crypt_h
|
||||
%patch33 -p1 -b .long-entry
|
||||
%patch34 -p1 -b .usermod-crash
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
|
||||
cp -a %{SOURCE4} %{SOURCE5} .
|
||||
|
||||
rm libmisc/getdate.c
|
||||
|
||||
#rm po/*.gmo
|
||||
#rm po/stamp-po
|
||||
#aclocal
|
||||
#libtoolize --force
|
||||
#automake -a
|
||||
#autoconf
|
||||
|
||||
%build
|
||||
|
||||
%ifarch sparc64
|
||||
#sparc64 need big PIE
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
|
||||
|
@ -116,6 +107,11 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
|
|||
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
||||
%endif
|
||||
|
||||
rm aclocal.m4
|
||||
aclocal
|
||||
libtoolize --force
|
||||
|
||||
autoreconf
|
||||
%configure \
|
||||
--enable-shadowgrp \
|
||||
--enable-man \
|
||||
|
@ -126,18 +122,17 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
|
|||
--without-libpam \
|
||||
--disable-shared \
|
||||
--with-group-name-max-length=32
|
||||
make
|
||||
%make_build
|
||||
|
||||
%install
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
%make_install gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
|
||||
install -p -c -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
|
||||
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
|
||||
install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
|
||||
|
||||
|
||||
ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
|
||||
#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
|
||||
ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
|
||||
for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
|
||||
test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
|
||||
|
@ -156,7 +151,6 @@ rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
|
|||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.*
|
||||
|
@ -185,8 +179,6 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
|
|||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
|
||||
|
@ -204,11 +196,7 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
|||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
done
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f shadow.lang
|
||||
%defattr(-,root,root)
|
||||
%doc NEWS doc/HOWTO README
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license gpl-2.0.txt shadow-bsd.txt
|
||||
|
@ -219,8 +207,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%attr(4755,root,root) %{_bindir}/gpasswd
|
||||
%{_bindir}/lastlog
|
||||
%attr(4755,root,root) %{_bindir}/newgrp
|
||||
%attr(4755,root,root) %{_bindir}/newgidmap
|
||||
%attr(4755,root,root) %{_bindir}/newuidmap
|
||||
%{_sbindir}/adduser
|
||||
%attr(0755,root,root) %{_sbindir}/user*
|
||||
%attr(0755,root,root) %{_sbindir}/group*
|
||||
|
@ -228,6 +214,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_sbindir}/pwck
|
||||
%{_sbindir}/*conv
|
||||
%{_sbindir}/chpasswd
|
||||
%{_sbindir}/chgpasswd
|
||||
%{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
|
@ -235,8 +222,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man1/gpasswd.1*
|
||||
%{_mandir}/man1/sg.1*
|
||||
%{_mandir}/man1/newgrp.1*
|
||||
%{_mandir}/man1/newgidmap.1*
|
||||
%{_mandir}/man1/newuidmap.1*
|
||||
%{_mandir}/man3/shadow.3*
|
||||
%{_mandir}/man5/shadow.5*
|
||||
%{_mandir}/man5/login.defs.5*
|
||||
|
@ -249,13 +234,80 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/pwck.8*
|
||||
%{_mandir}/man8/grpck.8*
|
||||
%{_mandir}/man8/chpasswd.8*
|
||||
%{_mandir}/man8/chgpasswd.8*
|
||||
%{_mandir}/man8/newusers.8*
|
||||
%{_mandir}/man8/*conv.8*
|
||||
%{_mandir}/man8/lastlog.8*
|
||||
%{_mandir}/man8/vipw.8*
|
||||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%files newxidmap
|
||||
%attr(4755,root,root) %{_bindir}/newgidmap
|
||||
%attr(4755,root,root) %{_bindir}/newuidmap
|
||||
%{_mandir}/man1/newgidmap.1*
|
||||
%{_mandir}/man1/newuidmap.1*
|
||||
|
||||
%changelog
|
||||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
|
||||
- update to current upstream release 4.6
|
||||
|
||||
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
|
||||
- Raise limit for passwd and shadow entry length but also prevent
|
||||
writing longer entries (#1422497)
|
||||
|
||||
* Tue Feb 06 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-9
|
||||
- Add patch to include crypt.h, if present
|
||||
- Use %%make_{build,install} macros
|
||||
- Refresh other patches for proper alignment
|
||||
|
||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-8
|
||||
- Rebuilt for switch to libxcrypt
|
||||
|
||||
* Mon Nov 6 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-7
|
||||
- fix regression caused by the userdel-chroot patch (#1509978)
|
||||
|
||||
* Thu Nov 2 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-6
|
||||
- fix userdel in chroot (#1316168)
|
||||
- add useful chage -E example to chage manpage
|
||||
|
||||
* Fri Sep 15 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-5
|
||||
- do not allow "." and ".." user names
|
||||
|
||||
* Mon Aug 14 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-4
|
||||
- allow switching to secondary group without checking the membership
|
||||
explicitly (patch from upstream)
|
||||
|
||||
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||
|
||||
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||
|
||||
* Fri Jul 21 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-1
|
||||
- update to current upstream release 4.5
|
||||
|
||||
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.3.1-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
* Thu Aug 25 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-2
|
||||
- fix regression in useradd - not processing defaults properly (#1369979)
|
||||
|
||||
* Tue Aug 23 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-1
|
||||
- new upstream release fixing low impact security issue
|
||||
|
||||
* Tue Jun 14 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-11
|
||||
- guard for localtime() and gmtime() failure
|
||||
|
||||
* Mon May 30 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-10
|
||||
- chpasswd, chgpasswd: open audit when starting
|
||||
|
||||
* Thu May 26 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-9
|
||||
- chgpasswd: do not remove it
|
||||
- chpasswd, chgpasswd: add selinux_check_access call (#1336902)
|
||||
|
||||
* Thu Mar 17 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-8
|
||||
- userdel: fix userdel -f with /etc/subuid present (#1316168)
|
||||
|
||||
|
|
2
sources
2
sources
|
@ -1,2 +0,0 @@
|
|||
2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz
|
||||
6752051fb07fc4be58c3d7b929bf2341 shadow-4.2.1.tar.xz.sig
|
2
sources.bak
Normal file
2
sources.bak
Normal file
|
@ -0,0 +1,2 @@
|
|||
SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
|
||||
SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed
|
77
tests/sanity/Makefile
Normal file
77
tests/sanity/Makefile
Normal file
|
@ -0,0 +1,77 @@
|
|||
# Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material
|
||||
# is made available to anyone wishing to use, modify, copy, or
|
||||
# redistribute it subject to the terms and conditions of the GNU General
|
||||
# Public License v.2.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||
# PARTICULAR PURPOSE. See the GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
#
|
||||
# Author: Jakub Hrozek
|
||||
|
||||
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
|
||||
# Example Makefile for RHTS #
|
||||
# This example is geared towards a test for a specific package #
|
||||
# It does most of the work for you, but may require further coding #
|
||||
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
|
||||
|
||||
# The toplevel namespace within which the test lives.
|
||||
TOPLEVEL_NAMESPACE=CoreOS
|
||||
|
||||
# The name of the package under test:
|
||||
PACKAGE_NAME=shadow-utils
|
||||
|
||||
# The path of the test below the package:
|
||||
RELATIVE_PATH=sanity
|
||||
|
||||
# Version of the Test. Used with make tag.
|
||||
export TESTVERSION=1.1
|
||||
|
||||
# The combined namespace of the test.
|
||||
export TEST=/$(TOPLEVEL_NAMESPACE)/$(PACKAGE_NAME)/$(RELATIVE_PATH)
|
||||
|
||||
# A phony target is one that is not really the name of a file.
|
||||
# It is just a name for some commands to be executed when you
|
||||
# make an explicit request. There are two reasons to use a
|
||||
# phony target: to avoid a conflict with a file of the same
|
||||
# name, and to improve performance.
|
||||
.PHONY: all install download clean
|
||||
|
||||
# Executables to be built should be added here, they will be generated on the system under test.
|
||||
BUILT_FILES=
|
||||
|
||||
# Data files, .c files, scripts anything needed to either compile the test and/or run it.
|
||||
FILES=$(METADATA) Makefile PURPOSE sanity_test.py runtest.sh
|
||||
|
||||
run: $(FILES) build
|
||||
./runtest.sh
|
||||
|
||||
build: $(BUILT_FILES)
|
||||
chmod a+x ./sanity_test.py
|
||||
chmod a+x ./runtest.sh
|
||||
|
||||
clean:
|
||||
rm -f *~ *.rpm $(BUILT_FILES)
|
||||
|
||||
# Include Common Makefile
|
||||
include /usr/share/rhts/lib/rhts-make.include
|
||||
|
||||
# Generate the testinfo.desc here:
|
||||
$(METADATA): Makefile
|
||||
@touch $(METADATA)
|
||||
@echo "Owner: Jakub Hrozek <jhrozek@redhat.com>" > $(METADATA)
|
||||
@echo "Name: $(TEST)" >> $(METADATA)
|
||||
@echo "Path: $(TEST_DIR)" >> $(METADATA)
|
||||
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
|
||||
@echo "License: GNU GPL" >> $(METADATA)
|
||||
@echo "Description: Basic sanity test for shadow-utils" >> $(METADATA)
|
||||
@echo "TestTime: 5m" >> $(METADATA)
|
||||
@echo "RunFor: $(PACKAGE_NAME)" >> $(METADATA)
|
||||
@echo "Requires: $(PACKAGE_NAME)" >> $(METADATA)
|
||||
@echo "Requires: python" >> $(METADATA)
|
||||
rhts-lint $(METADATA)
|
||||
|
10
tests/sanity/PURPOSE
Normal file
10
tests/sanity/PURPOSE
Normal file
|
@ -0,0 +1,10 @@
|
|||
This is a basic sanity test for the shadow-utils package. It is implemented
|
||||
in python on top of the unittesting.py module.
|
||||
|
||||
Its purpose is to ensure that the binaries in the shadow-utils package behave
|
||||
as expected and its switches/options work correctly.
|
||||
|
||||
For the most part, every binary in the shadow-utils package is represented by
|
||||
a single class named Test<BinaryName>, i.e. TestUsermod etc. There are some
|
||||
exceptions, like TestUseraddWeirdNameTest though.
|
||||
|
24
tests/sanity/runtest.sh
Executable file
24
tests/sanity/runtest.sh
Executable file
|
@ -0,0 +1,24 @@
|
|||
#!/bin/bash
|
||||
. /usr/bin/rhts-environment.sh
|
||||
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||
|
||||
rlJournalStart
|
||||
rlFileBackup --clean /etc/default/useradd- /etc/default/useradd
|
||||
setenforce 0
|
||||
python sanity_test.py -v
|
||||
setenforce 1
|
||||
rlFileRestore
|
||||
|
||||
EXIT=$?
|
||||
if [[ $EXIT -eq 0 ]]; then
|
||||
RESULT="PASS"
|
||||
else
|
||||
RESULT="FAIL"
|
||||
fi
|
||||
|
||||
|
||||
rlJournalEnd
|
||||
|
||||
echo "Result: $RESULT"
|
||||
echo "Exit: $EXIT"
|
||||
report_result $TEST $RESULT $EXIT
|
1013
tests/sanity/sanity_test.py
Executable file
1013
tests/sanity/sanity_test.py
Executable file
File diff suppressed because it is too large
Load diff
13
tests/tests.yml
Normal file
13
tests/tests.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
# This first play always runs on the local staging system
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- role: standard-test-beakerlib
|
||||
tags:
|
||||
- classic
|
||||
- atomic
|
||||
tests:
|
||||
- sanity
|
||||
required_packages:
|
||||
- shadow-utils # sanity test needs shadow-utils
|
||||
- python # sanity test needs python
|
Loading…
Reference in a new issue