Compare commits

...

31 commits

Author SHA1 Message Date
3815c0b5ba change package name so "shadow-utils" won't attempt to update
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-10-09 10:15:32 -04:00
7f73f07a1a source file is confusing the lookaside on copr
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-10-02 04:49:10 -04:00
3544220035 spec: subpackage of newuidmap and newgidmap
and have the main package depend on them for consistent experience.
Though this may hae the side effect of yum wanting to use the main
shadow as an upgrade to the shadow 4.1 that centos/rhel are using ...

Built local rpm with:
```shell
rpmbuild \
	--define "_sourcedir $(pwd)" \
	--define "_specdir $(pwd)" \
	--define "_builddir $(pwd)" \
	--define "_srcrpmdir $(pwd)" \
	--define "_rpmdir $(pwd)" \
	--nodeps \
	-ba \
	shadow-utils.spec
```

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-10-02 04:35:53 -04:00
6a08374eef spec: fetch sources from github if needed
there is the 'sources' file that fedpkg uses, but for now allow fetching
from the source URLs to build.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-10-02 04:14:39 -04:00
f0fc249a12 initial build steps for the package on centos7
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2018-10-02 04:12:27 -04:00
Fedora Release Engineering
8362f15341 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-14 06:02:14 +00:00
Jason Tibbitts
0aa8060034 Remove needless use of %defattr 2018-07-10 01:20:51 -05:00
Tomas Mraz
38a12ac864 update to current upstream release 4.6 2018-05-28 15:25:08 +02:00
Tomas Mraz
4cb5077b68 Raise limit for passwd and shadow entry length
- also prevent writing longer entries (#1422497)
2018-04-20 16:23:31 +02:00
Tomas Mraz
8d62f944dd Add gcc buildrequires 2018-03-01 13:11:34 +01:00
Igor Gnatenko
eb66bf0ca5
Remove %clean section
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-14 08:49:44 +01:00
Björn Esser
41955fa9ab
Add patch to include crypt.h, if present
Use %%make_{build,install} macros
Refresh other patches for proper alignment
2018-02-06 11:33:37 +01:00
Björn Esser
2d4f6e1972
Rebuilt for switch to libxcrypt 2018-01-20 23:08:33 +01:00
esakaiev
a6650f241c Adding tests to the new_tests branch 2018-01-05 20:39:59 +02:00
Tomas Mraz
95d0ea6880 fix regression caused by the userdel-chroot patch (#1509978) 2017-11-06 15:31:26 +01:00
Tomas Mraz
8633999acf fix userdel in chroot (#1316168)
add useful chage -E example to chage manpage
2017-11-02 11:50:59 +01:00
Tomas Mraz
9659143d38 Remove incorrect hunks from the goodname patch. 2017-09-15 18:00:17 +02:00
Tomas Mraz
b90f1c3912 do not allow "." and ".." user names 2017-09-15 17:54:22 +02:00
Tomas Mraz
2c7fd6de84 allow switching to secondary group without checking the membership
(patch from upstream)
2017-08-14 11:03:28 +02:00
Fedora Release Engineering
46349c33e5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 08:23:19 +00:00
Fedora Release Engineering
3a17ec0f47 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 18:30:31 +00:00
Tomas Mraz
ec99eade4e update to current upstream release 4.5 2017-07-21 14:04:11 +02:00
Fedora Release Engineering
ba9340caf5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 13:21:56 +00:00
Tomas Mraz
bb62fd7837 fix regression in useradd - not processing defaults properly (#1369979) 2016-08-25 11:24:38 +02:00
Tomas Mraz
457acab6b4 Add buildrequires for docbook. 2016-08-23 16:51:22 +02:00
Tomas Mraz
86cbf7e19d Add proper buildrequires for autotools. 2016-08-23 16:30:57 +02:00
Tomas Mraz
6c18d5356b Update patches for rebase 2016-08-23 16:06:06 +02:00
Tomas Mraz
f8ab516d30 new upstream release fixing low impact security issue 2016-08-23 16:03:52 +02:00
Tomas Mraz
c50e17082d guard for localtime() and gmtime() failure 2016-06-14 11:34:10 +02:00
Tomas Mraz
abed79ee4e chpasswd, chgpasswd: open audit when starting 2016-05-30 11:59:54 +02:00
Tomas Mraz
f884cd4c94 chgpasswd: do not remove it
- chpasswd, chgpasswd: add selinux_check_access call (#1336902)
2016-05-26 21:05:16 +02:00
42 changed files with 2291 additions and 2331 deletions

5
.gitignore vendored
View file

@ -5,3 +5,8 @@ shadow-4.1.4.2.tar.bz2
/shadow-4.1.5.1.tar.bz2.sig
/shadow-4.2.1.tar.xz
/shadow-4.2.1.tar.xz.sig
/shadow-4.3.1.tar.gz
/shadow-4.5.tar.xz
/shadow-4.5.tar.xz.asc
/shadow-4.6.tar.xz
/shadow-4.6.tar.xz.asc

View file

@ -1,100 +0,0 @@
diff -up shadow-4.1.5/src/grpconv.c.2ndskip shadow-4.1.5/src/grpconv.c
--- shadow-4.1.5/src/grpconv.c.2ndskip 2012-06-18 13:08:34.438910815 +0200
+++ shadow-4.1.5/src/grpconv.c 2012-06-18 13:12:51.270764552 +0200
@@ -143,6 +143,7 @@ int main (int argc, char **argv)
struct group grent;
const struct sgrp *sg;
struct sgrp sgent;
+ char *np;
Prog = Basename (argv[0]);
@@ -184,20 +185,25 @@ int main (int argc, char **argv)
* Remove /etc/gshadow entries for groups not in /etc/group.
*/
(void) sgr_rewind ();
- while ((sg = sgr_next ()) != NULL) {
- if (gr_locate (sg->sg_name) != NULL) {
- continue;
- }
-
- if (sgr_remove (sg->sg_name) == 0) {
- /*
- * This shouldn't happen (the entry exists) but...
- */
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
- Prog, sg->sg_name, sgr_dbname ());
- fail_exit (3);
+ sg = sgr_next ();
+ np=NULL;
+ while (sg != NULL) {
+ np = strdup(sg->sg_name);
+ sg = sgr_next ();
+
+ if(gr_locate (np) == NULL) {
+ if (sgr_remove (np) == 0) {
+ /*
+ * This shouldn't happen (the entry exists) but...
+ */
+ fprintf (stderr,
+ _("%s: cannot remove entry '%s' from %s\n"),
+ Prog, np, sgr_dbname ());
+ free(np);
+ fail_exit (3);
+ }
}
+ free(np);
}
/*
diff -up shadow-4.1.5/src/pwconv.c.2ndskip shadow-4.1.5/src/pwconv.c
--- shadow-4.1.5/src/pwconv.c.2ndskip 2012-06-18 11:23:33.938511797 +0200
+++ shadow-4.1.5/src/pwconv.c 2012-06-18 12:57:18.396426194 +0200
@@ -173,6 +173,7 @@ int main (int argc, char **argv)
struct passwd pwent;
const struct spwd *sp;
struct spwd spent;
+ char *np;
Prog = Basename (argv[0]);
@@ -223,20 +224,25 @@ int main (int argc, char **argv)
* Remove /etc/shadow entries for users not in /etc/passwd.
*/
(void) spw_rewind ();
- while ((sp = spw_next ()) != NULL) {
- if (pw_locate (sp->sp_namp) != NULL) {
- continue;
- }
-
- if (spw_remove (sp->sp_namp) == 0) {
- /*
- * This shouldn't happen (the entry exists) but...
- */
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
- Prog, sp->sp_namp, spw_dbname ());
- fail_exit (E_FAILURE);
+ sp = spw_next ();
+ np = NULL;
+ while (sp != NULL) {
+ np = strdup(sp->sp_namp);
+ sp = spw_next ();
+
+ if (pw_locate (np) == NULL) {
+ if (spw_remove (np) == 0) {
+ /*
+ * This shouldn't happen (the entry exists) but...
+ */
+ fprintf (stderr,
+ _("%s: cannot remove entry '%s' from %s\n"),
+ Prog, np, spw_dbname ());
+ free(np);
+ fail_exit (E_FAILURE);
+ }
}
+ free(np);
}
/*

View file

@ -1,23 +0,0 @@
diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c
--- shadow-4.1.5/libmisc/find_new_gid.c.uflg 2011-07-30 01:10:27.000000000 +0200
+++ shadow-4.1.5/libmisc/find_new_gid.c 2012-03-19 12:51:46.090554116 +0100
@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group,
return -1;
}
} else {
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+ gid_min = (gid_t) 1;
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
if (gid_max < gid_min) {
@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group,
return 0;
}
+ /* if we did not find free preffered system gid, we start to look for
+ * one in the range assigned to dynamic system IDs */
+ if (sys_group)
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
/*
* Search the entire group file,

View file

@ -1,32 +0,0 @@
diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
--- shadow-4.1.5.1/src/usermod.c.audit 2011-11-21 23:02:16.000000000 +0100
+++ shadow-4.1.5.1/src/usermod.c 2013-06-14 14:54:20.237026550 +0200
@@ -1513,6 +1513,14 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
+
if (rename (user_home, user_newhome) == 0) {
/* FIXME: rename above may have broken symlinks
* pointing to the user's home directory
@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
* ownership.
*
*/
+#ifdef WITH_AUDIT
+ if (uflg || gflg) {
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "changing home directory owner",
+ user_newname, (unsigned int) user_newid, 1);
+ }
+#endif
if (chown_tree (dflg ? user_newhome : user_home,
user_id,
uflg ? user_newid : (uid_t)-1,

View file

@ -1,20 +0,0 @@
diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c
--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200
+++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200
@@ -301,15 +301,12 @@ static int create_backup (const char *ba
struct utimbuf ub;
FILE *bkfp;
int c;
- mode_t mask;
if (fstat (fileno (fp), &sb) != 0) {
return -1;
}
- mask = umask (077);
- bkfp = fopen (backup, "w");
- (void) umask (mask);
+ bkfp = fopen_set_perms (backup, "w", &sb);
if (NULL == bkfp) {
return -1;
}

View file

@ -1,6 +1,7 @@
diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
--- shadow-4.1.5.1/lib/semanage.c.default-range 2012-01-08 17:35:44.000000000 +0100
+++ shadow-4.1.5.1/lib/semanage.c 2013-06-14 15:14:51.970237594 +0200
Index: shadow-4.5/lib/semanage.c
===================================================================
--- shadow-4.5.orig/lib/semanage.c
+++ shadow-4.5/lib/semanage.c
@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
goto done;
}

View file

@ -1,23 +0,0 @@
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
+++ shadow-4.1.5.1/src/useradd.c 2013-06-14 14:22:59.529661095 +0200
@@ -1760,6 +1760,9 @@ static void create_home (void)
if (access (user_home, F_OK) != 0) {
#ifdef WITH_SELINUX
if (set_selinux_file_context (user_home, NULL) != 0) {
+ fprintf (stderr,
+ _("%s: cannot set SELinux context for home directory %s\n"),
+ Prog, user_home);
fail_exit (E_HOMEDIR);
}
#endif
@@ -1789,6 +1792,9 @@ static void create_home (void)
#ifdef WITH_SELINUX
/* Reset SELinux to create files with default contexts */
if (reset_selinux_file_context () != 0) {
+ fprintf (stderr,
+ _("%s: cannot reset SELinux file creation context\n"),
+ Prog);
fail_exit (E_HOMEDIR);
}
#endif

File diff suppressed because it is too large Load diff

View file

@ -1,7 +1,8 @@
diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200
+++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200
@@ -216,7 +216,15 @@
Index: shadow-4.5/man/newusers.8.xml
===================================================================
--- shadow-4.5.orig/man/newusers.8.xml
+++ shadow-4.5/man/newusers.8.xml
@@ -218,7 +218,15 @@
<para>
If this field does not specify an existing directory, the
specified directory is created, with ownership set to the

View file

@ -1,63 +0,0 @@
diff -up shadow-4.1.5.1/src/newgrp.c.ingroup shadow-4.1.5.1/src/newgrp.c
--- shadow-4.1.5.1/src/newgrp.c.ingroup 2014-08-29 13:31:38.000000000 +0200
+++ shadow-4.1.5.1/src/newgrp.c 2014-08-29 14:04:57.183849650 +0200
@@ -83,15 +83,29 @@ static void usage (void)
}
}
+static bool ingroup(const char *name, struct group *gr)
+{
+ char **look;
+ bool notfound = true;
+
+ look = gr->gr_mem;
+ while (*look && notfound)
+ notfound = strcmp (*look++, name);
+
+ return !notfound;
+}
+
/*
- * find_matching_group - search all groups of a given group id for
+ * find_matching_group - search all groups of a gr's group id for
* membership of a given username
+ * but check gr itself first
*/
-static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
{
- struct group *gr;
- char **look;
- bool notfound = true;
+ gid_t gid = gr->gr_gid;
+
+ if (ingroup(name, gr))
+ return gr;
setgrent ();
while ((gr = getgrent ()) != NULL) {
@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
* A group with matching GID was found.
* Test for membership of 'name'.
*/
- look = gr->gr_mem;
- while ((NULL != *look) && notfound) {
- notfound = (strcmp (*look, name) != 0);
- look++;
- }
- if (!notfound) {
+ if (ingroup(name, gr))
break;
- }
}
endgrent ();
return gr;
@@ -616,7 +624,7 @@ int main (int argc, char **argv)
* groups of the same GID like the requested group for
* membership of the current user.
*/
- grp = find_matching_group (name, grp->gr_gid);
+ grp = find_matching_group (name, grp);
if (NULL == grp) {
/*
* No matching group found. As we already know that

View file

@ -1,7 +1,8 @@
diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
+++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100
@@ -275,7 +275,7 @@ static void fail_exit (int code)
Index: shadow-4.5/src/useradd.c
===================================================================
--- shadow-4.5.orig/src/useradd.c
+++ shadow-4.5/src/useradd.c
@@ -323,7 +323,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif

View file

@ -1,15 +0,0 @@
diff -up shadow-4.1.5.1/src/usermod.c.move-home shadow-4.1.5.1/src/usermod.c
--- shadow-4.1.5.1/src/usermod.c.move-home 2014-08-29 13:31:38.000000000 +0200
+++ shadow-4.1.5.1/src/usermod.c 2014-08-29 14:14:13.860671177 +0200
@@ -1571,6 +1571,11 @@ static void move_home (void)
Prog, user_home, user_newhome);
fail_exit (E_HOMEDIR);
}
+ } else {
+ fprintf (stderr,
+ _("%s: The previous home directory (%s) does "
+ "not exist or is inaccessible. Move cannot be completed.\n"),
+ Prog, user_home);
}
}

View file

@ -1,99 +0,0 @@
diff -up shadow-4.1.5.1/lib/semanage.c.selinux shadow-4.1.5.1/lib/semanage.c
--- shadow-4.1.5.1/lib/semanage.c.selinux 2012-01-08 17:35:44.000000000 +0100
+++ shadow-4.1.5.1/lib/semanage.c 2014-09-10 10:11:55.417506128 +0200
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
ret = 0;
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_seuser_key_free (key);
semanage_handle_destroy (handle);
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
}
ret = 0;
+
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_handle_destroy (handle);
return ret;
diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.selinux 2014-09-10 10:10:18.791280619 +0200
+++ shadow-4.1.5.1/src/useradd.c 2014-09-10 10:10:18.798280781 +0200
@@ -1850,6 +1850,7 @@ static void create_mail (void)
*/
int main (int argc, char **argv)
{
+ int rv = E_SUCCESS;
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
@@ -2037,10 +2038,33 @@ int main (int argc, char **argv)
usr_update ();
+ close_files ();
+
+ nscd_flush_cache ("passwd");
+ nscd_flush_cache ("group");
+
+#ifdef WITH_SELINUX
+ if (Zflg && *user_selinux) {
+ if (is_selinux_enabled () > 0) {
+ if (set_seuser (user_name, user_selinux) != 0) {
+ fprintf (stderr,
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+ Prog, user_name, user_selinux);
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+ "adding SELinux user mapping",
+ user_name, (unsigned int) user_id, 0);
+#endif /* WITH_AUDIT */
+ rv = E_SE_UPDATE;
+ }
+ }
+ }
+#endif
+
if (mflg) {
create_home ();
if (home_added) {
- copy_tree (def_template, user_home, false, false,
+ copy_tree (def_template, user_home, false, true,
(uid_t)-1, user_id, (gid_t)-1, user_gid);
} else {
fprintf (stderr,
@@ -2056,27 +2080,6 @@ int main (int argc, char **argv)
create_mail ();
}
- close_files ();
-
-#ifdef WITH_SELINUX
- if (Zflg) {
- if (set_seuser (user_name, user_selinux) != 0) {
- fprintf (stderr,
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
- Prog, user_name, user_selinux);
-#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding SELinux user mapping",
- user_name, (unsigned int) user_id, 0);
-#endif /* WITH_AUDIT */
- fail_exit (E_SE_UPDATE);
- }
- }
-#endif /* WITH_SELINUX */
-
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
-
- return E_SUCCESS;
+ return rv;
}

View file

@ -1,7 +1,8 @@
diff -up shadow-4.1.5.1/src/userdel.c.userdel shadow-4.1.5.1/src/userdel.c
--- shadow-4.1.5.1/src/userdel.c.userdel 2012-05-25 13:51:55.000000000 +0200
+++ shadow-4.1.5.1/src/userdel.c 2014-02-12 11:40:30.707686132 +0100
@@ -130,8 +130,9 @@ static void usage (int status)
Index: shadow-4.5/src/userdel.c
===================================================================
--- shadow-4.5.orig/src/userdel.c
+++ shadow-4.5/src/userdel.c
@@ -143,8 +143,9 @@ static void usage (int status)
"\n"
"Options:\n"),
Prog);

View file

@ -1,6 +1,7 @@
diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y
--- shadow-4.2.1/libmisc/getdate.y.date-parsing 2014-03-01 18:50:05.000000000 +0100
+++ shadow-4.2.1/libmisc/getdate.y 2014-11-26 14:58:21.208153924 +0100
Index: shadow-4.5/libmisc/getdate.y
===================================================================
--- shadow-4.5.orig/libmisc/getdate.y
+++ shadow-4.5/libmisc/getdate.y
@@ -152,6 +152,7 @@ static int yyHaveDay;
static int yyHaveRel;
static int yyHaveTime;

View file

@ -1,24 +0,0 @@
diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c
--- shadow-4.2.1/src/useradd.c.defs-chroot 2014-12-01 15:14:58.000000000 +0100
+++ shadow-4.2.1/src/useradd.c 2015-08-27 15:46:21.935698862 +0200
@@ -1938,8 +1938,8 @@ int main (int argc, char **argv)
#endif /* ACCT_TOOLS_SETUID */
/* Needed for userns check */
- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+ uid_t uid_min;
+ uid_t uid_max;
/*
* Get my name so that I can use it to report errors.
@@ -1957,6 +1957,9 @@ int main (int argc, char **argv)
audit_help_open ();
#endif
+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
+
sys_ngroups = sysconf (_SC_NGROUPS_MAX);
user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
/*

View file

@ -1,249 +0,0 @@
diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100
@@ -105,6 +105,17 @@
</varlistentry>
<varlistentry>
<term>
+ <option>-C</option>, <option>--clear</option>
+ </term>
+ <listitem>
+ <para>
+ Clear lastlog record of an user. This option can be used only together
+ with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
<option>-h</option>, <option>--help</option>
</term>
<listitem>
@@ -123,6 +134,17 @@
</para>
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>
+ <option>-S</option>, <option>--set</option>
+ </term>
+ <listitem>
+ <para>
+ Set lastlog record of an user to the current time. This option can be
+ used only together with <option>-u</option> (<option>--user</option>)).
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
<option>-t</option>, <option>--time</option>&nbsp;<replaceable>DAYS</replaceable>
diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100
@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf
static bool uflg = false; /* print only an user of range of users */
static bool tflg = false; /* print is restricted to most recent days */
static bool bflg = false; /* print excludes most recent days */
+static bool Cflg = false; /* clear record for user */
+static bool Sflg = false; /* set record for user */
#define NOW (time ((time_t *) 0))
@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
"Options:\n"),
Prog);
(void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
+ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
(void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
(void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
(void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
(void) fputs ("\n", usageout);
@@ -194,6 +198,80 @@ static void print (void)
}
}
+static void update_one (/*@null@*/const struct passwd *pw)
+{
+ off_t offset;
+ struct lastlog ll;
+ int err;
+
+ if (NULL == pw) {
+ return;
+ }
+
+ offset = (off_t) pw->pw_uid * sizeof (ll);
+ /* fseeko errors are not really relevant for us. */
+ err = fseeko (lastlogfile, offset, SEEK_SET);
+ assert (0 == err);
+
+ memzero (&ll, sizeof (ll));
+
+ if (Sflg) {
+ ll.ll_time = NOW;
+#ifdef HAVE_LL_HOST
+ strcpy (ll.ll_host, "localhost");
+#endif
+ strcpy (ll.ll_line, "lastlog");
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "clearing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+#endif
+ }
+#ifdef WITH_AUDIT
+ else {
+ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
+ "refreshing-lastlog",
+ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
+ }
+#endif
+
+ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
+ fprintf (stderr,
+ _("%s: Failed to update the entry for UID %lu\n"),
+ Prog, (unsigned long int)pw->pw_uid);
+ exit (EXIT_FAILURE);
+ }
+}
+
+static void update (void)
+{
+ const struct passwd *pwent;
+
+ if (!uflg) /* safety measure */
+ return;
+
+ if (has_umin && has_umax && (umin == umax)) {
+ update_one (getpwuid ((uid_t)umin));
+ } else {
+ setpwent ();
+ while ( (pwent = getpwent ()) != NULL ) {
+ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
+ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
+ continue;
+ }
+ update_one (pwent);
+ }
+ endpwent ();
+ }
+
+ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
+ fprintf (stderr,
+ _("%s: Failed to update the lastlog file\n"),
+ Prog);
+ exit (EXIT_FAILURE);
+ }
+}
+
int main (int argc, char **argv)
{
/*
@@ -208,18 +286,24 @@ int main (int argc, char **argv)
process_root_flag ("-R", argc, argv);
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+
{
int c;
static struct option const longopts[] = {
{"before", required_argument, NULL, 'b'},
+ {"clear", no_argument, NULL, 'C'},
{"help", no_argument, NULL, 'h'},
{"root", required_argument, NULL, 'R'},
+ {"set", no_argument, NULL, 'S'},
{"time", required_argument, NULL, 't'},
{"user", required_argument, NULL, 'u'},
{NULL, 0, NULL, '\0'}
};
- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
+ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
NULL)) != -1) {
switch (c) {
case 'b':
@@ -235,11 +319,21 @@ int main (int argc, char **argv)
bflg = true;
break;
}
+ case 'C':
+ {
+ Cflg = true;
+ break;
+ }
case 'h':
usage (EXIT_SUCCESS);
/*@notreached@*/break;
case 'R': /* no-op, handled in process_root_flag () */
break;
+ case 'S':
+ {
+ Sflg = true;
+ break;
+ }
case 't':
{
unsigned long days;
@@ -294,9 +388,21 @@ int main (int argc, char **argv)
Prog, argv[optind]);
usage (EXIT_FAILURE);
}
+ if (Cflg && Sflg) {
+ fprintf (stderr,
+ _("%s: Option -C cannot be used together with option -S\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
+ if ((Cflg || Sflg) && !uflg) {
+ fprintf (stderr,
+ _("%s: Options -C and -S require option -u to specify the user\n"),
+ Prog);
+ usage (EXIT_FAILURE);
+ }
}
- lastlogfile = fopen (LASTLOG_FILE, "r");
+ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
if (NULL == lastlogfile) {
perror (LASTLOG_FILE);
exit (EXIT_FAILURE);
@@ -310,7 +416,10 @@ int main (int argc, char **argv)
exit (EXIT_FAILURE);
}
- print ();
+ if (Cflg || Sflg)
+ update ();
+ else
+ print ();
(void) fclose (lastlogfile);
diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200
+++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100
@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
grpck_LDADD = $(LDADD) $(LIBSELINUX)
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
login_SOURCES = \
login.c \
login_nopam.c
diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200
+++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100
@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
$(top_builddir)/lib/libshadow.la
lastlog_SOURCES = lastlog.c
lastlog_OBJECTS = lastlog.$(OBJEXT)
-lastlog_LDADD = $(LDADD)
+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(top_builddir)/libmisc/libmisc.a \
$(top_builddir)/lib/libshadow.la

View file

@ -1,13 +0,0 @@
diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c
--- shadow-4.2.1/lib/groupio.c.merge-group 2014-11-26 14:33:54.039581662 +0100
+++ shadow-4.2.1/lib/groupio.c 2014-11-26 14:46:02.841852886 +0100
@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *
errno = ENOMEM;
return NULL;
}
- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
- new_line[new_line_len] = '\0';
+ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
/* Concatenate the 2 list of members */
for (i=0; NULL != gptr1->gr_mem[i]; i++);

View file

@ -1,6 +1,7 @@
diff -up shadow-4.2.1/lib/commonio.c.no-lock-dos shadow-4.2.1/lib/commonio.c
--- shadow-4.2.1/lib/commonio.c.no-lock-dos 2015-08-27 15:09:17.101537812 +0200
+++ shadow-4.2.1/lib/commonio.c 2015-08-27 15:11:06.643011248 +0200
Index: shadow-4.5/lib/commonio.c
===================================================================
--- shadow-4.5.orig/lib/commonio.c
+++ shadow-4.5/lib/commonio.c
@@ -140,7 +140,10 @@ static int do_lock_file (const char *fil
int retval;
char buf[32];

View file

@ -0,0 +1,91 @@
Index: shadow-4.5/src/faillog.c
===================================================================
--- shadow-4.5.orig/src/faillog.c
+++ shadow-4.5/src/faillog.c
@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const s
}
tm = localtime (&fl.fail_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
+ cp = ptime;
#endif
+ }
printf ("%-9s %5d %5d ",
pw->pw_name, fl.fail_cnt, fl.fail_max);
/* FIXME: cp is not defined ifndef HAVE_STRFTIME */
Index: shadow-4.5/src/chage.c
===================================================================
--- shadow-4.5.orig/src/chage.c
+++ shadow-4.5/src/chage.c
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
struct tm *tp;
tp = gmtime (&date);
+ if (tp == NULL) {
+ (void) snprintf (buf, maxsize, "(unknown)");
+ return;
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
#else
Index: shadow-4.5/src/lastlog.c
===================================================================
--- shadow-4.5.orig/src/lastlog.c
+++ shadow-4.5/src/lastlog.c
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
ll_time = ll.ll_time;
tm = localtime (&ll_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+ cp = ptime;
#else
- cp = asctime (tm);
- cp[24] = '\0';
+ cp = asctime (tm);
+ cp[24] = '\0';
#endif
+ }
if (ll.ll_time == (time_t) 0) {
cp = _("**Never logged in**\0");
Index: shadow-4.5/src/passwd.c
===================================================================
--- shadow-4.5.orig/src/passwd.c
+++ shadow-4.5/src/passwd.c
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
struct tm *tm;
tm = gmtime (&t);
+ if (tm == NULL) {
+ return "(unknown)";
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
#else /* !HAVE_STRFTIME */
Index: shadow-4.5/src/usermod.c
===================================================================
--- shadow-4.5.orig/src/usermod.c
+++ shadow-4.5/src/usermod.c
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
} else {
time_t t = (time_t) date;
tp = gmtime (&t);
+ if (tp == NULL) {
+ strncpy (buf, "unknown", maxsize);
+ return;
+ }
#ifdef HAVE_STRFTIME
strftime (buf, maxsize, "%Y-%m-%d", tp);
#else

View file

@ -1,48 +0,0 @@
From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001
From: Bastian Blank <bastian.blank@credativ.de>
Date: Tue, 17 Nov 2015 10:52:24 -0600
Subject: [PATCH] Fix user busy errors at userdel
From: Bastian Blank <bastian.blank@credativ.de>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---
libmisc/user_busy.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
index db7174a..0db32c3 100644
--- a/libmisc/user_busy.c
+++ b/libmisc/user_busy.c
@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (stat ("/", &sbroot) != 0) {
perror ("stat (\"/\")");
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
return 0;
}
@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
if (check_status (name, tmp_d_name, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
}
if (check_status (name, task_path+6, uid) != 0) {
(void) closedir (proc);
+#ifdef ENABLE_SUBIDS
+ sub_uid_close();
+#endif
fprintf (stderr,
_("%s: user %s is currently used by process %d\n"),
Prog, name, pid);
--
2.5.0

View file

@ -1,6 +1,7 @@
diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
--- shadow-4.2.1/man/groupmems.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/groupmems.8.xml 2015-11-06 14:21:03.013060324 +0100
Index: shadow-4.5/man/groupmems.8.xml
===================================================================
--- shadow-4.5.orig/man/groupmems.8.xml
+++ shadow-4.5/man/groupmems.8.xml
@@ -179,20 +179,10 @@
<refsect1 id='setup'>
<title>SETUP</title>
@ -25,9 +26,10 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm
</refsect1>
<refsect1 id='configuration'>
diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
Index: shadow-4.5/man/chage.1.xml
===================================================================
--- shadow-4.5.orig/man/chage.1.xml
+++ shadow-4.5/man/chage.1.xml
@@ -102,6 +102,9 @@
Set the number of days since January 1st, 1970 when the password
was last changed. The date may also be expressed in the format
@ -38,10 +40,25 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
</para>
</listitem>
</varlistentry>
diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5
--- shadow-4.2.1/man/ja/man5/login.defs.5.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/ja/man5/login.defs.5 2016-01-08 09:58:29.591702354 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
@@ -119,6 +122,13 @@
system again.
</para>
<para>
+ For example the following can be used to set an account to expire
+ in 180 days:
+ </para>
+ <programlisting>
+ chage -E $(date -d +180days +%Y-%m-%d)
+ </programlisting>
+ <para>
Passing the number <emphasis remap='I'>-1</emphasis> as the
<replaceable>EXPIRE_DATE</replaceable> will remove an account
expiration date.
Index: shadow-4.5/man/ja/man5/login.defs.5
===================================================================
--- shadow-4.5.orig/man/ja/man5/login.defs.5
+++ shadow-4.5/man/ja/man5/login.defs.5
@@ -147,10 +147,6 @@ PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_
shadow パスワード機能のどのプログラムが
どのパラメータを使用するかを示したものである。
.na
@ -52,9 +69,10 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l
.IP groupadd 12
GID_MAX GID_MIN
.IP newusers 12
diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100
+++ shadow-4.2.1/man/login.defs.5.xml 2016-01-08 09:59:35.854169787 +0100
Index: shadow-4.5/man/login.defs.5.xml
===================================================================
--- shadow-4.5.orig/man/login.defs.5.xml
+++ shadow-4.5/man/login.defs.5.xml
@@ -162,6 +162,17 @@
long numeric parameters is machine-dependent.
</para>
@ -73,7 +91,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<para>The following configuration items are provided:</para>
<variablelist remap='IP'>
@@ -252,26 +263,6 @@
@@ -252,16 +263,6 @@
</listitem>
</varlistentry>
<varlistentry>
@ -87,20 +105,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>chgpasswd</term>
- <listitem>
- <para>
- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
- <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- SHA_CRYPT_MIN_ROUNDS</phrase>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
<term>chpasswd</term>
<term>chgpasswd</term>
<listitem>
<para>
@@ -282,14 +273,6 @@
@@ -282,14 +283,6 @@
</para>
</listitem>
</varlistentry>
@ -115,7 +123,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
<!-- faillog: no variables -->
<varlistentry>
@@ -350,34 +333,6 @@
@@ -350,34 +343,6 @@
</varlistentry>
<!-- id: no variables -->
<!-- lastlog: no variables -->
@ -150,7 +158,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<!-- logoutd: no variables -->
<varlistentry>
<term>newgrp / sg</term>
@@ -405,17 +360,6 @@
@@ -405,17 +370,6 @@
</listitem>
</varlistentry>
<!-- nologin: no variables -->
@ -168,7 +176,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<varlistentry>
<term>pwck</term>
<listitem>
@@ -442,32 +386,6 @@
@@ -442,32 +396,6 @@
</para>
</listitem>
</varlistentry>
@ -201,9 +209,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
<varlistentry>
<term>useradd</term>
<listitem>
diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
--- shadow-4.2.1/man/shadow.5.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/shadow.5.xml 2015-10-27 16:54:29.304231353 +0100
Index: shadow-4.5/man/shadow.5.xml
===================================================================
--- shadow-4.5.orig/man/shadow.5.xml
+++ shadow-4.5/man/shadow.5.xml
@@ -208,8 +208,8 @@
</para>
<para>
@ -215,10 +224,11 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
</para>
<para>
An empty field means that there are no enforcement of an
diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
+++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
@@ -347,11 +347,16 @@
Index: shadow-4.5/man/useradd.8.xml
===================================================================
--- shadow-4.5.orig/man/useradd.8.xml
+++ shadow-4.5/man/useradd.8.xml
@@ -347,6 +347,11 @@
<option>CREATE_HOME</option> is not enabled, no home
directories are created.
</para>
@ -230,15 +240,10 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
</listitem>
</varlistentry>
<varlistentry>
<term>
- <option>-M</option>
+ <option>-M</option>, <option>--no-create-home</option>
</term>
<listitem>
<para>
diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
+++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100
Index: shadow-4.5/man/usermod.8.xml
===================================================================
--- shadow-4.5.orig/man/usermod.8.xml
+++ shadow-4.5/man/usermod.8.xml
@@ -132,7 +132,8 @@
If the <option>-m</option>
option is given, the contents of the current home directory will

View file

@ -0,0 +1,277 @@
Index: shadow-4.5/src/chgpasswd.c
===================================================================
--- shadow-4.5.orig/src/chgpasswd.c
+++ shadow-4.5/src/chgpasswd.c
@@ -39,6 +39,13 @@
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#endif
+#ifdef WITH_LIBAUDIT
+#include <libaudit.h>
+#endif
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
#include "pam_defs.h"
@@ -76,6 +83,9 @@ static bool sgr_locked = false;
#endif
static bool gr_locked = false;
+/* The name of the caller */
+static char *myname = NULL;
+
/* local function prototypes */
static void fail_exit (int code);
static /*@noreturn@*/void usage (int status);
@@ -300,6 +310,63 @@ static void check_perms (void)
#endif /* ACCT_TOOLS_SETUID */
}
+#ifdef WITH_SELINUX
+static int
+log_callback (int type, const char *fmt, ...)
+{
+ int audit_fd;
+ va_list ap;
+
+ va_start(ap, fmt);
+#ifdef WITH_AUDIT
+ audit_fd = audit_open();
+
+ if (audit_fd >= 0) {
+ char *buf;
+
+ if (vasprintf (&buf, fmt, ap) < 0)
+ goto ret;
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, 0);
+ audit_close(audit_fd);
+ free(buf);
+ goto ret;
+ }
+
+#endif
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
+ret:
+ va_end(ap);
+ return 0;
+}
+
+static void
+selinux_check_root (void)
+{
+ int status = -1;
+ security_context_t user_context;
+ union selinux_callback old_callback;
+
+ if (is_selinux_enabled() < 1)
+ return;
+
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
+ /* setup callbacks */
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
+ if ((status = getprevcon(&user_context)) < 0) {
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
+ exit(1);
+ }
+
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
+
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
+ freecon(user_context);
+ if (status != 0 && security_getenforce() != 0)
+ exit(1);
+}
+#endif
+
/*
* open_files - lock and open the group databases
*/
@@ -393,6 +460,7 @@ int main (int argc, char **argv)
const struct group *gr;
struct group newgr;
+ struct passwd *pw = NULL;
int errors = 0;
int line = 0;
@@ -408,8 +476,33 @@ int main (int argc, char **argv)
OPENLOG ("chgpasswd");
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+
+ /*
+ * Determine the name of the user that invoked this command. This
+ * is really hit or miss because there are so many ways that command
+ * can be executed and so many ways to trip up the routines that
+ * report the user name.
+ */
+ pw = get_my_pwent ();
+ if (NULL == pw) {
+ fprintf (stderr, _("%s: Cannot determine your user name.\n"),
+ Prog);
+ SYSLOG ((LOG_WARN,
+ "Cannot determine the user name of the caller (UID %lu)",
+ (unsigned long) getuid ()));
+ exit (E_NOPERM);
+ }
+ myname = xstrdup (pw->pw_name);
+
check_perms ();
+#ifdef WITH_SELINUX
+ selinux_check_root ();
+#endif
+
#ifdef SHADOWGRP
is_shadow_grp = sgr_file_present ();
#endif
@@ -536,6 +629,15 @@ int main (int argc, char **argv)
newgr.gr_passwd = cp;
}
+#ifdef WITH_AUDIT
+ {
+
+ audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
+ "change-password",
+ myname, AUDIT_NO_ID, gr->gr_name,
+ SHADOW_AUDIT_SUCCESS);
+ }
+#endif
/*
* The updated group file entry is then put back and will
* be written to the group file later, after all the
Index: shadow-4.5/src/chpasswd.c
===================================================================
--- shadow-4.5.orig/src/chpasswd.c
+++ shadow-4.5/src/chpasswd.c
@@ -39,6 +39,13 @@
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
+#ifdef WITH_SELINUX
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#endif
+#ifdef WITH_LIBAUDIT
+#include <libaudit.h>
+#endif
#ifdef USE_PAM
#include "pam_defs.h"
#endif /* USE_PAM */
@@ -297,6 +304,63 @@ static void check_perms (void)
#endif /* USE_PAM */
}
+#ifdef WITH_SELINUX
+static int
+log_callback (int type, const char *fmt, ...)
+{
+ int audit_fd;
+ va_list ap;
+
+ va_start(ap, fmt);
+#ifdef WITH_AUDIT
+ audit_fd = audit_open();
+
+ if (audit_fd >= 0) {
+ char *buf;
+
+ if (vasprintf (&buf, fmt, ap) < 0)
+ goto ret;
+ audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
+ NULL, 0);
+ audit_close(audit_fd);
+ free(buf);
+ goto ret;
+ }
+
+#endif
+ vsyslog (LOG_USER | LOG_INFO, fmt, ap);
+ret:
+ va_end(ap);
+ return 0;
+}
+
+static void
+selinux_check_root (void)
+{
+ int status = -1;
+ security_context_t user_context;
+ union selinux_callback old_callback;
+
+ if (is_selinux_enabled() < 1)
+ return;
+
+ old_callback = selinux_get_callback(SELINUX_CB_LOG);
+ /* setup callbacks */
+ selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
+ if ((status = getprevcon(&user_context)) < 0) {
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
+ exit(1);
+ }
+
+ status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
+
+ selinux_set_callback(SELINUX_CB_LOG, old_callback);
+ freecon(user_context);
+ if (status != 0 && security_getenforce() != 0)
+ exit(1);
+}
+#endif
+
/*
* open_files - lock and open the password databases
*/
@@ -405,8 +469,16 @@ int main (int argc, char **argv)
OPENLOG ("chpasswd");
+#ifdef WITH_AUDIT
+ audit_help_open ();
+#endif
+
check_perms ();
+#ifdef WITH_SELINUX
+ selinux_check_root ();
+#endif
+
#ifdef USE_PAM
if (!use_pam)
#endif /* USE_PAM */
@@ -566,6 +638,11 @@ int main (int argc, char **argv)
newpw.pw_passwd = cp;
}
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "updating-password",
+ pw->pw_name, (unsigned int) pw->pw_uid, 1);
+#endif
/*
* The updated password file entry is then put back and will
* be written to the password file later, after all the
Index: shadow-4.5/src/Makefile.am
===================================================================
--- shadow-4.5.orig/src/Makefile.am
+++ shadow-4.5/src/Makefile.am
@@ -87,9 +87,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID)
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)

41
shadow-4.5-crypt_h.patch Normal file
View file

@ -0,0 +1,41 @@
Index: shadow-4.5/configure.ac
===================================================================
--- shadow-4.5.orig/configure.ac
+++ shadow-4.5/configure.ac
@@ -32,9 +32,9 @@ AC_HEADER_STDC
AC_HEADER_SYS_WAIT
AC_HEADER_STDBOOL
-AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
- utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
- utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
+AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h \
+ utmp.h utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h \
+ paths.h utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
attr/error_context.h)
Index: shadow-4.5/lib/defines.h
===================================================================
--- shadow-4.5.orig/lib/defines.h
+++ shadow-4.5/lib/defines.h
@@ -4,6 +4,8 @@
#ifndef _DEFINES_H_
#define _DEFINES_H_
+#include "config.h"
+
#if HAVE_STDBOOL_H
# include <stdbool.h>
#else
@@ -94,6 +96,10 @@ char *strchr (), *strrchr (), *strtok ()
# include <unistd.h>
#endif
+#if HAVE_CRYPT_H
+# include <crypt.h> /* crypt(3) may be defined in here */
+#endif
+
#if TIME_WITH_SYS_TIME
# include <sys/time.h>
# include <time.h>

View file

@ -1,7 +1,8 @@
diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
--- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200
+++ shadow-4.1.5.1/libmisc/chkname.c 2014-09-09 17:35:17.207303124 +0200
@@ -47,27 +47,42 @@
Index: shadow-4.5/libmisc/chkname.c
===================================================================
--- shadow-4.5.orig/libmisc/chkname.c
+++ shadow-4.5/libmisc/chkname.c
@@ -47,27 +47,46 @@
#include "chkname.h"
static bool is_valid_name (const char *name)
@ -18,16 +19,18 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
+ * as a non-POSIX, extension, allow "$" as the last char for
+ * sake of Samba 3.x "add machine script"
+ *
+ * Also do not allow fully numeric names.
+ * Also do not allow fully numeric names or just "." or "..".
+ */
+ int numeric;
+
+ if ( ('\0' == *name) ||
+ if ('\0' == *name ||
+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
+ '\0' == name[1])) ||
+ !((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') ||
+ (*name == '_') || (*name == '.')
+ )) {
+ *name == '_' ||
+ *name == '.')) {
return false;
}
@ -39,13 +42,14 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
- ('_' == *name) ||
- ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
+ if (!( (*name >= 'a' && *name <= 'z') ||
+ if (!((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') ||
+ (*name == '_') || (*name == '.') || (*name == '-') ||
+ (*name == '$' && *(name + 1) == '\0')
+ )) {
+ *name == '_' ||
+ *name == '.' ||
+ *name == '-' ||
+ (*name == '$' && name[1] == '\0')
)) {
return false;
}
+ numeric &= isdigit(*name);
@ -56,10 +60,11 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
}
bool is_valid_user_name (const char *name)
diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200
+++ shadow-4.1.5.1/man/groupadd.8.xml 2014-09-09 17:28:46.330300342 +0200
@@ -259,12 +259,6 @@
Index: shadow-4.5/man/groupadd.8.xml
===================================================================
--- shadow-4.5.orig/man/groupadd.8.xml
+++ shadow-4.5/man/groupadd.8.xml
@@ -256,12 +256,6 @@
<refsect1 id='caveats'>
<title>CAVEATS</title>
<para>
@ -72,19 +77,11 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para>
<para>
diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200
@@ -366,7 +366,7 @@
</term>
<listitem>
<para>
- Do no create the user's home directory, even if the system
+ Do not create the user's home directory, even if the system
wide setting from <filename>/etc/login.defs</filename>
(<option>CREATE_HOME</option>) is set to
<replaceable>yes</replaceable>.
@@ -654,12 +654,6 @@
Index: shadow-4.5/man/useradd.8.xml
===================================================================
--- shadow-4.5.orig/man/useradd.8.xml
+++ shadow-4.5/man/useradd.8.xml
@@ -633,12 +633,6 @@
</para>
<para>

View file

@ -0,0 +1,84 @@
diff -up shadow-4.5/lib/defines.h.long-entry shadow-4.5/lib/defines.h
--- shadow-4.5/lib/defines.h.long-entry 2014-09-01 16:36:40.000000000 +0200
+++ shadow-4.5/lib/defines.h 2018-04-20 11:53:07.419308212 +0200
@@ -382,4 +382,7 @@ extern char *strerror ();
# endif
#endif
+/* Maximum length of passwd entry */
+#define PASSWD_ENTRY_MAX_LENGTH 32768
+
#endif /* _DEFINES_H_ */
diff -up shadow-4.5/lib/pwio.c.long-entry shadow-4.5/lib/pwio.c
--- shadow-4.5/lib/pwio.c.long-entry 2015-11-17 17:45:15.000000000 +0100
+++ shadow-4.5/lib/pwio.c 2018-04-20 12:10:24.400837235 +0200
@@ -79,7 +79,10 @@ static int passwd_put (const void *ent,
|| (pw->pw_gid == (gid_t)-1)
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|| (valid_field (pw->pw_dir, ":\n") == -1)
- || (valid_field (pw->pw_shell, ":\n") == -1)) {
+ || (valid_field (pw->pw_shell, ":\n") == -1)
+ || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
+ strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
+ strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}
diff -up shadow-4.5/lib/sgetpwent.c.long-entry shadow-4.5/lib/sgetpwent.c
--- shadow-4.5/lib/sgetpwent.c.long-entry 2014-09-01 16:36:40.000000000 +0200
+++ shadow-4.5/lib/sgetpwent.c 2018-04-20 12:16:31.911513808 +0200
@@ -57,7 +57,7 @@
struct passwd *sgetpwent (const char *buf)
{
static struct passwd pwent;
- static char pwdbuf[1024];
+ static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
register int i;
register char *cp;
char *fields[NFIELDS];
@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu
* the password structure remain valid.
*/
- if (strlen (buf) >= sizeof pwdbuf)
+ if (strlen (buf) >= sizeof pwdbuf) {
+ fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
return 0; /* fail if too long */
+ }
strcpy (pwdbuf, buf);
/*
diff -up shadow-4.5/lib/sgetspent.c.long-entry shadow-4.5/lib/sgetspent.c
--- shadow-4.5/lib/sgetspent.c.long-entry 2014-09-01 16:36:40.000000000 +0200
+++ shadow-4.5/lib/sgetspent.c 2018-04-20 12:16:54.505056257 +0200
@@ -48,7 +48,7 @@
*/
struct spwd *sgetspent (const char *string)
{
- static char spwbuf[1024];
+ static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
static struct spwd spwd;
char *fields[FIELDS];
char *cp;
@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri
*/
if (strlen (string) >= sizeof spwbuf) {
+ fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
return 0; /* fail if too long */
}
strcpy (spwbuf, string);
diff -up shadow-4.5/lib/shadowio.c.long-entry shadow-4.5/lib/shadowio.c
--- shadow-4.5/lib/shadowio.c.long-entry 2016-12-07 06:30:41.000000001 +0100
+++ shadow-4.5/lib/shadowio.c 2018-04-20 12:12:03.292171667 +0200
@@ -79,7 +79,9 @@ static int shadow_put (const void *ent,
if ( (NULL == sp)
|| (valid_field (sp->sp_namp, ":\n") == -1)
- || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)
+ || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
+ 1000 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}

View file

@ -1,6 +1,7 @@
diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
--- shadow-4.2.1/src/usermod.c.unlock 2016-02-03 11:54:14.977664838 +0100
+++ shadow-4.2.1/src/usermod.c 2016-02-09 11:52:08.244957222 +0100
Index: shadow-4.5/src/usermod.c
===================================================================
--- shadow-4.5.orig/src/usermod.c
+++ shadow-4.5/src/usermod.c
@@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
strcat (buf, pw_pass);
pw_pass = buf;
@ -60,4 +61,4 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
+ fail_exit(E_PW_UPDATE);
if (pflg) {
spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
spent->sp_lstchg = (long) gettime () / SCALE;

View file

@ -0,0 +1,21 @@
diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200
+++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
}
return 0;
error:
- if (security_getenforce () != 0) {
+ if (security_getenforce () > 0) {
return 1;
}
return 0;
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
selinux_checked = true;
}
if (selinux_enabled) {
- if (setfscreatecon (NULL) != 0) {
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
return 1;
}
}

View file

@ -0,0 +1,15 @@
diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200
+++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200
@@ -1845,6 +1845,11 @@ static void move_home (void)
Prog, prefix_user_home, prefix_user_newhome);
fail_exit (E_HOMEDIR);
}
+ } else {
+ fprintf (stderr,
+ _("%s: The previous home directory (%s) does "
+ "not exist or is inaccessible. Move cannot be completed.\n"),
+ Prog, prefix_user_home);
}
}

View file

@ -1,7 +1,7 @@
diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c
--- shadow-4.1.5.1/lib/commonio.c.orig-context 2012-09-19 20:27:16.000000000 +0200
+++ shadow-4.1.5.1/lib/commonio.c 2013-02-20 15:20:55.064962324 +0100
@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
--- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200
@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
snprintf (buf, sizeof buf, "%s-", db->filename);
#ifdef WITH_SELINUX
@ -10,7 +10,7 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
errors++;
}
#endif
@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db *
@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
snprintf (buf, sizeof buf, "%s+", db->filename);
#ifdef WITH_SELINUX
@ -19,9 +19,9 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
errors++;
}
#endif
diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c
--- shadow-4.1.5.1/libmisc/copydir.c.orig-context 2012-02-13 20:16:32.000000000 +0100
+++ shadow-4.1.5.1/libmisc/copydir.c 2013-02-20 15:19:01.495623232 +0100
diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
--- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200
@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
*/
@ -58,10 +58,10 @@ diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/co
return -1;
}
#endif /* WITH_SELINUX */
diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h
--- shadow-4.1.5.1/lib/prototypes.h.orig-context 2012-01-08 17:04:29.000000000 +0100
+++ shadow-4.1.5.1/lib/prototypes.h 2013-02-20 15:24:17.251126575 +0100
@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m
diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
--- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200
@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
/* selinux.c */
#ifdef WITH_SELINUX
@ -70,9 +70,9 @@ diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototy
extern int reset_selinux_file_context (void);
#endif
diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
--- shadow-4.1.5.1/lib/selinux.c.orig-context 2012-01-08 17:35:44.000000000 +0100
+++ shadow-4.1.5.1/lib/selinux.c 2013-02-20 15:16:40.383716877 +0100
diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
--- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200
@@ -50,7 +50,7 @@ static bool selinux_enabled;
* Callers may have to Reset SELinux to create files with default
* contexts with reset_selinux_file_context
@ -114,15 +114,15 @@ diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
}
/*
diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c
--- shadow-4.1.5.1/src/useradd.c.orig-context 2012-09-19 20:23:33.000000000 +0200
+++ shadow-4.1.5.1/src/useradd.c 2013-02-20 15:19:31.221235459 +0100
@@ -1759,7 +1759,7 @@ static void create_home (void)
diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
--- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200
+++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200
@@ -2020,7 +2020,7 @@ static void create_home (void)
{
if (access (user_home, F_OK) != 0) {
if (access (prefix_user_home, F_OK) != 0) {
#ifdef WITH_SELINUX
- if (set_selinux_file_context (user_home) != 0) {
+ if (set_selinux_file_context (user_home, NULL) != 0) {
fail_exit (E_HOMEDIR);
}
#endif
- if (set_selinux_file_context (prefix_user_home) != 0) {
+ if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
fprintf (stderr,
_("%s: cannot set SELinux context for home directory %s\n"),
Prog, user_home);

View file

@ -1,8 +1,7 @@
diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8
diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
--- shadow-4.1.5/src/useradd.c.redhat 2011-12-09 23:23:15.000000000 +0100
+++ shadow-4.1.5/src/useradd.c 2012-03-19 09:50:05.227588669 +0100
@@ -93,7 +93,7 @@ const char *Prog;
diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
--- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200
@@ -98,7 +98,7 @@ const char *Prog;
static gid_t def_group = 100;
static const char *def_gname = "other";
static const char *def_home = "/home";
@ -11,7 +10,7 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
static const char *def_template = SKEL_DIR;
static const char *def_create_mail_spool = "no";
@@ -103,7 +103,7 @@ static const char *def_expire = "";
@@ -108,7 +108,7 @@ static const char *def_expire = "";
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
@ -20,19 +19,19 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha
@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
};
while ((c = getopt_long (argc, argv,
#ifdef WITH_SELINUX
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
#else /* !WITH_SELINUX */
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
#endif /* !WITH_SELINUX */
long_options, NULL)) != -1) {
switch (c) {
@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha
@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
case 'M':
Mflg = true;
break;

115
shadow-4.6-selinux.patch Normal file
View file

@ -0,0 +1,115 @@
diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
--- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
ret = 0;
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_seuser_key_free (key);
semanage_handle_destroy (handle);
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
}
ret = 0;
+
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_handle_destroy (handle);
return ret;
diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
--- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200
+++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200
@@ -2120,6 +2120,7 @@ static void create_mail (void)
*/
int main (int argc, char **argv)
{
+ int rv = E_SUCCESS;
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
usr_update ();
- if (mflg) {
- create_home ();
- if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
- } else {
- fprintf (stderr,
- _("%s: warning: the home directory already exists.\n"
- "Not copying any file from skel directory into it.\n"),
- Prog);
- }
-
- }
-
- /* Do not create mail directory for system accounts */
- if (!rflg) {
- create_mail ();
- }
-
close_files ();
+ nscd_flush_cache ("passwd");
+ nscd_flush_cache ("group");
+
/*
* tallylog_reset needs to be able to lookup
* a valid existing user name,
@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
}
#ifdef WITH_SELINUX
- if (Zflg) {
- if (set_seuser (user_name, user_selinux) != 0) {
+ if (Zflg && *user_selinux) {
+ if (is_selinux_enabled () > 0) {
+ if (set_seuser (user_name, user_selinux) != 0) {
fprintf (stderr,
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
"adding SELinux user mapping",
user_name, (unsigned int) user_id, 0);
#endif /* WITH_AUDIT */
- fail_exit (E_SE_UPDATE);
+ rv = E_SE_UPDATE;
+ }
}
}
-#endif /* WITH_SELINUX */
+#endif
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+ copy_tree (def_template, prefix_user_home, false, true,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
+ _("%s: warning: the home directory already exists.\n"
+ "Not copying any file from skel directory into it.\n"),
+ Prog);
+ }
+
+ }
+
+ /* Do not create mail directory for system accounts */
+ if (!rflg) {
+ create_mail ();
+ }
- return E_SUCCESS;
+ return rv;
}

View file

@ -0,0 +1,42 @@
diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200
+++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200
@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
{
long long int gid;
char *endptr;
+ struct group *g;
if (NULL == grname) {
return NULL;
@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
&& (gid == (gid_t)gid)) {
return prefix_getgrgid ((gid_t) gid);
}
- return prefix_getgrnam (grname);
+ g = prefix_getgrnam (grname);
+ return g ? __gr_dup(g) : NULL;
}
else
return getgr_nam_gid(grname);
diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200
+++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200
@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
prefix_user_home = xmalloc(len);
wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
assert (wlen == (int) len -1);
+ if (user_newhome) {
+ len = strlen(prefix) + strlen(user_newhome) + 2;
+ prefix_user_newhome = xmalloc(len);
+ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+ assert (wlen == (int) len -1);
+ }
- len = strlen(prefix) + strlen(user_newhome) + 2;
- prefix_user_newhome = xmalloc(len);
- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
- assert (wlen == (int) len -1);
}
else {
prefix_user_home = user_home;

View file

@ -1,54 +1,55 @@
# they warn against doing this ...
%define _disable_source_fetch 0
%define srcname shadow-utils
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.2.1
Release: 8%{?dist}
Name: %{srcname}46
Version: 4.6
Release: 2%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
Source1: shadow-utils.login.defs
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch0: shadow-4.1.5-redhat.patch
Patch1: shadow-4.1.5.1-goodname.patch
Patch0: shadow-4.6-redhat.patch
Patch1: shadow-4.5-goodname.patch
Patch2: shadow-4.1.5.1-info-parent-dir.patch
Patch3: shadow-4.1.5-uflg.patch
Patch6: shadow-4.1.5.1-selinux.patch
Patch7: shadow-4.1.5-2ndskip.patch
Patch8: shadow-4.1.5.1-backup-mode.patch
Patch9: shadow-4.2.1-merge-group.patch
Patch10: shadow-4.1.5.1-orig-context.patch
Patch6: shadow-4.6-selinux.patch
Patch10: shadow-4.6-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch
Patch12: shadow-4.1.5.1-errmsg.patch
Patch13: shadow-4.1.5.1-audit-owner.patch
Patch14: shadow-4.1.5.1-default-range.patch
Patch15: shadow-4.2.1-manfix.patch
Patch15: shadow-4.3.1-manfix.patch
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
Patch18: shadow-4.1.5.1-id-alloc.patch
Patch19: shadow-4.2.1-date-parsing.patch
Patch20: shadow-4.1.5.1-ingroup.patch
Patch21: shadow-4.1.5.1-move-home.patch
Patch22: shadow-4.2.1-audit-update.patch
Patch23: shadow-4.2.1-usermod-unlock.patch
Patch21: shadow-4.6-move-home.patch
Patch22: shadow-4.6-audit-update.patch
Patch23: shadow-4.5-usermod-unlock.patch
Patch24: shadow-4.2.1-no-lock-dos.patch
Patch25: shadow-4.2.1-defs-chroot.patch
Patch26: shadow-4.2.1-lastlog-unexpire.patch
Patch27: shadow-4.2.1-user-busy.patch
Patch28: shadow-4.3.1-selinux-perms.patch
Patch29: shadow-4.2.1-null-tm.patch
Patch31: shadow-4.6-getenforce.patch
Patch32: shadow-4.5-crypt_h.patch
Patch33: shadow-4.5-long-entry.patch
Patch34: shadow-4.6-usermod-crash.patch
License: BSD and GPLv2+
Group: System Environment/Base
BuildRequires: gcc
BuildRequires: libselinux-devel >= 1.25.2-1
BuildRequires: audit-libs-devel >= 1.6.5
BuildRequires: libsemanage-devel
BuildRequires: libacl-devel libattr-devel
BuildRequires: bison flex gnome-doc-utils
#BuildRequires: autoconf, automake, libtool, gettext-devel
BuildRequires: libacl-devel, libattr-devel
BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds
BuildRequires: autoconf, automake, libtool, gettext-devel
Requires: libselinux >= 1.25.2-1
Requires: audit-libs >= 1.6.5
Requires: setup
Requires(pre): coreutils
Requires(post): coreutils
Requires: %{name}-newxidmap = %{version}-%{release}
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
%description
@ -63,50 +64,40 @@ for all users. The useradd, userdel, and usermod commands are used for
managing user accounts. The groupadd, groupdel, and groupmod commands
are used for managing group accounts.
%package newxidmap
Summary: only the newuidmapp and newgidmap from shadow-utils
%description newxidmap
%{summary}.
%prep
%setup -q -n shadow-%{version}
%patch0 -p1 -b .redhat
%patch1 -p1 -b .goodname
%patch2 -p1 -b .info-parent-dir
%patch3 -p1 -b .uflg
%patch6 -p1 -b .selinux
%patch7 -p1 -b .2ndskip
%patch8 -p1 -b .backup-mode
%patch9 -p1 -b .merge-group
%patch10 -p1 -b .orig-context
%patch11 -p1 -b .logmsg
%patch12 -p1 -b .errmsg
%patch13 -p1 -b .audit-owner
%patch14 -p1 -b .default-range
%patch15 -p1 -b .manfix
%patch17 -p1 -b .userdel
%patch18 -p1 -b .id-alloc
%patch19 -p1 -b .date-parsing
%patch20 -p1 -b .ingroup
%patch21 -p1 -b .move-home
%patch22 -p1 -b .audit-update
%patch23 -p1 -b .unlock
%patch24 -p1 -b .no-lock-dos
%patch25 -p1 -b .defs-chroot
%patch26 -p1 -b .unexpire
%patch27 -p1 -b .user-busy
%patch28 -p1 -b .selinux-perms
%patch29 -p1 -b .null-tm
%patch31 -p1 -b .getenforce
%patch32 -p1 -b .crypt_h
%patch33 -p1 -b .long-entry
%patch34 -p1 -b .usermod-crash
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
cp -a %{SOURCE4} %{SOURCE5} .
rm libmisc/getdate.c
#rm po/*.gmo
#rm po/stamp-po
#aclocal
#libtoolize --force
#automake -a
#autoconf
%build
%ifarch sparc64
#sparc64 need big PIE
export CFLAGS="$RPM_OPT_FLAGS -fPIE"
@ -116,6 +107,11 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%endif
rm aclocal.m4
aclocal
libtoolize --force
autoreconf
%configure \
--enable-shadowgrp \
--enable-man \
@ -126,18 +122,17 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
--without-libpam \
--disable-shared \
--with-group-name-max-length=32
make
%make_build
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
%make_install gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
install -p -c -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
@ -156,7 +151,6 @@ rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.*
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.*
@ -185,8 +179,6 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
@ -204,11 +196,7 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
done
%clean
rm -rf $RPM_BUILD_ROOT
%files -f shadow.lang
%defattr(-,root,root)
%doc NEWS doc/HOWTO README
%{!?_licensedir:%global license %%doc}
%license gpl-2.0.txt shadow-bsd.txt
@ -219,8 +207,6 @@ rm -rf $RPM_BUILD_ROOT
%attr(4755,root,root) %{_bindir}/gpasswd
%{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp
%attr(4755,root,root) %{_bindir}/newgidmap
%attr(4755,root,root) %{_bindir}/newuidmap
%{_sbindir}/adduser
%attr(0755,root,root) %{_sbindir}/user*
%attr(0755,root,root) %{_sbindir}/group*
@ -228,6 +214,7 @@ rm -rf $RPM_BUILD_ROOT
%{_sbindir}/pwck
%{_sbindir}/*conv
%{_sbindir}/chpasswd
%{_sbindir}/chgpasswd
%{_sbindir}/newusers
%{_sbindir}/vipw
%{_sbindir}/vigr
@ -235,8 +222,6 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/gpasswd.1*
%{_mandir}/man1/sg.1*
%{_mandir}/man1/newgrp.1*
%{_mandir}/man1/newgidmap.1*
%{_mandir}/man1/newuidmap.1*
%{_mandir}/man3/shadow.3*
%{_mandir}/man5/shadow.5*
%{_mandir}/man5/login.defs.5*
@ -249,13 +234,80 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/pwck.8*
%{_mandir}/man8/grpck.8*
%{_mandir}/man8/chpasswd.8*
%{_mandir}/man8/chgpasswd.8*
%{_mandir}/man8/newusers.8*
%{_mandir}/man8/*conv.8*
%{_mandir}/man8/lastlog.8*
%{_mandir}/man8/vipw.8*
%{_mandir}/man8/vigr.8*
%files newxidmap
%attr(4755,root,root) %{_bindir}/newgidmap
%attr(4755,root,root) %{_bindir}/newuidmap
%{_mandir}/man1/newgidmap.1*
%{_mandir}/man1/newuidmap.1*
%changelog
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
- update to current upstream release 4.6
* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
- Raise limit for passwd and shadow entry length but also prevent
writing longer entries (#1422497)
* Tue Feb 06 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-9
- Add patch to include crypt.h, if present
- Use %%make_{build,install} macros
- Refresh other patches for proper alignment
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-8
- Rebuilt for switch to libxcrypt
* Mon Nov 6 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-7
- fix regression caused by the userdel-chroot patch (#1509978)
* Thu Nov 2 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-6
- fix userdel in chroot (#1316168)
- add useful chage -E example to chage manpage
* Fri Sep 15 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-5
- do not allow "." and ".." user names
* Mon Aug 14 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-4
- allow switching to secondary group without checking the membership
explicitly (patch from upstream)
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Jul 21 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-1
- update to current upstream release 4.5
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Thu Aug 25 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-2
- fix regression in useradd - not processing defaults properly (#1369979)
* Tue Aug 23 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-1
- new upstream release fixing low impact security issue
* Tue Jun 14 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-11
- guard for localtime() and gmtime() failure
* Mon May 30 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-10
- chpasswd, chgpasswd: open audit when starting
* Thu May 26 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-9
- chgpasswd: do not remove it
- chpasswd, chgpasswd: add selinux_check_access call (#1336902)
* Thu Mar 17 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-8
- userdel: fix userdel -f with /etc/subuid present (#1316168)

View file

@ -1,2 +0,0 @@
2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz
6752051fb07fc4be58c3d7b929bf2341 shadow-4.2.1.tar.xz.sig

2
sources.bak Normal file
View file

@ -0,0 +1,2 @@
SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed

77
tests/sanity/Makefile Normal file
View file

@ -0,0 +1,77 @@
# Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material
# is made available to anyone wishing to use, modify, copy, or
# redistribute it subject to the terms and conditions of the GNU General
# Public License v.2.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Author: Jakub Hrozek
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# Example Makefile for RHTS #
# This example is geared towards a test for a specific package #
# It does most of the work for you, but may require further coding #
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
# The toplevel namespace within which the test lives.
TOPLEVEL_NAMESPACE=CoreOS
# The name of the package under test:
PACKAGE_NAME=shadow-utils
# The path of the test below the package:
RELATIVE_PATH=sanity
# Version of the Test. Used with make tag.
export TESTVERSION=1.1
# The combined namespace of the test.
export TEST=/$(TOPLEVEL_NAMESPACE)/$(PACKAGE_NAME)/$(RELATIVE_PATH)
# A phony target is one that is not really the name of a file.
# It is just a name for some commands to be executed when you
# make an explicit request. There are two reasons to use a
# phony target: to avoid a conflict with a file of the same
# name, and to improve performance.
.PHONY: all install download clean
# Executables to be built should be added here, they will be generated on the system under test.
BUILT_FILES=
# Data files, .c files, scripts anything needed to either compile the test and/or run it.
FILES=$(METADATA) Makefile PURPOSE sanity_test.py runtest.sh
run: $(FILES) build
./runtest.sh
build: $(BUILT_FILES)
chmod a+x ./sanity_test.py
chmod a+x ./runtest.sh
clean:
rm -f *~ *.rpm $(BUILT_FILES)
# Include Common Makefile
include /usr/share/rhts/lib/rhts-make.include
# Generate the testinfo.desc here:
$(METADATA): Makefile
@touch $(METADATA)
@echo "Owner: Jakub Hrozek <jhrozek@redhat.com>" > $(METADATA)
@echo "Name: $(TEST)" >> $(METADATA)
@echo "Path: $(TEST_DIR)" >> $(METADATA)
@echo "TestVersion: $(TESTVERSION)" >> $(METADATA)
@echo "License: GNU GPL" >> $(METADATA)
@echo "Description: Basic sanity test for shadow-utils" >> $(METADATA)
@echo "TestTime: 5m" >> $(METADATA)
@echo "RunFor: $(PACKAGE_NAME)" >> $(METADATA)
@echo "Requires: $(PACKAGE_NAME)" >> $(METADATA)
@echo "Requires: python" >> $(METADATA)
rhts-lint $(METADATA)

10
tests/sanity/PURPOSE Normal file
View file

@ -0,0 +1,10 @@
This is a basic sanity test for the shadow-utils package. It is implemented
in python on top of the unittesting.py module.
Its purpose is to ensure that the binaries in the shadow-utils package behave
as expected and its switches/options work correctly.
For the most part, every binary in the shadow-utils package is represented by
a single class named Test<BinaryName>, i.e. TestUsermod etc. There are some
exceptions, like TestUseraddWeirdNameTest though.

24
tests/sanity/runtest.sh Executable file
View file

@ -0,0 +1,24 @@
#!/bin/bash
. /usr/bin/rhts-environment.sh
. /usr/share/beakerlib/beakerlib.sh || exit 1
rlJournalStart
rlFileBackup --clean /etc/default/useradd- /etc/default/useradd
setenforce 0
python sanity_test.py -v
setenforce 1
rlFileRestore
EXIT=$?
if [[ $EXIT -eq 0 ]]; then
RESULT="PASS"
else
RESULT="FAIL"
fi
rlJournalEnd
echo "Result: $RESULT"
echo "Exit: $EXIT"
report_result $TEST $RESULT $EXIT

1013
tests/sanity/sanity_test.py Executable file

File diff suppressed because it is too large Load diff

13
tests/tests.yml Normal file
View file

@ -0,0 +1,13 @@
---
# This first play always runs on the local staging system
- hosts: localhost
roles:
- role: standard-test-beakerlib
tags:
- classic
- atomic
tests:
- sanity
required_packages:
- shadow-utils # sanity test needs shadow-utils
- python # sanity test needs python