Compare commits
8 Commits
newxidmap-
...
f13
Author | SHA1 | Date |
---|---|---|
Fedora Release Engineering | 7cf39e0096 | |
Peter Vrabec | 0dde62fab1 | |
Peter Vrabec | 4fe7f2e82f | |
Peter Vrabec | de7a44355a | |
Peter Vrabec | f925435816 | |
Peter Vrabec | 5b0d7ef0e5 | |
Peter Vrabec | 9d0dba5d53 | |
Jesse Keating | 1a56207fe6 |
21
Makefile
21
Makefile
|
@ -1,21 +0,0 @@
|
|||
# Makefile for source rpm: shadow-utils
|
||||
# $Id: Makefile,v 1.4 2007/10/15 19:22:59 notting Exp $
|
||||
NAME := shadow-utils
|
||||
SPECFILE = $(firstword $(wildcard *.spec))
|
||||
|
||||
define find-makefile-common
|
||||
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(find-makefile-common))
|
||||
|
||||
ifeq ($(MAKEFILE_COMMON),)
|
||||
# attempt a checkout
|
||||
define checkout-makefile-common
|
||||
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
|
||||
endef
|
||||
|
||||
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
|
||||
endif
|
||||
|
||||
include $(MAKEFILE_COMMON)
|
|
@ -0,0 +1,121 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/copydir.c.acl shadow-4.1.4.2/libmisc/copydir.c
|
||||
--- shadow-4.1.4.2/libmisc/copydir.c.acl 2010-04-29 15:55:26.949959971 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/copydir.c 2010-04-29 15:55:26.956960471 +0200
|
||||
@@ -45,6 +45,9 @@
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
+#include <attr/error_context.h>
|
||||
+#include <acl/libacl.h>
|
||||
+
|
||||
static /*@null@*/const char *src_orig;
|
||||
static /*@null@*/const char *dst_orig;
|
||||
|
||||
@@ -70,7 +73,7 @@ static int copy_symlink (const char *src
|
||||
#endif
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp);
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid);
|
||||
static int copy_file (const char *src, const char *dst,
|
||||
@@ -78,6 +81,24 @@ static int copy_file (const char *src, c
|
||||
long int uid, long int gid);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
+
|
||||
+void error (struct error_context *ctx, const char *fmt, ...)
|
||||
+{
|
||||
+ va_list ap;
|
||||
+
|
||||
+ va_start (ap, fmt);
|
||||
+ (void) fprintf (stderr, _("%s: "), Prog);
|
||||
+ if (vfprintf (stderr, fmt, ap) != 0) {
|
||||
+ (void) fputs (_(": "), stderr);
|
||||
+ }
|
||||
+ (void) fprintf (stderr, "%s\n", strerror (errno));
|
||||
+ va_end (ap);
|
||||
+}
|
||||
+
|
||||
+struct error_context ctx = {
|
||||
+ error
|
||||
+};
|
||||
+
|
||||
/*
|
||||
* selinux_file_context - Set the security context before any file or
|
||||
* directory creation.
|
||||
@@ -369,7 +390,7 @@ static int copy_entry (const char *src,
|
||||
*/
|
||||
|
||||
else if (!S_ISREG (sb.st_mode)) {
|
||||
- err = copy_special (dst, &sb, mt, uid, gid);
|
||||
+ err = copy_special (src, dst, &sb, mt, uid, gid);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -413,6 +434,7 @@ static int copy_dir (const char *src, co
|
||||
|| (chown (dst,
|
||||
(uid == - 1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
+ || (perm_copy_file (src, dst, &ctx) != 0)
|
||||
|| (chmod (dst, statp->st_mode) != 0)
|
||||
|| (copy_tree (src, dst, uid, gid) != 0)
|
||||
|| (utimes (dst, mt) != 0)) {
|
||||
@@ -514,6 +536,13 @@ static int copy_symlink (const char *src
|
||||
|| (lchown (dst,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
|
||||
+ /* FIXME: there are no modes on symlinks, right?
|
||||
+ * ACL could be copied, but this would be much more
|
||||
+ * complex than calling perm_copy_file.
|
||||
+ * Ditto for Extended Attributes.
|
||||
+ * We currently only document that ACL and Extended
|
||||
+ * Attributes are not copied.
|
||||
+ */
|
||||
free (oldlink);
|
||||
return -1;
|
||||
}
|
||||
@@ -542,7 +571,7 @@ static int copy_symlink (const char *src
|
||||
static int copy_hardlink (const char *src, const char *dst,
|
||||
struct link_name *lp)
|
||||
{
|
||||
- /* TODO: selinux needed? */
|
||||
+ /* TODO: selinux, ACL, Extended Attributes needed? */
|
||||
|
||||
if (link (lp->ln_name, dst) != 0) {
|
||||
return -1;
|
||||
@@ -574,7 +603,7 @@ static int copy_hardlink (const char *sr
|
||||
*
|
||||
* Return 0 on success, -1 on error.
|
||||
*/
|
||||
-static int copy_special (const char *dst,
|
||||
+static int copy_special (const char *src, const char *dst,
|
||||
const struct stat *statp, const struct timeval mt[],
|
||||
long int uid, long int gid)
|
||||
{
|
||||
@@ -628,7 +657,7 @@ static int copy_file (const char *src, c
|
||||
|| (fchown (ofd,
|
||||
(uid == -1) ? statp->st_uid : (uid_t) uid,
|
||||
(gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
|
||||
- || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
|
||||
+ || (perm_copy_fd (src, ifd, dst, ofd, &ctx) != 0) ) {
|
||||
(void) close (ifd);
|
||||
return -1;
|
||||
}
|
||||
diff -up shadow-4.1.4.2/src/Makefile.in.acl shadow-4.1.4.2/src/Makefile.in
|
||||
--- shadow-4.1.4.2/src/Makefile.in.acl 2009-07-24 03:16:00.000000000 +0200
|
||||
+++ shadow-4.1.4.2/src/Makefile.in 2010-04-29 16:08:34.347960372 +0200
|
||||
@@ -430,9 +430,9 @@ su_SOURCES = \
|
||||
|
||||
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
||||
-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -lacl
|
||||
vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
all: all-am
|
||||
|
|
@ -1,15 +1,3 @@
|
|||
diff -up shadow-4.1.4.2/lib/commonio.c.fixes shadow-4.1.4.2/lib/commonio.c
|
||||
--- shadow-4.1.4.2/lib/commonio.c.fixes 2009-09-07 15:51:28.312139467 +0200
|
||||
+++ shadow-4.1.4.2/lib/commonio.c 2009-09-07 15:52:00.788140456 +0200
|
||||
@@ -710,7 +710,7 @@ commonio_sort (struct commonio_db *db, i
|
||||
db->tail->prev = entries[n - 1];
|
||||
db->tail->next = NULL;
|
||||
|
||||
- for (i = 1; i < n; i++) {
|
||||
+ for (i = 1; i < (n-1); i++) {
|
||||
entries[i]->prev = entries[i - 1];
|
||||
entries[i]->next = entries[i + 1];
|
||||
}
|
||||
diff -up shadow-4.1.4.2/libmisc/cleanup.c.fixes shadow-4.1.4.2/libmisc/cleanup.c
|
||||
--- shadow-4.1.4.2/libmisc/cleanup.c.fixes 2009-09-07 15:52:22.449035388 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/cleanup.c 2009-09-07 15:55:06.632033653 +0200
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
diff -up shadow-4.1.4.2/man/newusers.8.infoParentDir shadow-4.1.4.2/man/newusers.8
|
||||
--- shadow-4.1.4.2/man/newusers.8.infoParentDir 2010-04-28 13:44:04.634870854 +0200
|
||||
+++ shadow-4.1.4.2/man/newusers.8 2010-04-28 13:46:07.190866220 +0200
|
||||
@@ -88,7 +88,7 @@ This field is copied in the GECOS field
|
||||
.RS 4
|
||||
This field is used to define the home directory of the user\&.
|
||||
.sp
|
||||
-If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
|
||||
+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
|
||||
.sp
|
||||
If the home directory of an existing user is changed,
|
||||
\fBnewusers\fR
|
||||
diff -up shadow-4.1.4.2/man/newusers.8.xml.infoParentDir shadow-4.1.4.2/man/newusers.8.xml
|
||||
--- shadow-4.1.4.2/man/newusers.8.xml.infoParentDir 2010-04-28 13:48:01.419238133 +0200
|
||||
+++ shadow-4.1.4.2/man/newusers.8.xml 2010-04-28 13:55:40.499663030 +0200
|
||||
@@ -192,7 +192,15 @@
|
||||
<para>
|
||||
If this field does not specify an existing directory, the
|
||||
specified directory is created, with ownership set to the
|
||||
- user being created or updated and its primary group.
|
||||
+ user being created or updated and its primary group. Note
|
||||
+ that newusers does not create parent directories of the new
|
||||
+ user's home directory. The newusers command will fail to
|
||||
+ create the home directory if the parent directories do not
|
||||
+ exist, and will send a message to stderr informing the user
|
||||
+ of the failure. The newusers command will not halt or return
|
||||
+ a failure to the calling shell if it fails to create the home
|
||||
+ directory, it will continue to process the batch of new users
|
||||
+ specified.
|
||||
</para>
|
||||
<para>
|
||||
If the home directory of an existing user is changed,
|
|
@ -0,0 +1,22 @@
|
|||
diff -up shadow-4.1.4.2/src/userdel.c.semanage shadow-4.1.4.2/src/userdel.c
|
||||
--- shadow-4.1.4.2/src/userdel.c.semanage 2010-04-28 14:47:25.581366330 +0200
|
||||
+++ shadow-4.1.4.2/src/userdel.c 2010-04-28 14:48:08.736376028 +0200
|
||||
@@ -974,18 +974,6 @@ int main (int argc, char **argv)
|
||||
}
|
||||
#endif
|
||||
|
||||
-#ifdef WITH_SELINUX
|
||||
- if (is_selinux_enabled () > 0) {
|
||||
- const char *args[5];
|
||||
- args[0] = "/usr/sbin/semanage";
|
||||
- args[1] = "login";
|
||||
- args[2] = "-d";
|
||||
- args[3] = user_name;
|
||||
- args[4] = NULL;
|
||||
- safe_system (args[0], args, NULL, 1);
|
||||
- }
|
||||
-#endif
|
||||
-
|
||||
/*
|
||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||
* the entry from /etc/passwd.
|
|
@ -0,0 +1,25 @@
|
|||
diff -up shadow-4.1.4.2/libmisc/find_new_gid.c.uflg shadow-4.1.4.2/libmisc/find_new_gid.c
|
||||
--- shadow-4.1.4.2/libmisc/find_new_gid.c.uflg 2010-05-21 11:31:36.069929199 +0200
|
||||
+++ shadow-4.1.4.2/libmisc/find_new_gid.c 2010-05-21 11:31:47.600963338 +0200
|
||||
@@ -61,7 +61,7 @@ int find_new_gid (bool sys_group,
|
||||
gid_min = (gid_t) getdef_ulong ("GID_MIN", 500UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||
} else {
|
||||
- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
|
||||
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 1UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MIN", 500UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
}
|
||||
@@ -79,7 +79,11 @@ int find_new_gid (bool sys_group,
|
||||
*gid = *preferred_gid;
|
||||
return 0;
|
||||
}
|
||||
-
|
||||
+
|
||||
+ /* if we did not find free preffered system gid, we start to look for
|
||||
+ * one in the range assigned to dynamic system IDs */
|
||||
+ if (sys_group)
|
||||
+ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 201UL);
|
||||
|
||||
/*
|
||||
* Search the entire group file,
|
|
@ -0,0 +1,43 @@
|
|||
diff -up shadow-4.1.4.2/src/faillog.c.overflow shadow-4.1.4.2/src/faillog.c
|
||||
--- shadow-4.1.4.2/src/faillog.c.overflow 2010-06-14 10:40:28.023030897 +0200
|
||||
+++ shadow-4.1.4.2/src/faillog.c 2010-06-14 10:53:10.884034750 +0200
|
||||
@@ -106,8 +106,8 @@ static void print_one (/*@null@*/const s
|
||||
return;
|
||||
}
|
||||
|
||||
- offset = pw->pw_uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ offset = (off_t) pw->pw_uid * sizeof (fl);
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -206,8 +206,8 @@ static bool reset_one (uid_t uid)
|
||||
off_t offset;
|
||||
struct faillog fl;
|
||||
|
||||
- offset = uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ offset = (off_t) uid * sizeof (fl);
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -294,7 +294,7 @@ static bool setmax_one (uid_t uid, int m
|
||||
struct faillog fl;
|
||||
|
||||
offset = (off_t) uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
||||
@@ -385,7 +385,7 @@ static bool set_locktime_one (uid_t uid,
|
||||
struct faillog fl;
|
||||
|
||||
offset = (off_t) uid * sizeof (fl);
|
||||
- if (offset <= (statbuf.st_size - sizeof (fl))) {
|
||||
+ if (offset + sizeof (fl) <= statbuf.st_size) {
|
||||
/* fseeko errors are not really relevant for us. */
|
||||
int err = fseeko (fail, offset, SEEK_SET);
|
||||
assert (0 == err);
|
|
@ -1,7 +1,7 @@
|
|||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.1.4.2
|
||||
Release: 2%{?dist}
|
||||
Release: 8%{?dist}
|
||||
Epoch: 2
|
||||
URL: http://pkg-shadow.alioth.debian.org/
|
||||
Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2
|
||||
|
@ -11,10 +11,16 @@ Patch0: shadow-4.1.4.2-redhat.patch
|
|||
Patch1: shadow-4.1.4.1-goodname.patch
|
||||
Patch2: shadow-4.1.4.2-leak.patch
|
||||
Patch3: shadow-4.1.4.2-fixes.patch
|
||||
Patch4: shadow-4.1.4.2-infoParentDir.patch
|
||||
Patch5: shadow-4.1.4.2-semange.patch
|
||||
Patch6: shadow-4.1.4.2-acl.patch
|
||||
Patch7: shadow-4.1.4.2-underflow.patch
|
||||
Patch8: shadow-4.1.4.2-uflg.patch
|
||||
License: BSD and GPLv2+
|
||||
Group: System Environment/Base
|
||||
BuildRequires: libselinux-devel >= 1.25.2-1
|
||||
BuildRequires: audit-libs-devel >= 1.6.5
|
||||
BuildRequires: libacl-devel libattr-devel
|
||||
#BuildRequires: autoconf, automake, libtool, gettext-devel
|
||||
Requires: libselinux >= 1.25.2-1
|
||||
Requires: audit-libs >= 1.6.5
|
||||
|
@ -39,6 +45,11 @@ are used for managing group accounts.
|
|||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .leak
|
||||
%patch3 -p1 -b .fixes
|
||||
%patch4 -p1 -b .infoParentDir
|
||||
%patch5 -p1 -b .semange
|
||||
%patch6 -p1 -b .acl
|
||||
%patch7 -p1 -b .underflow
|
||||
%patch8 -p1 -b .uflg
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
|
@ -58,7 +69,8 @@ cp -f doc/HOWTO.utf8 doc/HOWTO
|
|||
--with-selinux \
|
||||
--without-libcrack \
|
||||
--without-libpam \
|
||||
--disable-shared
|
||||
--disable-shared \
|
||||
--with-group-name-max-length=32
|
||||
make
|
||||
|
||||
%install
|
||||
|
@ -122,14 +134,14 @@ rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
|||
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
|
||||
|
||||
%find_lang shadow
|
||||
find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
|
||||
%find_lang shadow
|
||||
for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
|
||||
dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
|
||||
lang=$(basename $dir)
|
||||
echo "%%lang($lang) $dir" >> shadow.lang
|
||||
echo "%%lang($lang) $dir/man*" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir" >> shadow.lang
|
||||
# echo "%%lang($lang) $dir/man*" >> shadow.lang
|
||||
echo "%%lang($lang) $dir/man*/*" >> shadow.lang
|
||||
done
|
||||
|
||||
%clean
|
||||
|
@ -180,6 +192,29 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/vigr.8*
|
||||
|
||||
%changelog
|
||||
* Tue Jul 20 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-8
|
||||
- fix pwck/grpck hang
|
||||
Resolves: #586322
|
||||
|
||||
* Mon Jun 14 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-7
|
||||
- fix integer underflow in faillog (#603683)
|
||||
- use preferred GID for reserved static IDs
|
||||
|
||||
* Thu Apr 29 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-6
|
||||
- preserve ACL's on files in /etc/skel
|
||||
Resolves: #513055
|
||||
|
||||
* Wed Apr 28 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-5
|
||||
- newusers man page more informative
|
||||
- userdel should not need to run semanage
|
||||
Resolves: #586330 #586408
|
||||
|
||||
* Thu Apr 01 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-4
|
||||
- fix man directories ownership (#569418)
|
||||
|
||||
* Fri Mar 26 2010 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-3
|
||||
- max group name length set to 32 characters
|
||||
|
||||
* Wed Nov 18 2009 Peter Vrabec <pvrabec@redhat.com> - 2:4.1.4.2-2
|
||||
- apply patches{1,2,3}
|
||||
- enable SHA512 in /etc/login.defs
|
||||
|
|
Loading…
Reference in New Issue