rpms/libuser
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Merged update from upstream sources

Browse Source 
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/libuser.git#0deb2ae103906a3db9426f464d2acc515f6ed684
This commit is contained in:
DistroBaker 2021-03-24 08:05:16 +00:00
parent bb73533f1d
commit 6cb2480b1b
21 changed files with 99 additions and 15423 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -15,3 +15,4 @@ libuser-0.56.16.tar.xz
/libuser-0.60.tar.xz /libuser-0.60.tar.xz
/libuser-0.61.tar.xz /libuser-0.61.tar.xz
/libuser-0.62.tar.xz /libuser-0.62.tar.xz
/libuser-0.63.tar.xz

52
0001-Fix-errors-with-Werror-format-security.patch
View File

@ -1,52 +0,0 @@
From 9317afc8bb7eec656444fc2eecfcd1ea3bfdda82 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 15 Mar 2017 12:43:03 -0400
Subject: [PATCH] Fix errors with -Werror=format-security
Recent versions of the Fedora build system treat format-security
warnings as errors, resulting in failure to build. This patch
ensures that appropriate format strings are present.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
---
modules/files.c | 2 +-
modules/ldap.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/modules/files.c b/modules/files.c
index 4ef0a57be9f2aad99d82abfae5204009a93e5572..6a7787e28112ba07e0fc44f2887ce1d1540af29e 100644
--- a/modules/files.c
+++ b/modules/files.c
@@ -532,11 +532,11 @@ parse_field(const struct format_specifier *format, GValue *value,
err = NULL;
ret = lu_value_init_set_attr_from_string(value, format->attribute,
string, &err);
if (ret == FALSE) {
g_assert(err != NULL);
- g_warning(lu_strerror(err));
+ g_warning("%s", lu_strerror(err));
lu_error_free(&err);
}
return ret;
}
diff --git a/modules/ldap.c b/modules/ldap.c
index ad10f7394c5735f3180cbab5bc7314301fd83ffc..02e9eb6a0cf10595d730e3dc719f2e848a3491d4 100644
--- a/modules/ldap.c
+++ b/modules/ldap.c
@@ -670,11 +670,11 @@ lu_ldap_lookup(struct lu_module *module,
error = NULL;
ok = lu_value_init_set_attr_from_string
(&value, attr, val, &error);
if (ok == FALSE) {
g_assert(error != NULL);
- g_warning(lu_strerror(error));
+ g_warning("%s", lu_strerror(error));
lu_error_free(&error);
} else {
lu_ent_add_current(ent, attr,
&value);
g_value_unset(&value);
--
2.12.0

40
0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch
View File

@ -1,40 +0,0 @@
From 68e2c532e610e1c91dd10ff176b673d6190adef4 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Mon, 6 Aug 2018 21:43:53 +0200
Subject: [PATCH] Use 2048-bit keys in tests to avoid issues with modern
systems
---
tests/default_pw_test | 2 +-
tests/ldap_test | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/tests/default_pw_test b/tests/default_pw_test
index 6da406cf3f67cee2084e730361d43c88df83b81c..733c85c090e07c87a9a7ef8b58c5396bf5f91197 100755
--- a/tests/default_pw_test
+++ b/tests/default_pw_test
@@ -30,7 +30,7 @@ rm -rf "$workdir"
mkdir "$workdir"
# Create a SSL key
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
.
.
diff --git a/tests/ldap_test b/tests/ldap_test
index f82c2795ef283e323f49c8a400d6c628b3a3e331..54609b14d54b2c5638445262e7fb25307ba6db4c 100755
--- a/tests/ldap_test
+++ b/tests/ldap_test
@@ -30,7 +30,7 @@ rm -rf "$workdir"
mkdir "$workdir"
# Create a SSL key
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
.
.
--
2.14.4

658
0003-Add-audit-events-around-user-life-cycle.patch
View File

@ -1,658 +0,0 @@
From 72962208c42ea202f1e31f2f3ac1b523cd545b06 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Fri, 3 Aug 2018 11:33:05 +0200
Subject: [PATCH] Add audit events around user life cycle
---
Makefile.am | 18 ++++++-------
apps/lchage.c | 5 ++++
apps/lchsh.c | 7 +++++
apps/lgroupadd.c | 5 ++++
apps/lgroupdel.c | 6 +++++
apps/lgroupmod.c | 36 +++++++++++++++++++++++++
apps/luseradd.c | 16 +++++++++++
apps/luserdel.c | 17 ++++++++++++
apps/lusermod.c | 38 +++++++++++++++++++++++++-
configure.ac | 17 ++++++++++++
lib/common.c | 66 +++++++++++++++++++++++++++++++++++++++++++++-
lib/user_private.h | 15 +++++++++++
12 files changed, 235 insertions(+), 11 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 080f97e8cc81a77dd0413c3b6fe7fe8002499393..9f099bd71941a869274a502a3130802731d83c24 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -116,7 +116,7 @@ apps_libapputil_la_LDFLAGS = $(GOBJECT_LIBS) -lpam -lpam_misc $(SELINUX_LIBS)
apps_lchage_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lchage_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lchfn_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lchfn_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
@@ -124,19 +124,19 @@ apps_lchfn_LDFLAGS = $(GMODULE_LIBS) -lpopt
apps_lchsh_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lchsh_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
-apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lgroupadd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lgroupadd_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lgroupdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lgroupdel_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lgroupmod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lgroupmod_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lid_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lid_LDADD = lib/libuser.la $(LTLIBINTL)
@@ -152,15 +152,15 @@ apps_lpasswd_LDFLAGS = $(GMODULE_LIBS) -lpopt
apps_luseradd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_luseradd_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_luserdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_luserdel_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
apps_lusermod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
apps_lusermod_LDADD = lib/libuser.la $(LTLIBINTL)
-apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt
+apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
lib_libuser_la_SOURCES = lib/common.c lib/config.c lib/entity.c lib/error.c \
lib/fs.c lib/getdate.y lib/internal.h lib/misc.c lib/modules.c \
@@ -170,7 +170,7 @@ lib_libuser_la_CPPFLAGS = $(GMODULE_CFLAGS) -Ilib $(LOCALEDIR_CPPFLAGS) \
-DMODULEDIR='"$(pkglibdir)"' -DNSCD='"$(NSCD)"' \
-DSYSCONFDIR='"$(sysconfdir)"'
lib_libuser_la_LDFLAGS = $(GMODULE_LIBS) $(CRYPT_LIBS) $(SELINUX_LIBS) \
- -version-info 6:2:5
+ $(AUDIT_LIBS) -version-info 6:2:5
lib_libuser_la_LIBADD = $(LTLIBINTL)
modules_libuser_files_la_SOURCES = modules/files.c
diff --git a/apps/lchage.c b/apps/lchage.c
index bad296ccf0755dd6781b1a2e6397dccb1f7dbd12..1a4f04883062cb11f15a2e34d37e127fef2a374e 100644
--- a/apps/lchage.c
+++ b/apps/lchage.c
@@ -29,6 +29,7 @@
#include <popt.h>
#include <glib.h>
#include "../lib/user.h"
+#include "../lib/user_private.h"
#include "apputil.h"
#define INVALID_LONG LONG_MIN
@@ -239,8 +240,12 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Failed to modify aging information for %s: "
"%s\n"), user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
+ AUDIT_NO_ID, 0);
return 3;
}
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
+ AUDIT_NO_ID, 1);
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
}
diff --git a/apps/lchsh.c b/apps/lchsh.c
index 7c8a9246d4548a7f6fbacce91cdfdf4372799943..555ed2ea7b0d5a90bf37a7f23c398b382ac45a38 100644
--- a/apps/lchsh.c
+++ b/apps/lchsh.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <unistd.h>
#include "../lib/user.h"
+#include "../lib/user_private.h"
#include "apputil.h"
int
@@ -120,6 +121,8 @@ main(int argc, const char **argv)
NULL, &error) == FALSE) {
fprintf(stderr, _("Shell not changed: %s\n"),
lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
+ AUDIT_NO_ID, 0);
return 1;
}
/* Modify the in-memory structure's shell attribute. */
@@ -132,9 +135,13 @@ main(int argc, const char **argv)
if (lu_user_modify(ctx, ent, &error)) {
g_print(_("Shell changed.\n"));
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
+ AUDIT_NO_ID, 1);
} else {
fprintf(stderr, _("Shell not changed: %s\n"),
lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
+ AUDIT_NO_ID, 0);
return 1;
}
}
diff --git a/apps/lgroupadd.c b/apps/lgroupadd.c
index d73ee864adac9e5dbc7d98392190db225d116143..3fa2a1df5ac5838ef256541c07ae6028e4f6a80b 100644
--- a/apps/lgroupadd.c
+++ b/apps/lgroupadd.c
@@ -118,6 +118,8 @@ main(int argc, const char **argv)
if (lu_group_add(ctx, ent, &error) == FALSE) {
fprintf(stderr, _("Group creation failed: %s\n"),
lu_strerror(error));
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
+ AUDIT_NO_ID, 0);
return 2;
}
@@ -127,5 +129,8 @@ main(int argc, const char **argv)
lu_end(ctx);
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
+ AUDIT_NO_ID, 1);
+
return 0;
}
diff --git a/apps/lgroupdel.c b/apps/lgroupdel.c
index e0fd6c6d42f55eef82f0790f551721972c129b5f..c5ccbed95cb834719cd109a81e6f979bb737dc71 100644
--- a/apps/lgroupdel.c
+++ b/apps/lgroupdel.c
@@ -24,6 +24,7 @@
#include <locale.h>
#include <popt.h>
#include "../lib/user.h"
+#include "../lib/user_private.h"
#include "apputil.h"
int
@@ -90,6 +91,8 @@ main(int argc, const char **argv)
if (lu_group_delete(ctx, ent, &error) == FALSE) {
fprintf(stderr, _("Group %s could not be deleted: %s\n"),
group, lu_strerror(error));
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
+ AUDIT_NO_ID, 0);
return 3;
}
@@ -99,5 +102,8 @@ main(int argc, const char **argv)
lu_end(ctx);
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
+ AUDIT_NO_ID, 1);
+
return 0;
}
diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
index 21170e06f37370d7b2f2d936048ae7abf24fd181..0ad0ae4f39d32435b4668ef15ec678d8ea319e5c 100644
--- a/apps/lgroupmod.c
+++ b/apps/lgroupmod.c
@@ -138,8 +138,14 @@ main(int argc, const char **argv)
== FALSE) {
fprintf(stderr, _("Failed to set password for group "
"%s: %s\n"), group, lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-passwd", group,
+ AUDIT_NO_ID, 0);
return 4;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-passwd", group,
+ AUDIT_NO_ID, 1);
}
if (cryptedUserPassword) {
@@ -147,8 +153,14 @@ main(int argc, const char **argv)
&error) == FALSE) {
fprintf(stderr, _("Failed to set password for group "
"%s: %s\n"), group, lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-passwd", group,
+ AUDIT_NO_ID, 0);
return 5;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-passwd", group,
+ AUDIT_NO_ID, 1);
}
if (lock) {
@@ -156,8 +168,14 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Group %s could not be locked: %s\n"), group,
lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-lock", group,
+ AUDIT_NO_ID, 0);
return 6;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-lock", group,
+ AUDIT_NO_ID, 1);
}
if (unlock) {
@@ -165,8 +183,14 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Group %s could not be unlocked: %s\n"),
group, lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-lock", group,
+ AUDIT_NO_ID, 0);
return 7;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-lock", group,
+ AUDIT_NO_ID, 1);
}
change = gid || addAdmins || remAdmins || addMembers || remMembers;
@@ -241,8 +265,14 @@ main(int argc, const char **argv)
if (change && lu_group_modify(ctx, ent, &error) == FALSE) {
fprintf(stderr, _("Group %s could not be modified: %s\n"),
group, lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-members", group,
+ AUDIT_NO_ID, 0);
return 8;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-members", group,
+ AUDIT_NO_ID, 1);
if (gidNumber != LU_VALUE_INVALID_ID) {
users = lu_users_enumerate_by_group_full(ctx, gid, &error);
@@ -256,8 +286,14 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Group %s could not be modified: %s\n"),
group, lu_strerror(error));
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-id", group,
+ AUDIT_NO_ID, 0);
return 8;
}
+ lu_audit_logger(AUDIT_GRP_MGMT,
+ "changing-group-id", group,
+ AUDIT_NO_ID, 1);
}
lu_ent_free(ent);
diff --git a/apps/luseradd.c b/apps/luseradd.c
index 7839183c00f892ad50f77f5aed6ada07cd3c125b..9d7f4f10a9c6f849e551f017f05c2e67e4a56259 100644
--- a/apps/luseradd.c
+++ b/apps/luseradd.c
@@ -210,8 +210,12 @@ main(int argc, const char **argv)
lu_error_free(&error);
}
lu_end(ctx);
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
+ AUDIT_NO_ID, 0);
return 1;
}
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
+ AUDIT_NO_ID, 1);
}
/* Retrieve the group ID. */
@@ -259,9 +263,13 @@ main(int argc, const char **argv)
if (lu_user_add(ctx, ent, &error) == FALSE) {
fprintf(stderr, _("Account creation failed: %s.\n"),
lu_strerror(error));
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name,
+ AUDIT_NO_ID, 0);
+
return 3;
}
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name, AUDIT_NO_ID, 1);
/* If we don't have the the don't-create-home flag, create the user's
* home directory. */
@@ -282,8 +290,12 @@ main(int argc, const char **argv)
&error) == FALSE) {
fprintf(stderr, _("Error creating %s: %s.\n"),
homeDirectory, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
+ uidNumber, 0);
return 7;
}
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
+ uidNumber, 1);
/* Create a mail spool for the user. */
if (lu_mail_spool_create(ctx, ent, &error) != TRUE) {
@@ -311,8 +323,12 @@ main(int argc, const char **argv)
fprintf(stderr, _("Error setting password for user "
"%s: %s.\n"), name,
lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
+ name, uidNumber, 0);
return 3;
}
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
+ name, uidNumber, 1);
}
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
diff --git a/apps/luserdel.c b/apps/luserdel.c
index 2f39a4ffb8ae47ac5dc3c84270b54a8ca68c7403..7e20fa7ea9bf4082967bc6931a8557936bfda0a2 100644
--- a/apps/luserdel.c
+++ b/apps/luserdel.c
@@ -26,6 +26,7 @@
#include <string.h>
#include <unistd.h>
#include "../lib/user.h"
+#include "../lib/user_private.h"
#include "apputil.h"
int
@@ -93,8 +94,12 @@ main(int argc, const char **argv)
if (lu_user_delete(ctx, ent, &error) == FALSE) {
fprintf(stderr, _("User %s could not be deleted: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
+ AUDIT_NO_ID, 0);
return 3;
}
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
+ AUDIT_NO_ID, 1);
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
@@ -126,9 +131,15 @@ main(int argc, const char **argv)
fprintf(stderr, _("Group %s could not be "
"deleted: %s.\n"), tmp,
lu_strerror(error));
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
+ "delete-group", user, AUDIT_NO_ID,
+ tmp, 0);
return 7;
}
}
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
+ "delete-group", user,
+ AUDIT_NO_ID, tmp, 1);
lu_ent_free(group_ent);
lu_nscd_flush_cache(LU_NSCD_CACHE_GROUP);
}
@@ -138,8 +149,14 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Error removing home directory: %s.\n"),
lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT,
+ "deleting-home-directory", user,
+ AUDIT_NO_ID, 0);
return 9;
}
+ lu_audit_logger(AUDIT_USER_MGMT, "deleting-home-directory", user,
+ AUDIT_NO_ID, 1);
+
/* Delete the user's mail spool. */
if (lu_mail_spool_remove(ctx, ent, &error) != TRUE) {
fprintf(stderr, _("Error removing mail spool: %s"),
diff --git a/apps/lusermod.c b/apps/lusermod.c
index afec147475736f0b814b5e1f30c77064f3915c20..143157f114c93960fb879d9e6e0c1fb914f3ffcb 100644
--- a/apps/lusermod.c
+++ b/apps/lusermod.c
@@ -179,8 +179,13 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Failed to set password for user %s: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
+ "updating-password", user,
+ uidNumber, 0);
return 5;
}
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
+ user, uidNumber, 0);
}
/* If we need to change a user's crypted password, try to change it,
@@ -192,8 +197,13 @@ main(int argc, const char **argv)
fprintf(stderr,
_("Failed to set password for user %s: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
+ "updating-password", user,
+ uidNumber, 0);
return 6;
}
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
+ user, uidNumber, 0);
}
/* If we need to lock/unlock the user's account, do that. */
@@ -202,16 +212,26 @@ main(int argc, const char **argv)
fprintf(stderr,
_("User %s could not be locked: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
+ "locking-account", user,
+ uidNumber, 0);
return 7;
}
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "locking-account",
+ user, uidNumber, 0);
}
if (unlock) {
if (lu_user_unlock(ctx, ent, &error) == FALSE) {
fprintf(stderr,
_("User %s could not be unlocked: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
+ "unlocking-account", user,
+ uidNumber, 0);
return 8;
}
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "unlocking-account",
+ user, uidNumber, 0);
}
/* Determine if we actually need to change anything. */
@@ -274,8 +294,13 @@ main(int argc, const char **argv)
if (change && (lu_user_modify(ctx, ent, &error) == FALSE)) {
fprintf(stderr, _("User %s could not be modified: %s.\n"),
user, lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT,
+ "modify-account", user,
+ uidNumber, 0);
return 9;
}
+ lu_audit_logger(AUDIT_USER_MGMT, "modify-account",
+ user, uidNumber, 1);
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
/* If the user's name changed, we need to update supplemental
@@ -322,12 +347,19 @@ main(int argc, const char **argv)
}
}
/* Save the changes to the group. */
- if (lu_group_modify(ctx, group, &error) == FALSE)
+ if (lu_group_modify(ctx, group, &error) == FALSE) {
fprintf(stderr, _("Group %s could not be "
"modified: %s.\n"),
lu_ent_get_first_string(group,
LU_GROUPNAME),
lu_strerror(error));
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
+ "update-member-in-group", user, uidNumber,
+ lu_ent_get_first_string(group, LU_GROUPNAME),0);
+ } else
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
+ "update-member-in-group", user, uidNumber,
+ lu_ent_get_first_string(group, LU_GROUPNAME),1);
lu_ent_free(group);
}
g_ptr_array_free(groups, TRUE);
@@ -353,8 +385,12 @@ main(int argc, const char **argv)
fprintf(stderr, _("Error moving %s to %s: %s.\n"),
oldHomeDirectory, homeDirectory,
lu_strerror(error));
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
+ user, uidNumber, 0);
return 12;
}
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
+ user, uidNumber, 1);
}
g_free(oldHomeDirectory);
diff --git a/configure.ac b/configure.ac
index 3e68b16a1f65ff5e5e3e905c1ffce8993e562176..0bd4a67d4c77fa1b701d74dbeab908a192dbf4d7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -118,6 +118,23 @@ if test "x$selinux" != xno ; then
fi
AC_SUBST(SELINUX_LIBS)
+AC_ARG_WITH(audit,
+AS_HELP_STRING([--with-audit],[log using Linux Audit in addition to syslog]),
+use_audit=$withval,
+use_audit=auto)
+if test x$use_audit != xno ; then
+ AC_SEARCH_LIBS([audit_open], [audit])
+ if test x$ac_cv_search_audit_open = xno ; then
+ if test x$use_audit != xauto ; then
+ AC_MSG_ERROR([requested Linux Audit, but libaudit was not found])
+ fi
+ else
+ AC_DEFINE(WITH_AUDIT,1,[Define if you want to use Linux Audit.])
+ AUDIT_LIBS=-laudit
+ fi
+fi
+AC_SUBST(AUDIT_LIBS)
+
AC_C_CONST
AC_TYPE_UID_T
AC_TYPE_MODE_T
diff --git a/lib/common.c b/lib/common.c
index fc5df7461111908ff3eae59608ce0a51d62e155e..dce7e570ec9c92b56b28f15ab503fb7a641b660e 100644
--- a/lib/common.c
+++ b/lib/common.c
@@ -16,9 +16,10 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
*/
-#include <config.h>
+#include "config.h"
#include <glib.h>
#include <string.h>
+#include <stdlib.h>
#include "internal.h"
#include "user_private.h"
@@ -111,3 +112,66 @@ lu_common_sgroup_default(struct lu_module *module,
g_return_val_if_fail(name != NULL, FALSE);
return lu_common_group_default(module, name, is_system, ent, error);
}
+
+#ifdef WITH_AUDIT
+static int audit_fd = 0;
+
+/* result - 1 is "success" and 0 is "failed" */
+void lu_audit_logger(int type, const char *op, const char *name,
+ unsigned int id, unsigned int result)
+{
+ if (audit_fd == 0) {
+ /* First time through */
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ /* You get these only when the kernel doesn't have
+ * audit compiled in. */
+ if ( (errno == EINVAL)
+ || (errno == EPROTONOSUPPORT)
+ || (errno == EAFNOSUPPORT))
+ return;
+ fputs("Cannot open audit interface - aborting.\n", stderr);
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (audit_fd < 0)
+ return;
+ audit_log_acct_message(audit_fd, type, NULL, op, name, id,
+ NULL, NULL, NULL, (int) result);
+}
+
+/* result - 1 is "success" and 0 is "failed" */
+void lu_audit_logger_with_group (int type, const char *op, const char *name,
+ unsigned int id, const char *grp, unsigned int result)
+{
+ int len;
+ char enc_group[(LOGIN_NAME_MAX*2)+1], buf[1024];
+
+ if (audit_fd == 0) {
+ /* First time through */
+ audit_fd = audit_open();
+ if (audit_fd < 0) {
+ /* You get these only when the kernel doesn't have
+ * audit compiled in. */
+ if ( (errno == EINVAL)
+ || (errno == EPROTONOSUPPORT)
+ || (errno == EAFNOSUPPORT))
+ return;
+ fputs("Cannot open audit interface - aborting.\n", stderr);
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (audit_fd < 0)
+ return;
+ len = strnlen(grp, sizeof(enc_group)/2);
+ if (audit_value_needs_encoding(grp, len)) {
+ snprintf(buf, sizeof(buf), "%s grp=%s", op,
+ audit_encode_value(enc_group, grp, len));
+ } else {
+ snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
+ }
+ audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
+ NULL, NULL, NULL, (int) result);
+}
+#endif
+
diff --git a/lib/user_private.h b/lib/user_private.h
index a4869c138d51519539b6939406cdb0fee23ab7f6..02b813c47ee359db774bb85a2aa7aa12e18d3067 100644
--- a/lib/user_private.h
+++ b/lib/user_private.h
@@ -34,6 +34,9 @@
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
#endif
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif
#include "user.h"
G_BEGIN_DECLS
@@ -357,6 +360,18 @@ id_t lu_get_first_unused_id(struct lu_context *ctx, enum lu_entity_type type,
/* Append a copy of VALUES to DEST */
void lu_util_append_values(GValueArray *dest, GValueArray *values);
+#ifdef WITH_AUDIT
+void lu_audit_logger(int type, const char *op, const char *name,
+ unsigned int id, unsigned int result);
+void lu_audit_logger_with_group(int type, const char *op, const char *name,
+ unsigned int id, const char *grp,
+ unsigned int result);
+#else
+#define lu_audit_logger(a, b, c, d, e)
+#define lu_audit_logger_with_group(a, b, c, d, e, f)
+#endif
+#define AUDIT_NO_ID ((unsigned int) -1)
+
G_END_DECLS
#endif
--
2.17.1

44
0004-Check-negative-return-of-PyList_Size.patch
View File

@ -1,44 +0,0 @@
From 11a7ff7eeefe763be9ade949e8f2a4a2d53f6129 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Mon, 24 Sep 2018 20:51:51 +0200
Subject: [PATCH 4/7] Check negative return of PyList_Size
Merges:
https://pagure.io/libuser/issue/28
In case of an error, PyList_Size can return a negative value. We should
check that case, also to avoid compiler warnings like:
Error: COMPILER_WARNING: [#def41] [warning: defect not occurring in libuser-0.60-9.el7]
libuser-0.62/python/misc.c: scope_hint: In function 'libuser_admin_prompt'
libuser-0.62/python/misc.c:160:12: warning: argument 1 range [9223372036854775808, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Walloc-size-larger-than=]
/usr/include/glib-2.0/glib/glist.h:32: included_from: Included from here.
/usr/include/glib-2.0/glib/ghash.h:33: included_from: Included from here.
/usr/include/glib-2.0/glib.h:50: included_from: Included from here.
libuser-0.62/python/misc.c:25: included_from: Included from here.
/usr/include/glib-2.0/glib/gmem.h:96:10: note: in a call to allocation function 'g_malloc0_n' declared here
---
python/misc.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/python/misc.c b/python/misc.c
index c4ce819bfaeb4296507b504c4647b7676377b631..fcb0ccfebae143fa7c7a43ad60d7e9b231ca8863 100644
--- a/python/misc.c
+++ b/python/misc.c
@@ -137,7 +137,12 @@ libuser_admin_prompt(struct libuser_admin *self, PyObject * args,
return NULL;
}
count = PyList_Size(list);
- if (count > INT_MAX) {
+ if (count < 0) {
+ PyErr_SetString(PyExc_TypeError,
+ "prompt_list has no size; probably not a list");
+ DEBUG_EXIT;
+ return NULL;
+ } else if (count > INT_MAX) {
PyErr_SetString(PyExc_ValueError, "too many prompts");
DEBUG_EXIT;
return NULL;
--
2.14.4

60
0005-files.c-Init-char-name-to-NULL.patch
View File

@ -1,60 +0,0 @@
From 7acf0fad0ca468f33f86084f36251df5baf3dc94 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Wed, 26 Sep 2018 21:01:59 +0200
Subject: [PATCH 5/7] files.c: Init char *name to NULL
Merges:
https://pagure.io/libuser/issue/27
This is mostly to silence coverity warnings. "enum lu_entity_type" has
three values and several places in the code follow logic as:
char *name;
if ent->type == user:
name = foo()
if ent->type == group
name = bar()
g_assert(name != NULL)
it shouldn't be possible for ent->type to be anything else but in the
odd case it is, initializing name to NULL will ensure that name will be
still NULL after the code falls through the conditions and at least the
behaviour is defined.
---
modules/files.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/modules/files.c b/modules/files.c
index 6a7787e28112ba07e0fc44f2887ce1d1540af29e..8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5 100644
--- a/modules/files.c
+++ b/modules/files.c
@@ -1501,7 +1501,7 @@ generic_lock(struct lu_module *module, const char *file_suffix, int field,
struct lu_ent *ent, enum lock_op op, struct lu_error **error)
{
struct editing *e;
- char *value, *new_value, *name;
+ char *value, *new_value, *name = NULL;
gboolean commit = FALSE, ret = FALSE;
/* Get the name which keys the entries of interest in the file. */
@@ -1561,7 +1561,7 @@ generic_is_locked(struct lu_module *module, const char *file_suffix,
int field, struct lu_ent *ent, struct lu_error **error)
{
char *filename;
- char *value, *name;
+ char *value, *name = NULL;
int fd;
gboolean ret = FALSE;
@@ -1752,7 +1752,7 @@ generic_setpass(struct lu_module *module, const char *file_suffix, int field,
struct lu_error **error)
{
struct editing *e;
- char *value, *name;
+ char *value, *name = NULL;
gboolean ret = FALSE;
/* Get the name of this account. */
--
2.14.4

56
0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
View File

@ -1,56 +0,0 @@
From 8da7fc83aa3e9fd868c6a8da9261b72dae7d29e7 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Wed, 26 Sep 2018 21:38:02 +0200
Subject: [PATCH 6/7] merge_ent_array_duplicates: Only use values if valid
Merges:
https://pagure.io/libuser/issue/22
Don't attempt to dereference a NULL pointer
---
lib/user.c | 22 ++++++++++++++--------
1 file changed, 14 insertions(+), 8 deletions(-)
diff --git a/lib/user.c b/lib/user.c
index ad2bb099c7d12bd91188e69f188c64953b1d9748..2500565a544bb33a5e08d9807a794a42c819a2d2 100644
--- a/lib/user.c
+++ b/lib/user.c
@@ -691,10 +691,13 @@ merge_ent_array_duplicates(GPtrArray *array)
while (attributes != NULL) {
attr = (const char *)attributes->data;
values = lu_ent_get_current(current, attr);
- for (j = 0; j < values->n_values; j++) {
- value = g_value_array_get_nth(values,
- j);
- lu_ent_add_current(saved, attr, value);
+ if (values != NULL) {
+ for (j = 0; j < values->n_values; j++) {
+ value = g_value_array_get_nth(
+ values,
+ j);
+ lu_ent_add_current(saved, attr, value);
+ }
}
attributes = g_list_next(attributes);
}
@@ -705,10 +708,13 @@ merge_ent_array_duplicates(GPtrArray *array)
while (attributes != NULL) {
attr = (const char *)attributes->data;
values = lu_ent_get(current, attr);
- for (j = 0; j < values->n_values; j++) {
- value = g_value_array_get_nth(values,
- j);
- lu_ent_add(saved, attr, value);
+ if (values != NULL) {
+ for (j = 0; j < values->n_values; j++) {
+ value = g_value_array_get_nth(
+ values,
+ j);
+ lu_ent_add(saved, attr, value);
+ }
}
attributes = g_list_next(attributes);
}
--
2.14.4

33
0007-editing_open-close-fd-after-we-ve-established-its-va.patch
View File

@ -1,33 +0,0 @@
From e5536845298b6672a16e5866a823fcf6562c6cf3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jakub.hrozek@posteo.se>
Date: Wed, 26 Sep 2018 21:15:38 +0200
Subject: [PATCH 7/7] editing_open: close fd after we've established its
validity
Merges:
https://pagure.io/libuser/issue/26
The code used to first close(fd) and only then check if it's != -1.
Reverse the logic so that the fd is only closed if valid.
---
modules/files.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/modules/files.c b/modules/files.c
index 8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5..b8bf8a60e5810c0b705bd91efbdf9e27e851cd2b 100644
--- a/modules/files.c
+++ b/modules/files.c
@@ -387,9 +387,9 @@ editing_open(struct lu_module *module, const char *file_suffix,
backup_name = g_strconcat(e->filename, "-", NULL);
fd = open_and_copy_file(e->filename, backup_name, FALSE, error);
g_free (backup_name);
- close(fd);
if (fd == -1)
goto err_fscreate;
+ close(fd);
e->new_filename = g_strconcat(e->filename, "+", NULL);
e->new_fd = open_and_copy_file(e->filename, e->new_filename, TRUE,
--
2.14.4

78
0009-libuser-0.62-Do-not-use-deprecated-includes.patch
View File

@ -1,78 +0,0 @@
From 29d9996dd200916db888d41196f87609bce329ff Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Apr 07 2020 11:55:38 +0000
Subject: Do not use deprecated flask.h and av_permissions.h
selinux/flask.h and selinux/av_permissions.h will be completely dropped in the
next SELinux release.
Use string_to_security_class() and string_to_av_perm() to get class and
permission values. The original hardcoded values could be invalid and are
deprecated as the whole flask.h and av_permissions.h header files.
Fixes: https://pagure.io/libuser/issue/44
---
diff --git a/apps/apputil.c b/apps/apputil.c
index 1937645..7413ab5 100644
--- a/apps/apputil.c
+++ b/apps/apputil.c
@@ -26,8 +26,6 @@
#include <unistd.h>
#ifdef WITH_SELINUX
#include <selinux/selinux.h>
-#include <selinux/av_permissions.h>
-#include <selinux/flask.h>
#include <selinux/context.h>
#endif
#include "../lib/error.h"
@@ -57,7 +55,7 @@ check_access(const char *chuser, access_vector_t access)
retval = security_compute_av(user_context,
user_context,
- SECCLASS_PASSWD,
+ string_to_security_class("passwd"),
access, &avd);
if (retval == 0 && (avd.allowed & access) == access)
@@ -221,19 +219,25 @@ lu_authenticate_unprivileged(struct lu_context *ctx, const char *user,
#ifdef WITH_SELINUX
if (is_selinux_enabled() > 0) {
/* FIXME: PASSWD_CHSH, PASSWD_PASSWD ? */
- if (getuid() == 0 && check_access(user, PASSWD__CHFN) != 0) {
- security_context_t user_context;
+ if (getuid() == 0) {
+ security_class_t class;
+ access_vector_t perm;
+ class = string_to_security_class("passwd");
+ perm = string_to_av_perm(class, "chfn");
+ if (check_access(user, perm) != 0) {
+ security_context_t user_context;
- if (getprevcon(&user_context) < 0)
- user_context = NULL;
- /* FIXME: "change the finger info?" */
- fprintf(stderr,
- _("%s is not authorized to change the finger "
- "info of %s\n"), user_context ? user_context
- : _("Unknown user context"), user);
- if (user_context != NULL)
- freecon(user_context);
- goto err;
+ if (getprevcon(&user_context) < 0)
+ user_context = NULL;
+ /* FIXME: "change the finger info?" */
+ fprintf(stderr,
+ _("%s is not authorized to change the finger "
+ "info of %s\n"), user_context ? user_context
+ : _("Unknown user context"), user);
+ if (user_context != NULL)
+ freecon(user_context);
+ goto err;
+ }
}
/* FIXME: is this right for lpasswd? */
if (!lu_util_fscreate_from_file("/etc/passwd", NULL)) {

1440
libuser-0_62-de.po
View File

File diff suppressed because it is too large Load Diff

1428
libuser-0_62-es.po
View File

File diff suppressed because it is too large Load Diff

1439
libuser-0_62-fr.po
View File

File diff suppressed because it is too large Load Diff

1429
libuser-0_62-it.po
View File

File diff suppressed because it is too large Load Diff

1422
libuser-0_62-jp.po
View File

File diff suppressed because it is too large Load Diff

1417
libuser-0_62-ko.po
View File

File diff suppressed because it is too large Load Diff

1429
libuser-0_62-pt_BR.po
View File

File diff suppressed because it is too large Load Diff

1435
libuser-0_62-ru.po
View File

File diff suppressed because it is too large Load Diff

1418
libuser-0_62-zh-Hans.po
View File

File diff suppressed because it is too large Load Diff

1417
libuser-0_62-zh-Hant.po
View File

File diff suppressed because it is too large Load Diff

224
libuser.spec
View File

@ -1,47 +1,34 @@
Name: libuser Name: libuser
Version: 0.62 Version: 0.63
Release: 24%{?dist} Release: 1%{?dist}
Group: System Environment/Base
License: LGPLv2+ License: LGPLv2+
URL: https://pagure.io/libuser URL: https://pagure.io/libuser
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
# https://bugzilla.redhat.com/show_bug.cgi?id=1608321 BuildRequires: glib2-devel
Source1: libuser-0_62-jp.po BuildRequires: linuxdoc-tools
Source2: libuser-0_62-zh-Hans.po BuildRequires: pam-devel
Source3: libuser-0_62-zh-Hant.po BuildRequires: popt-devel
Source4: libuser-0_62-fr.po BuildRequires: cyrus-sasl-devel
Source5: libuser-0_62-it.po BuildRequires: libselinux-devel
Source6: libuser-0_62-de.po BuildRequires: openldap-devel
Source7: libuser-0_62-ko.po BuildRequires: python3-devel
Source8: libuser-0_62-pt_BR.po
Source9: libuser-0_62-ru.po
Source10: libuser-0_62-es.po
# Because we patch configure
BuildRequires: autoconf gettext-devel automake libtool
BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel
BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel, python3-devel
# To make sure the configure script can find it # To make sure the configure script can find it
BuildRequires: nscd BuildRequires: nscd
# We support libaudit BuildRequires: gcc
BuildRequires: audit-libs-devel
# For %%check # For %%check
BuildRequires: openldap-clients, openldap-servers, openssl BuildRequires: fakeroot
BuildRequires: openldap-clients
BuildRequires: openldap-servers
BuildRequires: openssl
BuildRequires: make
BuildRequires: bison
BuildRequires: libtool
BuildRequires: gettext-devel
BuildRequires: gtk-doc
Summary: A user and group account administration library Summary: A user and group account administration library
%define __provides_exclude_from %{python3_sitearch}/.*\.so$ %global __provides_exclude_from ^(%{_libdir}/%{name}|%{python3_sitearch})/.*$
# Patch to address format-security.
# Submitted upstream at https://pagure.io/libuser/pull-request/17
Patch1: 0001-Fix-errors-with-Werror-format-security.patch
Patch2: 0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch
Patch3: 0003-Add-audit-events-around-user-life-cycle.patch
Patch4: 0004-Check-negative-return-of-PyList_Size.patch
Patch5: 0005-files.c-Init-char-name-to-NULL.patch
Patch6: 0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch
Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch
Patch9: 0009-libuser-0.62-Do-not-use-deprecated-includes.patch
%description %description
The libuser library implements a standardized interface for manipulating The libuser library implements a standardized interface for manipulating
@ -52,7 +39,6 @@ Sample applications modeled after those included with the shadow password
suite are included. suite are included.
%package devel %package devel
Group: Development/Libraries
Summary: Files needed for developing applications which use libuser Summary: Files needed for developing applications which use libuser
Requires: %{name}%{?_isa} = %{version}-%{release} Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: glib2-devel%{?_isa} Requires: glib2-devel%{?_isa}
@ -61,83 +47,45 @@ Requires: glib2-devel%{?_isa}
The libuser-devel package contains header files, static libraries, and other The libuser-devel package contains header files, static libraries, and other
files useful for developing applications with libuser. files useful for developing applications with libuser.
%package -n python3-libuser %package python3
%{?python_provide:%python_provide python2-libuser}
Summary: Python 3 bindings for the libuser library Summary: Python 3 bindings for the libuser library
Group: Development/Libraries
Requires: libuser%{?_isa} = %{version}-%{release} Requires: libuser%{?_isa} = %{version}-%{release}
Provides: libuser-python3 = %{version}-%{release} Provides: python3-libuser = %{version}-%{release}
Obsoletes: libuser-python3 < %{version}-%{release} Provides: python3-libuser%{?_isa} = %{version}-%{release}
%{?python_provide:%python_provide python3-libuser}
%description -n python3-libuser %description python3
The python3-libuser package contains the Python bindings for The libuser-python3 package contains the Python bindings for
the libuser library, which provides a Python 3 API for manipulating and the libuser library, which provides a Python 3 API for manipulating and
administering user and group accounts. administering user and group accounts.
%prep %prep
%setup -q -n libuser-%{version} %setup -qn libuser-%{version}
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
cp %{SOURCE1} po/ja.po
cp %{SOURCE2} po/zh-Hans.po
cp %{SOURCE3} po/zh-Hant.po
cp %{SOURCE4} po/fr.po
cp %{SOURCE5} po/it.po
cp %{SOURCE6} po/de.po
cp %{SOURCE7} po/ko.po
cp %{SOURCE8} po/pt_BR.po
cp %{SOURCE9} po/ru.po
cp %{SOURCE10} po/es.po
%build %build
autoreconf -if ./autogen.sh
%configure --with-selinux \ %configure --with-selinux --with-ldap --enable-gtk-doc --with-html-dir=%{_datadir}/gtk-doc/html \
--with-ldap \ PYTHON=%{python3}
--with-audit \
--with-html-dir=%{_datadir}/gtk-doc/html \
PYTHON=/usr/bin/python3
make make
# (make all) only rebuilds .gmo files if the .pot file is updated, regardless of po/ja.po changes
make -C po ja.gmo
make -C po zh-Hans.gmo
make -C po zh-Hant.gmo
make -C po it.gmo
make -C po de.gmo
make -C po ko.gmo
make -C po pt_BR.gmo
make -C po ru.gmo
make -C po es.gmo
%install %install
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p' %make_install
%find_lang %{name} %find_lang %{name}
%check #%check
#make check || { cat test-suite.log; false; }
LC_ALL=C.UTF-8 make check \ #
|| { cat test-suite.log; false; } ## Verify that all python modules load, just in case.
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
# Verify that all python modules load, just in case. #export LD_LIBRARY_PATH
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH} #PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitearch}
export LD_LIBRARY_PATH #export PYTHONPATH
cd $RPM_BUILD_ROOT/%{python3_sitearch} #%{python3} -c "import libuser"
# The Python 3 module only supports UTF-8
LC_ALL=C.UTF-8 python3 -c "import libuser"
%post -p /sbin/ldconfig %ldconfig_scriptlets
%postun -p /sbin/ldconfig
%files -f %{name}.lang %files -f %{name}.lang
%{!?_licensedir:%global license %%doc} %{!?_licensedir:%global license %%doc}
@ -156,7 +104,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
%exclude %{_libdir}/*.la %exclude %{_libdir}/*.la
%exclude %{_libdir}/%{name}/*.la %exclude %{_libdir}/%{name}/*.la
%files -n python3-libuser %files python3
%doc python/modules.txt %doc python/modules.txt
%{python3_sitearch}/*.so %{python3_sitearch}/*.so
%exclude %{python3_sitearch}/*.la %exclude %{python3_sitearch}/*.la
@ -168,47 +116,69 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
%{_datadir}/gtk-doc/html/* %{_datadir}/gtk-doc/html/*
%changelog %changelog
* Mon Feb 15 2021 Tomas Halman <thalman@redhat.com> - 0.62-24 * Mon Mar 1 2021 Tomas Halman <thalman@redhat.com> - 0.63-1
- Re-include patches from rhel 8 - Release new version 0.63
- Remove deprecated includes
- Resolves: rhbz#1923043 - libuser doesn't audit events around the account lifecycle
* Wed Jun 26 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-23 * Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-31
- Actually apply the patch from the previous build - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
* Fri Jun 7 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-22 * Wed Sep 09 2020 Tom Stellard <tstellar@redhat.com> - 0.62-30
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing - Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Fri Nov 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-21 * Wed Sep 02 2020 Merlin Mathesius <mmathesi@redhat.com> - 0.62-29
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization - Pull in upstream patch that fixes FTBFS for Rawhide and ELN
* Fri Oct 12 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-20 * Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-28
- Resolves: rhbz#1637398 - libuser-python3 should be renamed to comply - Second attempt - Rebuilt for
with Packaging Guidelines https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19 * Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-27
- Resolves: rhbz#1602600 - Please review important issues found by covscan - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
in "libuser-0.62-14.el8+7" package
* Fri Sep 28 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-18 * Fri Jul 3 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.62-26
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization - Temporarily disable tests, nothing changed since forever so this should be
safe and would unblock FTBFS
- Related: rhbz#1817666 - libuser fails to build with Python 3.9: FAIL: tests/fs_test
* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-17 * Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.62-25
- Resolves: rhbz#1558151 - libuser needs audit events around the account - Rebuilt for Python 3.9
lifecycle
* Mon Aug 6 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-24
- Use 2048bit keys in tests - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
- Resolves: rhbz#1611729 - [RHEL8-S-BUILD] libuser Fails Scratch Build on rhel-8.0
* Mon Jun 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-15 * Tue Nov 26 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-23
- Drop the fakeroot dependency - Subpackage python2-libuser has been removed
- Resolves: #1581448 - Remove fakeroot from libuser in RHEL8 See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
* Sun Jun 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-14 * Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-22
- Do not build python2-libuser at all in RHEL-8 - Rebuilt for Python 3.8
- Resolves: #1559103 - libuser: Drop Python 2 subpackage(s) from RHEL 8
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-20
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 0.62-19
- Rebuilt for libcrypt.so.2 (#1666033)
* Fri Jul 20 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
- BuildRequires: gcc
- Related: rhbz#1604682 - libuser: FTBFS in Fedora rawhide
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jul 9 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
- Use python2 explicitly in tests of python2 bindings instead of just "python"
- Related: rhbz#1582899 - libuser: FTBFS in Fedora 28
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.62-15
- Rebuilt for Python 3.7
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13 * Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
- Rebuilt for switch to libxcrypt - Rebuilt for switch to libxcrypt

2
sources
View File

@ -1 +1 @@
63e5e5c551e99dc5302b40b80bd6d4f2 libuser-0.62.tar.xz SHA512 (libuser-0.63.tar.xz) = 5a8d261cea62d7d67da84acd263955eca10b876d3bb0cbbf8f15c2a4ad813f3d16361f90060a8ca77f7d97da4aaceaa0549985c06e9cabefeb10451bbb93a9d2