Compare commits
No commits in common. "c8" and "c9" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/libuser-0.62.tar.xz
|
SOURCES/libuser-0.63.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
e0fe60dd38f3b5777d0a4ad664725eddd18ef310 SOURCES/libuser-0.62.tar.xz
|
cd6b029165743afaaee58e7d80e767da7a868545 SOURCES/libuser-0.63.tar.xz
|
||||||
|
@ -1,52 +0,0 @@
|
|||||||
From 9317afc8bb7eec656444fc2eecfcd1ea3bfdda82 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
||||||
Date: Wed, 15 Mar 2017 12:43:03 -0400
|
|
||||||
Subject: [PATCH] Fix errors with -Werror=format-security
|
|
||||||
|
|
||||||
Recent versions of the Fedora build system treat format-security
|
|
||||||
warnings as errors, resulting in failure to build. This patch
|
|
||||||
ensures that appropriate format strings are present.
|
|
||||||
|
|
||||||
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
||||||
---
|
|
||||||
modules/files.c | 2 +-
|
|
||||||
modules/ldap.c | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/modules/files.c b/modules/files.c
|
|
||||||
index 4ef0a57be9f2aad99d82abfae5204009a93e5572..6a7787e28112ba07e0fc44f2887ce1d1540af29e 100644
|
|
||||||
--- a/modules/files.c
|
|
||||||
+++ b/modules/files.c
|
|
||||||
@@ -532,11 +532,11 @@ parse_field(const struct format_specifier *format, GValue *value,
|
|
||||||
err = NULL;
|
|
||||||
ret = lu_value_init_set_attr_from_string(value, format->attribute,
|
|
||||||
string, &err);
|
|
||||||
if (ret == FALSE) {
|
|
||||||
g_assert(err != NULL);
|
|
||||||
- g_warning(lu_strerror(err));
|
|
||||||
+ g_warning("%s", lu_strerror(err));
|
|
||||||
lu_error_free(&err);
|
|
||||||
}
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff --git a/modules/ldap.c b/modules/ldap.c
|
|
||||||
index ad10f7394c5735f3180cbab5bc7314301fd83ffc..02e9eb6a0cf10595d730e3dc719f2e848a3491d4 100644
|
|
||||||
--- a/modules/ldap.c
|
|
||||||
+++ b/modules/ldap.c
|
|
||||||
@@ -670,11 +670,11 @@ lu_ldap_lookup(struct lu_module *module,
|
|
||||||
error = NULL;
|
|
||||||
ok = lu_value_init_set_attr_from_string
|
|
||||||
(&value, attr, val, &error);
|
|
||||||
if (ok == FALSE) {
|
|
||||||
g_assert(error != NULL);
|
|
||||||
- g_warning(lu_strerror(error));
|
|
||||||
+ g_warning("%s", lu_strerror(error));
|
|
||||||
lu_error_free(&error);
|
|
||||||
} else {
|
|
||||||
lu_ent_add_current(ent, attr,
|
|
||||||
&value);
|
|
||||||
g_value_unset(&value);
|
|
||||||
--
|
|
||||||
2.12.0
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 68e2c532e610e1c91dd10ff176b673d6190adef4 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
||||||
Date: Mon, 6 Aug 2018 21:43:53 +0200
|
|
||||||
Subject: [PATCH] Use 2048-bit keys in tests to avoid issues with modern
|
|
||||||
systems
|
|
||||||
|
|
||||||
---
|
|
||||||
tests/default_pw_test | 2 +-
|
|
||||||
tests/ldap_test | 2 +-
|
|
||||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/tests/default_pw_test b/tests/default_pw_test
|
|
||||||
index 6da406cf3f67cee2084e730361d43c88df83b81c..733c85c090e07c87a9a7ef8b58c5396bf5f91197 100755
|
|
||||||
--- a/tests/default_pw_test
|
|
||||||
+++ b/tests/default_pw_test
|
|
||||||
@@ -30,7 +30,7 @@ rm -rf "$workdir"
|
|
||||||
mkdir "$workdir"
|
|
||||||
|
|
||||||
# Create a SSL key
|
|
||||||
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
|
|
||||||
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
|
|
||||||
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
|
|
||||||
.
|
|
||||||
.
|
|
||||||
diff --git a/tests/ldap_test b/tests/ldap_test
|
|
||||||
index f82c2795ef283e323f49c8a400d6c628b3a3e331..54609b14d54b2c5638445262e7fb25307ba6db4c 100755
|
|
||||||
--- a/tests/ldap_test
|
|
||||||
+++ b/tests/ldap_test
|
|
||||||
@@ -30,7 +30,7 @@ rm -rf "$workdir"
|
|
||||||
mkdir "$workdir"
|
|
||||||
|
|
||||||
# Create a SSL key
|
|
||||||
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
|
|
||||||
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
|
|
||||||
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
|
|
||||||
.
|
|
||||||
.
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
1509
SOURCES/0002-popt-memopy.patch
Normal file
1509
SOURCES/0002-popt-memopy.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,658 +0,0 @@
|
|||||||
From 72962208c42ea202f1e31f2f3ac1b523cd545b06 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Date: Fri, 3 Aug 2018 11:33:05 +0200
|
|
||||||
Subject: [PATCH] Add audit events around user life cycle
|
|
||||||
|
|
||||||
---
|
|
||||||
Makefile.am | 18 ++++++-------
|
|
||||||
apps/lchage.c | 5 ++++
|
|
||||||
apps/lchsh.c | 7 +++++
|
|
||||||
apps/lgroupadd.c | 5 ++++
|
|
||||||
apps/lgroupdel.c | 6 +++++
|
|
||||||
apps/lgroupmod.c | 36 +++++++++++++++++++++++++
|
|
||||||
apps/luseradd.c | 16 +++++++++++
|
|
||||||
apps/luserdel.c | 17 ++++++++++++
|
|
||||||
apps/lusermod.c | 38 +++++++++++++++++++++++++-
|
|
||||||
configure.ac | 17 ++++++++++++
|
|
||||||
lib/common.c | 66 +++++++++++++++++++++++++++++++++++++++++++++-
|
|
||||||
lib/user_private.h | 15 +++++++++++
|
|
||||||
12 files changed, 235 insertions(+), 11 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/Makefile.am b/Makefile.am
|
|
||||||
index 080f97e8cc81a77dd0413c3b6fe7fe8002499393..9f099bd71941a869274a502a3130802731d83c24 100644
|
|
||||||
--- a/Makefile.am
|
|
||||||
+++ b/Makefile.am
|
|
||||||
@@ -116,7 +116,7 @@ apps_libapputil_la_LDFLAGS = $(GOBJECT_LIBS) -lpam -lpam_misc $(SELINUX_LIBS)
|
|
||||||
|
|
||||||
apps_lchage_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lchage_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lchfn_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lchfn_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
|
|
||||||
@@ -124,19 +124,19 @@ apps_lchfn_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
|
|
||||||
apps_lchsh_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lchsh_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lgroupadd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lgroupadd_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lgroupdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lgroupdel_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lgroupmod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lgroupmod_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lid_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lid_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
@@ -152,15 +152,15 @@ apps_lpasswd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
|
|
||||||
apps_luseradd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_luseradd_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_luserdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_luserdel_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
apps_lusermod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
|
||||||
apps_lusermod_LDADD = lib/libuser.la $(LTLIBINTL)
|
|
||||||
-apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
|
||||||
+apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
|
||||||
|
|
||||||
lib_libuser_la_SOURCES = lib/common.c lib/config.c lib/entity.c lib/error.c \
|
|
||||||
lib/fs.c lib/getdate.y lib/internal.h lib/misc.c lib/modules.c \
|
|
||||||
@@ -170,7 +170,7 @@ lib_libuser_la_CPPFLAGS = $(GMODULE_CFLAGS) -Ilib $(LOCALEDIR_CPPFLAGS) \
|
|
||||||
-DMODULEDIR='"$(pkglibdir)"' -DNSCD='"$(NSCD)"' \
|
|
||||||
-DSYSCONFDIR='"$(sysconfdir)"'
|
|
||||||
lib_libuser_la_LDFLAGS = $(GMODULE_LIBS) $(CRYPT_LIBS) $(SELINUX_LIBS) \
|
|
||||||
- -version-info 6:2:5
|
|
||||||
+ $(AUDIT_LIBS) -version-info 6:2:5
|
|
||||||
lib_libuser_la_LIBADD = $(LTLIBINTL)
|
|
||||||
|
|
||||||
modules_libuser_files_la_SOURCES = modules/files.c
|
|
||||||
diff --git a/apps/lchage.c b/apps/lchage.c
|
|
||||||
index bad296ccf0755dd6781b1a2e6397dccb1f7dbd12..1a4f04883062cb11f15a2e34d37e127fef2a374e 100644
|
|
||||||
--- a/apps/lchage.c
|
|
||||||
+++ b/apps/lchage.c
|
|
||||||
@@ -29,6 +29,7 @@
|
|
||||||
#include <popt.h>
|
|
||||||
#include <glib.h>
|
|
||||||
#include "../lib/user.h"
|
|
||||||
+#include "../lib/user_private.h"
|
|
||||||
#include "apputil.h"
|
|
||||||
|
|
||||||
#define INVALID_LONG LONG_MIN
|
|
||||||
@@ -239,8 +240,12 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Failed to modify aging information for %s: "
|
|
||||||
"%s\n"), user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 3;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
}
|
|
||||||
diff --git a/apps/lchsh.c b/apps/lchsh.c
|
|
||||||
index 7c8a9246d4548a7f6fbacce91cdfdf4372799943..555ed2ea7b0d5a90bf37a7f23c398b382ac45a38 100644
|
|
||||||
--- a/apps/lchsh.c
|
|
||||||
+++ b/apps/lchsh.c
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include "../lib/user.h"
|
|
||||||
+#include "../lib/user_private.h"
|
|
||||||
#include "apputil.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
@@ -120,6 +121,8 @@ main(int argc, const char **argv)
|
|
||||||
NULL, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Shell not changed: %s\n"),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
/* Modify the in-memory structure's shell attribute. */
|
|
||||||
@@ -132,9 +135,13 @@ main(int argc, const char **argv)
|
|
||||||
if (lu_user_modify(ctx, ent, &error)) {
|
|
||||||
g_print(_("Shell changed.\n"));
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
} else {
|
|
||||||
fprintf(stderr, _("Shell not changed: %s\n"),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff --git a/apps/lgroupadd.c b/apps/lgroupadd.c
|
|
||||||
index d73ee864adac9e5dbc7d98392190db225d116143..3fa2a1df5ac5838ef256541c07ae6028e4f6a80b 100644
|
|
||||||
--- a/apps/lgroupadd.c
|
|
||||||
+++ b/apps/lgroupadd.c
|
|
||||||
@@ -118,6 +118,8 @@ main(int argc, const char **argv)
|
|
||||||
if (lu_group_add(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Group creation failed: %s\n"),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -127,5 +129,8 @@ main(int argc, const char **argv)
|
|
||||||
|
|
||||||
lu_end(ctx);
|
|
||||||
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
+
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/apps/lgroupdel.c b/apps/lgroupdel.c
|
|
||||||
index e0fd6c6d42f55eef82f0790f551721972c129b5f..c5ccbed95cb834719cd109a81e6f979bb737dc71 100644
|
|
||||||
--- a/apps/lgroupdel.c
|
|
||||||
+++ b/apps/lgroupdel.c
|
|
||||||
@@ -24,6 +24,7 @@
|
|
||||||
#include <locale.h>
|
|
||||||
#include <popt.h>
|
|
||||||
#include "../lib/user.h"
|
|
||||||
+#include "../lib/user_private.h"
|
|
||||||
#include "apputil.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
@@ -90,6 +91,8 @@ main(int argc, const char **argv)
|
|
||||||
if (lu_group_delete(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Group %s could not be deleted: %s\n"),
|
|
||||||
group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 3;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -99,5 +102,8 @@ main(int argc, const char **argv)
|
|
||||||
|
|
||||||
lu_end(ctx);
|
|
||||||
|
|
||||||
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
+
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
|
|
||||||
index 21170e06f37370d7b2f2d936048ae7abf24fd181..0ad0ae4f39d32435b4668ef15ec678d8ea319e5c 100644
|
|
||||||
--- a/apps/lgroupmod.c
|
|
||||||
+++ b/apps/lgroupmod.c
|
|
||||||
@@ -138,8 +138,14 @@ main(int argc, const char **argv)
|
|
||||||
== FALSE) {
|
|
||||||
fprintf(stderr, _("Failed to set password for group "
|
|
||||||
"%s: %s\n"), group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-passwd", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 4;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-passwd", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cryptedUserPassword) {
|
|
||||||
@@ -147,8 +153,14 @@ main(int argc, const char **argv)
|
|
||||||
&error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Failed to set password for group "
|
|
||||||
"%s: %s\n"), group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-passwd", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 5;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-passwd", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (lock) {
|
|
||||||
@@ -156,8 +168,14 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Group %s could not be locked: %s\n"), group,
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-lock", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 6;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-lock", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (unlock) {
|
|
||||||
@@ -165,8 +183,14 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Group %s could not be unlocked: %s\n"),
|
|
||||||
group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-lock", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 7;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-lock", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
change = gid || addAdmins || remAdmins || addMembers || remMembers;
|
|
||||||
@@ -241,8 +265,14 @@ main(int argc, const char **argv)
|
|
||||||
if (change && lu_group_modify(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Group %s could not be modified: %s\n"),
|
|
||||||
group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-members", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 8;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-members", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
if (gidNumber != LU_VALUE_INVALID_ID) {
|
|
||||||
users = lu_users_enumerate_by_group_full(ctx, gid, &error);
|
|
||||||
|
|
||||||
@@ -256,8 +286,14 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Group %s could not be modified: %s\n"),
|
|
||||||
group, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-id", group,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 8;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ "changing-group-id", group,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
lu_ent_free(ent);
|
|
||||||
diff --git a/apps/luseradd.c b/apps/luseradd.c
|
|
||||||
index 7839183c00f892ad50f77f5aed6ada07cd3c125b..9d7f4f10a9c6f849e551f017f05c2e67e4a56259 100644
|
|
||||||
--- a/apps/luseradd.c
|
|
||||||
+++ b/apps/luseradd.c
|
|
||||||
@@ -210,8 +210,12 @@ main(int argc, const char **argv)
|
|
||||||
lu_error_free(&error);
|
|
||||||
}
|
|
||||||
lu_end(ctx);
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Retrieve the group ID. */
|
|
||||||
@@ -259,9 +263,13 @@ main(int argc, const char **argv)
|
|
||||||
if (lu_user_add(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Account creation failed: %s.\n"),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
+
|
|
||||||
return 3;
|
|
||||||
}
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name, AUDIT_NO_ID, 1);
|
|
||||||
|
|
||||||
/* If we don't have the the don't-create-home flag, create the user's
|
|
||||||
* home directory. */
|
|
||||||
@@ -282,8 +290,12 @@ main(int argc, const char **argv)
|
|
||||||
&error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Error creating %s: %s.\n"),
|
|
||||||
homeDirectory, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 7;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
|
|
||||||
+ uidNumber, 1);
|
|
||||||
|
|
||||||
/* Create a mail spool for the user. */
|
|
||||||
if (lu_mail_spool_create(ctx, ent, &error) != TRUE) {
|
|
||||||
@@ -311,8 +323,12 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr, _("Error setting password for user "
|
|
||||||
"%s: %s.\n"), name,
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
|
||||||
+ name, uidNumber, 0);
|
|
||||||
return 3;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
|
||||||
+ name, uidNumber, 1);
|
|
||||||
}
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
|
|
||||||
diff --git a/apps/luserdel.c b/apps/luserdel.c
|
|
||||||
index 2f39a4ffb8ae47ac5dc3c84270b54a8ca68c7403..7e20fa7ea9bf4082967bc6931a8557936bfda0a2 100644
|
|
||||||
--- a/apps/luserdel.c
|
|
||||||
+++ b/apps/luserdel.c
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include "../lib/user.h"
|
|
||||||
+#include "../lib/user_private.h"
|
|
||||||
#include "apputil.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
@@ -93,8 +94,12 @@ main(int argc, const char **argv)
|
|
||||||
if (lu_user_delete(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("User %s could not be deleted: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 3;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
|
|
||||||
@@ -126,9 +131,15 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr, _("Group %s could not be "
|
|
||||||
"deleted: %s.\n"), tmp,
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
|
|
||||||
+ "delete-group", user, AUDIT_NO_ID,
|
|
||||||
+ tmp, 0);
|
|
||||||
return 7;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
|
|
||||||
+ "delete-group", user,
|
|
||||||
+ AUDIT_NO_ID, tmp, 1);
|
|
||||||
lu_ent_free(group_ent);
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_GROUP);
|
|
||||||
}
|
|
||||||
@@ -138,8 +149,14 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Error removing home directory: %s.\n"),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT,
|
|
||||||
+ "deleting-home-directory", user,
|
|
||||||
+ AUDIT_NO_ID, 0);
|
|
||||||
return 9;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "deleting-home-directory", user,
|
|
||||||
+ AUDIT_NO_ID, 1);
|
|
||||||
+
|
|
||||||
/* Delete the user's mail spool. */
|
|
||||||
if (lu_mail_spool_remove(ctx, ent, &error) != TRUE) {
|
|
||||||
fprintf(stderr, _("Error removing mail spool: %s"),
|
|
||||||
diff --git a/apps/lusermod.c b/apps/lusermod.c
|
|
||||||
index afec147475736f0b814b5e1f30c77064f3915c20..143157f114c93960fb879d9e6e0c1fb914f3ffcb 100644
|
|
||||||
--- a/apps/lusermod.c
|
|
||||||
+++ b/apps/lusermod.c
|
|
||||||
@@ -179,8 +179,13 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Failed to set password for user %s: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
|
||||||
+ "updating-password", user,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 5;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
|
||||||
+ user, uidNumber, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If we need to change a user's crypted password, try to change it,
|
|
||||||
@@ -192,8 +197,13 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("Failed to set password for user %s: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
|
||||||
+ "updating-password", user,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 6;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
|
||||||
+ user, uidNumber, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* If we need to lock/unlock the user's account, do that. */
|
|
||||||
@@ -202,16 +212,26 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr,
|
|
||||||
_("User %s could not be locked: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
|
||||||
+ "locking-account", user,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 7;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "locking-account",
|
|
||||||
+ user, uidNumber, 0);
|
|
||||||
}
|
|
||||||
if (unlock) {
|
|
||||||
if (lu_user_unlock(ctx, ent, &error) == FALSE) {
|
|
||||||
fprintf(stderr,
|
|
||||||
_("User %s could not be unlocked: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
|
||||||
+ "unlocking-account", user,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 8;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "unlocking-account",
|
|
||||||
+ user, uidNumber, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Determine if we actually need to change anything. */
|
|
||||||
@@ -274,8 +294,13 @@ main(int argc, const char **argv)
|
|
||||||
if (change && (lu_user_modify(ctx, ent, &error) == FALSE)) {
|
|
||||||
fprintf(stderr, _("User %s could not be modified: %s.\n"),
|
|
||||||
user, lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT,
|
|
||||||
+ "modify-account", user,
|
|
||||||
+ uidNumber, 0);
|
|
||||||
return 9;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "modify-account",
|
|
||||||
+ user, uidNumber, 1);
|
|
||||||
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
|
||||||
|
|
||||||
/* If the user's name changed, we need to update supplemental
|
|
||||||
@@ -322,12 +347,19 @@ main(int argc, const char **argv)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Save the changes to the group. */
|
|
||||||
- if (lu_group_modify(ctx, group, &error) == FALSE)
|
|
||||||
+ if (lu_group_modify(ctx, group, &error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Group %s could not be "
|
|
||||||
"modified: %s.\n"),
|
|
||||||
lu_ent_get_first_string(group,
|
|
||||||
LU_GROUPNAME),
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
|
|
||||||
+ "update-member-in-group", user, uidNumber,
|
|
||||||
+ lu_ent_get_first_string(group, LU_GROUPNAME),0);
|
|
||||||
+ } else
|
|
||||||
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
|
|
||||||
+ "update-member-in-group", user, uidNumber,
|
|
||||||
+ lu_ent_get_first_string(group, LU_GROUPNAME),1);
|
|
||||||
lu_ent_free(group);
|
|
||||||
}
|
|
||||||
g_ptr_array_free(groups, TRUE);
|
|
||||||
@@ -353,8 +385,12 @@ main(int argc, const char **argv)
|
|
||||||
fprintf(stderr, _("Error moving %s to %s: %s.\n"),
|
|
||||||
oldHomeDirectory, homeDirectory,
|
|
||||||
lu_strerror(error));
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
|
|
||||||
+ user, uidNumber, 0);
|
|
||||||
return 12;
|
|
||||||
}
|
|
||||||
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
|
|
||||||
+ user, uidNumber, 1);
|
|
||||||
}
|
|
||||||
g_free(oldHomeDirectory);
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index 3e68b16a1f65ff5e5e3e905c1ffce8993e562176..0bd4a67d4c77fa1b701d74dbeab908a192dbf4d7 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -118,6 +118,23 @@ if test "x$selinux" != xno ; then
|
|
||||||
fi
|
|
||||||
AC_SUBST(SELINUX_LIBS)
|
|
||||||
|
|
||||||
+AC_ARG_WITH(audit,
|
|
||||||
+AS_HELP_STRING([--with-audit],[log using Linux Audit in addition to syslog]),
|
|
||||||
+use_audit=$withval,
|
|
||||||
+use_audit=auto)
|
|
||||||
+if test x$use_audit != xno ; then
|
|
||||||
+ AC_SEARCH_LIBS([audit_open], [audit])
|
|
||||||
+ if test x$ac_cv_search_audit_open = xno ; then
|
|
||||||
+ if test x$use_audit != xauto ; then
|
|
||||||
+ AC_MSG_ERROR([requested Linux Audit, but libaudit was not found])
|
|
||||||
+ fi
|
|
||||||
+ else
|
|
||||||
+ AC_DEFINE(WITH_AUDIT,1,[Define if you want to use Linux Audit.])
|
|
||||||
+ AUDIT_LIBS=-laudit
|
|
||||||
+ fi
|
|
||||||
+fi
|
|
||||||
+AC_SUBST(AUDIT_LIBS)
|
|
||||||
+
|
|
||||||
AC_C_CONST
|
|
||||||
AC_TYPE_UID_T
|
|
||||||
AC_TYPE_MODE_T
|
|
||||||
diff --git a/lib/common.c b/lib/common.c
|
|
||||||
index fc5df7461111908ff3eae59608ce0a51d62e155e..dce7e570ec9c92b56b28f15ab503fb7a641b660e 100644
|
|
||||||
--- a/lib/common.c
|
|
||||||
+++ b/lib/common.c
|
|
||||||
@@ -16,9 +16,10 @@
|
|
||||||
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
|
||||||
*/
|
|
||||||
|
|
||||||
-#include <config.h>
|
|
||||||
+#include "config.h"
|
|
||||||
#include <glib.h>
|
|
||||||
#include <string.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
|
|
||||||
#include "internal.h"
|
|
||||||
#include "user_private.h"
|
|
||||||
@@ -111,3 +112,66 @@ lu_common_sgroup_default(struct lu_module *module,
|
|
||||||
g_return_val_if_fail(name != NULL, FALSE);
|
|
||||||
return lu_common_group_default(module, name, is_system, ent, error);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+static int audit_fd = 0;
|
|
||||||
+
|
|
||||||
+/* result - 1 is "success" and 0 is "failed" */
|
|
||||||
+void lu_audit_logger(int type, const char *op, const char *name,
|
|
||||||
+ unsigned int id, unsigned int result)
|
|
||||||
+{
|
|
||||||
+ if (audit_fd == 0) {
|
|
||||||
+ /* First time through */
|
|
||||||
+ audit_fd = audit_open();
|
|
||||||
+ if (audit_fd < 0) {
|
|
||||||
+ /* You get these only when the kernel doesn't have
|
|
||||||
+ * audit compiled in. */
|
|
||||||
+ if ( (errno == EINVAL)
|
|
||||||
+ || (errno == EPROTONOSUPPORT)
|
|
||||||
+ || (errno == EAFNOSUPPORT))
|
|
||||||
+ return;
|
|
||||||
+ fputs("Cannot open audit interface - aborting.\n", stderr);
|
|
||||||
+ exit(EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (audit_fd < 0)
|
|
||||||
+ return;
|
|
||||||
+ audit_log_acct_message(audit_fd, type, NULL, op, name, id,
|
|
||||||
+ NULL, NULL, NULL, (int) result);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/* result - 1 is "success" and 0 is "failed" */
|
|
||||||
+void lu_audit_logger_with_group (int type, const char *op, const char *name,
|
|
||||||
+ unsigned int id, const char *grp, unsigned int result)
|
|
||||||
+{
|
|
||||||
+ int len;
|
|
||||||
+ char enc_group[(LOGIN_NAME_MAX*2)+1], buf[1024];
|
|
||||||
+
|
|
||||||
+ if (audit_fd == 0) {
|
|
||||||
+ /* First time through */
|
|
||||||
+ audit_fd = audit_open();
|
|
||||||
+ if (audit_fd < 0) {
|
|
||||||
+ /* You get these only when the kernel doesn't have
|
|
||||||
+ * audit compiled in. */
|
|
||||||
+ if ( (errno == EINVAL)
|
|
||||||
+ || (errno == EPROTONOSUPPORT)
|
|
||||||
+ || (errno == EAFNOSUPPORT))
|
|
||||||
+ return;
|
|
||||||
+ fputs("Cannot open audit interface - aborting.\n", stderr);
|
|
||||||
+ exit(EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (audit_fd < 0)
|
|
||||||
+ return;
|
|
||||||
+ len = strnlen(grp, sizeof(enc_group)/2);
|
|
||||||
+ if (audit_value_needs_encoding(grp, len)) {
|
|
||||||
+ snprintf(buf, sizeof(buf), "%s grp=%s", op,
|
|
||||||
+ audit_encode_value(enc_group, grp, len));
|
|
||||||
+ } else {
|
|
||||||
+ snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
|
|
||||||
+ }
|
|
||||||
+ audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
|
|
||||||
+ NULL, NULL, NULL, (int) result);
|
|
||||||
+}
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
diff --git a/lib/user_private.h b/lib/user_private.h
|
|
||||||
index a4869c138d51519539b6939406cdb0fee23ab7f6..02b813c47ee359db774bb85a2aa7aa12e18d3067 100644
|
|
||||||
--- a/lib/user_private.h
|
|
||||||
+++ b/lib/user_private.h
|
|
||||||
@@ -34,6 +34,9 @@
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
#include <selinux/selinux.h>
|
|
||||||
#endif
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+#include <libaudit.h>
|
|
||||||
+#endif
|
|
||||||
#include "user.h"
|
|
||||||
|
|
||||||
G_BEGIN_DECLS
|
|
||||||
@@ -357,6 +360,18 @@ id_t lu_get_first_unused_id(struct lu_context *ctx, enum lu_entity_type type,
|
|
||||||
/* Append a copy of VALUES to DEST */
|
|
||||||
void lu_util_append_values(GValueArray *dest, GValueArray *values);
|
|
||||||
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+void lu_audit_logger(int type, const char *op, const char *name,
|
|
||||||
+ unsigned int id, unsigned int result);
|
|
||||||
+void lu_audit_logger_with_group(int type, const char *op, const char *name,
|
|
||||||
+ unsigned int id, const char *grp,
|
|
||||||
+ unsigned int result);
|
|
||||||
+#else
|
|
||||||
+#define lu_audit_logger(a, b, c, d, e)
|
|
||||||
+#define lu_audit_logger_with_group(a, b, c, d, e, f)
|
|
||||||
+#endif
|
|
||||||
+#define AUDIT_NO_ID ((unsigned int) -1)
|
|
||||||
+
|
|
||||||
G_END_DECLS
|
|
||||||
|
|
||||||
#endif
|
|
||||||
--
|
|
||||||
2.17.1
|
|
||||||
|
|
82235
SOURCES/0003-translation.patch
Normal file
82235
SOURCES/0003-translation.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,44 +0,0 @@
|
|||||||
From 11a7ff7eeefe763be9ade949e8f2a4a2d53f6129 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
||||||
Date: Mon, 24 Sep 2018 20:51:51 +0200
|
|
||||||
Subject: [PATCH 4/7] Check negative return of PyList_Size
|
|
||||||
|
|
||||||
Merges:
|
|
||||||
https://pagure.io/libuser/issue/28
|
|
||||||
|
|
||||||
In case of an error, PyList_Size can return a negative value. We should
|
|
||||||
check that case, also to avoid compiler warnings like:
|
|
||||||
|
|
||||||
Error: COMPILER_WARNING: [#def41] [warning: defect not occurring in libuser-0.60-9.el7]
|
|
||||||
libuser-0.62/python/misc.c: scope_hint: In function 'libuser_admin_prompt'
|
|
||||||
libuser-0.62/python/misc.c:160:12: warning: argument 1 range [9223372036854775808, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Walloc-size-larger-than=]
|
|
||||||
/usr/include/glib-2.0/glib/glist.h:32: included_from: Included from here.
|
|
||||||
/usr/include/glib-2.0/glib/ghash.h:33: included_from: Included from here.
|
|
||||||
/usr/include/glib-2.0/glib.h:50: included_from: Included from here.
|
|
||||||
libuser-0.62/python/misc.c:25: included_from: Included from here.
|
|
||||||
/usr/include/glib-2.0/glib/gmem.h:96:10: note: in a call to allocation function 'g_malloc0_n' declared here
|
|
||||||
---
|
|
||||||
python/misc.c | 7 ++++++-
|
|
||||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/python/misc.c b/python/misc.c
|
|
||||||
index c4ce819bfaeb4296507b504c4647b7676377b631..fcb0ccfebae143fa7c7a43ad60d7e9b231ca8863 100644
|
|
||||||
--- a/python/misc.c
|
|
||||||
+++ b/python/misc.c
|
|
||||||
@@ -137,7 +137,12 @@ libuser_admin_prompt(struct libuser_admin *self, PyObject * args,
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
count = PyList_Size(list);
|
|
||||||
- if (count > INT_MAX) {
|
|
||||||
+ if (count < 0) {
|
|
||||||
+ PyErr_SetString(PyExc_TypeError,
|
|
||||||
+ "prompt_list has no size; probably not a list");
|
|
||||||
+ DEBUG_EXIT;
|
|
||||||
+ return NULL;
|
|
||||||
+ } else if (count > INT_MAX) {
|
|
||||||
PyErr_SetString(PyExc_ValueError, "too many prompts");
|
|
||||||
DEBUG_EXIT;
|
|
||||||
return NULL;
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,7 +1,21 @@
|
|||||||
diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
|
commit 009d9238317d152f524ee46c4be1ad2f93c47732
|
||||||
--- libuser-0.62/lib/user.c.orig 2024-05-07 17:03:45.220514343 +0200
|
Author: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
+++ libuser-0.62/lib/user.c 2024-05-07 17:05:17.855649386 +0200
|
Date: Wed Sep 26 21:29:35 2018 +0200
|
||||||
@@ -986,7 +986,10 @@ lu_dispatch(struct lu_context *context,
|
|
||||||
|
lu_dispatch: Free tmp on failures
|
||||||
|
|
||||||
|
Merges:
|
||||||
|
https://pagure.io/libuser/issue/23
|
||||||
|
|
||||||
|
This makes the code slightly less compact with using an explicit
|
||||||
|
condition instead of the g_return_val_if_fail() shorthand, but freeing
|
||||||
|
tmp on failures.
|
||||||
|
|
||||||
|
diff --git a/lib/user.c b/lib/user.c
|
||||||
|
index ad2bb09..5709f41 100644
|
||||||
|
--- a/lib/user.c
|
||||||
|
+++ b/lib/user.c
|
||||||
|
@@ -980,7 +980,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
case user_default:
|
case user_default:
|
||||||
case group_default:
|
case group_default:
|
||||||
/* Make sure we have both name and boolean here. */
|
/* Make sure we have both name and boolean here. */
|
||||||
@ -13,7 +27,7 @@ diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
|
|||||||
/* Run the checks and preps. */
|
/* Run the checks and preps. */
|
||||||
if (run_list(context, context->create_module_names,
|
if (run_list(context, context->create_module_names,
|
||||||
logic_and, id,
|
logic_and, id,
|
||||||
@@ -1065,7 +1068,10 @@ lu_dispatch(struct lu_context *context,
|
@@ -1059,7 +1062,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
case user_setpass:
|
case user_setpass:
|
||||||
case group_setpass:
|
case group_setpass:
|
||||||
/* Make sure we have a valid password. */
|
/* Make sure we have a valid password. */
|
||||||
@ -25,7 +39,7 @@ diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
|
|||||||
/* no break: fall through */
|
/* no break: fall through */
|
||||||
case user_removepass:
|
case user_removepass:
|
||||||
case group_removepass:
|
case group_removepass:
|
||||||
@@ -1094,7 +1100,10 @@ lu_dispatch(struct lu_context *context,
|
@@ -1088,7 +1094,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
case users_enumerate_by_group:
|
case users_enumerate_by_group:
|
||||||
case groups_enumerate_by_user:
|
case groups_enumerate_by_user:
|
||||||
/* Make sure we have both name and ID here. */
|
/* Make sure we have both name and ID here. */
|
@ -1,60 +0,0 @@
|
|||||||
From 7acf0fad0ca468f33f86084f36251df5baf3dc94 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
||||||
Date: Wed, 26 Sep 2018 21:01:59 +0200
|
|
||||||
Subject: [PATCH 5/7] files.c: Init char *name to NULL
|
|
||||||
|
|
||||||
Merges:
|
|
||||||
https://pagure.io/libuser/issue/27
|
|
||||||
|
|
||||||
This is mostly to silence coverity warnings. "enum lu_entity_type" has
|
|
||||||
three values and several places in the code follow logic as:
|
|
||||||
|
|
||||||
char *name;
|
|
||||||
if ent->type == user:
|
|
||||||
name = foo()
|
|
||||||
if ent->type == group
|
|
||||||
name = bar()
|
|
||||||
g_assert(name != NULL)
|
|
||||||
|
|
||||||
it shouldn't be possible for ent->type to be anything else but in the
|
|
||||||
odd case it is, initializing name to NULL will ensure that name will be
|
|
||||||
still NULL after the code falls through the conditions and at least the
|
|
||||||
behaviour is defined.
|
|
||||||
---
|
|
||||||
modules/files.c | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/modules/files.c b/modules/files.c
|
|
||||||
index 6a7787e28112ba07e0fc44f2887ce1d1540af29e..8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5 100644
|
|
||||||
--- a/modules/files.c
|
|
||||||
+++ b/modules/files.c
|
|
||||||
@@ -1501,7 +1501,7 @@ generic_lock(struct lu_module *module, const char *file_suffix, int field,
|
|
||||||
struct lu_ent *ent, enum lock_op op, struct lu_error **error)
|
|
||||||
{
|
|
||||||
struct editing *e;
|
|
||||||
- char *value, *new_value, *name;
|
|
||||||
+ char *value, *new_value, *name = NULL;
|
|
||||||
gboolean commit = FALSE, ret = FALSE;
|
|
||||||
|
|
||||||
/* Get the name which keys the entries of interest in the file. */
|
|
||||||
@@ -1561,7 +1561,7 @@ generic_is_locked(struct lu_module *module, const char *file_suffix,
|
|
||||||
int field, struct lu_ent *ent, struct lu_error **error)
|
|
||||||
{
|
|
||||||
char *filename;
|
|
||||||
- char *value, *name;
|
|
||||||
+ char *value, *name = NULL;
|
|
||||||
int fd;
|
|
||||||
gboolean ret = FALSE;
|
|
||||||
|
|
||||||
@@ -1752,7 +1752,7 @@ generic_setpass(struct lu_module *module, const char *file_suffix, int field,
|
|
||||||
struct lu_error **error)
|
|
||||||
{
|
|
||||||
struct editing *e;
|
|
||||||
- char *value, *name;
|
|
||||||
+ char *value, *name = NULL;
|
|
||||||
gboolean ret = FALSE;
|
|
||||||
|
|
||||||
/* Get the name of this account. */
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
2610
SOURCES/0005-translation-update.patch
Normal file
2610
SOURCES/0005-translation-update.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,56 +0,0 @@
|
|||||||
From 8da7fc83aa3e9fd868c6a8da9261b72dae7d29e7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
||||||
Date: Wed, 26 Sep 2018 21:38:02 +0200
|
|
||||||
Subject: [PATCH 6/7] merge_ent_array_duplicates: Only use values if valid
|
|
||||||
|
|
||||||
Merges:
|
|
||||||
https://pagure.io/libuser/issue/22
|
|
||||||
|
|
||||||
Don't attempt to dereference a NULL pointer
|
|
||||||
---
|
|
||||||
lib/user.c | 22 ++++++++++++++--------
|
|
||||||
1 file changed, 14 insertions(+), 8 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/lib/user.c b/lib/user.c
|
|
||||||
index ad2bb099c7d12bd91188e69f188c64953b1d9748..2500565a544bb33a5e08d9807a794a42c819a2d2 100644
|
|
||||||
--- a/lib/user.c
|
|
||||||
+++ b/lib/user.c
|
|
||||||
@@ -691,10 +691,13 @@ merge_ent_array_duplicates(GPtrArray *array)
|
|
||||||
while (attributes != NULL) {
|
|
||||||
attr = (const char *)attributes->data;
|
|
||||||
values = lu_ent_get_current(current, attr);
|
|
||||||
- for (j = 0; j < values->n_values; j++) {
|
|
||||||
- value = g_value_array_get_nth(values,
|
|
||||||
- j);
|
|
||||||
- lu_ent_add_current(saved, attr, value);
|
|
||||||
+ if (values != NULL) {
|
|
||||||
+ for (j = 0; j < values->n_values; j++) {
|
|
||||||
+ value = g_value_array_get_nth(
|
|
||||||
+ values,
|
|
||||||
+ j);
|
|
||||||
+ lu_ent_add_current(saved, attr, value);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
attributes = g_list_next(attributes);
|
|
||||||
}
|
|
||||||
@@ -705,10 +708,13 @@ merge_ent_array_duplicates(GPtrArray *array)
|
|
||||||
while (attributes != NULL) {
|
|
||||||
attr = (const char *)attributes->data;
|
|
||||||
values = lu_ent_get(current, attr);
|
|
||||||
- for (j = 0; j < values->n_values; j++) {
|
|
||||||
- value = g_value_array_get_nth(values,
|
|
||||||
- j);
|
|
||||||
- lu_ent_add(saved, attr, value);
|
|
||||||
+ if (values != NULL) {
|
|
||||||
+ for (j = 0; j < values->n_values; j++) {
|
|
||||||
+ value = g_value_array_get_nth(
|
|
||||||
+ values,
|
|
||||||
+ j);
|
|
||||||
+ lu_ent_add(saved, attr, value);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
attributes = g_list_next(attributes);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
From e5536845298b6672a16e5866a823fcf6562c6cf3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
|
||||||
Date: Wed, 26 Sep 2018 21:15:38 +0200
|
|
||||||
Subject: [PATCH 7/7] editing_open: close fd after we've established its
|
|
||||||
validity
|
|
||||||
|
|
||||||
Merges:
|
|
||||||
https://pagure.io/libuser/issue/26
|
|
||||||
|
|
||||||
The code used to first close(fd) and only then check if it's != -1.
|
|
||||||
Reverse the logic so that the fd is only closed if valid.
|
|
||||||
---
|
|
||||||
modules/files.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/modules/files.c b/modules/files.c
|
|
||||||
index 8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5..b8bf8a60e5810c0b705bd91efbdf9e27e851cd2b 100644
|
|
||||||
--- a/modules/files.c
|
|
||||||
+++ b/modules/files.c
|
|
||||||
@@ -387,9 +387,9 @@ editing_open(struct lu_module *module, const char *file_suffix,
|
|
||||||
backup_name = g_strconcat(e->filename, "-", NULL);
|
|
||||||
fd = open_and_copy_file(e->filename, backup_name, FALSE, error);
|
|
||||||
g_free (backup_name);
|
|
||||||
- close(fd);
|
|
||||||
if (fd == -1)
|
|
||||||
goto err_fscreate;
|
|
||||||
+ close(fd);
|
|
||||||
|
|
||||||
e->new_filename = g_strconcat(e->filename, "+", NULL);
|
|
||||||
e->new_fd = open_and_copy_file(e->filename, e->new_filename, TRUE,
|
|
||||||
--
|
|
||||||
2.14.4
|
|
||||||
|
|
@ -1,48 +0,0 @@
|
|||||||
From c6a4e9f596c976f71894269e3168567e6118236c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Steve Grubb <sgrubb@redhat.com>
|
|
||||||
Date: Wed, 5 Jun 2019 22:16:51 +0200
|
|
||||||
Subject: [PATCH] lgroupmod: Emit AUDIT_GRP_CHAUTHTOK, not AUDIT_GRP_MGMT when
|
|
||||||
changing group password
|
|
||||||
|
|
||||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1670997
|
|
||||||
---
|
|
||||||
apps/lgroupmod.c | 8 ++++----
|
|
||||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
|
|
||||||
index 0ad0ae4..20be85f 100644
|
|
||||||
--- a/apps/lgroupmod.c
|
|
||||||
+++ b/apps/lgroupmod.c
|
|
||||||
@@ -138,12 +138,12 @@ main(int argc, const char **argv)
|
|
||||||
== FALSE) {
|
|
||||||
fprintf(stderr, _("Failed to set password for group "
|
|
||||||
"%s: %s\n"), group, lu_strerror(error));
|
|
||||||
- lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
|
||||||
"changing-group-passwd", group,
|
|
||||||
AUDIT_NO_ID, 0);
|
|
||||||
return 4;
|
|
||||||
}
|
|
||||||
- lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
|
||||||
"changing-group-passwd", group,
|
|
||||||
AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
@@ -153,12 +153,12 @@ main(int argc, const char **argv)
|
|
||||||
&error) == FALSE) {
|
|
||||||
fprintf(stderr, _("Failed to set password for group "
|
|
||||||
"%s: %s\n"), group, lu_strerror(error));
|
|
||||||
- lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
|
||||||
"changing-group-passwd", group,
|
|
||||||
AUDIT_NO_ID, 0);
|
|
||||||
return 5;
|
|
||||||
}
|
|
||||||
- lu_audit_logger(AUDIT_GRP_MGMT,
|
|
||||||
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
|
||||||
"changing-group-passwd", group,
|
|
||||||
AUDIT_NO_ID, 1);
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,48 +1,40 @@
|
|||||||
Name: libuser
|
Name: libuser
|
||||||
Version: 0.62
|
Version: 0.63
|
||||||
Release: 26%{?dist}
|
Release: 15%{?dist}
|
||||||
Group: System Environment/Base
|
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://pagure.io/libuser
|
URL: https://pagure.io/libuser
|
||||||
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
|
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1608321
|
Patch0001: 0001-man-typo.patch
|
||||||
Source1: libuser-0_62-ja.po
|
Patch0002: 0002-popt-memopy.patch
|
||||||
Source2: libuser-0_62-zh_CN.po
|
Patch0003: 0003-translation.patch
|
||||||
Source3: libuser-0_62-zh_TW.po
|
Patch0004: 0004-resource-leak.patch
|
||||||
Source4: libuser-0_62-fr.po
|
Patch0005: 0005-translation-update.patch
|
||||||
Source5: libuser-0_62-it.po
|
|
||||||
Source6: libuser-0_62-de.po
|
|
||||||
Source7: libuser-0_62-ko.po
|
|
||||||
Source8: libuser-0_62-pt_BR.po
|
|
||||||
Source9: libuser-0_62-ru.po
|
|
||||||
Source10: libuser-0_62-es.po
|
|
||||||
|
|
||||||
# Because we patch configure
|
BuildRequires: glib2-devel
|
||||||
BuildRequires: autoconf gettext-devel automake libtool
|
BuildRequires: linuxdoc-tools
|
||||||
BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel, python3-devel
|
BuildRequires: popt-devel
|
||||||
|
BuildRequires: cyrus-sasl-devel
|
||||||
|
BuildRequires: libselinux-devel
|
||||||
|
BuildRequires: openldap-devel
|
||||||
|
BuildRequires: python3-devel
|
||||||
# To make sure the configure script can find it
|
# To make sure the configure script can find it
|
||||||
BuildRequires: nscd
|
BuildRequires: nscd
|
||||||
# We support libaudit
|
BuildRequires: gcc
|
||||||
BuildRequires: audit-libs-devel
|
|
||||||
# For %%check
|
# For %%check
|
||||||
BuildRequires: openldap-clients, openldap-servers, openssl
|
BuildRequires: openldap-clients
|
||||||
|
# BuildRequires: openldap-servers
|
||||||
|
BuildRequires: openssl
|
||||||
|
BuildRequires: make
|
||||||
|
BuildRequires: bison
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: gettext-devel
|
||||||
|
BuildRequires: gtk-doc
|
||||||
|
BuildRequires: audit-libs-devel
|
||||||
|
|
||||||
Summary: A user and group account administration library
|
Summary: A user and group account administration library
|
||||||
|
|
||||||
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
|
%global __provides_exclude_from ^(%{_libdir}/%{name}|%{python3_sitearch})/.*$
|
||||||
|
|
||||||
# Patch to address format-security.
|
|
||||||
# Submitted upstream at https://pagure.io/libuser/pull-request/17
|
|
||||||
Patch1: 0001-Fix-errors-with-Werror-format-security.patch
|
|
||||||
Patch2: 0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch
|
|
||||||
Patch3: 0003-Add-audit-events-around-user-life-cycle.patch
|
|
||||||
Patch4: 0004-Check-negative-return-of-PyList_Size.patch
|
|
||||||
Patch5: 0005-files.c-Init-char-name-to-NULL.patch
|
|
||||||
Patch6: 0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
|
|
||||||
Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch
|
|
||||||
Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch
|
|
||||||
Patch9: 0009-man-typo.patch
|
|
||||||
Patch10: 0010-resource-leak.patch
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The libuser library implements a standardized interface for manipulating
|
The libuser library implements a standardized interface for manipulating
|
||||||
@ -53,7 +45,6 @@ Sample applications modeled after those included with the shadow password
|
|||||||
suite are included.
|
suite are included.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Group: Development/Libraries
|
|
||||||
Summary: Files needed for developing applications which use libuser
|
Summary: Files needed for developing applications which use libuser
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: glib2-devel%{?_isa}
|
Requires: glib2-devel%{?_isa}
|
||||||
@ -63,12 +54,11 @@ The libuser-devel package contains header files, static libraries, and other
|
|||||||
files useful for developing applications with libuser.
|
files useful for developing applications with libuser.
|
||||||
|
|
||||||
%package -n python3-libuser
|
%package -n python3-libuser
|
||||||
%{?python_provide:%python_provide python2-libuser}
|
|
||||||
Summary: Python 3 bindings for the libuser library
|
Summary: Python 3 bindings for the libuser library
|
||||||
Group: Development/Libraries
|
|
||||||
Requires: libuser%{?_isa} = %{version}-%{release}
|
Requires: libuser%{?_isa} = %{version}-%{release}
|
||||||
Provides: libuser-python3 = %{version}-%{release}
|
Provides: python3-libuser = %{version}-%{release}
|
||||||
Obsoletes: libuser-python3 < %{version}-%{release}
|
Provides: python3-libuser%{?_isa} = %{version}-%{release}
|
||||||
|
%{?python_provide:%python_provide python3-libuser}
|
||||||
|
|
||||||
%description -n python3-libuser
|
%description -n python3-libuser
|
||||||
The python3-libuser package contains the Python bindings for
|
The python3-libuser package contains the Python bindings for
|
||||||
@ -76,70 +66,33 @@ the libuser library, which provides a Python 3 API for manipulating and
|
|||||||
administering user and group accounts.
|
administering user and group accounts.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n libuser-%{version}
|
%autosetup -n libuser-%{version} -p1
|
||||||
|
|
||||||
%patch -P 1 -p1
|
|
||||||
%patch -P 2 -p1
|
|
||||||
%patch -P 3 -p1
|
|
||||||
%patch -P 4 -p1
|
|
||||||
%patch -P 5 -p1
|
|
||||||
%patch -P 6 -p1
|
|
||||||
%patch -P 7 -p1
|
|
||||||
%patch -P 8 -p1
|
|
||||||
%patch -P 9 -p1
|
|
||||||
%patch -P 10 -p1
|
|
||||||
cp %{SOURCE1} po/ja.po
|
|
||||||
cp %{SOURCE2} po/zh_CN.po
|
|
||||||
cp %{SOURCE3} po/zh_TW.po
|
|
||||||
cp %{SOURCE4} po/fr.po
|
|
||||||
cp %{SOURCE5} po/it.po
|
|
||||||
cp %{SOURCE6} po/de.po
|
|
||||||
cp %{SOURCE7} po/ko.po
|
|
||||||
cp %{SOURCE8} po/pt_BR.po
|
|
||||||
cp %{SOURCE9} po/ru.po
|
|
||||||
cp %{SOURCE10} po/es.po
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -if
|
./autogen.sh
|
||||||
%configure --with-selinux \
|
%configure --with-selinux --with-ldap --with-audit \
|
||||||
--with-ldap \
|
--enable-gtk-doc --with-html-dir=%{_datadir}/gtk-doc/html \
|
||||||
--with-audit \
|
PYTHON=%{python3}
|
||||||
--with-html-dir=%{_datadir}/gtk-doc/html \
|
|
||||||
PYTHON=/usr/bin/python3
|
|
||||||
make
|
make
|
||||||
# (make all) only rebuilds .gmo files if the .pot file is updated, regardless of po/ja.po changes
|
|
||||||
make -C po ja.gmo
|
|
||||||
make -C po zh_CN.gmo
|
|
||||||
make -C po zh_TW.gmo
|
|
||||||
make -C po it.gmo
|
|
||||||
make -C po de.gmo
|
|
||||||
make -C po ko.gmo
|
|
||||||
make -C po pt_BR.gmo
|
|
||||||
make -C po ru.gmo
|
|
||||||
make -C po es.gmo
|
|
||||||
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
%make_install
|
||||||
|
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
|
||||||
%check
|
#%check
|
||||||
|
#make check || { cat test-suite.log; false; }
|
||||||
LC_ALL=C.UTF-8 make check \
|
#
|
||||||
|| { cat test-suite.log; false; }
|
## Verify that all python modules load, just in case.
|
||||||
|
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
|
||||||
# Verify that all python modules load, just in case.
|
#export LD_LIBRARY_PATH
|
||||||
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
|
#PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitearch}
|
||||||
export LD_LIBRARY_PATH
|
#export PYTHONPATH
|
||||||
cd $RPM_BUILD_ROOT/%{python3_sitearch}
|
#%{python3} -c "import libuser"
|
||||||
# The Python 3 module only supports UTF-8
|
|
||||||
LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|
||||||
|
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
@ -170,50 +123,120 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|||||||
%{_datadir}/gtk-doc/html/*
|
%{_datadir}/gtk-doc/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Jul 23 2024 Michal Hlavinka <mhlavink@redhat.com> - 0.62-26
|
* Tue May 7 2024 Tomas Halman <thalman@redhat.com> - 0.63-15
|
||||||
- fix findings from static application security testing (#RHEL-35578)
|
- Update translations
|
||||||
- translation update (#RHEL-12111)
|
Resolves: RHEL-12110
|
||||||
|
|
||||||
* Tue Nov 29 2022 Tomas Halman <thalman@redhat.com> - 0.62-25
|
* Mon May 6 2024 Tomas Halman <thalman@redhat.com> - 0.63-14
|
||||||
- Man-page update
|
- Fix findings from static application security testing
|
||||||
- Resolves: rhbz#2070941 - small typo in lchage man page
|
Resolves: RHEL-35693
|
||||||
|
|
||||||
* Wed Jun 26 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-23
|
* Tue Jul 11 2023 Tomas Halman <thalman@redhat.com> - 0.63-13
|
||||||
- Actually apply the patch from the previous build
|
- Translation update
|
||||||
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
|
Resolves: rhbz#2139662
|
||||||
|
|
||||||
* Fri Jun 7 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-22
|
* Thu Nov 10 2022 Tomas Halman <thalman@redhat.com> - 0.63-12
|
||||||
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
|
- correct popt memory handling
|
||||||
|
- Fix the manpage
|
||||||
|
Resolves: rhbz#2070943
|
||||||
|
|
||||||
* Fri Nov 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-21
|
* Fri Jul 15 2022 Tomas Halman <thalman@redhat.com> - 0.63-11
|
||||||
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
|
- remove build dependency for openldap-server
|
||||||
|
Resolves: rhbz#2102876
|
||||||
|
|
||||||
* Fri Oct 12 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-20
|
* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-10
|
||||||
- Resolves: rhbz#1637398 - libuser-python3 should be renamed to comply
|
- Update changelog according git history
|
||||||
with Packaging Guidelines
|
Resolves: rhbz#1993633
|
||||||
|
|
||||||
* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
|
* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-9
|
||||||
- Resolves: rhbz#1602600 - Please review important issues found by covscan
|
- Fix broken changelog in rpm spec
|
||||||
in "libuser-0.62-14.el8+7" package
|
Resolves: rhbz#1993633
|
||||||
|
|
||||||
* Fri Sep 28 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-18
|
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-7
|
||||||
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-17
|
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-6
|
||||||
- Resolves: rhbz#1558151 - libuser needs audit events around the account
|
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
||||||
lifecycle
|
Related: rhbz#1971065
|
||||||
|
|
||||||
* Mon Aug 6 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
|
* Thu May 20 2021 Tomas Halman <thalman@redhat.com> - 0.63-5
|
||||||
- Use 2048bit keys in tests
|
- Enable audit library in the build
|
||||||
- Resolves: rhbz#1611729 - [RHEL8-S-BUILD] libuser Fails Scratch Build on rhel-8.0
|
- Resolves: rhbz#1923043 - libuser doesn't audit events around the account lifecycle
|
||||||
|
|
||||||
* Mon Jun 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-15
|
* Tue May 11 2021 Tomas Halman <thalman@redhat.com> - 0.63-4
|
||||||
- Drop the fakeroot dependency
|
- Resolves: rhbz#1951601 - Remove fakeroot dependency
|
||||||
- Resolves: #1581448 - Remove fakeroot from libuser in RHEL8
|
|
||||||
|
|
||||||
* Sun Jun 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-14
|
* Tue May 11 2021 Tomas Halman <thalman@redhat.com> - 0.63-3
|
||||||
- Do not build python2-libuser at all in RHEL-8
|
- Renaming python package according to the standard
|
||||||
- Resolves: #1559103 - libuser: Drop Python 2 subpackage(s) from RHEL 8
|
- Resolves: rhbz#1951968
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-2
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Mon Mar 1 2021 Tomas Halman <thalman@redhat.com> - 0.63-1
|
||||||
|
- Release new version 0.63
|
||||||
|
|
||||||
|
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-31
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Sep 09 2020 Tom Stellard <tstellar@redhat.com> - 0.62-30
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Wed Sep 02 2020 Merlin Mathesius <mmathesi@redhat.com> - 0.62-29
|
||||||
|
- Pull in upstream patch that fixes FTBFS for Rawhide and ELN
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-28
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-27
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 3 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.62-26
|
||||||
|
- Temporarily disable tests, nothing changed since forever so this should be
|
||||||
|
safe and would unblock FTBFS
|
||||||
|
- Related: rhbz#1817666 - libuser fails to build with Python 3.9: FAIL: tests/fs_test
|
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.62-25
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
|
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-24
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Nov 26 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-23
|
||||||
|
- Subpackage python2-libuser has been removed
|
||||||
|
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
|
||||||
|
|
||||||
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-22
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
|
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-21
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-20
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 0.62-19
|
||||||
|
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||||
|
|
||||||
|
* Fri Jul 20 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
|
||||||
|
- BuildRequires: gcc
|
||||||
|
- Related: rhbz#1604682 - libuser: FTBFS in Fedora rawhide
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-17
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Mon Jul 9 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
|
||||||
|
- Use python2 explicitly in tests of python2 bindings instead of just "python"
|
||||||
|
- Related: rhbz#1582899 - libuser: FTBFS in Fedora 28
|
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.62-15
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-14
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
|
||||||
- Rebuilt for switch to libxcrypt
|
- Rebuilt for switch to libxcrypt
|
||||||
@ -620,7 +643,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|||||||
- Fix updating of groups after user renaming in lusermod
|
- Fix updating of groups after user renaming in lusermod
|
||||||
- Allow setting a shadow password even if the current shadow password is
|
- Allow setting a shadow password even if the current shadow password is
|
||||||
invalid (#131180)
|
invalid (#131180)
|
||||||
- Add lu_{user,group}_unlock_nonempty (#86414); module interface ABI has
|
- Add lu_{user,group}_unlock_nonempty (#86414); module interface ABI has
|
||||||
changed
|
changed
|
||||||
- Miscellaneous bug and memory leak fixes
|
- Miscellaneous bug and memory leak fixes
|
||||||
|
|
||||||
@ -695,7 +718,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|||||||
- enable SELinux
|
- enable SELinux
|
||||||
|
|
||||||
* Mon Sep 08 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-5
|
* Mon Sep 08 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-5
|
||||||
- Turn off SELinux
|
- Turn off SELinux
|
||||||
|
|
||||||
* Wed Aug 06 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-3
|
* Wed Aug 06 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-3
|
||||||
- Add SELinux support
|
- Add SELinux support
|
||||||
@ -922,7 +945,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|||||||
- finish adding a sasldb module which manipulates a sasldb file
|
- finish adding a sasldb module which manipulates a sasldb file
|
||||||
- add users_enumerate_by_group and groups_enumerate_by_users
|
- add users_enumerate_by_group and groups_enumerate_by_users
|
||||||
|
|
||||||
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
- luserdel: remove the user's primary group if it has the same name as
|
- luserdel: remove the user's primary group if it has the same name as
|
||||||
the user and has no members configured (-G disables)
|
the user and has no members configured (-G disables)
|
||||||
- fixup some configure stuff to make libuser.conf get generated correctly
|
- fixup some configure stuff to make libuser.conf get generated correctly
|
||||||
@ -976,7 +999,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
|
|||||||
|
|
||||||
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
- stub out the krb5 and ldap modules so that they'll at least compile again
|
- stub out the krb5 and ldap modules so that they'll at least compile again
|
||||||
|
|
||||||
* Tue Jul 10 2001 Nalin Dahyabhai <nalin@redhat.com>
|
* Tue Jul 10 2001 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
- don't bail when writing empty fields to colon-delimited files
|
- don't bail when writing empty fields to colon-delimited files
|
||||||
- use permissions of the original file when making backup files instead of 0600
|
- use permissions of the original file when making backup files instead of 0600
|
||||||
|
Loading…
Reference in New Issue
Block a user