Compare commits
No commits in common. "c9-beta" and "c8" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/libuser-0.63.tar.xz
|
SOURCES/libuser-0.62.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
cd6b029165743afaaee58e7d80e767da7a868545 SOURCES/libuser-0.63.tar.xz
|
e0fe60dd38f3b5777d0a4ad664725eddd18ef310 SOURCES/libuser-0.62.tar.xz
|
||||||
|
52
SOURCES/0001-Fix-errors-with-Werror-format-security.patch
Normal file
52
SOURCES/0001-Fix-errors-with-Werror-format-security.patch
Normal file
@ -0,0 +1,52 @@
|
|||||||
|
From 9317afc8bb7eec656444fc2eecfcd1ea3bfdda82 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Wed, 15 Mar 2017 12:43:03 -0400
|
||||||
|
Subject: [PATCH] Fix errors with -Werror=format-security
|
||||||
|
|
||||||
|
Recent versions of the Fedora build system treat format-security
|
||||||
|
warnings as errors, resulting in failure to build. This patch
|
||||||
|
ensures that appropriate format strings are present.
|
||||||
|
|
||||||
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
---
|
||||||
|
modules/files.c | 2 +-
|
||||||
|
modules/ldap.c | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/files.c b/modules/files.c
|
||||||
|
index 4ef0a57be9f2aad99d82abfae5204009a93e5572..6a7787e28112ba07e0fc44f2887ce1d1540af29e 100644
|
||||||
|
--- a/modules/files.c
|
||||||
|
+++ b/modules/files.c
|
||||||
|
@@ -532,11 +532,11 @@ parse_field(const struct format_specifier *format, GValue *value,
|
||||||
|
err = NULL;
|
||||||
|
ret = lu_value_init_set_attr_from_string(value, format->attribute,
|
||||||
|
string, &err);
|
||||||
|
if (ret == FALSE) {
|
||||||
|
g_assert(err != NULL);
|
||||||
|
- g_warning(lu_strerror(err));
|
||||||
|
+ g_warning("%s", lu_strerror(err));
|
||||||
|
lu_error_free(&err);
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/modules/ldap.c b/modules/ldap.c
|
||||||
|
index ad10f7394c5735f3180cbab5bc7314301fd83ffc..02e9eb6a0cf10595d730e3dc719f2e848a3491d4 100644
|
||||||
|
--- a/modules/ldap.c
|
||||||
|
+++ b/modules/ldap.c
|
||||||
|
@@ -670,11 +670,11 @@ lu_ldap_lookup(struct lu_module *module,
|
||||||
|
error = NULL;
|
||||||
|
ok = lu_value_init_set_attr_from_string
|
||||||
|
(&value, attr, val, &error);
|
||||||
|
if (ok == FALSE) {
|
||||||
|
g_assert(error != NULL);
|
||||||
|
- g_warning(lu_strerror(error));
|
||||||
|
+ g_warning("%s", lu_strerror(error));
|
||||||
|
lu_error_free(&error);
|
||||||
|
} else {
|
||||||
|
lu_ent_add_current(ent, attr,
|
||||||
|
&value);
|
||||||
|
g_value_unset(&value);
|
||||||
|
--
|
||||||
|
2.12.0
|
||||||
|
|
@ -0,0 +1,40 @@
|
|||||||
|
From 68e2c532e610e1c91dd10ff176b673d6190adef4 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
|
Date: Mon, 6 Aug 2018 21:43:53 +0200
|
||||||
|
Subject: [PATCH] Use 2048-bit keys in tests to avoid issues with modern
|
||||||
|
systems
|
||||||
|
|
||||||
|
---
|
||||||
|
tests/default_pw_test | 2 +-
|
||||||
|
tests/ldap_test | 2 +-
|
||||||
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/default_pw_test b/tests/default_pw_test
|
||||||
|
index 6da406cf3f67cee2084e730361d43c88df83b81c..733c85c090e07c87a9a7ef8b58c5396bf5f91197 100755
|
||||||
|
--- a/tests/default_pw_test
|
||||||
|
+++ b/tests/default_pw_test
|
||||||
|
@@ -30,7 +30,7 @@ rm -rf "$workdir"
|
||||||
|
mkdir "$workdir"
|
||||||
|
|
||||||
|
# Create a SSL key
|
||||||
|
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
|
||||||
|
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
|
||||||
|
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
|
||||||
|
.
|
||||||
|
.
|
||||||
|
diff --git a/tests/ldap_test b/tests/ldap_test
|
||||||
|
index f82c2795ef283e323f49c8a400d6c628b3a3e331..54609b14d54b2c5638445262e7fb25307ba6db4c 100755
|
||||||
|
--- a/tests/ldap_test
|
||||||
|
+++ b/tests/ldap_test
|
||||||
|
@@ -30,7 +30,7 @@ rm -rf "$workdir"
|
||||||
|
mkdir "$workdir"
|
||||||
|
|
||||||
|
# Create a SSL key
|
||||||
|
-/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
|
||||||
|
+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
|
||||||
|
-x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
|
||||||
|
.
|
||||||
|
.
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
658
SOURCES/0003-Add-audit-events-around-user-life-cycle.patch
Normal file
658
SOURCES/0003-Add-audit-events-around-user-life-cycle.patch
Normal file
@ -0,0 +1,658 @@
|
|||||||
|
From 72962208c42ea202f1e31f2f3ac1b523cd545b06 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Fri, 3 Aug 2018 11:33:05 +0200
|
||||||
|
Subject: [PATCH] Add audit events around user life cycle
|
||||||
|
|
||||||
|
---
|
||||||
|
Makefile.am | 18 ++++++-------
|
||||||
|
apps/lchage.c | 5 ++++
|
||||||
|
apps/lchsh.c | 7 +++++
|
||||||
|
apps/lgroupadd.c | 5 ++++
|
||||||
|
apps/lgroupdel.c | 6 +++++
|
||||||
|
apps/lgroupmod.c | 36 +++++++++++++++++++++++++
|
||||||
|
apps/luseradd.c | 16 +++++++++++
|
||||||
|
apps/luserdel.c | 17 ++++++++++++
|
||||||
|
apps/lusermod.c | 38 +++++++++++++++++++++++++-
|
||||||
|
configure.ac | 17 ++++++++++++
|
||||||
|
lib/common.c | 66 +++++++++++++++++++++++++++++++++++++++++++++-
|
||||||
|
lib/user_private.h | 15 +++++++++++
|
||||||
|
12 files changed, 235 insertions(+), 11 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 080f97e8cc81a77dd0413c3b6fe7fe8002499393..9f099bd71941a869274a502a3130802731d83c24 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -116,7 +116,7 @@ apps_libapputil_la_LDFLAGS = $(GOBJECT_LIBS) -lpam -lpam_misc $(SELINUX_LIBS)
|
||||||
|
|
||||||
|
apps_lchage_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lchage_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lchfn_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lchfn_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
|
||||||
|
@@ -124,19 +124,19 @@ apps_lchfn_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
|
||||||
|
apps_lchsh_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lchsh_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lgroupadd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lgroupadd_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lgroupdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lgroupdel_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lgroupmod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lgroupmod_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lid_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lid_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
@@ -152,15 +152,15 @@ apps_lpasswd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
|
||||||
|
apps_luseradd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_luseradd_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_luserdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_luserdel_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
apps_lusermod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
|
||||||
|
apps_lusermod_LDADD = lib/libuser.la $(LTLIBINTL)
|
||||||
|
-apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt
|
||||||
|
+apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
|
||||||
|
|
||||||
|
lib_libuser_la_SOURCES = lib/common.c lib/config.c lib/entity.c lib/error.c \
|
||||||
|
lib/fs.c lib/getdate.y lib/internal.h lib/misc.c lib/modules.c \
|
||||||
|
@@ -170,7 +170,7 @@ lib_libuser_la_CPPFLAGS = $(GMODULE_CFLAGS) -Ilib $(LOCALEDIR_CPPFLAGS) \
|
||||||
|
-DMODULEDIR='"$(pkglibdir)"' -DNSCD='"$(NSCD)"' \
|
||||||
|
-DSYSCONFDIR='"$(sysconfdir)"'
|
||||||
|
lib_libuser_la_LDFLAGS = $(GMODULE_LIBS) $(CRYPT_LIBS) $(SELINUX_LIBS) \
|
||||||
|
- -version-info 6:2:5
|
||||||
|
+ $(AUDIT_LIBS) -version-info 6:2:5
|
||||||
|
lib_libuser_la_LIBADD = $(LTLIBINTL)
|
||||||
|
|
||||||
|
modules_libuser_files_la_SOURCES = modules/files.c
|
||||||
|
diff --git a/apps/lchage.c b/apps/lchage.c
|
||||||
|
index bad296ccf0755dd6781b1a2e6397dccb1f7dbd12..1a4f04883062cb11f15a2e34d37e127fef2a374e 100644
|
||||||
|
--- a/apps/lchage.c
|
||||||
|
+++ b/apps/lchage.c
|
||||||
|
@@ -29,6 +29,7 @@
|
||||||
|
#include <popt.h>
|
||||||
|
#include <glib.h>
|
||||||
|
#include "../lib/user.h"
|
||||||
|
+#include "../lib/user_private.h"
|
||||||
|
#include "apputil.h"
|
||||||
|
|
||||||
|
#define INVALID_LONG LONG_MIN
|
||||||
|
@@ -239,8 +240,12 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Failed to modify aging information for %s: "
|
||||||
|
"%s\n"), user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
}
|
||||||
|
diff --git a/apps/lchsh.c b/apps/lchsh.c
|
||||||
|
index 7c8a9246d4548a7f6fbacce91cdfdf4372799943..555ed2ea7b0d5a90bf37a7f23c398b382ac45a38 100644
|
||||||
|
--- a/apps/lchsh.c
|
||||||
|
+++ b/apps/lchsh.c
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include "../lib/user.h"
|
||||||
|
+#include "../lib/user_private.h"
|
||||||
|
#include "apputil.h"
|
||||||
|
|
||||||
|
int
|
||||||
|
@@ -120,6 +121,8 @@ main(int argc, const char **argv)
|
||||||
|
NULL, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Shell not changed: %s\n"),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
/* Modify the in-memory structure's shell attribute. */
|
||||||
|
@@ -132,9 +135,13 @@ main(int argc, const char **argv)
|
||||||
|
if (lu_user_modify(ctx, ent, &error)) {
|
||||||
|
g_print(_("Shell changed.\n"));
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
} else {
|
||||||
|
fprintf(stderr, _("Shell not changed: %s\n"),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/apps/lgroupadd.c b/apps/lgroupadd.c
|
||||||
|
index d73ee864adac9e5dbc7d98392190db225d116143..3fa2a1df5ac5838ef256541c07ae6028e4f6a80b 100644
|
||||||
|
--- a/apps/lgroupadd.c
|
||||||
|
+++ b/apps/lgroupadd.c
|
||||||
|
@@ -118,6 +118,8 @@ main(int argc, const char **argv)
|
||||||
|
if (lu_group_add(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Group creation failed: %s\n"),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -127,5 +129,8 @@ main(int argc, const char **argv)
|
||||||
|
|
||||||
|
lu_end(ctx);
|
||||||
|
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/apps/lgroupdel.c b/apps/lgroupdel.c
|
||||||
|
index e0fd6c6d42f55eef82f0790f551721972c129b5f..c5ccbed95cb834719cd109a81e6f979bb737dc71 100644
|
||||||
|
--- a/apps/lgroupdel.c
|
||||||
|
+++ b/apps/lgroupdel.c
|
||||||
|
@@ -24,6 +24,7 @@
|
||||||
|
#include <locale.h>
|
||||||
|
#include <popt.h>
|
||||||
|
#include "../lib/user.h"
|
||||||
|
+#include "../lib/user_private.h"
|
||||||
|
#include "apputil.h"
|
||||||
|
|
||||||
|
int
|
||||||
|
@@ -90,6 +91,8 @@ main(int argc, const char **argv)
|
||||||
|
if (lu_group_delete(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Group %s could not be deleted: %s\n"),
|
||||||
|
group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -99,5 +102,8 @@ main(int argc, const char **argv)
|
||||||
|
|
||||||
|
lu_end(ctx);
|
||||||
|
|
||||||
|
+ lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
+
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
|
||||||
|
index 21170e06f37370d7b2f2d936048ae7abf24fd181..0ad0ae4f39d32435b4668ef15ec678d8ea319e5c 100644
|
||||||
|
--- a/apps/lgroupmod.c
|
||||||
|
+++ b/apps/lgroupmod.c
|
||||||
|
@@ -138,8 +138,14 @@ main(int argc, const char **argv)
|
||||||
|
== FALSE) {
|
||||||
|
fprintf(stderr, _("Failed to set password for group "
|
||||||
|
"%s: %s\n"), group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-passwd", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 4;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-passwd", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (cryptedUserPassword) {
|
||||||
|
@@ -147,8 +153,14 @@ main(int argc, const char **argv)
|
||||||
|
&error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Failed to set password for group "
|
||||||
|
"%s: %s\n"), group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-passwd", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 5;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-passwd", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (lock) {
|
||||||
|
@@ -156,8 +168,14 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Group %s could not be locked: %s\n"), group,
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-lock", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 6;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-lock", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (unlock) {
|
||||||
|
@@ -165,8 +183,14 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Group %s could not be unlocked: %s\n"),
|
||||||
|
group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-lock", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 7;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-lock", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
change = gid || addAdmins || remAdmins || addMembers || remMembers;
|
||||||
|
@@ -241,8 +265,14 @@ main(int argc, const char **argv)
|
||||||
|
if (change && lu_group_modify(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Group %s could not be modified: %s\n"),
|
||||||
|
group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-members", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 8;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-members", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
if (gidNumber != LU_VALUE_INVALID_ID) {
|
||||||
|
users = lu_users_enumerate_by_group_full(ctx, gid, &error);
|
||||||
|
|
||||||
|
@@ -256,8 +286,14 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Group %s could not be modified: %s\n"),
|
||||||
|
group, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-id", group,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 8;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ "changing-group-id", group,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
lu_ent_free(ent);
|
||||||
|
diff --git a/apps/luseradd.c b/apps/luseradd.c
|
||||||
|
index 7839183c00f892ad50f77f5aed6ada07cd3c125b..9d7f4f10a9c6f849e551f017f05c2e67e4a56259 100644
|
||||||
|
--- a/apps/luseradd.c
|
||||||
|
+++ b/apps/luseradd.c
|
||||||
|
@@ -210,8 +210,12 @@ main(int argc, const char **argv)
|
||||||
|
lu_error_free(&error);
|
||||||
|
}
|
||||||
|
lu_end(ctx);
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Retrieve the group ID. */
|
||||||
|
@@ -259,9 +263,13 @@ main(int argc, const char **argv)
|
||||||
|
if (lu_user_add(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Account creation failed: %s.\n"),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
+
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
+ lu_audit_logger(AUDIT_ADD_USER, "add-user", name, AUDIT_NO_ID, 1);
|
||||||
|
|
||||||
|
/* If we don't have the the don't-create-home flag, create the user's
|
||||||
|
* home directory. */
|
||||||
|
@@ -282,8 +290,12 @@ main(int argc, const char **argv)
|
||||||
|
&error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Error creating %s: %s.\n"),
|
||||||
|
homeDirectory, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 7;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
|
||||||
|
+ uidNumber, 1);
|
||||||
|
|
||||||
|
/* Create a mail spool for the user. */
|
||||||
|
if (lu_mail_spool_create(ctx, ent, &error) != TRUE) {
|
||||||
|
@@ -311,8 +323,12 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr, _("Error setting password for user "
|
||||||
|
"%s: %s.\n"), name,
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
||||||
|
+ name, uidNumber, 0);
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
||||||
|
+ name, uidNumber, 1);
|
||||||
|
}
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
|
||||||
|
diff --git a/apps/luserdel.c b/apps/luserdel.c
|
||||||
|
index 2f39a4ffb8ae47ac5dc3c84270b54a8ca68c7403..7e20fa7ea9bf4082967bc6931a8557936bfda0a2 100644
|
||||||
|
--- a/apps/luserdel.c
|
||||||
|
+++ b/apps/luserdel.c
|
||||||
|
@@ -26,6 +26,7 @@
|
||||||
|
#include <string.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
#include "../lib/user.h"
|
||||||
|
+#include "../lib/user_private.h"
|
||||||
|
#include "apputil.h"
|
||||||
|
|
||||||
|
int
|
||||||
|
@@ -93,8 +94,12 @@ main(int argc, const char **argv)
|
||||||
|
if (lu_user_delete(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("User %s could not be deleted: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 3;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
|
||||||
|
@@ -126,9 +131,15 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr, _("Group %s could not be "
|
||||||
|
"deleted: %s.\n"), tmp,
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
|
||||||
|
+ "delete-group", user, AUDIT_NO_ID,
|
||||||
|
+ tmp, 0);
|
||||||
|
return 7;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
+ lu_audit_logger_with_group (AUDIT_DEL_GROUP,
|
||||||
|
+ "delete-group", user,
|
||||||
|
+ AUDIT_NO_ID, tmp, 1);
|
||||||
|
lu_ent_free(group_ent);
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_GROUP);
|
||||||
|
}
|
||||||
|
@@ -138,8 +149,14 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Error removing home directory: %s.\n"),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT,
|
||||||
|
+ "deleting-home-directory", user,
|
||||||
|
+ AUDIT_NO_ID, 0);
|
||||||
|
return 9;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "deleting-home-directory", user,
|
||||||
|
+ AUDIT_NO_ID, 1);
|
||||||
|
+
|
||||||
|
/* Delete the user's mail spool. */
|
||||||
|
if (lu_mail_spool_remove(ctx, ent, &error) != TRUE) {
|
||||||
|
fprintf(stderr, _("Error removing mail spool: %s"),
|
||||||
|
diff --git a/apps/lusermod.c b/apps/lusermod.c
|
||||||
|
index afec147475736f0b814b5e1f30c77064f3915c20..143157f114c93960fb879d9e6e0c1fb914f3ffcb 100644
|
||||||
|
--- a/apps/lusermod.c
|
||||||
|
+++ b/apps/lusermod.c
|
||||||
|
@@ -179,8 +179,13 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Failed to set password for user %s: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
||||||
|
+ "updating-password", user,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 5;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
||||||
|
+ user, uidNumber, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If we need to change a user's crypted password, try to change it,
|
||||||
|
@@ -192,8 +197,13 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("Failed to set password for user %s: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
||||||
|
+ "updating-password", user,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 6;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
|
||||||
|
+ user, uidNumber, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* If we need to lock/unlock the user's account, do that. */
|
||||||
|
@@ -202,16 +212,26 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr,
|
||||||
|
_("User %s could not be locked: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
||||||
|
+ "locking-account", user,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 7;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "locking-account",
|
||||||
|
+ user, uidNumber, 0);
|
||||||
|
}
|
||||||
|
if (unlock) {
|
||||||
|
if (lu_user_unlock(ctx, ent, &error) == FALSE) {
|
||||||
|
fprintf(stderr,
|
||||||
|
_("User %s could not be unlocked: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK,
|
||||||
|
+ "unlocking-account", user,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 8;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_CHAUTHTOK, "unlocking-account",
|
||||||
|
+ user, uidNumber, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Determine if we actually need to change anything. */
|
||||||
|
@@ -274,8 +294,13 @@ main(int argc, const char **argv)
|
||||||
|
if (change && (lu_user_modify(ctx, ent, &error) == FALSE)) {
|
||||||
|
fprintf(stderr, _("User %s could not be modified: %s.\n"),
|
||||||
|
user, lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT,
|
||||||
|
+ "modify-account", user,
|
||||||
|
+ uidNumber, 0);
|
||||||
|
return 9;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "modify-account",
|
||||||
|
+ user, uidNumber, 1);
|
||||||
|
lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
|
||||||
|
|
||||||
|
/* If the user's name changed, we need to update supplemental
|
||||||
|
@@ -322,12 +347,19 @@ main(int argc, const char **argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
/* Save the changes to the group. */
|
||||||
|
- if (lu_group_modify(ctx, group, &error) == FALSE)
|
||||||
|
+ if (lu_group_modify(ctx, group, &error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Group %s could not be "
|
||||||
|
"modified: %s.\n"),
|
||||||
|
lu_ent_get_first_string(group,
|
||||||
|
LU_GROUPNAME),
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
|
||||||
|
+ "update-member-in-group", user, uidNumber,
|
||||||
|
+ lu_ent_get_first_string(group, LU_GROUPNAME),0);
|
||||||
|
+ } else
|
||||||
|
+ lu_audit_logger_with_group(AUDIT_USER_MGMT,
|
||||||
|
+ "update-member-in-group", user, uidNumber,
|
||||||
|
+ lu_ent_get_first_string(group, LU_GROUPNAME),1);
|
||||||
|
lu_ent_free(group);
|
||||||
|
}
|
||||||
|
g_ptr_array_free(groups, TRUE);
|
||||||
|
@@ -353,8 +385,12 @@ main(int argc, const char **argv)
|
||||||
|
fprintf(stderr, _("Error moving %s to %s: %s.\n"),
|
||||||
|
oldHomeDirectory, homeDirectory,
|
||||||
|
lu_strerror(error));
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
|
||||||
|
+ user, uidNumber, 0);
|
||||||
|
return 12;
|
||||||
|
}
|
||||||
|
+ lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
|
||||||
|
+ user, uidNumber, 1);
|
||||||
|
}
|
||||||
|
g_free(oldHomeDirectory);
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index 3e68b16a1f65ff5e5e3e905c1ffce8993e562176..0bd4a67d4c77fa1b701d74dbeab908a192dbf4d7 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -118,6 +118,23 @@ if test "x$selinux" != xno ; then
|
||||||
|
fi
|
||||||
|
AC_SUBST(SELINUX_LIBS)
|
||||||
|
|
||||||
|
+AC_ARG_WITH(audit,
|
||||||
|
+AS_HELP_STRING([--with-audit],[log using Linux Audit in addition to syslog]),
|
||||||
|
+use_audit=$withval,
|
||||||
|
+use_audit=auto)
|
||||||
|
+if test x$use_audit != xno ; then
|
||||||
|
+ AC_SEARCH_LIBS([audit_open], [audit])
|
||||||
|
+ if test x$ac_cv_search_audit_open = xno ; then
|
||||||
|
+ if test x$use_audit != xauto ; then
|
||||||
|
+ AC_MSG_ERROR([requested Linux Audit, but libaudit was not found])
|
||||||
|
+ fi
|
||||||
|
+ else
|
||||||
|
+ AC_DEFINE(WITH_AUDIT,1,[Define if you want to use Linux Audit.])
|
||||||
|
+ AUDIT_LIBS=-laudit
|
||||||
|
+ fi
|
||||||
|
+fi
|
||||||
|
+AC_SUBST(AUDIT_LIBS)
|
||||||
|
+
|
||||||
|
AC_C_CONST
|
||||||
|
AC_TYPE_UID_T
|
||||||
|
AC_TYPE_MODE_T
|
||||||
|
diff --git a/lib/common.c b/lib/common.c
|
||||||
|
index fc5df7461111908ff3eae59608ce0a51d62e155e..dce7e570ec9c92b56b28f15ab503fb7a641b660e 100644
|
||||||
|
--- a/lib/common.c
|
||||||
|
+++ b/lib/common.c
|
||||||
|
@@ -16,9 +16,10 @@
|
||||||
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#include <config.h>
|
||||||
|
+#include "config.h"
|
||||||
|
#include <glib.h>
|
||||||
|
#include <string.h>
|
||||||
|
+#include <stdlib.h>
|
||||||
|
|
||||||
|
#include "internal.h"
|
||||||
|
#include "user_private.h"
|
||||||
|
@@ -111,3 +112,66 @@ lu_common_sgroup_default(struct lu_module *module,
|
||||||
|
g_return_val_if_fail(name != NULL, FALSE);
|
||||||
|
return lu_common_group_default(module, name, is_system, ent, error);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+static int audit_fd = 0;
|
||||||
|
+
|
||||||
|
+/* result - 1 is "success" and 0 is "failed" */
|
||||||
|
+void lu_audit_logger(int type, const char *op, const char *name,
|
||||||
|
+ unsigned int id, unsigned int result)
|
||||||
|
+{
|
||||||
|
+ if (audit_fd == 0) {
|
||||||
|
+ /* First time through */
|
||||||
|
+ audit_fd = audit_open();
|
||||||
|
+ if (audit_fd < 0) {
|
||||||
|
+ /* You get these only when the kernel doesn't have
|
||||||
|
+ * audit compiled in. */
|
||||||
|
+ if ( (errno == EINVAL)
|
||||||
|
+ || (errno == EPROTONOSUPPORT)
|
||||||
|
+ || (errno == EAFNOSUPPORT))
|
||||||
|
+ return;
|
||||||
|
+ fputs("Cannot open audit interface - aborting.\n", stderr);
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (audit_fd < 0)
|
||||||
|
+ return;
|
||||||
|
+ audit_log_acct_message(audit_fd, type, NULL, op, name, id,
|
||||||
|
+ NULL, NULL, NULL, (int) result);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/* result - 1 is "success" and 0 is "failed" */
|
||||||
|
+void lu_audit_logger_with_group (int type, const char *op, const char *name,
|
||||||
|
+ unsigned int id, const char *grp, unsigned int result)
|
||||||
|
+{
|
||||||
|
+ int len;
|
||||||
|
+ char enc_group[(LOGIN_NAME_MAX*2)+1], buf[1024];
|
||||||
|
+
|
||||||
|
+ if (audit_fd == 0) {
|
||||||
|
+ /* First time through */
|
||||||
|
+ audit_fd = audit_open();
|
||||||
|
+ if (audit_fd < 0) {
|
||||||
|
+ /* You get these only when the kernel doesn't have
|
||||||
|
+ * audit compiled in. */
|
||||||
|
+ if ( (errno == EINVAL)
|
||||||
|
+ || (errno == EPROTONOSUPPORT)
|
||||||
|
+ || (errno == EAFNOSUPPORT))
|
||||||
|
+ return;
|
||||||
|
+ fputs("Cannot open audit interface - aborting.\n", stderr);
|
||||||
|
+ exit(EXIT_FAILURE);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (audit_fd < 0)
|
||||||
|
+ return;
|
||||||
|
+ len = strnlen(grp, sizeof(enc_group)/2);
|
||||||
|
+ if (audit_value_needs_encoding(grp, len)) {
|
||||||
|
+ snprintf(buf, sizeof(buf), "%s grp=%s", op,
|
||||||
|
+ audit_encode_value(enc_group, grp, len));
|
||||||
|
+ } else {
|
||||||
|
+ snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
|
||||||
|
+ }
|
||||||
|
+ audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
|
||||||
|
+ NULL, NULL, NULL, (int) result);
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
diff --git a/lib/user_private.h b/lib/user_private.h
|
||||||
|
index a4869c138d51519539b6939406cdb0fee23ab7f6..02b813c47ee359db774bb85a2aa7aa12e18d3067 100644
|
||||||
|
--- a/lib/user_private.h
|
||||||
|
+++ b/lib/user_private.h
|
||||||
|
@@ -34,6 +34,9 @@
|
||||||
|
#ifdef WITH_SELINUX
|
||||||
|
#include <selinux/selinux.h>
|
||||||
|
#endif
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+#include <libaudit.h>
|
||||||
|
+#endif
|
||||||
|
#include "user.h"
|
||||||
|
|
||||||
|
G_BEGIN_DECLS
|
||||||
|
@@ -357,6 +360,18 @@ id_t lu_get_first_unused_id(struct lu_context *ctx, enum lu_entity_type type,
|
||||||
|
/* Append a copy of VALUES to DEST */
|
||||||
|
void lu_util_append_values(GValueArray *dest, GValueArray *values);
|
||||||
|
|
||||||
|
+#ifdef WITH_AUDIT
|
||||||
|
+void lu_audit_logger(int type, const char *op, const char *name,
|
||||||
|
+ unsigned int id, unsigned int result);
|
||||||
|
+void lu_audit_logger_with_group(int type, const char *op, const char *name,
|
||||||
|
+ unsigned int id, const char *grp,
|
||||||
|
+ unsigned int result);
|
||||||
|
+#else
|
||||||
|
+#define lu_audit_logger(a, b, c, d, e)
|
||||||
|
+#define lu_audit_logger_with_group(a, b, c, d, e, f)
|
||||||
|
+#endif
|
||||||
|
+#define AUDIT_NO_ID ((unsigned int) -1)
|
||||||
|
+
|
||||||
|
G_END_DECLS
|
||||||
|
|
||||||
|
#endif
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
44
SOURCES/0004-Check-negative-return-of-PyList_Size.patch
Normal file
44
SOURCES/0004-Check-negative-return-of-PyList_Size.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From 11a7ff7eeefe763be9ade949e8f2a4a2d53f6129 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
|
Date: Mon, 24 Sep 2018 20:51:51 +0200
|
||||||
|
Subject: [PATCH 4/7] Check negative return of PyList_Size
|
||||||
|
|
||||||
|
Merges:
|
||||||
|
https://pagure.io/libuser/issue/28
|
||||||
|
|
||||||
|
In case of an error, PyList_Size can return a negative value. We should
|
||||||
|
check that case, also to avoid compiler warnings like:
|
||||||
|
|
||||||
|
Error: COMPILER_WARNING: [#def41] [warning: defect not occurring in libuser-0.60-9.el7]
|
||||||
|
libuser-0.62/python/misc.c: scope_hint: In function 'libuser_admin_prompt'
|
||||||
|
libuser-0.62/python/misc.c:160:12: warning: argument 1 range [9223372036854775808, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Walloc-size-larger-than=]
|
||||||
|
/usr/include/glib-2.0/glib/glist.h:32: included_from: Included from here.
|
||||||
|
/usr/include/glib-2.0/glib/ghash.h:33: included_from: Included from here.
|
||||||
|
/usr/include/glib-2.0/glib.h:50: included_from: Included from here.
|
||||||
|
libuser-0.62/python/misc.c:25: included_from: Included from here.
|
||||||
|
/usr/include/glib-2.0/glib/gmem.h:96:10: note: in a call to allocation function 'g_malloc0_n' declared here
|
||||||
|
---
|
||||||
|
python/misc.c | 7 ++++++-
|
||||||
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/python/misc.c b/python/misc.c
|
||||||
|
index c4ce819bfaeb4296507b504c4647b7676377b631..fcb0ccfebae143fa7c7a43ad60d7e9b231ca8863 100644
|
||||||
|
--- a/python/misc.c
|
||||||
|
+++ b/python/misc.c
|
||||||
|
@@ -137,7 +137,12 @@ libuser_admin_prompt(struct libuser_admin *self, PyObject * args,
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
count = PyList_Size(list);
|
||||||
|
- if (count > INT_MAX) {
|
||||||
|
+ if (count < 0) {
|
||||||
|
+ PyErr_SetString(PyExc_TypeError,
|
||||||
|
+ "prompt_list has no size; probably not a list");
|
||||||
|
+ DEBUG_EXIT;
|
||||||
|
+ return NULL;
|
||||||
|
+ } else if (count > INT_MAX) {
|
||||||
|
PyErr_SetString(PyExc_ValueError, "too many prompts");
|
||||||
|
DEBUG_EXIT;
|
||||||
|
return NULL;
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
60
SOURCES/0005-files.c-Init-char-name-to-NULL.patch
Normal file
60
SOURCES/0005-files.c-Init-char-name-to-NULL.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
From 7acf0fad0ca468f33f86084f36251df5baf3dc94 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
|
Date: Wed, 26 Sep 2018 21:01:59 +0200
|
||||||
|
Subject: [PATCH 5/7] files.c: Init char *name to NULL
|
||||||
|
|
||||||
|
Merges:
|
||||||
|
https://pagure.io/libuser/issue/27
|
||||||
|
|
||||||
|
This is mostly to silence coverity warnings. "enum lu_entity_type" has
|
||||||
|
three values and several places in the code follow logic as:
|
||||||
|
|
||||||
|
char *name;
|
||||||
|
if ent->type == user:
|
||||||
|
name = foo()
|
||||||
|
if ent->type == group
|
||||||
|
name = bar()
|
||||||
|
g_assert(name != NULL)
|
||||||
|
|
||||||
|
it shouldn't be possible for ent->type to be anything else but in the
|
||||||
|
odd case it is, initializing name to NULL will ensure that name will be
|
||||||
|
still NULL after the code falls through the conditions and at least the
|
||||||
|
behaviour is defined.
|
||||||
|
---
|
||||||
|
modules/files.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/files.c b/modules/files.c
|
||||||
|
index 6a7787e28112ba07e0fc44f2887ce1d1540af29e..8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5 100644
|
||||||
|
--- a/modules/files.c
|
||||||
|
+++ b/modules/files.c
|
||||||
|
@@ -1501,7 +1501,7 @@ generic_lock(struct lu_module *module, const char *file_suffix, int field,
|
||||||
|
struct lu_ent *ent, enum lock_op op, struct lu_error **error)
|
||||||
|
{
|
||||||
|
struct editing *e;
|
||||||
|
- char *value, *new_value, *name;
|
||||||
|
+ char *value, *new_value, *name = NULL;
|
||||||
|
gboolean commit = FALSE, ret = FALSE;
|
||||||
|
|
||||||
|
/* Get the name which keys the entries of interest in the file. */
|
||||||
|
@@ -1561,7 +1561,7 @@ generic_is_locked(struct lu_module *module, const char *file_suffix,
|
||||||
|
int field, struct lu_ent *ent, struct lu_error **error)
|
||||||
|
{
|
||||||
|
char *filename;
|
||||||
|
- char *value, *name;
|
||||||
|
+ char *value, *name = NULL;
|
||||||
|
int fd;
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
|
||||||
|
@@ -1752,7 +1752,7 @@ generic_setpass(struct lu_module *module, const char *file_suffix, int field,
|
||||||
|
struct lu_error **error)
|
||||||
|
{
|
||||||
|
struct editing *e;
|
||||||
|
- char *value, *name;
|
||||||
|
+ char *value, *name = NULL;
|
||||||
|
gboolean ret = FALSE;
|
||||||
|
|
||||||
|
/* Get the name of this account. */
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,56 @@
|
|||||||
|
From 8da7fc83aa3e9fd868c6a8da9261b72dae7d29e7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
|
Date: Wed, 26 Sep 2018 21:38:02 +0200
|
||||||
|
Subject: [PATCH 6/7] merge_ent_array_duplicates: Only use values if valid
|
||||||
|
|
||||||
|
Merges:
|
||||||
|
https://pagure.io/libuser/issue/22
|
||||||
|
|
||||||
|
Don't attempt to dereference a NULL pointer
|
||||||
|
---
|
||||||
|
lib/user.c | 22 ++++++++++++++--------
|
||||||
|
1 file changed, 14 insertions(+), 8 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/user.c b/lib/user.c
|
||||||
|
index ad2bb099c7d12bd91188e69f188c64953b1d9748..2500565a544bb33a5e08d9807a794a42c819a2d2 100644
|
||||||
|
--- a/lib/user.c
|
||||||
|
+++ b/lib/user.c
|
||||||
|
@@ -691,10 +691,13 @@ merge_ent_array_duplicates(GPtrArray *array)
|
||||||
|
while (attributes != NULL) {
|
||||||
|
attr = (const char *)attributes->data;
|
||||||
|
values = lu_ent_get_current(current, attr);
|
||||||
|
- for (j = 0; j < values->n_values; j++) {
|
||||||
|
- value = g_value_array_get_nth(values,
|
||||||
|
- j);
|
||||||
|
- lu_ent_add_current(saved, attr, value);
|
||||||
|
+ if (values != NULL) {
|
||||||
|
+ for (j = 0; j < values->n_values; j++) {
|
||||||
|
+ value = g_value_array_get_nth(
|
||||||
|
+ values,
|
||||||
|
+ j);
|
||||||
|
+ lu_ent_add_current(saved, attr, value);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
attributes = g_list_next(attributes);
|
||||||
|
}
|
||||||
|
@@ -705,10 +708,13 @@ merge_ent_array_duplicates(GPtrArray *array)
|
||||||
|
while (attributes != NULL) {
|
||||||
|
attr = (const char *)attributes->data;
|
||||||
|
values = lu_ent_get(current, attr);
|
||||||
|
- for (j = 0; j < values->n_values; j++) {
|
||||||
|
- value = g_value_array_get_nth(values,
|
||||||
|
- j);
|
||||||
|
- lu_ent_add(saved, attr, value);
|
||||||
|
+ if (values != NULL) {
|
||||||
|
+ for (j = 0; j < values->n_values; j++) {
|
||||||
|
+ value = g_value_array_get_nth(
|
||||||
|
+ values,
|
||||||
|
+ j);
|
||||||
|
+ lu_ent_add(saved, attr, value);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
attributes = g_list_next(attributes);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From e5536845298b6672a16e5866a823fcf6562c6cf3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jakub.hrozek@posteo.se>
|
||||||
|
Date: Wed, 26 Sep 2018 21:15:38 +0200
|
||||||
|
Subject: [PATCH 7/7] editing_open: close fd after we've established its
|
||||||
|
validity
|
||||||
|
|
||||||
|
Merges:
|
||||||
|
https://pagure.io/libuser/issue/26
|
||||||
|
|
||||||
|
The code used to first close(fd) and only then check if it's != -1.
|
||||||
|
Reverse the logic so that the fd is only closed if valid.
|
||||||
|
---
|
||||||
|
modules/files.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/modules/files.c b/modules/files.c
|
||||||
|
index 8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5..b8bf8a60e5810c0b705bd91efbdf9e27e851cd2b 100644
|
||||||
|
--- a/modules/files.c
|
||||||
|
+++ b/modules/files.c
|
||||||
|
@@ -387,9 +387,9 @@ editing_open(struct lu_module *module, const char *file_suffix,
|
||||||
|
backup_name = g_strconcat(e->filename, "-", NULL);
|
||||||
|
fd = open_and_copy_file(e->filename, backup_name, FALSE, error);
|
||||||
|
g_free (backup_name);
|
||||||
|
- close(fd);
|
||||||
|
if (fd == -1)
|
||||||
|
goto err_fscreate;
|
||||||
|
+ close(fd);
|
||||||
|
|
||||||
|
e->new_filename = g_strconcat(e->filename, "+", NULL);
|
||||||
|
e->new_fd = open_and_copy_file(e->filename, e->new_filename, TRUE,
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
@ -0,0 +1,48 @@
|
|||||||
|
From c6a4e9f596c976f71894269e3168567e6118236c Mon Sep 17 00:00:00 2001
|
||||||
|
From: Steve Grubb <sgrubb@redhat.com>
|
||||||
|
Date: Wed, 5 Jun 2019 22:16:51 +0200
|
||||||
|
Subject: [PATCH] lgroupmod: Emit AUDIT_GRP_CHAUTHTOK, not AUDIT_GRP_MGMT when
|
||||||
|
changing group password
|
||||||
|
|
||||||
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1670997
|
||||||
|
---
|
||||||
|
apps/lgroupmod.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
|
||||||
|
index 0ad0ae4..20be85f 100644
|
||||||
|
--- a/apps/lgroupmod.c
|
||||||
|
+++ b/apps/lgroupmod.c
|
||||||
|
@@ -138,12 +138,12 @@ main(int argc, const char **argv)
|
||||||
|
== FALSE) {
|
||||||
|
fprintf(stderr, _("Failed to set password for group "
|
||||||
|
"%s: %s\n"), group, lu_strerror(error));
|
||||||
|
- lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
||||||
|
"changing-group-passwd", group,
|
||||||
|
AUDIT_NO_ID, 0);
|
||||||
|
return 4;
|
||||||
|
}
|
||||||
|
- lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
||||||
|
"changing-group-passwd", group,
|
||||||
|
AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
@@ -153,12 +153,12 @@ main(int argc, const char **argv)
|
||||||
|
&error) == FALSE) {
|
||||||
|
fprintf(stderr, _("Failed to set password for group "
|
||||||
|
"%s: %s\n"), group, lu_strerror(error));
|
||||||
|
- lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
||||||
|
"changing-group-passwd", group,
|
||||||
|
AUDIT_NO_ID, 0);
|
||||||
|
return 5;
|
||||||
|
}
|
||||||
|
- lu_audit_logger(AUDIT_GRP_MGMT,
|
||||||
|
+ lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
|
||||||
|
"changing-group-passwd", group,
|
||||||
|
AUDIT_NO_ID, 1);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -1,21 +1,7 @@
|
|||||||
commit 009d9238317d152f524ee46c4be1ad2f93c47732
|
diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
|
||||||
Author: Jakub Hrozek <jakub.hrozek@posteo.se>
|
--- libuser-0.62/lib/user.c.orig 2024-05-07 17:03:45.220514343 +0200
|
||||||
Date: Wed Sep 26 21:29:35 2018 +0200
|
+++ libuser-0.62/lib/user.c 2024-05-07 17:05:17.855649386 +0200
|
||||||
|
@@ -986,7 +986,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
lu_dispatch: Free tmp on failures
|
|
||||||
|
|
||||||
Merges:
|
|
||||||
https://pagure.io/libuser/issue/23
|
|
||||||
|
|
||||||
This makes the code slightly less compact with using an explicit
|
|
||||||
condition instead of the g_return_val_if_fail() shorthand, but freeing
|
|
||||||
tmp on failures.
|
|
||||||
|
|
||||||
diff --git a/lib/user.c b/lib/user.c
|
|
||||||
index ad2bb09..5709f41 100644
|
|
||||||
--- a/lib/user.c
|
|
||||||
+++ b/lib/user.c
|
|
||||||
@@ -980,7 +980,10 @@ lu_dispatch(struct lu_context *context,
|
|
||||||
case user_default:
|
case user_default:
|
||||||
case group_default:
|
case group_default:
|
||||||
/* Make sure we have both name and boolean here. */
|
/* Make sure we have both name and boolean here. */
|
||||||
@ -27,7 +13,7 @@ index ad2bb09..5709f41 100644
|
|||||||
/* Run the checks and preps. */
|
/* Run the checks and preps. */
|
||||||
if (run_list(context, context->create_module_names,
|
if (run_list(context, context->create_module_names,
|
||||||
logic_and, id,
|
logic_and, id,
|
||||||
@@ -1059,7 +1062,10 @@ lu_dispatch(struct lu_context *context,
|
@@ -1065,7 +1068,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
case user_setpass:
|
case user_setpass:
|
||||||
case group_setpass:
|
case group_setpass:
|
||||||
/* Make sure we have a valid password. */
|
/* Make sure we have a valid password. */
|
||||||
@ -39,7 +25,7 @@ index ad2bb09..5709f41 100644
|
|||||||
/* no break: fall through */
|
/* no break: fall through */
|
||||||
case user_removepass:
|
case user_removepass:
|
||||||
case group_removepass:
|
case group_removepass:
|
||||||
@@ -1088,7 +1094,10 @@ lu_dispatch(struct lu_context *context,
|
@@ -1094,7 +1100,10 @@ lu_dispatch(struct lu_context *context,
|
||||||
case users_enumerate_by_group:
|
case users_enumerate_by_group:
|
||||||
case groups_enumerate_by_user:
|
case groups_enumerate_by_user:
|
||||||
/* Make sure we have both name and ID here. */
|
/* Make sure we have both name and ID here. */
|
1465
SOURCES/libuser-0_62-de.po
Normal file
1465
SOURCES/libuser-0_62-de.po
Normal file
File diff suppressed because it is too large
Load Diff
1454
SOURCES/libuser-0_62-es.po
Normal file
1454
SOURCES/libuser-0_62-es.po
Normal file
File diff suppressed because it is too large
Load Diff
1464
SOURCES/libuser-0_62-fr.po
Normal file
1464
SOURCES/libuser-0_62-fr.po
Normal file
File diff suppressed because it is too large
Load Diff
1450
SOURCES/libuser-0_62-it.po
Normal file
1450
SOURCES/libuser-0_62-it.po
Normal file
File diff suppressed because it is too large
Load Diff
1480
SOURCES/libuser-0_62-ja.po
Normal file
1480
SOURCES/libuser-0_62-ja.po
Normal file
File diff suppressed because it is too large
Load Diff
1446
SOURCES/libuser-0_62-ko.po
Normal file
1446
SOURCES/libuser-0_62-ko.po
Normal file
File diff suppressed because it is too large
Load Diff
1450
SOURCES/libuser-0_62-pt_BR.po
Normal file
1450
SOURCES/libuser-0_62-pt_BR.po
Normal file
File diff suppressed because it is too large
Load Diff
1459
SOURCES/libuser-0_62-ru.po
Normal file
1459
SOURCES/libuser-0_62-ru.po
Normal file
File diff suppressed because it is too large
Load Diff
1444
SOURCES/libuser-0_62-zh_CN.po
Normal file
1444
SOURCES/libuser-0_62-zh_CN.po
Normal file
File diff suppressed because it is too large
Load Diff
1442
SOURCES/libuser-0_62-zh_TW.po
Normal file
1442
SOURCES/libuser-0_62-zh_TW.po
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,40 +1,48 @@
|
|||||||
Name: libuser
|
Name: libuser
|
||||||
Version: 0.63
|
Version: 0.62
|
||||||
Release: 15%{?dist}
|
Release: 26%{?dist}
|
||||||
|
Group: System Environment/Base
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: https://pagure.io/libuser
|
URL: https://pagure.io/libuser
|
||||||
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
|
Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
|
||||||
Patch0001: 0001-man-typo.patch
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1608321
|
||||||
Patch0002: 0002-popt-memopy.patch
|
Source1: libuser-0_62-ja.po
|
||||||
Patch0003: 0003-translation.patch
|
Source2: libuser-0_62-zh_CN.po
|
||||||
Patch0004: 0004-resource-leak.patch
|
Source3: libuser-0_62-zh_TW.po
|
||||||
Patch0005: 0005-translation-update.patch
|
Source4: libuser-0_62-fr.po
|
||||||
|
Source5: libuser-0_62-it.po
|
||||||
|
Source6: libuser-0_62-de.po
|
||||||
|
Source7: libuser-0_62-ko.po
|
||||||
|
Source8: libuser-0_62-pt_BR.po
|
||||||
|
Source9: libuser-0_62-ru.po
|
||||||
|
Source10: libuser-0_62-es.po
|
||||||
|
|
||||||
BuildRequires: glib2-devel
|
# Because we patch configure
|
||||||
BuildRequires: linuxdoc-tools
|
BuildRequires: autoconf gettext-devel automake libtool
|
||||||
BuildRequires: pam-devel
|
BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel
|
||||||
BuildRequires: popt-devel
|
BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel, python3-devel
|
||||||
BuildRequires: cyrus-sasl-devel
|
|
||||||
BuildRequires: libselinux-devel
|
|
||||||
BuildRequires: openldap-devel
|
|
||||||
BuildRequires: python3-devel
|
|
||||||
# To make sure the configure script can find it
|
# To make sure the configure script can find it
|
||||||
BuildRequires: nscd
|
BuildRequires: nscd
|
||||||
BuildRequires: gcc
|
# We support libaudit
|
||||||
# For %%check
|
|
||||||
BuildRequires: openldap-clients
|
|
||||||
# BuildRequires: openldap-servers
|
|
||||||
BuildRequires: openssl
|
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: bison
|
|
||||||
BuildRequires: libtool
|
|
||||||
BuildRequires: gettext-devel
|
|
||||||
BuildRequires: gtk-doc
|
|
||||||
BuildRequires: audit-libs-devel
|
BuildRequires: audit-libs-devel
|
||||||
|
# For %%check
|
||||||
|
BuildRequires: openldap-clients, openldap-servers, openssl
|
||||||
Summary: A user and group account administration library
|
Summary: A user and group account administration library
|
||||||
|
|
||||||
%global __provides_exclude_from ^(%{_libdir}/%{name}|%{python3_sitearch})/.*$
|
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
|
||||||
|
|
||||||
|
# Patch to address format-security.
|
||||||
|
# Submitted upstream at https://pagure.io/libuser/pull-request/17
|
||||||
|
Patch1: 0001-Fix-errors-with-Werror-format-security.patch
|
||||||
|
Patch2: 0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch
|
||||||
|
Patch3: 0003-Add-audit-events-around-user-life-cycle.patch
|
||||||
|
Patch4: 0004-Check-negative-return-of-PyList_Size.patch
|
||||||
|
Patch5: 0005-files.c-Init-char-name-to-NULL.patch
|
||||||
|
Patch6: 0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
|
||||||
|
Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch
|
||||||
|
Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch
|
||||||
|
Patch9: 0009-man-typo.patch
|
||||||
|
Patch10: 0010-resource-leak.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The libuser library implements a standardized interface for manipulating
|
The libuser library implements a standardized interface for manipulating
|
||||||
@ -45,6 +53,7 @@ Sample applications modeled after those included with the shadow password
|
|||||||
suite are included.
|
suite are included.
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
|
Group: Development/Libraries
|
||||||
Summary: Files needed for developing applications which use libuser
|
Summary: Files needed for developing applications which use libuser
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
Requires: glib2-devel%{?_isa}
|
Requires: glib2-devel%{?_isa}
|
||||||
@ -54,11 +63,12 @@ The libuser-devel package contains header files, static libraries, and other
|
|||||||
files useful for developing applications with libuser.
|
files useful for developing applications with libuser.
|
||||||
|
|
||||||
%package -n python3-libuser
|
%package -n python3-libuser
|
||||||
|
%{?python_provide:%python_provide python2-libuser}
|
||||||
Summary: Python 3 bindings for the libuser library
|
Summary: Python 3 bindings for the libuser library
|
||||||
|
Group: Development/Libraries
|
||||||
Requires: libuser%{?_isa} = %{version}-%{release}
|
Requires: libuser%{?_isa} = %{version}-%{release}
|
||||||
Provides: python3-libuser = %{version}-%{release}
|
Provides: libuser-python3 = %{version}-%{release}
|
||||||
Provides: python3-libuser%{?_isa} = %{version}-%{release}
|
Obsoletes: libuser-python3 < %{version}-%{release}
|
||||||
%{?python_provide:%python_provide python3-libuser}
|
|
||||||
|
|
||||||
%description -n python3-libuser
|
%description -n python3-libuser
|
||||||
The python3-libuser package contains the Python bindings for
|
The python3-libuser package contains the Python bindings for
|
||||||
@ -66,33 +76,70 @@ the libuser library, which provides a Python 3 API for manipulating and
|
|||||||
administering user and group accounts.
|
administering user and group accounts.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -n libuser-%{version} -p1
|
%setup -q -n libuser-%{version}
|
||||||
|
|
||||||
|
%patch -P 1 -p1
|
||||||
|
%patch -P 2 -p1
|
||||||
|
%patch -P 3 -p1
|
||||||
|
%patch -P 4 -p1
|
||||||
|
%patch -P 5 -p1
|
||||||
|
%patch -P 6 -p1
|
||||||
|
%patch -P 7 -p1
|
||||||
|
%patch -P 8 -p1
|
||||||
|
%patch -P 9 -p1
|
||||||
|
%patch -P 10 -p1
|
||||||
|
cp %{SOURCE1} po/ja.po
|
||||||
|
cp %{SOURCE2} po/zh_CN.po
|
||||||
|
cp %{SOURCE3} po/zh_TW.po
|
||||||
|
cp %{SOURCE4} po/fr.po
|
||||||
|
cp %{SOURCE5} po/it.po
|
||||||
|
cp %{SOURCE6} po/de.po
|
||||||
|
cp %{SOURCE7} po/ko.po
|
||||||
|
cp %{SOURCE8} po/pt_BR.po
|
||||||
|
cp %{SOURCE9} po/ru.po
|
||||||
|
cp %{SOURCE10} po/es.po
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./autogen.sh
|
autoreconf -if
|
||||||
%configure --with-selinux --with-ldap --with-audit \
|
%configure --with-selinux \
|
||||||
--enable-gtk-doc --with-html-dir=%{_datadir}/gtk-doc/html \
|
--with-ldap \
|
||||||
PYTHON=%{python3}
|
--with-audit \
|
||||||
|
--with-html-dir=%{_datadir}/gtk-doc/html \
|
||||||
|
PYTHON=/usr/bin/python3
|
||||||
make
|
make
|
||||||
|
# (make all) only rebuilds .gmo files if the .pot file is updated, regardless of po/ja.po changes
|
||||||
|
make -C po ja.gmo
|
||||||
|
make -C po zh_CN.gmo
|
||||||
|
make -C po zh_TW.gmo
|
||||||
|
make -C po it.gmo
|
||||||
|
make -C po de.gmo
|
||||||
|
make -C po ko.gmo
|
||||||
|
make -C po pt_BR.gmo
|
||||||
|
make -C po ru.gmo
|
||||||
|
make -C po es.gmo
|
||||||
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%make_install
|
make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
|
||||||
|
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
|
||||||
#%check
|
%check
|
||||||
#make check || { cat test-suite.log; false; }
|
|
||||||
#
|
LC_ALL=C.UTF-8 make check \
|
||||||
## Verify that all python modules load, just in case.
|
|| { cat test-suite.log; false; }
|
||||||
#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
|
|
||||||
#export LD_LIBRARY_PATH
|
# Verify that all python modules load, just in case.
|
||||||
#PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitearch}
|
LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
|
||||||
#export PYTHONPATH
|
export LD_LIBRARY_PATH
|
||||||
#%{python3} -c "import libuser"
|
cd $RPM_BUILD_ROOT/%{python3_sitearch}
|
||||||
|
# The Python 3 module only supports UTF-8
|
||||||
|
LC_ALL=C.UTF-8 python3 -c "import libuser"
|
||||||
|
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
%post -p /sbin/ldconfig
|
||||||
|
|
||||||
|
%postun -p /sbin/ldconfig
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%{!?_licensedir:%global license %%doc}
|
%{!?_licensedir:%global license %%doc}
|
||||||
@ -123,120 +170,50 @@ make
|
|||||||
%{_datadir}/gtk-doc/html/*
|
%{_datadir}/gtk-doc/html/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue May 7 2024 Tomas Halman <thalman@redhat.com> - 0.63-15
|
* Tue Jul 23 2024 Michal Hlavinka <mhlavink@redhat.com> - 0.62-26
|
||||||
- Update translations
|
- fix findings from static application security testing (#RHEL-35578)
|
||||||
Resolves: RHEL-12110
|
- translation update (#RHEL-12111)
|
||||||
|
|
||||||
* Mon May 6 2024 Tomas Halman <thalman@redhat.com> - 0.63-14
|
* Tue Nov 29 2022 Tomas Halman <thalman@redhat.com> - 0.62-25
|
||||||
- Fix findings from static application security testing
|
- Man-page update
|
||||||
Resolves: RHEL-35693
|
- Resolves: rhbz#2070941 - small typo in lchage man page
|
||||||
|
|
||||||
* Tue Jul 11 2023 Tomas Halman <thalman@redhat.com> - 0.63-13
|
* Wed Jun 26 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-23
|
||||||
- Translation update
|
- Actually apply the patch from the previous build
|
||||||
Resolves: rhbz#2139662
|
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
|
||||||
|
|
||||||
* Thu Nov 10 2022 Tomas Halman <thalman@redhat.com> - 0.63-12
|
* Fri Jun 7 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-22
|
||||||
- correct popt memory handling
|
- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
|
||||||
- Fix the manpage
|
|
||||||
Resolves: rhbz#2070943
|
|
||||||
|
|
||||||
* Fri Jul 15 2022 Tomas Halman <thalman@redhat.com> - 0.63-11
|
* Fri Nov 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-21
|
||||||
- remove build dependency for openldap-server
|
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
|
||||||
Resolves: rhbz#2102876
|
|
||||||
|
|
||||||
* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-10
|
* Fri Oct 12 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-20
|
||||||
- Update changelog according git history
|
- Resolves: rhbz#1637398 - libuser-python3 should be renamed to comply
|
||||||
Resolves: rhbz#1993633
|
with Packaging Guidelines
|
||||||
|
|
||||||
* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-9
|
* Wed Oct 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
|
||||||
- Fix broken changelog in rpm spec
|
- Resolves: rhbz#1602600 - Please review important issues found by covscan
|
||||||
Resolves: rhbz#1993633
|
in "libuser-0.62-14.el8+7" package
|
||||||
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-7
|
* Fri Sep 28 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-18
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
|
||||||
Related: rhbz#1991688
|
|
||||||
|
|
||||||
* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-6
|
* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-17
|
||||||
- Rebuilt for RHEL 9 BETA for openssl 3.0
|
- Resolves: rhbz#1558151 - libuser needs audit events around the account
|
||||||
Related: rhbz#1971065
|
lifecycle
|
||||||
|
|
||||||
* Thu May 20 2021 Tomas Halman <thalman@redhat.com> - 0.63-5
|
* Mon Aug 6 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
|
||||||
- Enable audit library in the build
|
- Use 2048bit keys in tests
|
||||||
- Resolves: rhbz#1923043 - libuser doesn't audit events around the account lifecycle
|
- Resolves: rhbz#1611729 - [RHEL8-S-BUILD] libuser Fails Scratch Build on rhel-8.0
|
||||||
|
|
||||||
* Tue May 11 2021 Tomas Halman <thalman@redhat.com> - 0.63-4
|
* Mon Jun 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-15
|
||||||
- Resolves: rhbz#1951601 - Remove fakeroot dependency
|
- Drop the fakeroot dependency
|
||||||
|
- Resolves: #1581448 - Remove fakeroot from libuser in RHEL8
|
||||||
|
|
||||||
* Tue May 11 2021 Tomas Halman <thalman@redhat.com> - 0.63-3
|
* Sun Jun 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-14
|
||||||
- Renaming python package according to the standard
|
- Do not build python2-libuser at all in RHEL-8
|
||||||
- Resolves: rhbz#1951968
|
- Resolves: #1559103 - libuser: Drop Python 2 subpackage(s) from RHEL 8
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-2
|
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
||||||
|
|
||||||
* Mon Mar 1 2021 Tomas Halman <thalman@redhat.com> - 0.63-1
|
|
||||||
- Release new version 0.63
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-31
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Sep 09 2020 Tom Stellard <tstellar@redhat.com> - 0.62-30
|
|
||||||
- Use make macros
|
|
||||||
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
||||||
|
|
||||||
* Wed Sep 02 2020 Merlin Mathesius <mmathesi@redhat.com> - 0.62-29
|
|
||||||
- Pull in upstream patch that fixes FTBFS for Rawhide and ELN
|
|
||||||
|
|
||||||
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-28
|
|
||||||
- Second attempt - Rebuilt for
|
|
||||||
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-27
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Jul 3 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.62-26
|
|
||||||
- Temporarily disable tests, nothing changed since forever so this should be
|
|
||||||
safe and would unblock FTBFS
|
|
||||||
- Related: rhbz#1817666 - libuser fails to build with Python 3.9: FAIL: tests/fs_test
|
|
||||||
|
|
||||||
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.62-25
|
|
||||||
- Rebuilt for Python 3.9
|
|
||||||
|
|
||||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-24
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Nov 26 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-23
|
|
||||||
- Subpackage python2-libuser has been removed
|
|
||||||
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
|
|
||||||
|
|
||||||
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-22
|
|
||||||
- Rebuilt for Python 3.8
|
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-21
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-20
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 0.62-19
|
|
||||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
|
||||||
|
|
||||||
* Fri Jul 20 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
|
|
||||||
- BuildRequires: gcc
|
|
||||||
- Related: rhbz#1604682 - libuser: FTBFS in Fedora rawhide
|
|
||||||
|
|
||||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-17
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jul 9 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
|
|
||||||
- Use python2 explicitly in tests of python2 bindings instead of just "python"
|
|
||||||
- Related: rhbz#1582899 - libuser: FTBFS in Fedora 28
|
|
||||||
|
|
||||||
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.62-15
|
|
||||||
- Rebuilt for Python 3.7
|
|
||||||
|
|
||||||
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-14
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
|
||||||
- Rebuilt for switch to libxcrypt
|
- Rebuilt for switch to libxcrypt
|
||||||
|
Loading…
Reference in New Issue
Block a user