From 05398462e28100bc932ae1b132db8003d0a60dd8 Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Sat, 22 Oct 2005 12:38:17 +0000 Subject: [PATCH] upgrade --- .cvsignore | 2 +- shadow-4.0.13-newgrpPwd.patch | 92 +++++++++++++++++++++++++++++++++++ shadow-utils.spec | 26 +++++----- sources | 2 +- 4 files changed, 106 insertions(+), 16 deletions(-) create mode 100644 shadow-4.0.13-newgrpPwd.patch diff --git a/.cvsignore b/.cvsignore index 66765b3..358990d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -shadow-4.0.12.tar.bz2 +shadow-4.0.13.tar.bz2 diff --git a/shadow-4.0.13-newgrpPwd.patch b/shadow-4.0.13-newgrpPwd.patch new file mode 100644 index 0000000..d379973 --- /dev/null +++ b/shadow-4.0.13-newgrpPwd.patch @@ -0,0 +1,92 @@ +--- shadow-4.0.13/src/newgrp.c.newgrpPwd 2005-09-15 18:44:12.000000000 +0200 ++++ shadow-4.0.13/src/newgrp.c 2005-10-21 16:02:16.000000000 +0200 +@@ -333,25 +333,37 @@ int main (int argc, char **argv) + } + #endif + +- /* +- * see if she is a member of this group. If she isn't a member, she +- * needs to provide the group password. If there is no group +- * password, she will be denied access anyway. +- * +- */ +- if (!is_on_list (grp->gr_mem, name)) +- needspasswd = 1; ++ /* Needn't password: ++ * - default user's GID = group ID ++ * - members of group ++ * - root ++ * Need password: ++ * - all others users ++ * ++ * -- Karel Zak 2004/03/29 ++ */ ++ if (getuid ()!=0) ++ { ++ if (grp->gr_gid==pwd->pw_gid) ++ needspasswd = 0; ++ else if (is_on_list (grp->gr_mem, name)) ++ needspasswd = 0; ++ else ++ needspasswd = 1; + + /* + * If she does not have either a shadowed password, or a regular + * password, and the group has a password, she needs to give the + * group password. + */ +- if ((spwd = getspnam (name))) +- pwd->pw_passwd = spwd->sp_pwdp; +- +- if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0]) +- needspasswd = 1; ++ if (!needspasswd) ++ { ++ if ((spwd = getspnam (name))) ++ pwd->pw_passwd = spwd->sp_pwdp; ++ if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0]) ++ needspasswd = 1; ++ } ++ } + + /* + * Now i see about letting her into the group she requested. If she +@@ -362,7 +374,21 @@ int main (int argc, char **argv) + * Note that she now has to provide the password to her own group, + * unless she is listed as a member. -- JWP + */ +- if (getuid () != 0 && needspasswd) { ++ if (needspasswd) { ++ ++ /* note: the original util-linux newgrp didn't ask for pasword if ++ * there is no password. It's better directly give up. ++ * -- kzak@redhat.com ++ */ ++ if (grp->gr_passwd==NULL || grp->gr_passwd[0] == '\0') { ++ /* ++ * there is no password, print out "Sorry" and give up ++ */ ++ sleep (1); ++ fputs (_("Sorry.\n"), stderr); ++ goto failure; ++ } ++ + /* + * get the password from her, and set the salt for + * the decryption from the group file. +@@ -378,15 +404,6 @@ int main (int argc, char **argv) + cpasswd = pw_encrypt (cp, grp->gr_passwd); + strzero (cp); + +- if (grp->gr_passwd[0] == '\0') { +- /* +- * there is no password, print out "Sorry" and give up +- */ +- sleep (1); +- fputs (_("Sorry.\n"), stderr); +- goto failure; +- } +- + if (strcmp (cpasswd, grp->gr_passwd) != 0) { + SYSLOG ((LOG_INFO, + "Invalid password for group `%s' from `%s'", diff --git a/shadow-utils.spec b/shadow-utils.spec index 31bc518..7ff8aea 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -6,22 +6,19 @@ Summary: Utilities for managing accounts and shadow password files. Name: shadow-utils -Version: 4.0.12 -Release: 4 +Version: 4.0.13 +Release: 1 Epoch: 2 URL: http://shadow.pld.org.pl/ Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2 Source1: shadow-970616.login.defs Source2: shadow-970616.useradd -Patch0: shadow-4.0.12-redhat.patch +Patch0: shadow-4.0.13-redhat.patch Patch1: shadow-4.0.3-noinst.patch Patch2: shadow-4.0.11.1-vipw.patch -Patch3: shadow-4.0.3-goodname.patch -Patch4: shadow-4.0.11.1-newgrpPwd.patch -Patch5: shadow-4.0.11.1-isSelinuxEnabled.patch -Patch6: shadow-4.0.11.1-selinux.patch -Patch7: shadow-4.0.12-audit.patch -Patch8: shadow-4.0.12-lOption.patch +Patch3: shadow-4.0.13-goodname.patch +Patch4: shadow-4.0.13-newgrpPwd.patch +Patch5: shadow-4.0.12-lOption.patch License: BSD Group: System Environment/Base BuildRequires: autoconf, automake, libtool, gettext-devel @@ -51,10 +48,7 @@ are used for managing group accounts. %patch2 -p1 -b .vipw %patch3 -p1 -b .goodname %patch4 -p1 -b .newgrpPwd -%patch5 -p1 -b .isSelinuxEnabled -%patch6 -p1 -b .selinux -%patch7 -p1 -b .audit -%patch8 -p1 -b .lOption +%patch5 -p1 -b .lOption rm po/*.gmo rm po/stamp-po @@ -108,7 +102,8 @@ autoconf --with-selinux \ %endif --without-libpam \ - --disable-shared + --disable-shared \ + --with-libaudit make %install @@ -235,6 +230,9 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/man8/faillog.8* %changelog +* Fri Oct 21 2005 Peter Vrabec 2:4.0.13-1 +- upgrade + * Fri Sep 23 2005 Peter Vrabec 2:4.0.12-4 - add useradd -l option back, it was removed by mistake diff --git a/sources b/sources index eb77da8..a5dacd1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -609a417a45827c36ba6e33f9dc785371 shadow-4.0.12.tar.bz2 +5c6a105d89afb0900922260e9c5650cc shadow-4.0.13.tar.bz2