import shadow-utils-4.6-8.el8
This commit is contained in:
parent
7f2bbdec4c
commit
263a8e0ea1
@ -54,6 +54,25 @@ Index: shadow-4.5/man/chage.1.xml
|
|||||||
Passing the number <emphasis remap='I'>-1</emphasis> as the
|
Passing the number <emphasis remap='I'>-1</emphasis> as the
|
||||||
<replaceable>EXPIRE_DATE</replaceable> will remove an account
|
<replaceable>EXPIRE_DATE</replaceable> will remove an account
|
||||||
expiration date.
|
expiration date.
|
||||||
|
@@ -233,6 +243,18 @@
|
||||||
|
The <command>chage</command> program requires a shadow password file to
|
||||||
|
be available.
|
||||||
|
</para>
|
||||||
|
+ <para>
|
||||||
|
+ The chage program will report only the information from the shadow
|
||||||
|
+ password file. This implies that configuration from other sources
|
||||||
|
+ (e.g. LDAP or empty password hash field from the passwd file) that
|
||||||
|
+ affect the user's login will not be shown in the chage output.
|
||||||
|
+ </para>
|
||||||
|
+ <para>
|
||||||
|
+ The <command>chage</command> program will also not report any
|
||||||
|
+ inconsistency between the shadow and passwd files (e.g. missing x in
|
||||||
|
+ the passwd file). The <command>pwck</command> can be used to check
|
||||||
|
+ for this kind of inconsistencies.
|
||||||
|
+ </para>
|
||||||
|
<para>The <command>chage</command> command is restricted to the root
|
||||||
|
user, except for the <option>-l</option> option, which may be used by
|
||||||
|
an unprivileged user to determine when their password or account is due
|
||||||
Index: shadow-4.5/man/ja/man5/login.defs.5
|
Index: shadow-4.5/man/ja/man5/login.defs.5
|
||||||
===================================================================
|
===================================================================
|
||||||
--- shadow-4.5.orig/man/ja/man5/login.defs.5
|
--- shadow-4.5.orig/man/ja/man5/login.defs.5
|
||||||
@ -282,3 +301,49 @@ Index: shadow-4.5/man/usermod.8.xml
|
|||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
This option is only valid in combination with the
|
This option is only valid in combination with the
|
||||||
|
diff --git a/man/login.defs.d/SUB_GID_COUNT.xml b/man/login.defs.d/SUB_GID_COUNT.xml
|
||||||
|
index 01ace007..93fe7421 100644
|
||||||
|
--- a/man/login.defs.d/SUB_GID_COUNT.xml
|
||||||
|
+++ b/man/login.defs.d/SUB_GID_COUNT.xml
|
||||||
|
@@ -42,7 +42,7 @@
|
||||||
|
<para>
|
||||||
|
The default values for <option>SUB_GID_MIN</option>,
|
||||||
|
<option>SUB_GID_MAX</option>, <option>SUB_GID_COUNT</option>
|
||||||
|
- are respectively 100000, 600100000 and 10000.
|
||||||
|
+ are respectively 100000, 600100000 and 65536.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
diff --git a/man/login.defs.d/SUB_UID_COUNT.xml b/man/login.defs.d/SUB_UID_COUNT.xml
|
||||||
|
index 5ad812f7..516417b7 100644
|
||||||
|
--- a/man/login.defs.d/SUB_UID_COUNT.xml
|
||||||
|
+++ b/man/login.defs.d/SUB_UID_COUNT.xml
|
||||||
|
@@ -42,7 +42,7 @@
|
||||||
|
<para>
|
||||||
|
The default values for <option>SUB_UID_MIN</option>,
|
||||||
|
<option>SUB_UID_MAX</option>, <option>SUB_UID_COUNT</option>
|
||||||
|
- are respectively 100000, 600100000 and 10000.
|
||||||
|
+ are respectively 100000, 600100000 and 65536.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml
|
||||||
|
--- shadow-4.6/man/groupadd.8.xml.manfix 2019-04-02 16:35:52.096637444 +0200
|
||||||
|
+++ shadow-4.6/man/groupadd.8.xml 2019-06-07 14:23:57.477602106 +0200
|
||||||
|
@@ -320,13 +320,13 @@
|
||||||
|
<varlistentry>
|
||||||
|
<term><replaceable>4</replaceable></term>
|
||||||
|
<listitem>
|
||||||
|
- <para>GID not unique (when <option>-o</option> not used)</para>
|
||||||
|
+ <para>GID is already used (when called without <option>-o</option>)</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
<term><replaceable>9</replaceable></term>
|
||||||
|
<listitem>
|
||||||
|
- <para>group name not unique</para>
|
||||||
|
+ <para>group name is already used</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
<varlistentry>
|
||||||
|
|
||||||
|
@ -834,16 +834,23 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
info_group.audit_msg,
|
info_group.audit_msg,
|
||||||
group_name, AUDIT_NO_ID,
|
group_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
@@ -472,7 +472,7 @@ static void close_files (void)
|
@@ -472,7 +472,14 @@ static void close_files (void)
|
||||||
exit (E_GRP_UPDATE);
|
exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
- audit_logger (AUDIT_USER_ACCT, Prog,
|
- audit_logger (AUDIT_USER_ACCT, Prog,
|
||||||
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
+ /* If both happened, log password change as its more important */
|
||||||
|
+ if (pflg)
|
||||||
|
+ audit_logger (AUDIT_GRP_CHAUTHTOK, Prog,
|
||||||
|
+ info_gshadow.audit_msg,
|
||||||
|
+ group_name, AUDIT_NO_ID,
|
||||||
|
+ SHADOW_AUDIT_SUCCESS);
|
||||||
|
+ else
|
||||||
|
+ audit_logger (AUDIT_GRP_MGMT, Prog,
|
||||||
info_gshadow.audit_msg,
|
info_gshadow.audit_msg,
|
||||||
group_name, AUDIT_NO_ID,
|
group_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
@@ -495,7 +495,7 @@ static void close_files (void)
|
@@ -495,7 +502,7 @@ static void close_files (void)
|
||||||
exit (E_GRP_UPDATE);
|
exit (E_GRP_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -852,7 +859,7 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
info_passwd.audit_msg,
|
info_passwd.audit_msg,
|
||||||
group_name, AUDIT_NO_ID,
|
group_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
@@ -510,8 +510,8 @@ static void close_files (void)
|
@@ -510,8 +517,8 @@ static void close_files (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -863,7 +870,7 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
group_name, AUDIT_NO_ID,
|
group_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
@@ -523,6 +523,8 @@ static void close_files (void)
|
@@ -523,6 +530,8 @@ static void close_files (void)
|
||||||
*/
|
*/
|
||||||
static void prepare_failure_reports (void)
|
static void prepare_failure_reports (void)
|
||||||
{
|
{
|
||||||
@ -872,7 +879,7 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
info_group.name = group_name;
|
info_group.name = group_name;
|
||||||
#ifdef SHADOWGRP
|
#ifdef SHADOWGRP
|
||||||
info_gshadow.name = group_name;
|
info_gshadow.name = group_name;
|
||||||
@@ -535,76 +537,106 @@ static void prepare_failure_reports (voi
|
@@ -535,76 +544,109 @@ static void prepare_failure_reports (voi
|
||||||
#endif
|
#endif
|
||||||
info_passwd.audit_msg = xmalloc (512);
|
info_passwd.audit_msg = xmalloc (512);
|
||||||
|
|
||||||
@ -971,6 +978,9 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
+ free(nv_pair);
|
+ free(nv_pair);
|
||||||
}
|
}
|
||||||
if (pflg) {
|
if (pflg) {
|
||||||
|
+ strncat(info_passwd.audit_msg, "op=change-password",
|
||||||
|
+ 511 - strlen (info_passwd.action));
|
||||||
|
+
|
||||||
+ /* Note: audit doesn't want this value recorded */
|
+ /* Note: audit doesn't want this value recorded */
|
||||||
strncat (info_group.action, ", new password",
|
strncat (info_group.action, ", new password",
|
||||||
- 511 - strlen (info_group.audit_msg));
|
- 511 - strlen (info_group.audit_msg));
|
||||||
@ -1006,7 +1016,7 @@ diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c
|
|||||||
"%lu", (unsigned long int) group_newid);
|
"%lu", (unsigned long int) group_newid);
|
||||||
}
|
}
|
||||||
info_group.audit_msg[511] = '\0';
|
info_group.audit_msg[511] = '\0';
|
||||||
@@ -612,6 +644,11 @@ static void prepare_failure_reports (voi
|
@@ -612,6 +654,11 @@ static void prepare_failure_reports (voi
|
||||||
info_gshadow.audit_msg[511] = '\0';
|
info_gshadow.audit_msg[511] = '\0';
|
||||||
#endif
|
#endif
|
||||||
info_passwd.audit_msg[511] = '\0';
|
info_passwd.audit_msg[511] = '\0';
|
||||||
@ -1603,16 +1613,24 @@ diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c
|
|||||||
fail_exit (E_PW_UPDATE);
|
fail_exit (E_PW_UPDATE);
|
||||||
}
|
}
|
||||||
#ifdef ENABLE_SUBIDS
|
#ifdef ENABLE_SUBIDS
|
||||||
@@ -1997,7 +1939,7 @@ static void usr_update (void)
|
@@ -1996,9 +1938,14 @@ static void usr_update (void)
|
||||||
|
#endif /* ENABLE_SUBIDS */
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
|
+ /*
|
||||||
|
+ * Even though we have the ID of the user, we won't send it now
|
||||||
|
+ * because its not written to disk yet. After close_files it is
|
||||||
|
+ * and we can use the real ID thereafter.
|
||||||
|
+ */
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
audit_logger (AUDIT_ADD_USER, Prog,
|
||||||
- "adding user",
|
- "adding user",
|
||||||
|
- user_name, (unsigned int) user_id,
|
||||||
+ "add-user",
|
+ "add-user",
|
||||||
user_name, (unsigned int) user_id,
|
+ user_name, AUDIT_NO_ID,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
@@ -2032,12 +1974,6 @@ static void create_home (void)
|
/*
|
||||||
|
@@ -2032,12 +1979,6 @@ static void create_home (void)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: cannot create directory %s\n"),
|
_("%s: cannot create directory %s\n"),
|
||||||
Prog, prefix_user_home);
|
Prog, prefix_user_home);
|
||||||
@ -1625,7 +1643,7 @@ diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c
|
|||||||
fail_exit (E_HOMEDIR);
|
fail_exit (E_HOMEDIR);
|
||||||
}
|
}
|
||||||
(void) chown (prefix_user_home, user_id, user_gid);
|
(void) chown (prefix_user_home, user_id, user_gid);
|
||||||
@@ -2045,8 +1981,8 @@ static void create_home (void)
|
@@ -2045,8 +1986,8 @@ static void create_home (void)
|
||||||
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
|
||||||
home_added = true;
|
home_added = true;
|
||||||
#ifdef WITH_AUDIT
|
#ifdef WITH_AUDIT
|
||||||
@ -1636,7 +1654,7 @@ diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c
|
|||||||
user_name, (unsigned int) user_id,
|
user_name, (unsigned int) user_id,
|
||||||
SHADOW_AUDIT_SUCCESS);
|
SHADOW_AUDIT_SUCCESS);
|
||||||
#endif
|
#endif
|
||||||
@@ -2231,12 +2167,6 @@ int main (int argc, char **argv)
|
@@ -2231,12 +2172,6 @@ int main (int argc, char **argv)
|
||||||
*/
|
*/
|
||||||
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
|
||||||
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
|
||||||
@ -1649,7 +1667,7 @@ diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c
|
|||||||
fail_exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2252,12 +2182,6 @@ int main (int argc, char **argv)
|
@@ -2252,12 +2187,6 @@ int main (int argc, char **argv)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
|
||||||
Prog, user_name);
|
Prog, user_name);
|
||||||
@ -1662,7 +1680,7 @@ diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c
|
|||||||
fail_exit (E_NAME_IN_USE);
|
fail_exit (E_NAME_IN_USE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2287,12 +2211,6 @@ int main (int argc, char **argv)
|
@@ -2287,12 +2216,6 @@ int main (int argc, char **argv)
|
||||||
fprintf (stderr,
|
fprintf (stderr,
|
||||||
_("%s: UID %lu is not unique\n"),
|
_("%s: UID %lu is not unique\n"),
|
||||||
Prog, (unsigned long) user_id);
|
Prog, (unsigned long) user_id);
|
||||||
|
11
SOURCES/shadow-4.6-ignore-login-prompt.patch
Normal file
11
SOURCES/shadow-4.6-ignore-login-prompt.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
diff -up shadow-4.6/lib/getdef.c.login-prompt shadow-4.6/lib/getdef.c
|
||||||
|
--- shadow-4.6/lib/getdef.c.login-prompt 2018-04-29 18:42:37.000000000 +0200
|
||||||
|
+++ shadow-4.6/lib/getdef.c 2019-03-21 15:06:58.009280504 +0100
|
||||||
|
@@ -94,6 +94,7 @@ static struct itemdef def_table[] = {
|
||||||
|
{"KILLCHAR", NULL},
|
||||||
|
{"LOGIN_RETRIES", NULL},
|
||||||
|
{"LOGIN_TIMEOUT", NULL},
|
||||||
|
+ {"LOGIN_PLAIN_PROMPT", NULL},
|
||||||
|
{"LOG_OK_LOGINS", NULL},
|
||||||
|
{"LOG_UNKFAIL_ENAB", NULL},
|
||||||
|
{"MAIL_DIR", NULL},
|
190
SOURCES/shadow-4.6-use-lckpwdf.patch
Normal file
190
SOURCES/shadow-4.6-use-lckpwdf.patch
Normal file
@ -0,0 +1,190 @@
|
|||||||
|
commit 408b8a548243aebaa6d773beeae8ddf4bb6100f0
|
||||||
|
Author: Tomas Mraz <tmraz@fedoraproject.org>
|
||||||
|
Date: Thu May 2 14:33:06 2019 +0200
|
||||||
|
|
||||||
|
Use the lckpwdf() again if prefix is not set
|
||||||
|
|
||||||
|
The implementation of prefix option dropped the use of lckpwdf().
|
||||||
|
However that is incorrect as other tools manipulating the shadow passwords
|
||||||
|
such as PAM use lckpwdf() and do not know anything about the
|
||||||
|
shadow's own locking mechanism.
|
||||||
|
|
||||||
|
This reverts the implementation to use lckpwdf() if prefix option
|
||||||
|
is not used.
|
||||||
|
|
||||||
|
diff --git a/lib/commonio.c b/lib/commonio.c
|
||||||
|
index 26e518f2..94dda779 100644
|
||||||
|
--- a/lib/commonio.c
|
||||||
|
+++ b/lib/commonio.c
|
||||||
|
@@ -364,6 +364,7 @@ static void free_linked_list (struct commonio_db *db)
|
||||||
|
int commonio_setname (struct commonio_db *db, const char *name)
|
||||||
|
{
|
||||||
|
snprintf (db->filename, sizeof (db->filename), "%s", name);
|
||||||
|
+ db->setname = true;
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -414,37 +415,39 @@ cleanup_ENOMEM:
|
||||||
|
|
||||||
|
int commonio_lock (struct commonio_db *db)
|
||||||
|
{
|
||||||
|
-/*#ifdef HAVE_LCKPWDF*/ /* not compatible with prefix option*/
|
||||||
|
-#if 0
|
||||||
|
- /*
|
||||||
|
- * only if the system libc has a real lckpwdf() - the one from
|
||||||
|
- * lockpw.c calls us and would cause infinite recursion!
|
||||||
|
- */
|
||||||
|
+ int i;
|
||||||
|
|
||||||
|
+#ifdef HAVE_LCKPWDF
|
||||||
|
/*
|
||||||
|
- * Call lckpwdf() on the first lock.
|
||||||
|
- * If it succeeds, call *_lock() only once
|
||||||
|
- * (no retries, it should always succeed).
|
||||||
|
+ * Only if the system libc has a real lckpwdf() - the one from
|
||||||
|
+ * lockpw.c calls us and would cause infinite recursion!
|
||||||
|
+ * It is also not used with the prefix option.
|
||||||
|
*/
|
||||||
|
- if (0 == lock_count) {
|
||||||
|
- if (lckpwdf () == -1) {
|
||||||
|
- if (geteuid () != 0) {
|
||||||
|
- (void) fprintf (stderr,
|
||||||
|
- "%s: Permission denied.\n",
|
||||||
|
- Prog);
|
||||||
|
+ if (!db->setname) {
|
||||||
|
+ /*
|
||||||
|
+ * Call lckpwdf() on the first lock.
|
||||||
|
+ * If it succeeds, call *_lock() only once
|
||||||
|
+ * (no retries, it should always succeed).
|
||||||
|
+ */
|
||||||
|
+ if (0 == lock_count) {
|
||||||
|
+ if (lckpwdf () == -1) {
|
||||||
|
+ if (geteuid () != 0) {
|
||||||
|
+ (void) fprintf (stderr,
|
||||||
|
+ "%s: Permission denied.\n",
|
||||||
|
+ Prog);
|
||||||
|
+ }
|
||||||
|
+ return 0; /* failure */
|
||||||
|
}
|
||||||
|
- return 0; /* failure */
|
||||||
|
}
|
||||||
|
- }
|
||||||
|
|
||||||
|
- if (commonio_lock_nowait (db, true) != 0) {
|
||||||
|
- return 1; /* success */
|
||||||
|
- }
|
||||||
|
+ if (commonio_lock_nowait (db, true) != 0) {
|
||||||
|
+ return 1; /* success */
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- ulckpwdf ();
|
||||||
|
- return 0; /* failure */
|
||||||
|
-#else /* !HAVE_LCKPWDF */
|
||||||
|
- int i;
|
||||||
|
+ ulckpwdf ();
|
||||||
|
+ return 0; /* failure */
|
||||||
|
+ }
|
||||||
|
+#endif /* !HAVE_LCKPWDF */
|
||||||
|
|
||||||
|
/*
|
||||||
|
* lckpwdf() not used - do it the old way.
|
||||||
|
@@ -471,7 +474,6 @@ int commonio_lock (struct commonio_db *db)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return 0; /* failure */
|
||||||
|
-#endif /* !HAVE_LCKPWDF */
|
||||||
|
}
|
||||||
|
|
||||||
|
static void dec_lock_count (void)
|
||||||
|
diff --git a/lib/commonio.h b/lib/commonio.h
|
||||||
|
index 40e5708f..64e83073 100644
|
||||||
|
--- a/lib/commonio.h
|
||||||
|
+++ b/lib/commonio.h
|
||||||
|
@@ -143,6 +143,7 @@ struct commonio_db {
|
||||||
|
bool isopen:1;
|
||||||
|
bool locked:1;
|
||||||
|
bool readonly:1;
|
||||||
|
+ bool setname:1;
|
||||||
|
};
|
||||||
|
|
||||||
|
extern int commonio_setname (struct commonio_db *, const char *);
|
||||||
|
diff --git a/lib/groupio.c b/lib/groupio.c
|
||||||
|
index ae2302b5..bffb06e0 100644
|
||||||
|
--- a/lib/groupio.c
|
||||||
|
+++ b/lib/groupio.c
|
||||||
|
@@ -139,7 +139,8 @@ static /*@owned@*/struct commonio_db group_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int gr_setdbname (const char *filename)
|
||||||
|
diff --git a/lib/pwio.c b/lib/pwio.c
|
||||||
|
index 7ee85377..127719cb 100644
|
||||||
|
--- a/lib/pwio.c
|
||||||
|
+++ b/lib/pwio.c
|
||||||
|
@@ -114,7 +114,8 @@ static struct commonio_db passwd_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int pw_setdbname (const char *filename)
|
||||||
|
diff --git a/lib/sgroupio.c b/lib/sgroupio.c
|
||||||
|
index 5423626a..ffbdb263 100644
|
||||||
|
--- a/lib/sgroupio.c
|
||||||
|
+++ b/lib/sgroupio.c
|
||||||
|
@@ -238,7 +238,8 @@ static struct commonio_db gshadow_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int sgr_setdbname (const char *filename)
|
||||||
|
diff --git a/lib/shadowio.c b/lib/shadowio.c
|
||||||
|
index 5fa3d312..676b1f1a 100644
|
||||||
|
--- a/lib/shadowio.c
|
||||||
|
+++ b/lib/shadowio.c
|
||||||
|
@@ -114,7 +114,8 @@ static struct commonio_db shadow_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int spw_setdbname (const char *filename)
|
||||||
|
diff --git a/lib/subordinateio.c b/lib/subordinateio.c
|
||||||
|
index a662e67e..dd779c59 100644
|
||||||
|
--- a/lib/subordinateio.c
|
||||||
|
+++ b/lib/subordinateio.c
|
||||||
|
@@ -550,7 +550,8 @@ static struct commonio_db subordinate_uid_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int sub_uid_setdbname (const char *filename)
|
||||||
|
@@ -631,7 +632,8 @@ static struct commonio_db subordinate_gid_db = {
|
||||||
|
false, /* changed */
|
||||||
|
false, /* isopen */
|
||||||
|
false, /* locked */
|
||||||
|
- false /* readonly */
|
||||||
|
+ false, /* readonly */
|
||||||
|
+ false /* setname */
|
||||||
|
};
|
||||||
|
|
||||||
|
int sub_gid_setdbname (const char *filename)
|
@ -1,7 +1,7 @@
|
|||||||
Summary: Utilities for managing accounts and shadow password files
|
Summary: Utilities for managing accounts and shadow password files
|
||||||
Name: shadow-utils
|
Name: shadow-utils
|
||||||
Version: 4.6
|
Version: 4.6
|
||||||
Release: 7%{?dist}
|
Release: 8%{?dist}
|
||||||
Epoch: 2
|
Epoch: 2
|
||||||
URL: http://pkg-shadow.alioth.debian.org/
|
URL: http://pkg-shadow.alioth.debian.org/
|
||||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||||
@ -35,6 +35,8 @@ Patch36: shadow-4.6-use-itstool.patch
|
|||||||
Patch37: shadow-4.6-sssd-flush.patch
|
Patch37: shadow-4.6-sssd-flush.patch
|
||||||
Patch38: shadow-4.6-sysugid-min-limit.patch
|
Patch38: shadow-4.6-sysugid-min-limit.patch
|
||||||
Patch39: shadow-4.6-chgrp-guard.patch
|
Patch39: shadow-4.6-chgrp-guard.patch
|
||||||
|
Patch40: shadow-4.6-ignore-login-prompt.patch
|
||||||
|
Patch41: shadow-4.6-use-lckpwdf.patch
|
||||||
|
|
||||||
License: BSD and GPLv2+
|
License: BSD and GPLv2+
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
@ -92,12 +94,17 @@ are used for managing group accounts.
|
|||||||
%patch37 -p1 -b .sssd-flush
|
%patch37 -p1 -b .sssd-flush
|
||||||
%patch38 -p1 -b .sysugid-min-limit
|
%patch38 -p1 -b .sysugid-min-limit
|
||||||
%patch39 -p1 -b .chgrp-guard
|
%patch39 -p1 -b .chgrp-guard
|
||||||
|
%patch40 -p1 -b .login-prompt
|
||||||
|
%patch41 -p1 -b .use-lckpwdf
|
||||||
|
|
||||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||||
|
|
||||||
cp -a %{SOURCE4} %{SOURCE5} .
|
cp -a %{SOURCE4} %{SOURCE5} .
|
||||||
|
|
||||||
|
# Force regeneration of getdate.c
|
||||||
|
rm libmisc/getdate.c
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%ifarch sparc64
|
%ifarch sparc64
|
||||||
#sparc64 need big PIE
|
#sparc64 need big PIE
|
||||||
@ -243,6 +250,18 @@ done
|
|||||||
%{_mandir}/man8/vigr.8*
|
%{_mandir}/man8/vigr.8*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 7 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-8
|
||||||
|
- properly audit group password change
|
||||||
|
- do not add uid of a new (not yet added) user to the audit message
|
||||||
|
- use lckpwdf() again to disable concurrent edits of databases by
|
||||||
|
other applications
|
||||||
|
- clarify chage manual page in regards to shadow and passwd
|
||||||
|
inconsistency
|
||||||
|
- fix minor issues in groupadd and login.defs manual pages
|
||||||
|
- Ignore LOGIN_PLAIN_PROMPT variable in login.defs
|
||||||
|
- force regeneration of getdate.c otherwise the date parsing fix
|
||||||
|
is not applied
|
||||||
|
|
||||||
* Tue Dec 18 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-7
|
* Tue Dec 18 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-7
|
||||||
- usermod: guard against unsafe change of ownership of
|
- usermod: guard against unsafe change of ownership of
|
||||||
special home directories
|
special home directories
|
||||||
|
Loading…
Reference in New Issue
Block a user