- Rebase to version 4.11.1 (#2034038)
- Fix release sources - Add explicit subid requirement for subid-devel Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
This commit is contained in:
parent
bfa562aaf2
commit
2b851f7e96
File diff suppressed because it is too large
Load Diff
22
shadow-4.11.1-null-tm.patch
Normal file
22
shadow-4.11.1-null-tm.patch
Normal file
@ -0,0 +1,22 @@
|
||||
diff -up shadow-4.11.1/src/chage.c.null-tm shadow-4.11.1/src/chage.c
|
||||
diff -up shadow-4.11.1/src/lastlog.c.null-tm shadow-4.11.1/src/lastlog.c
|
||||
--- shadow-4.11.1/src/lastlog.c.null-tm 2022-01-03 15:31:56.348555620 +0100
|
||||
+++ shadow-4.11.1/src/lastlog.c 2022-01-03 15:38:41.262229024 +0100
|
||||
@@ -151,9 +151,12 @@ static void print_one (/*@null@*/const s
|
||||
|
||||
ll_time = ll.ll_time;
|
||||
tm = localtime (&ll_time);
|
||||
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
- cp = ptime;
|
||||
-
|
||||
+ if (tm == NULL) {
|
||||
+ cp = "(unknown)";
|
||||
+ } else {
|
||||
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
+ cp = ptime;
|
||||
+ }
|
||||
if (ll.ll_time == (time_t) 0) {
|
||||
cp = _("**Never logged in**\0");
|
||||
}
|
||||
diff -up shadow-4.11.1/src/passwd.c.null-tm shadow-4.11.1/src/passwd.c
|
||||
diff -up shadow-4.11.1/src/usermod.c.null-tm shadow-4.11.1/src/usermod.c
|
@ -1,7 +1,7 @@
|
||||
diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||
--- shadow-4.9/src/useradd.c.redhat 2021-07-22 23:55:35.000000000 +0200
|
||||
+++ shadow-4.9/src/useradd.c 2021-08-02 11:45:11.942867250 +0200
|
||||
@@ -104,7 +104,7 @@ FILE *shadow_logfd = NULL;
|
||||
diff -up shadow-4.11.1/src/useradd.c.redhat shadow-4.11.1/src/useradd.c
|
||||
--- shadow-4.11.1/src/useradd.c.redhat 2022-01-03 01:46:53.000000000 +0100
|
||||
+++ shadow-4.11.1/src/useradd.c 2022-01-03 14:53:12.988484829 +0100
|
||||
@@ -82,7 +82,7 @@ const char *Prog;
|
||||
static gid_t def_group = 1000;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
@ -9,8 +9,8 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||
+static const char *def_shell = "/sbin/nologin";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
static const char *def_create_mail_spool = "yes";
|
||||
|
||||
@@ -114,7 +114,7 @@ static const char *def_expire = "";
|
||||
static const char *def_log_init = "yes";
|
||||
@@ -93,7 +93,7 @@ static const char *def_expire = "";
|
||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
||||
|
||||
static const char *user_name = "";
|
||||
@ -19,7 +19,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||
static uid_t user_id;
|
||||
static gid_t user_gid;
|
||||
static const char *user_comment = "";
|
||||
@@ -1204,9 +1204,9 @@ static void process_flags (int argc, cha
|
||||
@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
@ -31,7 +31,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1363,6 +1363,7 @@ static void process_flags (int argc, cha
|
||||
@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha
|
||||
case 'M':
|
||||
Mflg = true;
|
||||
break;
|
@ -1,245 +0,0 @@
|
||||
diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml
|
||||
--- shadow-4.9/man/getsubids.1.xml.getsubids 2021-11-18 16:27:33.951053120 +0100
|
||||
+++ shadow-4.9/man/getsubids.1.xml 2021-11-18 16:27:33.951053120 +0100
|
||||
@@ -0,0 +1,141 @@
|
||||
+<?xml version="1.0" encoding="UTF-8"?>
|
||||
+<!--
|
||||
+ Copyright (c) 2021 Iker Pedrosa
|
||||
+ All rights reserved.
|
||||
+
|
||||
+ Redistribution and use in source and binary forms, with or without
|
||||
+ modification, are permitted provided that the following conditions
|
||||
+ are met:
|
||||
+ 1. Redistributions of source code must retain the above copyright
|
||||
+ notice, this list of conditions and the following disclaimer.
|
||||
+ 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ notice, this list of conditions and the following disclaimer in the
|
||||
+ documentation and/or other materials provided with the distribution.
|
||||
+ 3. The name of the copyright holders or contributors may not be used to
|
||||
+ endorse or promote products derived from this software without
|
||||
+ specific prior written permission.
|
||||
+
|
||||
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+-->
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
||||
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
||||
+<!-- SHADOW-CONFIG-HERE -->
|
||||
+]>
|
||||
+
|
||||
+<refentry id='getsubids.1'>
|
||||
+ <refentryinfo>
|
||||
+ <author>
|
||||
+ <firstname>Iker</firstname>
|
||||
+ <surname>Pedrosa</surname>
|
||||
+ <contrib>Creation, 2021</contrib>
|
||||
+ </author>
|
||||
+ </refentryinfo>
|
||||
+ <refmeta>
|
||||
+ <refentrytitle>getsubids</refentrytitle>
|
||||
+ <manvolnum>1</manvolnum>
|
||||
+ <refmiscinfo class="sectdesc">User Commands</refmiscinfo>
|
||||
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
|
||||
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
||||
+ </refmeta>
|
||||
+ <refnamediv id='name'>
|
||||
+ <refname>getsubids</refname>
|
||||
+ <refpurpose>get the subordinate id ranges for a user</refpurpose>
|
||||
+ </refnamediv>
|
||||
+
|
||||
+ <refsynopsisdiv id='synopsis'>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>getsubids</command>
|
||||
+ <arg choice='opt'>
|
||||
+ <replaceable>options</replaceable>
|
||||
+ </arg>
|
||||
+ <arg choice='plain'>
|
||||
+ <replaceable>USER</replaceable>
|
||||
+ </arg>
|
||||
+ </cmdsynopsis>
|
||||
+ </refsynopsisdiv>
|
||||
+
|
||||
+ <refsect1 id='description'>
|
||||
+ <title>DESCRIPTION</title>
|
||||
+ <para>
|
||||
+ The <command>getsubids</command> command lists the subordinate user ID
|
||||
+ ranges for a given user. The subordinate group IDs can be listed using
|
||||
+ the <option>-g</option> option.
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+
|
||||
+ <refsect1 id='options'>
|
||||
+ <title>OPTIONS</title>
|
||||
+ <para>
|
||||
+ The options which apply to the <command>getsubids</command> command are:
|
||||
+ </para>
|
||||
+ <variablelist remap='IP'>
|
||||
+ <varlistentry>
|
||||
+ <term>
|
||||
+ <option>-g</option>
|
||||
+ </term>
|
||||
+ <listitem>
|
||||
+ <para>
|
||||
+ List the subordinate group ID ranges.
|
||||
+ </para>
|
||||
+ </listitem>
|
||||
+ </varlistentry>
|
||||
+ </variablelist>
|
||||
+ </refsect1>
|
||||
+
|
||||
+ <refsect1 id='example'>
|
||||
+ <title>EXAMPLE</title>
|
||||
+ <para>
|
||||
+ For example, to obtain the subordinate UIDs of the testuser:
|
||||
+ </para>
|
||||
+ <para>
|
||||
+<programlisting>
|
||||
+$ getsubids testuser
|
||||
+0: testuser 100000 65536
|
||||
+</programlisting>
|
||||
+ </para>
|
||||
+ <para>
|
||||
+ This command output provides (in order from left to right) the list
|
||||
+ index, username, UID range start, and number of UIDs in range.
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+
|
||||
+ <refsect1 id='see_also'>
|
||||
+ <title>SEE ALSO</title>
|
||||
+ <para>
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>useradd</refentrytitle><manvolnum>8</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>userdel</refentrytitle><manvolnum>8</manvolnum>
|
||||
+ </citerefentry>.
|
||||
+ <citerefentry>
|
||||
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
||||
+ </citerefentry>,
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+</refentry>
|
||||
diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am
|
||||
--- shadow-4.9/man/Makefile.am.getsubids 2021-07-22 23:55:35.000000000 +0200
|
||||
+++ shadow-4.9/man/Makefile.am 2021-11-18 16:27:33.951053120 +0100
|
||||
@@ -62,6 +62,7 @@ man_MANS += $(man_nopam)
|
||||
endif
|
||||
|
||||
man_subids = \
|
||||
+ man1/getsubids.1 \
|
||||
man1/newgidmap.1 \
|
||||
man1/newuidmap.1 \
|
||||
man5/subgid.5 \
|
||||
@@ -80,6 +81,7 @@ man_XMANS = \
|
||||
expiry.1.xml \
|
||||
faillog.5.xml \
|
||||
faillog.8.xml \
|
||||
+ getsubids.1.xml \
|
||||
gpasswd.1.xml \
|
||||
groupadd.8.xml \
|
||||
groupdel.8.xml \
|
||||
diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c
|
||||
--- shadow-4.9/src/getsubids.c.getsubids 2021-11-18 16:27:33.951053120 +0100
|
||||
+++ shadow-4.9/src/getsubids.c 2021-11-18 16:27:33.951053120 +0100
|
||||
@@ -0,0 +1,46 @@
|
||||
+#include <stdio.h>
|
||||
+#include <string.h>
|
||||
+#include <stdlib.h>
|
||||
+#include "subid.h"
|
||||
+#include "prototypes.h"
|
||||
+
|
||||
+const char *Prog;
|
||||
+FILE *shadow_logfd = NULL;
|
||||
+
|
||||
+void usage(void)
|
||||
+{
|
||||
+ fprintf(stderr, "Usage: %s [-g] user\n", Prog);
|
||||
+ fprintf(stderr, " list subuid ranges for user\n");
|
||||
+ fprintf(stderr, " pass -g to list subgid ranges\n");
|
||||
+ exit(EXIT_FAILURE);
|
||||
+}
|
||||
+
|
||||
+int main(int argc, char *argv[])
|
||||
+{
|
||||
+ int i, count=0;
|
||||
+ struct subid_range *ranges;
|
||||
+ const char *owner;
|
||||
+
|
||||
+ Prog = Basename (argv[0]);
|
||||
+ shadow_logfd = stderr;
|
||||
+ if (argc < 2)
|
||||
+ usage();
|
||||
+ owner = argv[1];
|
||||
+ if (argc == 3 && strcmp(argv[1], "-g") == 0) {
|
||||
+ owner = argv[2];
|
||||
+ count = get_subgid_ranges(owner, &ranges);
|
||||
+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) {
|
||||
+ usage();
|
||||
+ } else {
|
||||
+ count = get_subuid_ranges(owner, &ranges);
|
||||
+ }
|
||||
+ if (!ranges) {
|
||||
+ fprintf(stderr, "Error fetching ranges\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ for (i = 0; i < count; i++) {
|
||||
+ printf("%d: %s %lu %lu\n", i, owner,
|
||||
+ ranges[i].start, ranges[i].count);
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c
|
||||
diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am
|
||||
--- shadow-4.9/src/Makefile.am.getsubids 2021-11-18 16:27:33.943053061 +0100
|
||||
+++ shadow-4.9/src/Makefile.am 2021-11-18 16:28:03.647272392 +0100
|
||||
@@ -157,8 +157,8 @@ if FCAPS
|
||||
setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap
|
||||
endif
|
||||
|
||||
-noinst_PROGRAMS += list_subid_ranges \
|
||||
- get_subid_owners \
|
||||
+bin_PROGRAMS += getsubids
|
||||
+noinst_PROGRAMS += get_subid_owners \
|
||||
new_subid_range \
|
||||
free_subid_range \
|
||||
check_subid_range
|
||||
@@ -174,13 +174,13 @@ MISCLIBS = \
|
||||
$(LIBCRYPT) \
|
||||
$(LIBTCB)
|
||||
|
||||
-list_subid_ranges_LDADD = \
|
||||
+getsubids_LDADD = \
|
||||
$(top_builddir)/lib/libshadow.la \
|
||||
$(top_builddir)/libmisc/libmisc.la \
|
||||
$(top_builddir)/libsubid/libsubid.la \
|
||||
$(MISCLIBS) -ldl
|
||||
|
||||
-list_subid_ranges_CPPFLAGS = \
|
||||
+getsubids_CPPFLAGS = \
|
||||
-I$(top_srcdir)/lib \
|
||||
-I$(top_srcdir)/libmisc \
|
||||
-I$(top_srcdir)/libsubid
|
@ -1,13 +0,0 @@
|
||||
diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c
|
||||
--- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100
|
||||
+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100
|
||||
@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent()
|
||||
if(!passwd_db_file) {
|
||||
return getpwent();
|
||||
}
|
||||
+ if (!fp_pwent) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
return fgetpwent(fp_pwent);
|
||||
}
|
||||
extern void prefix_endpwent()
|
@ -1,60 +0,0 @@
|
||||
From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001
|
||||
From: Mike Gilbert <floppym@gentoo.org>
|
||||
Date: Sat, 14 Aug 2021 13:24:34 -0400
|
||||
Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds()
|
||||
|
||||
If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified,
|
||||
use SHA_ROUNDS_DEFAULT.
|
||||
|
||||
Previously, the code fell through, calling shadow_random(-1, -1). This
|
||||
ultimately set rounds = (unsigned long) -1, which ends up being a very
|
||||
large number! This then got capped to SHA_ROUNDS_MAX later in the
|
||||
function.
|
||||
|
||||
The new behavior matches BCRYPT_get_salt_rounds().
|
||||
|
||||
Bug: https://bugs.gentoo.org/808195
|
||||
Fixes: https://github.com/shadow-maint/shadow/issues/393
|
||||
---
|
||||
libmisc/salt.c | 21 +++++++++++----------
|
||||
1 file changed, 11 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/libmisc/salt.c b/libmisc/salt.c
|
||||
index 91d528fd..30eefb9c 100644
|
||||
--- a/libmisc/salt.c
|
||||
+++ b/libmisc/salt.c
|
||||
@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre
|
||||
if ((-1 == min_rounds) && (-1 == max_rounds)) {
|
||||
rounds = SHA_ROUNDS_DEFAULT;
|
||||
}
|
||||
+ else {
|
||||
+ if (-1 == min_rounds) {
|
||||
+ min_rounds = max_rounds;
|
||||
+ }
|
||||
|
||||
- if (-1 == min_rounds) {
|
||||
- min_rounds = max_rounds;
|
||||
- }
|
||||
+ if (-1 == max_rounds) {
|
||||
+ max_rounds = min_rounds;
|
||||
+ }
|
||||
|
||||
- if (-1 == max_rounds) {
|
||||
- max_rounds = min_rounds;
|
||||
- }
|
||||
+ if (min_rounds > max_rounds) {
|
||||
+ max_rounds = min_rounds;
|
||||
+ }
|
||||
|
||||
- if (min_rounds > max_rounds) {
|
||||
- max_rounds = min_rounds;
|
||||
+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
||||
}
|
||||
-
|
||||
- rounds = (unsigned long) shadow_random (min_rounds, max_rounds);
|
||||
} else if (0 == *prefered_rounds) {
|
||||
rounds = SHA_ROUNDS_DEFAULT;
|
||||
} else {
|
||||
--
|
||||
2.31.1
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,88 +0,0 @@
|
||||
From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Fri, 8 Oct 2021 13:09:59 +0200
|
||||
Subject: [PATCH] useradd: create directories after the SELinux user
|
||||
|
||||
Create the home and mail folders after the SELinux user has been set for
|
||||
the added user. This will allow the folders to be created with the
|
||||
SELinux user label.
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/useradd.c | 46 +++++++++++++++++++++++-----------------------
|
||||
1 file changed, 23 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index 6269c01c..b463a170 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -2670,27 +2670,12 @@ int main (int argc, char **argv)
|
||||
|
||||
usr_update ();
|
||||
|
||||
- if (mflg) {
|
||||
- create_home ();
|
||||
- if (home_added) {
|
||||
- copy_tree (def_template, prefix_user_home, false, false,
|
||||
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
- } else {
|
||||
- fprintf (stderr,
|
||||
- _("%s: warning: the home directory %s already exists.\n"
|
||||
- "%s: Not copying any file from skel directory into it.\n"),
|
||||
- Prog, user_home, Prog);
|
||||
- }
|
||||
-
|
||||
- }
|
||||
-
|
||||
- /* Do not create mail directory for system accounts */
|
||||
- if (!rflg) {
|
||||
- create_mail ();
|
||||
- }
|
||||
-
|
||||
close_files ();
|
||||
|
||||
+ nscd_flush_cache ("passwd");
|
||||
+ nscd_flush_cache ("group");
|
||||
+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
+
|
||||
/*
|
||||
* tallylog_reset needs to be able to lookup
|
||||
* a valid existing user name,
|
||||
@@ -2716,15 +2701,30 @@ int main (int argc, char **argv)
|
||||
}
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
+ if (mflg) {
|
||||
+ create_home ();
|
||||
+ if (home_added) {
|
||||
+ copy_tree (def_template, prefix_user_home, false, false,
|
||||
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
+ } else {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: warning: the home directory %s already exists.\n"
|
||||
+ "%s: Not copying any file from skel directory into it.\n"),
|
||||
+ Prog, user_home, Prog);
|
||||
+ }
|
||||
+
|
||||
+ }
|
||||
+
|
||||
+ /* Do not create mail directory for system accounts */
|
||||
+ if (!rflg) {
|
||||
+ create_mail ();
|
||||
+ }
|
||||
+
|
||||
if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name,
|
||||
"useradd")) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
- nscd_flush_cache ("passwd");
|
||||
- nscd_flush_cache ("group");
|
||||
- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
|
||||
-
|
||||
return E_SUCCESS;
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,35 +0,0 @@
|
||||
From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Wed, 10 Nov 2021 12:02:04 +0100
|
||||
Subject: [PATCH] newgrp: fix segmentation fault
|
||||
|
||||
Fix segmentation fault in newgrp when xgetspnam() returns a NULL value
|
||||
that is immediately freed.
|
||||
|
||||
The error was committed in
|
||||
https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/newgrp.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/newgrp.c b/src/newgrp.c
|
||||
index 730f47e8..566f1c89 100644
|
||||
--- a/src/newgrp.c
|
||||
+++ b/src/newgrp.c
|
||||
@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp,
|
||||
spwd = xgetspnam (pwd->pw_name);
|
||||
if (NULL != spwd) {
|
||||
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
|
||||
+ spw_free (spwd);
|
||||
}
|
||||
- spw_free (spwd);
|
||||
|
||||
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
|
||||
needspasswd = true;
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,15 +0,0 @@
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 7c1a3491..6cc873be 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT)
|
||||
endif
|
||||
|
||||
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
|
||||
-newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
||||
-newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl
|
||||
+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
||||
+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl
|
||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
@ -1,70 +0,0 @@
|
||||
Index: shadow-4.5/src/chage.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/chage.c
|
||||
+++ shadow-4.5/src/chage.c
|
||||
@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
|
||||
struct tm *tp;
|
||||
|
||||
tp = gmtime (&date);
|
||||
+ if (tp == NULL) {
|
||||
+ (void) snprintf (buf, maxsize, "(unknown)");
|
||||
+ return;
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
|
||||
#else
|
||||
Index: shadow-4.5/src/lastlog.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/lastlog.c
|
||||
+++ shadow-4.5/src/lastlog.c
|
||||
@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
|
||||
|
||||
ll_time = ll.ll_time;
|
||||
tm = localtime (&ll_time);
|
||||
+ if (tm == NULL) {
|
||||
+ cp = "(unknown)";
|
||||
+ } else {
|
||||
#ifdef HAVE_STRFTIME
|
||||
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
- cp = ptime;
|
||||
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
|
||||
+ cp = ptime;
|
||||
#else
|
||||
- cp = asctime (tm);
|
||||
- cp[24] = '\0';
|
||||
+ cp = asctime (tm);
|
||||
+ cp[24] = '\0';
|
||||
#endif
|
||||
+ }
|
||||
|
||||
if (ll.ll_time == (time_t) 0) {
|
||||
cp = _("**Never logged in**\0");
|
||||
Index: shadow-4.5/src/passwd.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/passwd.c
|
||||
+++ shadow-4.5/src/passwd.c
|
||||
@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
|
||||
struct tm *tm;
|
||||
|
||||
tm = gmtime (&t);
|
||||
+ if (tm == NULL) {
|
||||
+ return "(unknown)";
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
|
||||
#else /* !HAVE_STRFTIME */
|
||||
Index: shadow-4.5/src/usermod.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/usermod.c
|
||||
+++ shadow-4.5/src/usermod.c
|
||||
@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
|
||||
} else {
|
||||
time_t t = (time_t) date;
|
||||
tp = gmtime (&t);
|
||||
+ if (tp == NULL) {
|
||||
+ strncpy (buf, "unknown", maxsize);
|
||||
+ return;
|
||||
+ }
|
||||
#ifdef HAVE_STRFTIME
|
||||
strftime (buf, maxsize, "%Y-%m-%d", tp);
|
||||
#else
|
@ -1,30 +0,0 @@
|
||||
From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Mon, 15 Nov 2021 12:40:15 +0100
|
||||
Subject: [PATCH] pwck: fix segfault when calling fprintf()
|
||||
|
||||
As shadow_logfd variable is not set at the beginning of the program if
|
||||
something fails and fprintf() is called a segmentation fault happens.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/pwck.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/pwck.c b/src/pwck.c
|
||||
index 4248944a..4ce86af2 100644
|
||||
--- a/src/pwck.c
|
||||
+++ b/src/pwck.c
|
||||
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
|
||||
* Get my name so that I can use it to report errors.
|
||||
*/
|
||||
Prog = Basename (argv[0]);
|
||||
+ shadow_logfd = stderr;
|
||||
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,507 +0,0 @@
|
||||
diff -up shadow-4.9/lib/commonio.c.debug2 shadow-4.9/lib/commonio.c
|
||||
--- shadow-4.9/lib/commonio.c.debug2 2022-01-10 10:57:47.535238522 +0100
|
||||
+++ shadow-4.9/lib/commonio.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -147,7 +147,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: %s\n",
|
||||
- Prog, file, strerror (errno));
|
||||
+ shadow_progname, file, strerror (errno));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@@ -159,7 +159,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s file write error: %s\n",
|
||||
- Prog, file, strerror (errno));
|
||||
+ shadow_progname, file, strerror (errno));
|
||||
}
|
||||
(void) close (fd);
|
||||
unlink (file);
|
||||
@@ -169,7 +169,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s file sync error: %s\n",
|
||||
- Prog, file, strerror (errno));
|
||||
+ shadow_progname, file, strerror (errno));
|
||||
}
|
||||
(void) close (fd);
|
||||
unlink (file);
|
||||
@@ -182,7 +182,7 @@ static int do_lock_file (const char *fil
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: lock file already used\n",
|
||||
- Prog, file);
|
||||
+ shadow_progname, file);
|
||||
}
|
||||
unlink (file);
|
||||
return retval;
|
||||
@@ -193,7 +193,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: %s\n",
|
||||
- Prog, lock, strerror (errno));
|
||||
+ shadow_progname, lock, strerror (errno));
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
@@ -205,7 +205,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: existing lock file %s without a PID\n",
|
||||
- Prog, lock);
|
||||
+ shadow_progname, lock);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
@@ -216,7 +216,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: existing lock file %s with an invalid PID '%s'\n",
|
||||
- Prog, lock, buf);
|
||||
+ shadow_progname, lock, buf);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
@@ -226,7 +226,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: lock %s already used by PID %lu\n",
|
||||
- Prog, lock, (unsigned long) pid);
|
||||
+ shadow_progname, lock, (unsigned long) pid);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EEXIST;
|
||||
@@ -236,7 +236,7 @@ static int do_lock_file (const char *fil
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: cannot get lock %s: %s\n",
|
||||
- Prog, lock, strerror (errno));
|
||||
+ shadow_progname, lock, strerror (errno));
|
||||
}
|
||||
unlink (file);
|
||||
return 0;
|
||||
@@ -248,13 +248,13 @@ static int do_lock_file (const char *fil
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: lock file already used\n",
|
||||
- Prog, file);
|
||||
+ shadow_progname, file);
|
||||
}
|
||||
} else {
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: cannot get lock %s: %s\n",
|
||||
- Prog, lock, strerror (errno));
|
||||
+ shadow_progname, lock, strerror (errno));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -449,7 +449,7 @@ int commonio_lock (struct commonio_db *d
|
||||
if (geteuid () != 0) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: Permission denied.\n",
|
||||
- Prog);
|
||||
+ shadow_progname);
|
||||
}
|
||||
return 0; /* failure */
|
||||
}
|
||||
@@ -484,7 +484,7 @@ int commonio_lock (struct commonio_db *d
|
||||
/* no unnecessary retries on "permission denied" errors */
|
||||
if (geteuid () != 0) {
|
||||
(void) fprintf (shadow_logfd, "%s: Permission denied.\n",
|
||||
- Prog);
|
||||
+ shadow_progname);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
diff -up shadow-4.9/lib/nscd.c.debug2 shadow-4.9/lib/nscd.c
|
||||
--- shadow-4.9/lib/nscd.c.debug2 2022-01-10 10:57:47.537238536 +0100
|
||||
+++ shadow-4.9/lib/nscd.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -26,7 +26,7 @@ int nscd_flush_cache (const char *servic
|
||||
|
||||
if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) {
|
||||
/* run_command writes its own more detailed message. */
|
||||
- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
|
||||
+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ int nscd_flush_cache (const char *servic
|
||||
if (!WIFEXITED (status)) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
_("%s: nscd did not terminate normally (signal %d)\n"),
|
||||
- Prog, WTERMSIG (status));
|
||||
+ shadow_progname, WTERMSIG (status));
|
||||
return -1;
|
||||
} else if (code == E_CMD_NOTFOUND) {
|
||||
/* nscd is not installed, or it is installed but uses an
|
||||
@@ -45,8 +45,8 @@ int nscd_flush_cache (const char *servic
|
||||
return 0;
|
||||
} else if (code != 0) {
|
||||
(void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"),
|
||||
- Prog, code);
|
||||
- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
|
||||
+ shadow_progname, code);
|
||||
+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname);
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up shadow-4.9/lib/selinux.c.debug2 shadow-4.9/lib/selinux.c
|
||||
--- shadow-4.9/lib/selinux.c.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/selinux.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -216,7 +216,7 @@ int check_selinux_permit (const char *pe
|
||||
if (getprevcon_raw (&user_context_raw) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: can not get previous SELinux process context: %s\n"),
|
||||
- Prog, strerror (errno));
|
||||
+ shadow_progname, strerror (errno));
|
||||
SYSLOG ((LOG_WARN,
|
||||
"can not get previous SELinux process context: %s",
|
||||
strerror (errno)));
|
||||
diff -up shadow-4.9/lib/shadowlog.c.debug2 shadow-4.9/lib/shadowlog.c
|
||||
--- shadow-4.9/lib/shadowlog.c.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/shadowlog.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -2,14 +2,17 @@
|
||||
|
||||
#include "lib/shadowlog_internal.h"
|
||||
|
||||
+const char *shadow_progname;
|
||||
+FILE *shadow_logfd;
|
||||
+
|
||||
void log_set_progname(const char *progname)
|
||||
{
|
||||
- Prog = progname;
|
||||
+ shadow_progname = progname;
|
||||
}
|
||||
|
||||
const char *log_get_progname(void)
|
||||
{
|
||||
- return Prog;
|
||||
+ return shadow_progname;
|
||||
}
|
||||
|
||||
void log_set_logfd(FILE *fd)
|
||||
diff -up shadow-4.9/lib/shadowlog_internal.h.debug2 shadow-4.9/lib/shadowlog_internal.h
|
||||
--- shadow-4.9/lib/shadowlog_internal.h.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/shadowlog_internal.h 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -1,2 +1,2 @@
|
||||
-const char *Prog; /* Program name showed in error messages */
|
||||
-FILE *shadow_logfd; /* file descripter to which error messages are printed */
|
||||
+extern const char *shadow_progname; /* Program name showed in error messages */
|
||||
+extern FILE *shadow_logfd; /* file descripter to which error messages are printed */
|
||||
diff -up shadow-4.9/lib/spawn.c.debug2 shadow-4.9/lib/spawn.c
|
||||
--- shadow-4.9/lib/spawn.c.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/spawn.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -60,11 +60,11 @@ int run_command (const char *cmd, const
|
||||
exit (E_CMD_NOTFOUND);
|
||||
}
|
||||
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
|
||||
- Prog, cmd, strerror (errno));
|
||||
+ shadow_progname, cmd, strerror (errno));
|
||||
exit (E_CMD_NOEXEC);
|
||||
} else if ((pid_t)-1 == pid) {
|
||||
fprintf (shadow_logfd, "%s: cannot execute %s: %s\n",
|
||||
- Prog, cmd, strerror (errno));
|
||||
+ shadow_progname, cmd, strerror (errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -77,7 +77,7 @@ int run_command (const char *cmd, const
|
||||
|
||||
if ((pid_t)-1 == wpid) {
|
||||
fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n",
|
||||
- Prog, *status, strerror (errno));
|
||||
+ shadow_progname, *status, strerror (errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up shadow-4.9/lib/sssd.c.debug2 shadow-4.9/lib/sssd.c
|
||||
--- shadow-4.9/lib/sssd.c.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/sssd.c 2022-01-10 10:57:47.544238586 +0100
|
||||
@@ -48,22 +48,22 @@ int sssd_flush_cache (int dbflags)
|
||||
free(sss_cache_args);
|
||||
if (rv != 0) {
|
||||
/* run_command writes its own more detailed message. */
|
||||
- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
|
||||
+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
|
||||
return -1;
|
||||
}
|
||||
|
||||
code = WEXITSTATUS (status);
|
||||
if (!WIFEXITED (status)) {
|
||||
SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)",
|
||||
- Prog, WTERMSIG (status)));
|
||||
+ shadow_progname, WTERMSIG (status)));
|
||||
return -1;
|
||||
} else if (code == E_CMD_NOTFOUND) {
|
||||
/* sss_cache is not installed, or it is installed but uses an
|
||||
interpreter that is missing. Probably the former. */
|
||||
return 0;
|
||||
} else if (code != 0) {
|
||||
- SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code));
|
||||
- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
|
||||
+ SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", shadow_progname, code));
|
||||
+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname));
|
||||
return -1;
|
||||
}
|
||||
|
||||
diff -up shadow-4.9/lib/tcbfuncs.c.debug2 shadow-4.9/lib/tcbfuncs.c
|
||||
--- shadow-4.9/lib/tcbfuncs.c.debug2 2022-01-10 10:57:47.538238543 +0100
|
||||
+++ shadow-4.9/lib/tcbfuncs.c 2022-01-10 10:59:01.228764507 +0100
|
||||
@@ -74,7 +74,7 @@ shadowtcb_status shadowtcb_gain_priv (vo
|
||||
* to exit soon.
|
||||
*/
|
||||
#define OUT_OF_MEMORY do { \
|
||||
- fprintf (shadow_logfd, _("%s: out of memory\n"), Prog); \
|
||||
+ fprintf (shadow_logfd, _("%s: out of memory\n"), shadow_progname); \
|
||||
(void) fflush (shadow_logfd); \
|
||||
} while (false)
|
||||
|
||||
@@ -120,7 +120,7 @@ static /*@null@*/ char *shadowtcb_path_r
|
||||
if (lstat (path, &st) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot stat %s: %s\n"),
|
||||
- Prog, path, strerror (errno));
|
||||
+ shadow_progname, path, strerror (errno));
|
||||
free (path);
|
||||
return NULL;
|
||||
}
|
||||
@@ -136,7 +136,7 @@ static /*@null@*/ char *shadowtcb_path_r
|
||||
if (!S_ISLNK (st.st_mode)) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: %s is neither a directory, nor a symlink.\n"),
|
||||
- Prog, path);
|
||||
+ shadow_progname, path);
|
||||
free (path);
|
||||
return NULL;
|
||||
}
|
||||
@@ -144,7 +144,7 @@ static /*@null@*/ char *shadowtcb_path_r
|
||||
if (-1 == ret) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot read symbolic link %s: %s\n"),
|
||||
- Prog, path, strerror (errno));
|
||||
+ shadow_progname, path, strerror (errno));
|
||||
free (path);
|
||||
return NULL;
|
||||
}
|
||||
@@ -153,7 +153,7 @@ static /*@null@*/ char *shadowtcb_path_r
|
||||
link[sizeof(link) - 1] = '\0';
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Suspiciously long symlink: %s\n"),
|
||||
- Prog, link);
|
||||
+ shadow_progname, link);
|
||||
return NULL;
|
||||
}
|
||||
link[(size_t)ret] = '\0';
|
||||
@@ -211,7 +211,7 @@ static shadowtcb_status mkdir_leading (c
|
||||
if (stat (TCB_DIR, &st) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot stat %s: %s\n"),
|
||||
- Prog, TCB_DIR, strerror (errno));
|
||||
+ shadow_progname, TCB_DIR, strerror (errno));
|
||||
goto out_free_path;
|
||||
}
|
||||
while ((ind = strchr (ptr, '/'))) {
|
||||
@@ -223,19 +223,19 @@ static shadowtcb_status mkdir_leading (c
|
||||
if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot create directory %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free_dir;
|
||||
}
|
||||
if (chown (dir, 0, st.st_gid) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owner of %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free_dir;
|
||||
}
|
||||
if (chmod (dir, 0711) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change mode of %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free_dir;
|
||||
}
|
||||
free (dir);
|
||||
@@ -265,7 +265,7 @@ static shadowtcb_status unlink_suffs (co
|
||||
if ((unlink (tmp) != 0) && (errno != ENOENT)) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: unlink: %s: %s\n"),
|
||||
- Prog, tmp, strerror (errno));
|
||||
+ shadow_progname, tmp, strerror (errno));
|
||||
free (tmp);
|
||||
return SHADOWTCB_FAILURE;
|
||||
}
|
||||
@@ -290,7 +290,7 @@ static shadowtcb_status rmdir_leading (c
|
||||
if (errno != ENOTEMPTY) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot remove directory %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
ret = SHADOWTCB_FAILURE;
|
||||
}
|
||||
free (dir);
|
||||
@@ -319,7 +319,7 @@ static shadowtcb_status move_dir (const
|
||||
if (stat (olddir, &oldmode) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot stat %s: %s\n"),
|
||||
- Prog, olddir, strerror (errno));
|
||||
+ shadow_progname, olddir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
old_uid = oldmode.st_uid;
|
||||
@@ -346,7 +346,7 @@ static shadowtcb_status move_dir (const
|
||||
if (rename (real_old_dir, real_new_dir) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot rename %s to %s: %s\n"),
|
||||
- Prog, real_old_dir, real_new_dir, strerror (errno));
|
||||
+ shadow_progname, real_old_dir, real_new_dir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (rmdir_leading (real_old_dir_rel) == SHADOWTCB_FAILURE) {
|
||||
@@ -355,7 +355,7 @@ static shadowtcb_status move_dir (const
|
||||
if ((unlink (olddir) != 0) && (errno != ENOENT)) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot remove %s: %s\n"),
|
||||
- Prog, olddir, strerror (errno));
|
||||
+ shadow_progname, olddir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (asprintf (&newdir, TCB_DIR "/%s", user_newname) == -1) {
|
||||
@@ -369,7 +369,7 @@ static shadowtcb_status move_dir (const
|
||||
&& (symlink (real_new_dir_rel, newdir) != 0)) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot create symbolic link %s: %s\n"),
|
||||
- Prog, real_new_dir_rel, strerror (errno));
|
||||
+ shadow_progname, real_new_dir_rel, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
ret = SHADOWTCB_SUCCESS;
|
||||
@@ -468,31 +468,31 @@ shadowtcb_status shadowtcb_move (/*@NULL
|
||||
if (stat (tcbdir, &dirmode) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot stat %s: %s\n"),
|
||||
- Prog, tcbdir, strerror (errno));
|
||||
+ shadow_progname, tcbdir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chown (tcbdir, 0, 0) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owners of %s: %s\n"),
|
||||
- Prog, tcbdir, strerror (errno));
|
||||
+ shadow_progname, tcbdir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chmod (tcbdir, 0700) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change mode of %s: %s\n"),
|
||||
- Prog, tcbdir, strerror (errno));
|
||||
+ shadow_progname, tcbdir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (lstat (shadow, &filemode) != 0) {
|
||||
if (errno != ENOENT) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot lstat %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Warning, user %s has no tcb shadow file.\n"),
|
||||
- Prog, user_newname);
|
||||
+ shadow_progname, user_newname);
|
||||
} else {
|
||||
if (!S_ISREG (filemode.st_mode) ||
|
||||
filemode.st_nlink != 1) {
|
||||
@@ -500,19 +500,19 @@ shadowtcb_status shadowtcb_move (/*@NULL
|
||||
_("%s: Emergency: %s's tcb shadow is not a "
|
||||
"regular file with st_nlink=1.\n"
|
||||
"The account is left locked.\n"),
|
||||
- Prog, user_newname);
|
||||
+ shadow_progname, user_newname);
|
||||
goto out_free;
|
||||
}
|
||||
if (chown (shadow, user_newid, filemode.st_gid) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owner of %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chmod (shadow, filemode.st_mode & 07777) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change mode of %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
}
|
||||
@@ -522,7 +522,7 @@ shadowtcb_status shadowtcb_move (/*@NULL
|
||||
if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owner of %s: %s\n"),
|
||||
- Prog, tcbdir, strerror (errno));
|
||||
+ shadow_progname, tcbdir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
ret = SHADOWTCB_SUCCESS;
|
||||
@@ -547,7 +547,7 @@ shadowtcb_status shadowtcb_create (const
|
||||
if (stat (TCB_DIR, &tcbdir_stat) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot stat %s: %s\n"),
|
||||
- Prog, TCB_DIR, strerror (errno));
|
||||
+ shadow_progname, TCB_DIR, strerror (errno));
|
||||
return SHADOWTCB_FAILURE;
|
||||
}
|
||||
shadowgid = tcbdir_stat.st_gid;
|
||||
@@ -567,39 +567,39 @@ shadowtcb_status shadowtcb_create (const
|
||||
if (mkdir (dir, 0700) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: mkdir: %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600);
|
||||
if (fd < 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot open %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
close (fd);
|
||||
if (chown (shadow, 0, authgid) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owner of %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change mode of %s: %s\n"),
|
||||
- Prog, shadow, strerror (errno));
|
||||
+ shadow_progname, shadow, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chown (dir, 0, authgid) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change owner of %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("%s: Cannot change mode of %s: %s\n"),
|
||||
- Prog, dir, strerror (errno));
|
||||
+ shadow_progname, dir, strerror (errno));
|
||||
goto out_free;
|
||||
}
|
||||
if ( (shadowtcb_set_user (name) == SHADOWTCB_FAILURE)
|
@ -1,30 +0,0 @@
|
||||
From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001
|
||||
From: Serge Hallyn <serge@hallyn.com>
|
||||
Date: Sat, 14 Aug 2021 19:37:24 -0500
|
||||
Subject: [PATCH] Revert "useradd.c:fix memleaks of grp"
|
||||
|
||||
In some cases, the value which was being freed is not actually
|
||||
safe to free.
|
||||
|
||||
Closes #394
|
||||
|
||||
This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5.
|
||||
---
|
||||
src/useradd.c | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index f90127cd..0d3f390d 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -413,7 +413,6 @@ static void get_defaults (void)
|
||||
} else {
|
||||
def_group = grp->gr_gid;
|
||||
def_gname = xstrdup (grp->gr_name);
|
||||
- gr_free(grp);
|
||||
}
|
||||
}
|
||||
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,61 +0,0 @@
|
||||
From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Fri, 8 Oct 2021 13:13:13 +0200
|
||||
Subject: [PATCH] semanage: close the selabel handle
|
||||
|
||||
Close the selabel handle to update the file_context. This means that the
|
||||
file_context will be remmaped and used by selabel_lookup() to return
|
||||
the appropriate context to label the home folder.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
lib/prototypes.h | 1 +
|
||||
lib/selinux.c | 5 +++++
|
||||
lib/semanage.c | 1 +
|
||||
3 files changed, 7 insertions(+)
|
||||
|
||||
diff --git a/lib/prototypes.h b/lib/prototypes.h
|
||||
index 1d1586d4..b697e0ec 100644
|
||||
--- a/lib/prototypes.h
|
||||
+++ b/lib/prototypes.h
|
||||
@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const
|
||||
/* selinux.c */
|
||||
#ifdef WITH_SELINUX
|
||||
extern int set_selinux_file_context (const char *dst_name, mode_t mode);
|
||||
+extern void reset_selinux_handle (void);
|
||||
extern int reset_selinux_file_context (void);
|
||||
extern int check_selinux_permit (const char *perm_name);
|
||||
#endif
|
||||
diff --git a/lib/selinux.c b/lib/selinux.c
|
||||
index c83545f9..b075d4c0 100644
|
||||
--- a/lib/selinux.c
|
||||
+++ b/lib/selinux.c
|
||||
@@ -50,6 +50,11 @@ static void cleanup(void)
|
||||
}
|
||||
}
|
||||
|
||||
+void reset_selinux_handle (void)
|
||||
+{
|
||||
+ cleanup();
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* set_selinux_file_context - Set the security context before any file or
|
||||
* directory creation.
|
||||
diff --git a/lib/semanage.c b/lib/semanage.c
|
||||
index 0d30456a..a5bf9218 100644
|
||||
--- a/lib/semanage.c
|
||||
+++ b/lib/semanage.c
|
||||
@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name)
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
+ reset_selinux_handle();
|
||||
|
||||
done:
|
||||
semanage_seuser_key_free (key);
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,39 +0,0 @@
|
||||
diff -up shadow-4.9/lib/shadowlog.c.debug3 shadow-4.9/lib/shadowlog.c
|
||||
--- shadow-4.9/lib/shadowlog.c.debug3 2022-01-10 11:16:31.636261531 +0100
|
||||
+++ shadow-4.9/lib/shadowlog.c 2022-01-10 11:16:31.637261538 +0100
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
#include "lib/shadowlog_internal.h"
|
||||
|
||||
-const char *shadow_progname;
|
||||
-FILE *shadow_logfd;
|
||||
+const char *shadow_progname = "libshadow";
|
||||
+FILE *shadow_logfd = NULL;
|
||||
|
||||
void log_set_progname(const char *progname)
|
||||
{
|
||||
diff -up shadow-4.9/libsubid/api.c.debug3 shadow-4.9/libsubid/api.c
|
||||
--- shadow-4.9/libsubid/api.c.debug3 2022-01-10 11:16:31.637261538 +0100
|
||||
+++ shadow-4.9/libsubid/api.c 2022-01-10 11:17:15.431574120 +0100
|
||||
@@ -40,17 +40,16 @@
|
||||
#include "subid.h"
|
||||
#include "shadowlog.h"
|
||||
|
||||
-const char *Prog = "(libsubid)";
|
||||
-
|
||||
bool libsubid_init(const char *progname, FILE * logfd)
|
||||
{
|
||||
FILE *shadow_logfd;
|
||||
if (progname) {
|
||||
progname = strdup(progname);
|
||||
- if (progname)
|
||||
- Prog = progname;
|
||||
- else
|
||||
+ if (!progname)
|
||||
return false;
|
||||
+ log_set_progname(progname);
|
||||
+ } else {
|
||||
+ log_set_progname("(libsubid)");
|
||||
}
|
||||
|
||||
if (logfd) {
|
@ -1,79 +0,0 @@
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index baeffb35..9abeea6e 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -142,9 +142,7 @@ static bool is_sub_gid = false;
|
||||
static bool sub_uid_locked = false;
|
||||
static bool sub_gid_locked = false;
|
||||
static uid_t sub_uid_start; /* New subordinate uid range */
|
||||
-static unsigned long sub_uid_count;
|
||||
static gid_t sub_gid_start; /* New subordinate gid range */
|
||||
-static unsigned long sub_gid_count;
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
static bool pw_locked = false;
|
||||
static bool gr_locked = false;
|
||||
@@ -234,7 +232,7 @@ static void open_shadow (void);
|
||||
static void faillog_reset (uid_t);
|
||||
static void lastlog_reset (uid_t);
|
||||
static void tallylog_reset (const char *);
|
||||
-static void usr_update (void);
|
||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count);
|
||||
static void create_home (void);
|
||||
static void create_mail (void);
|
||||
static void check_uid_range(int rflg, uid_t user_id);
|
||||
@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name)
|
||||
* usr_update() creates the password file entries for this user
|
||||
* and will update the group entries if required.
|
||||
*/
|
||||
-static void usr_update (void)
|
||||
+static void usr_update (unsigned long subuid_count, unsigned long subgid_count)
|
||||
{
|
||||
struct passwd pwent;
|
||||
struct spwd spent;
|
||||
@@ -2155,14 +2153,14 @@ static void usr_update (void)
|
||||
}
|
||||
#ifdef ENABLE_SUBIDS
|
||||
if (is_sub_uid &&
|
||||
- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
|
||||
+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to prepare the new %s entry\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
fail_exit (E_SUB_UID_UPDATE);
|
||||
}
|
||||
if (is_sub_gid &&
|
||||
- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
|
||||
+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to prepare the new %s entry\n"),
|
||||
Prog, sub_uid_dbname ());
|
||||
@@ -2624,16 +2622,16 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SUBIDS
|
||||
- if (is_sub_uid && sub_uid_count != 0) {
|
||||
- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) {
|
||||
+ if (is_sub_uid && subuid_count != 0) {
|
||||
+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: can't create subordinate user IDs\n"),
|
||||
Prog);
|
||||
fail_exit(E_SUB_UID_UPDATE);
|
||||
}
|
||||
}
|
||||
- if (is_sub_gid && sub_gid_count != 0) {
|
||||
- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) {
|
||||
+ if (is_sub_gid && subgid_count != 0) {
|
||||
+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) {
|
||||
fprintf (stderr,
|
||||
_("%s: can't create subordinate group IDs\n"),
|
||||
Prog);
|
||||
@@ -2642,7 +2640,7 @@ int main (int argc, char **argv)
|
||||
}
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
- usr_update ();
|
||||
+ usr_update (subuid_count, subgid_count);
|
||||
|
||||
close_files ();
|
||||
|
@ -1,13 +0,0 @@
|
||||
diff --git a/src/useradd.c b/src/useradd.c
|
||||
index b463a170..f7c97958 100644
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -2704,7 +2704,7 @@ int main (int argc, char **argv)
|
||||
if (mflg) {
|
||||
create_home ();
|
||||
if (home_added) {
|
||||
- copy_tree (def_template, prefix_user_home, false, false,
|
||||
+ copy_tree (def_template, prefix_user_home, false, true,
|
||||
(uid_t)-1, user_id, (gid_t)-1, user_gid);
|
||||
} else {
|
||||
fprintf (stderr,
|
@ -1,322 +0,0 @@
|
||||
From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001
|
||||
From: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Date: Tue, 3 Aug 2021 08:57:20 +0200
|
||||
Subject: [PATCH] usermod: allow all group types with -G option
|
||||
|
||||
The only way of removing a group from the supplementary list is to use
|
||||
-G option, and list all groups that the user is a member of except for
|
||||
the one that wants to be removed. The problem lies when there's a user
|
||||
that contains both local and remote groups, and the group to be removed
|
||||
is a local one. As we need to include the remote group with -G option
|
||||
the command will fail.
|
||||
|
||||
This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way,
|
||||
it would be possible to remove the remote groups from the supplementary
|
||||
list.
|
||||
|
||||
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641
|
||||
Resolves: https://github.com/shadow-maint/shadow/issues/338
|
||||
|
||||
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
---
|
||||
src/usermod.c | 220 ++++++++++++++++++--------------------------------
|
||||
1 file changed, 77 insertions(+), 143 deletions(-)
|
||||
|
||||
diff --git a/src/usermod.c b/src/usermod.c
|
||||
index 03bb9b9d..a0c03afa 100644
|
||||
--- a/src/usermod.c
|
||||
+++ b/src/usermod.c
|
||||
@@ -187,7 +187,6 @@ static bool sub_gid_locked = false;
|
||||
static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
|
||||
long int date);
|
||||
static int get_groups (char *);
|
||||
-static struct group * get_local_group (char * grp_name);
|
||||
static /*@noreturn@*/void usage (int status);
|
||||
static void new_pwent (struct passwd *);
|
||||
static void new_spent (struct spwd *);
|
||||
@@ -201,9 +200,7 @@ static void grp_update (void);
|
||||
|
||||
static void process_flags (int, char **);
|
||||
static void close_files (void);
|
||||
-static void close_group_files (void);
|
||||
static void open_files (void);
|
||||
-static void open_group_files (void);
|
||||
static void usr_update (void);
|
||||
static void move_home (void);
|
||||
static void update_lastlog (void);
|
||||
@@ -260,11 +257,6 @@ static int get_groups (char *list)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- /*
|
||||
- * Open the group files
|
||||
- */
|
||||
- open_group_files ();
|
||||
-
|
||||
/*
|
||||
* So long as there is some data to be converted, strip off each
|
||||
* name and look it up. A mix of numerical and string values for
|
||||
@@ -284,7 +276,7 @@ static int get_groups (char *list)
|
||||
* Names starting with digits are treated as numerical GID
|
||||
* values, otherwise the string is looked up as is.
|
||||
*/
|
||||
- grp = get_local_group (list);
|
||||
+ grp = prefix_getgr_nam_gid (list);
|
||||
|
||||
/*
|
||||
* There must be a match, either by GID value or by
|
||||
@@ -334,8 +326,6 @@ static int get_groups (char *list)
|
||||
gr_free ((struct group *)grp);
|
||||
} while (NULL != list);
|
||||
|
||||
- close_group_files ();
|
||||
-
|
||||
user_groups[ngroups] = (char *) 0;
|
||||
|
||||
/*
|
||||
@@ -348,44 +338,6 @@ static int get_groups (char *list)
|
||||
return 0;
|
||||
}
|
||||
|
||||
-/*
|
||||
- * get_local_group - checks if a given group name exists locally
|
||||
- *
|
||||
- * get_local_group() checks if a given group name exists locally.
|
||||
- * If the name exists the group information is returned, otherwise NULL is
|
||||
- * returned.
|
||||
- */
|
||||
-static struct group * get_local_group(char * grp_name)
|
||||
-{
|
||||
- const struct group *grp;
|
||||
- struct group *result_grp = NULL;
|
||||
- long long int gid;
|
||||
- char *endptr;
|
||||
-
|
||||
- gid = strtoll (grp_name, &endptr, 10);
|
||||
- if ( ('\0' != *grp_name)
|
||||
- && ('\0' == *endptr)
|
||||
- && (ERANGE != errno)
|
||||
- && (gid == (gid_t)gid)) {
|
||||
- grp = gr_locate_gid ((gid_t) gid);
|
||||
- }
|
||||
- else {
|
||||
- grp = gr_locate(grp_name);
|
||||
- }
|
||||
-
|
||||
- if (grp != NULL) {
|
||||
- result_grp = __gr_dup (grp);
|
||||
- if (NULL == result_grp) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: Out of memory. Cannot find group '%s'.\n"),
|
||||
- Prog, grp_name);
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
- }
|
||||
-
|
||||
- return result_grp;
|
||||
-}
|
||||
-
|
||||
#ifdef ENABLE_SUBIDS
|
||||
struct ulong_range
|
||||
{
|
||||
@@ -1523,7 +1475,50 @@ static void close_files (void)
|
||||
}
|
||||
|
||||
if (Gflg || lflg) {
|
||||
- close_group_files ();
|
||||
+ if (gr_close () == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failure while writing changes to %s\n"),
|
||||
+ Prog, gr_dbname ());
|
||||
+ SYSLOG ((LOG_ERR,
|
||||
+ "failure while writing changes to %s",
|
||||
+ gr_dbname ()));
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (is_shadow_grp) {
|
||||
+ if (sgr_close () == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failure while writing changes to %s\n"),
|
||||
+ Prog, sgr_dbname ());
|
||||
+ SYSLOG ((LOG_ERR,
|
||||
+ "failure while writing changes to %s",
|
||||
+ sgr_dbname ()));
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (is_shadow_grp) {
|
||||
+ if (sgr_unlock () == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to unlock %s\n"),
|
||||
+ Prog, sgr_dbname ());
|
||||
+ SYSLOG ((LOG_ERR,
|
||||
+ "failed to unlock %s",
|
||||
+ sgr_dbname ()));
|
||||
+ /* continue */
|
||||
+ }
|
||||
+ }
|
||||
+#endif
|
||||
+ if (gr_unlock () == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: failed to unlock %s\n"),
|
||||
+ Prog, gr_dbname ());
|
||||
+ SYSLOG ((LOG_ERR,
|
||||
+ "failed to unlock %s",
|
||||
+ gr_dbname ()));
|
||||
+ /* continue */
|
||||
+ }
|
||||
}
|
||||
|
||||
if (is_shadow_pwd) {
|
||||
@@ -1592,60 +1587,6 @@ static void close_files (void)
|
||||
#endif
|
||||
}
|
||||
|
||||
-/*
|
||||
- * close_group_files - close all of the files that were opened
|
||||
- *
|
||||
- * close_group_files() closes all of the files that were opened related
|
||||
- * with groups. This causes any modified entries to be written out.
|
||||
- */
|
||||
-static void close_group_files (void)
|
||||
-{
|
||||
- if (gr_close () == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: failure while writing changes to %s\n"),
|
||||
- Prog, gr_dbname ());
|
||||
- SYSLOG ((LOG_ERR,
|
||||
- "failure while writing changes to %s",
|
||||
- gr_dbname ()));
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
-#ifdef SHADOWGRP
|
||||
- if (is_shadow_grp) {
|
||||
- if (sgr_close () == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: failure while writing changes to %s\n"),
|
||||
- Prog, sgr_dbname ());
|
||||
- SYSLOG ((LOG_ERR,
|
||||
- "failure while writing changes to %s",
|
||||
- sgr_dbname ()));
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
-#ifdef SHADOWGRP
|
||||
- if (is_shadow_grp) {
|
||||
- if (sgr_unlock () == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: failed to unlock %s\n"),
|
||||
- Prog, sgr_dbname ());
|
||||
- SYSLOG ((LOG_ERR,
|
||||
- "failed to unlock %s",
|
||||
- sgr_dbname ()));
|
||||
- /* continue */
|
||||
- }
|
||||
- }
|
||||
-#endif
|
||||
- if (gr_unlock () == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: failed to unlock %s\n"),
|
||||
- Prog, gr_dbname ());
|
||||
- SYSLOG ((LOG_ERR,
|
||||
- "failed to unlock %s",
|
||||
- gr_dbname ()));
|
||||
- /* continue */
|
||||
- }
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* open_files - lock and open the password files
|
||||
*
|
||||
@@ -1681,7 +1622,38 @@ static void open_files (void)
|
||||
}
|
||||
|
||||
if (Gflg || lflg) {
|
||||
- open_group_files ();
|
||||
+ /*
|
||||
+ * Lock and open the group file. This will load all of the
|
||||
+ * group entries.
|
||||
+ */
|
||||
+ if (gr_lock () == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot lock %s; try again later.\n"),
|
||||
+ Prog, gr_dbname ());
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+ gr_locked = true;
|
||||
+ if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot open %s\n"),
|
||||
+ Prog, gr_dbname ());
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (is_shadow_grp && (sgr_lock () == 0)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot lock %s; try again later.\n"),
|
||||
+ Prog, sgr_dbname ());
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+ sgr_locked = true;
|
||||
+ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
||||
+ fprintf (stderr,
|
||||
+ _("%s: cannot open %s\n"),
|
||||
+ Prog, sgr_dbname ());
|
||||
+ fail_exit (E_GRP_UPDATE);
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
#ifdef ENABLE_SUBIDS
|
||||
if (vflg || Vflg) {
|
||||
@@ -1717,44 +1689,6 @@ static void open_files (void)
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
}
|
||||
|
||||
-/*
|
||||
- * open_group_files - lock and open the group files
|
||||
- *
|
||||
- * open_group_files() loads all of the group entries.
|
||||
- */
|
||||
-static void open_group_files (void)
|
||||
-{
|
||||
- if (gr_lock () == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot lock %s; try again later.\n"),
|
||||
- Prog, gr_dbname ());
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
- gr_locked = true;
|
||||
- if (gr_open (O_CREAT | O_RDWR) == 0) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot open %s\n"),
|
||||
- Prog, gr_dbname ());
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
-
|
||||
-#ifdef SHADOWGRP
|
||||
- if (is_shadow_grp && (sgr_lock () == 0)) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot lock %s; try again later.\n"),
|
||||
- Prog, sgr_dbname ());
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
- sgr_locked = true;
|
||||
- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) {
|
||||
- fprintf (stderr,
|
||||
- _("%s: cannot open %s\n"),
|
||||
- Prog, sgr_dbname ());
|
||||
- fail_exit (E_GRP_UPDATE);
|
||||
- }
|
||||
-#endif
|
||||
-}
|
||||
-
|
||||
/*
|
||||
* usr_update - create the user entries
|
||||
*
|
||||
--
|
||||
2.31.1
|
||||
|
@ -1,12 +1,12 @@
|
||||
Summary: Utilities for managing accounts and shadow password files
|
||||
Name: shadow-utils
|
||||
Version: 4.9
|
||||
Release: 10%{?dist}
|
||||
Version: 4.11.1
|
||||
Release: 1%{?dist}
|
||||
Epoch: 2
|
||||
License: BSD and GPLv2+
|
||||
URL: https://github.com/shadow-maint/shadow
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
|
||||
Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source2: shadow-utils.useradd
|
||||
Source3: shadow-utils.login.defs
|
||||
Source4: shadow-bsd.txt
|
||||
@ -18,11 +18,9 @@ Source6: shadow-utils.HOME_MODE.xml
|
||||
|
||||
### Patches ###
|
||||
# Misc small changes - most probably non-upstreamable
|
||||
Patch0: shadow-4.9-redhat.patch
|
||||
Patch0: shadow-4.11.1-redhat.patch
|
||||
# Be more lenient with acceptable user/group names - non upstreamable
|
||||
Patch1: shadow-4.8-goodname.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/09c752f00f9dfc610f66d68be38c9e5be8ca7f15
|
||||
Patch2: shadow-4.9-move-create-home.patch
|
||||
# SElinux related - upstreamability unknown
|
||||
Patch3: shadow-4.9-default-range.patch
|
||||
# Misc manual page changes - non-upstreamable
|
||||
@ -32,50 +30,21 @@ Patch5: shadow-4.2.1-date-parsing.patch
|
||||
# Additional error message - could be upstreamed
|
||||
Patch6: shadow-4.6-move-home.patch
|
||||
# Audit message changes - upstreamability unknown
|
||||
Patch7: shadow-4.9-audit-update.patch
|
||||
Patch7: shadow-4.11.1-audit-update.patch
|
||||
# Changes related to password unlocking - could be upstreamed
|
||||
Patch8: shadow-4.5-usermod-unlock.patch
|
||||
# Additional SElinux related changes - upstreamability unknown
|
||||
Patch9: shadow-4.8-selinux-perms.patch
|
||||
# Handle NULL return from *time funcs - could be upstreamed
|
||||
Patch10: shadow-4.9-null-tm.patch
|
||||
# Handle NULL return from *time funcs - upstreamable
|
||||
Patch10: shadow-4.11.1-null-tm.patch
|
||||
# Handle /etc/passwd corruption - could be upstreamed
|
||||
Patch11: shadow-4.8-long-entry.patch
|
||||
# Limit uid/gid allocation to non-zero - could be upstreamed
|
||||
Patch12: shadow-4.6-sysugid-min-limit.patch
|
||||
# Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
|
||||
Patch13: shadow-4.8-ignore-login-prompt.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/c6847011e8b656adacd9a0d2a78418cad0de34cb
|
||||
Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991
|
||||
Patch15: shadow-4.9-usermod-allow-all-group-types.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249
|
||||
Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62
|
||||
Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/234af5cf67fc1a3ba99fc246ba65869a3c416545
|
||||
Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba
|
||||
Patch19: shadow-4.9-revert-useradd-fix-memleak.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2
|
||||
Patch20: shadow-4.9-useradd-copy-tree-argument.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
|
||||
Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
|
||||
Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734
|
||||
Patch23: shadow-4.9-getsubids.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83
|
||||
Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/79157cbad87f42cdc2068d72e798488572c68bb2
|
||||
Patch25: shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/0e6fe5e728a45baff3977d73e81a27adb6ae30c6
|
||||
Patch26: shadow-4.9-rename-prog-to-shadow-progname.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/2b0bdef6f9a18382e92b0fb6d893c4339123ffac
|
||||
# https://github.com/shadow-maint/shadow/commit/9750fd681919ed558a9b044248a284d567cddf1a
|
||||
Patch27: shadow-4.9-shadow-progname-default-init.patch
|
||||
# https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c
|
||||
Patch28: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
|
||||
Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch
|
||||
|
||||
### Dependencies ###
|
||||
Requires: audit-libs >= 1.6.5
|
||||
@ -129,6 +98,7 @@ Utility library that provides a way to manage subid ranges.
|
||||
%package subid-devel
|
||||
Summary: Development package for shadow-utils-subid
|
||||
License: BSD and GPLv2+
|
||||
Requires: shadow-utils-subid = %{version}-%{release}
|
||||
|
||||
%description subid-devel
|
||||
Development files for shadow-utils-subid.
|
||||
@ -137,7 +107,6 @@ Development files for shadow-utils-subid.
|
||||
%setup -q -n shadow-%{version}
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch1 -p1 -b .goodname
|
||||
%patch2 -p1 -b .move-create-home
|
||||
%patch3 -p1 -b .default-range
|
||||
%patch4 -p1 -b .manfix
|
||||
%patch5 -p1 -b .date-parsing
|
||||
@ -149,21 +118,7 @@ Development files for shadow-utils-subid.
|
||||
%patch11 -p1 -b .long-entry
|
||||
%patch12 -p1 -b .sysugid-min-limit
|
||||
%patch13 -p1 -b .login-prompt
|
||||
%patch14 -p1 -b .newuidmap-libeconf-dependency
|
||||
%patch15 -p1 -b .usermod-allow-all-group-types
|
||||
%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range
|
||||
%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds
|
||||
%patch18 -p1 -b .semanage-close-the-selabel-handle
|
||||
%patch19 -p1 -b .revert-useradd-fix-memleak
|
||||
%patch20 -p1 -b .useradd-copy-tree-argument
|
||||
%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf
|
||||
%patch22 -p1 -b .newgrp-fix-segmentation-fault
|
||||
%patch23 -p1 -b .getsubids
|
||||
%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist
|
||||
%patch25 -p1 -b .make-shadow-logfd-and-prog-not-extern
|
||||
%patch26 -p1 -b .rename-prog-to-shadow-progname
|
||||
%patch27 -p1 -b .shadow-progname-default-init
|
||||
%patch28 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
|
||||
%patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
cp -f doc/HOWTO.utf8 doc/HOWTO
|
||||
@ -275,8 +230,9 @@ echo $(ls)
|
||||
mkdir -p $RPM_BUILD_ROOT/%{includesubiddir}
|
||||
install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/
|
||||
|
||||
# Remove .la files created by libsubid
|
||||
# Remove .la and .a files created by libsubid
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||
rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
|
||||
|
||||
%files -f shadow.lang
|
||||
%doc NEWS doc/HOWTO README
|
||||
@ -336,6 +292,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
|
||||
%{_libdir}/libsubid.so
|
||||
|
||||
%changelog
|
||||
* Tue Jan 25 2022 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.11.1-1
|
||||
- Rebase to version 4.11.1 (#2034038)
|
||||
- Fix release sources
|
||||
- Add explicit subid requirement for subid-devel
|
||||
|
||||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.9-10
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user