From 38a12ac864a9292512ca74dc0f00b88ef71f371b Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 28 May 2018 15:25:08 +0200 Subject: [PATCH] update to current upstream release 4.6 --- .gitignore | 2 + shadow-4.1.5-2ndskip.patch | 102 ----- shadow-4.1.5.1-ingroup.patch | 64 ---- shadow-4.1.5.1-move-home.patch | 16 - shadow-4.1.5.1-newgrp-grouplist.patch | 71 ---- shadow-4.5-userdel-chroot.patch | 74 ---- ...ate.patch => shadow-4.6-audit-update.patch | 359 +++++++++--------- shadow-4.6-getenforce.patch | 21 + shadow-4.6-move-home.patch | 15 + ...ext.patch => shadow-4.6-orig-context.patch | 49 ++- ....5-redhat.patch => shadow-4.6-redhat.patch | 19 +- ...-selinux.patch => shadow-4.6-selinux.patch | 26 +- shadow-4.6-usermod-crash.patch | 42 ++ shadow-utils.spec | 29 +- sources | 4 +- 15 files changed, 312 insertions(+), 581 deletions(-) delete mode 100644 shadow-4.1.5-2ndskip.patch delete mode 100644 shadow-4.1.5.1-ingroup.patch delete mode 100644 shadow-4.1.5.1-move-home.patch delete mode 100644 shadow-4.1.5.1-newgrp-grouplist.patch delete mode 100644 shadow-4.5-userdel-chroot.patch rename shadow-4.3.1-audit-update.patch => shadow-4.6-audit-update.patch (88%) create mode 100644 shadow-4.6-getenforce.patch create mode 100644 shadow-4.6-move-home.patch rename shadow-4.5-orig-context.patch => shadow-4.6-orig-context.patch (65%) rename shadow-4.1.5-redhat.patch => shadow-4.6-redhat.patch (60%) rename shadow-4.5-selinux.patch => shadow-4.6-selinux.patch (75%) create mode 100644 shadow-4.6-usermod-crash.patch diff --git a/.gitignore b/.gitignore index d1e7d76..3b04b1e 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ shadow-4.1.4.2.tar.bz2 /shadow-4.3.1.tar.gz /shadow-4.5.tar.xz /shadow-4.5.tar.xz.asc +/shadow-4.6.tar.xz +/shadow-4.6.tar.xz.asc diff --git a/shadow-4.1.5-2ndskip.patch b/shadow-4.1.5-2ndskip.patch deleted file mode 100644 index 5a8e444..0000000 --- a/shadow-4.1.5-2ndskip.patch +++ /dev/null @@ -1,102 +0,0 @@ -Index: shadow-4.5/src/grpconv.c -=================================================================== ---- shadow-4.5.orig/src/grpconv.c -+++ shadow-4.5/src/grpconv.c -@@ -143,6 +143,7 @@ int main (int argc, char **argv) - struct group grent; - const struct sgrp *sg; - struct sgrp sgent; -+ char *np; - - Prog = Basename (argv[0]); - -@@ -184,20 +185,25 @@ int main (int argc, char **argv) - * Remove /etc/gshadow entries for groups not in /etc/group. - */ - (void) sgr_rewind (); -- while ((sg = sgr_next ()) != NULL) { -- if (gr_locate (sg->sg_name) != NULL) { -- continue; -- } -- -- if (sgr_remove (sg->sg_name) == 0) { -- /* -- * This shouldn't happen (the entry exists) but... -- */ -- fprintf (stderr, -- _("%s: cannot remove entry '%s' from %s\n"), -- Prog, sg->sg_name, sgr_dbname ()); -- fail_exit (3); -+ sg = sgr_next (); -+ np=NULL; -+ while (sg != NULL) { -+ np = strdup(sg->sg_name); -+ sg = sgr_next (); -+ -+ if(gr_locate (np) == NULL) { -+ if (sgr_remove (np) == 0) { -+ /* -+ * This shouldn't happen (the entry exists) but... -+ */ -+ fprintf (stderr, -+ _("%s: cannot remove entry '%s' from %s\n"), -+ Prog, np, sgr_dbname ()); -+ free(np); -+ fail_exit (3); -+ } - } -+ free(np); - } - - /* -Index: shadow-4.5/src/pwconv.c -=================================================================== ---- shadow-4.5.orig/src/pwconv.c -+++ shadow-4.5/src/pwconv.c -@@ -173,6 +173,7 @@ int main (int argc, char **argv) - struct passwd pwent; - const struct spwd *sp; - struct spwd spent; -+ char *np; - - Prog = Basename (argv[0]); - -@@ -223,20 +224,25 @@ int main (int argc, char **argv) - * Remove /etc/shadow entries for users not in /etc/passwd. - */ - (void) spw_rewind (); -- while ((sp = spw_next ()) != NULL) { -- if (pw_locate (sp->sp_namp) != NULL) { -- continue; -- } -- -- if (spw_remove (sp->sp_namp) == 0) { -- /* -- * This shouldn't happen (the entry exists) but... -- */ -- fprintf (stderr, -- _("%s: cannot remove entry '%s' from %s\n"), -- Prog, sp->sp_namp, spw_dbname ()); -- fail_exit (E_FAILURE); -+ sp = spw_next (); -+ np = NULL; -+ while (sp != NULL) { -+ np = strdup(sp->sp_namp); -+ sp = spw_next (); -+ -+ if (pw_locate (np) == NULL) { -+ if (spw_remove (np) == 0) { -+ /* -+ * This shouldn't happen (the entry exists) but... -+ */ -+ fprintf (stderr, -+ _("%s: cannot remove entry '%s' from %s\n"), -+ Prog, np, spw_dbname ()); -+ free(np); -+ fail_exit (E_FAILURE); -+ } - } -+ free(np); - } - - /* diff --git a/shadow-4.1.5.1-ingroup.patch b/shadow-4.1.5.1-ingroup.patch deleted file mode 100644 index 1c30198..0000000 --- a/shadow-4.1.5.1-ingroup.patch +++ /dev/null @@ -1,64 +0,0 @@ -Index: shadow-4.5/src/newgrp.c -=================================================================== ---- shadow-4.5.orig/src/newgrp.c -+++ shadow-4.5/src/newgrp.c -@@ -83,15 +83,29 @@ static void usage (void) - } - } - -+static bool ingroup(const char *name, struct group *gr) -+{ -+ char **look; -+ bool notfound = true; -+ -+ look = gr->gr_mem; -+ while (*look && notfound) -+ notfound = strcmp (*look++, name); -+ -+ return !notfound; -+} -+ - /* -- * find_matching_group - search all groups of a given group id for -+ * find_matching_group - search all groups of a gr's group id for - * membership of a given username -+ * but check gr itself first - */ --static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid) -+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr) - { -- struct group *gr; -- char **look; -- bool notfound = true; -+ gid_t gid = gr->gr_gid; -+ -+ if (ingroup(name, gr)) -+ return gr; - - setgrent (); - while ((gr = getgrent ()) != NULL) { -@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc - * A group with matching GID was found. - * Test for membership of 'name'. - */ -- look = gr->gr_mem; -- while ((NULL != *look) && notfound) { -- notfound = (strcmp (*look, name) != 0); -- look++; -- } -- if (!notfound) { -+ if (ingroup(name, gr)) - break; -- } - } - endgrent (); - return gr; -@@ -630,7 +638,7 @@ int main (int argc, char **argv) - * groups of the same GID like the requested group for - * membership of the current user. - */ -- grp = find_matching_group (name, grp->gr_gid); -+ grp = find_matching_group (name, grp); - if (NULL == grp) { - /* - * No matching group found. As we already know that diff --git a/shadow-4.1.5.1-move-home.patch b/shadow-4.1.5.1-move-home.patch deleted file mode 100644 index f1790e2..0000000 --- a/shadow-4.1.5.1-move-home.patch +++ /dev/null @@ -1,16 +0,0 @@ -Index: shadow-4.5/src/usermod.c -=================================================================== ---- shadow-4.5.orig/src/usermod.c -+++ shadow-4.5/src/usermod.c -@@ -1814,6 +1814,11 @@ static void move_home (void) - Prog, user_home, user_newhome); - fail_exit (E_HOMEDIR); - } -+ } else { -+ fprintf (stderr, -+ _("%s: The previous home directory (%s) does " -+ "not exist or is inaccessible. Move cannot be completed.\n"), -+ Prog, user_home); - } - } - diff --git a/shadow-4.1.5.1-newgrp-grouplist.patch b/shadow-4.1.5.1-newgrp-grouplist.patch deleted file mode 100644 index 47eb6f6..0000000 --- a/shadow-4.1.5.1-newgrp-grouplist.patch +++ /dev/null @@ -1,71 +0,0 @@ -Index: shadow-4.5/src/newgrp.c -=================================================================== ---- shadow-4.5.orig/src/newgrp.c -+++ shadow-4.5/src/newgrp.c -@@ -396,6 +396,7 @@ int main (int argc, char **argv) - { - bool initflag = false; - int i; -+ bool is_member = false; - bool cflag = false; - int err = 0; - gid_t gid; -@@ -645,22 +646,36 @@ int main (int argc, char **argv) - goto failure; - } - -+#ifdef HAVE_SETGROUPS -+ /* when using pam_group, she will not be listed in the groups -+ * database. However getgroups() will return the group. So -+ * if she is listed there already it is ok to grant membership. -+ */ -+ for (i = 0; i < ngroups; i++) { -+ if (grp->gr_gid == grouplist[i]) { -+ is_member = true; -+ break; -+ } -+ } -+#endif /* HAVE_SETGROUPS */ - /* - * For splitted groups (due to limitations of NIS), check all - * groups of the same GID like the requested group for - * membership of the current user. - */ -- grp = find_matching_group (name, grp); -- if (NULL == grp) { -- /* -- * No matching group found. As we already know that -- * the group exists, this happens only in the case -- * of a requested group where the user is not member. -- * -- * Re-read the group entry for further processing. -- */ -- grp = xgetgrnam (group); -- assert (NULL != grp); -+ if (!is_member) { -+ grp = find_matching_group (name, grp); -+ if (NULL == grp) { -+ /* -+ * No matching group found. As we already know that -+ * the group exists, this happens only in the case -+ * of a requested group where the user is not member. -+ * -+ * Re-read the group entry for further processing. -+ */ -+ grp = xgetgrnam (group); -+ assert (NULL != grp); -+ } - } - #ifdef SHADOWGRP - sgrp = getsgnam (group); -@@ -673,7 +688,9 @@ int main (int argc, char **argv) - /* - * Check if the user is allowed to access this group. - */ -- check_perms (grp, pwd, group); -+ if (!is_member) { -+ check_perms (grp, pwd, group); -+ } - - /* - * all successful validations pass through this point. The group id diff --git a/shadow-4.5-userdel-chroot.patch b/shadow-4.5-userdel-chroot.patch deleted file mode 100644 index 7d170fa..0000000 --- a/shadow-4.5-userdel-chroot.patch +++ /dev/null @@ -1,74 +0,0 @@ -Index: shadow-4.5/lib/selinux.c -=================================================================== ---- shadow-4.5.orig/lib/selinux.c -+++ shadow-4.5/lib/selinux.c -@@ -75,7 +75,7 @@ int set_selinux_file_context (const char - } - return 0; - error: -- if (security_getenforce () != 0) { -+ if (security_getenforce () > 0) { - return 1; - } - return 0; -@@ -95,7 +95,7 @@ int reset_selinux_file_context (void) - selinux_checked = true; - } - if (selinux_enabled) { -- if (setfscreatecon (NULL) != 0) { -+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) { - return 1; - } - } -Index: shadow-4.5/src/userdel.c -=================================================================== ---- shadow-4.5.orig/src/userdel.c -+++ shadow-4.5/src/userdel.c -@@ -96,6 +96,7 @@ static char *user_home; - static bool fflg = false; - static bool rflg = false; - static bool Zflg = false; -+static bool Rflg = false; - - static bool is_shadow_pwd; - -@@ -958,6 +959,7 @@ int main (int argc, char **argv) - rflg = true; - break; - case 'R': /* no-op, handled in process_root_flag () */ -+ Rflg = true; - break; - #ifdef WITH_SELINUX - case 'Z': -@@ -1032,9 +1034,12 @@ int main (int argc, char **argv) - */ - user_name = argv[argc - 1]; - { -- struct passwd *pwd; -- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */ -+ const struct passwd *pwd; -+ -+ pw_open(O_RDONLY); -+ pwd = pw_locate (user_name); /* we care only about local users */ - if (NULL == pwd) { -+ pw_close(); - fprintf (stderr, _("%s: user '%s' does not exist\n"), - Prog, user_name); - #ifdef WITH_AUDIT -@@ -1048,6 +1053,7 @@ int main (int argc, char **argv) - user_id = pwd->pw_uid; - user_gid = pwd->pw_gid; - user_home = xstrdup (pwd->pw_dir); -+ pw_close(); - } - #ifdef WITH_TCB - if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) { -@@ -1079,7 +1085,7 @@ int main (int argc, char **argv) - * Note: This is a best effort basis. The user may log in between, - * a cron job may be started on her behalf, etc. - */ -- if (user_busy (user_name, user_id) != 0) { -+ if (!Rflg && user_busy (user_name, user_id) != 0) { - if (!fflg) { - #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_USER, Prog, diff --git a/shadow-4.3.1-audit-update.patch b/shadow-4.6-audit-update.patch similarity index 88% rename from shadow-4.3.1-audit-update.patch rename to shadow-4.6-audit-update.patch index 8c72cf3..b9d0a67 100644 --- a/shadow-4.3.1-audit-update.patch +++ b/shadow-4.6-audit-update.patch @@ -1,7 +1,6 @@ -Index: shadow-4.5/libmisc/audit_help.c -=================================================================== ---- shadow-4.5.orig/libmisc/audit_help.c -+++ shadow-4.5/libmisc/audit_help.c +diff -up shadow-4.6/libmisc/audit_help.c.audit-update shadow-4.6/libmisc/audit_help.c +--- shadow-4.6/libmisc/audit_help.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/libmisc/audit_help.c 2018-05-28 15:01:09.913717564 +0200 @@ -68,7 +68,7 @@ void audit_help_open (void) * This function will log a message to the audit system using a predefined * message format. Parameter usage is as follows: @@ -51,10 +50,9 @@ Index: shadow-4.5/libmisc/audit_help.c void audit_logger_message (const char *message, shadow_audit_result result) { if (audit_fd < 0) { -Index: shadow-4.5/libmisc/cleanup_group.c -=================================================================== ---- shadow-4.5.orig/libmisc/cleanup_group.c -+++ shadow-4.5/libmisc/cleanup_group.c +diff -up shadow-4.6/libmisc/cleanup_group.c.audit-update shadow-4.6/libmisc/cleanup_group.c +--- shadow-4.6/libmisc/cleanup_group.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/libmisc/cleanup_group.c 2018-05-28 15:01:09.913717564 +0200 @@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle gr_dbname (), info->action)); @@ -133,10 +131,9 @@ Index: shadow-4.5/libmisc/cleanup_group.c SHADOW_AUDIT_FAILURE); #endif } -Index: shadow-4.5/libmisc/cleanup_user.c -=================================================================== ---- shadow-4.5.orig/libmisc/cleanup_user.c -+++ shadow-4.5/libmisc/cleanup_user.c +diff -up shadow-4.6/libmisc/cleanup_user.c.audit-update shadow-4.6/libmisc/cleanup_user.c +--- shadow-4.6/libmisc/cleanup_user.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/libmisc/cleanup_user.c 2018-05-28 15:01:09.913717564 +0200 @@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl pw_dbname (), info->action)); @@ -184,10 +181,9 @@ Index: shadow-4.5/libmisc/cleanup_user.c SHADOW_AUDIT_FAILURE); #endif } -Index: shadow-4.5/lib/prototypes.h -=================================================================== ---- shadow-4.5.orig/lib/prototypes.h -+++ shadow-4.5/lib/prototypes.h +diff -up shadow-4.6/lib/prototypes.h.audit-update shadow-4.6/lib/prototypes.h +--- shadow-4.6/lib/prototypes.h.audit-update 2018-05-28 15:01:09.901717309 +0200 ++++ shadow-4.6/lib/prototypes.h 2018-05-28 15:01:09.913717564 +0200 @@ -211,12 +211,21 @@ extern int audit_fd; extern void audit_help_open (void); /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ @@ -210,10 +206,9 @@ Index: shadow-4.5/lib/prototypes.h void audit_logger_message (const char *message, shadow_audit_result result); #endif -Index: shadow-4.5/src/gpasswd.c -=================================================================== ---- shadow-4.5.orig/src/gpasswd.c -+++ shadow-4.5/src/gpasswd.c +diff -up shadow-4.6/src/gpasswd.c.audit-update shadow-4.6/src/gpasswd.c +--- shadow-4.6/src/gpasswd.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/gpasswd.c 2018-05-28 15:01:09.914717585 +0200 @@ -137,7 +137,7 @@ static void usage (int status) (void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); @@ -477,11 +472,10 @@ Index: shadow-4.5/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -Index: shadow-4.5/src/groupadd.c -=================================================================== ---- shadow-4.5.orig/src/groupadd.c -+++ shadow-4.5/src/groupadd.c -@@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta +diff -up shadow-4.6/src/groupadd.c.audit-update shadow-4.6/src/groupadd.c +--- shadow-4.6/src/groupadd.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/groupadd.c 2018-05-28 15:02:53.137910337 +0200 +@@ -130,6 +130,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -497,7 +491,7 @@ Index: shadow-4.5/src/groupadd.c /* * new_grent - initialize the values in a group file entry * -@@ -210,7 +219,7 @@ static void grp_update (void) +@@ -213,7 +222,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grp.gr_name); @@ -506,7 +500,7 @@ Index: shadow-4.5/src/groupadd.c } #ifdef SHADOWGRP /* -@@ -220,7 +229,7 @@ static void grp_update (void) +@@ -223,7 +232,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), sgrp.sg_name); @@ -515,7 +509,7 @@ Index: shadow-4.5/src/groupadd.c } #endif /* SHADOWGRP */ } -@@ -244,7 +253,7 @@ static void check_new_name (void) +@@ -247,7 +256,7 @@ static void check_new_name (void) fprintf (stderr, _("%s: '%s' is not a valid group name\n"), Prog, group_name); @@ -524,7 +518,7 @@ Index: shadow-4.5/src/groupadd.c } /* -@@ -260,11 +269,11 @@ static void close_files (void) +@@ -263,11 +272,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -538,7 +532,7 @@ Index: shadow-4.5/src/groupadd.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -282,11 +291,11 @@ static void close_files (void) +@@ -285,11 +294,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -553,7 +547,7 @@ Index: shadow-4.5/src/groupadd.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -300,12 +309,6 @@ static void close_files (void) +@@ -303,12 +312,6 @@ static void close_files (void) #endif /* SHADOWGRP */ /* Report success at the system level */ @@ -566,7 +560,7 @@ Index: shadow-4.5/src/groupadd.c SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", group_name, (unsigned int) group_id)); del_cleanup (cleanup_report_add_group); -@@ -323,7 +326,7 @@ static void open_files (void) +@@ -326,7 +329,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -575,7 +569,7 @@ Index: shadow-4.5/src/groupadd.c } add_cleanup (cleanup_unlock_group, NULL); -@@ -333,7 +336,7 @@ static void open_files (void) +@@ -336,7 +339,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -584,7 +578,7 @@ Index: shadow-4.5/src/groupadd.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -349,7 +352,7 @@ static void open_files (void) +@@ -352,7 +355,7 @@ static void open_files (void) if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); @@ -593,7 +587,7 @@ Index: shadow-4.5/src/groupadd.c } #ifdef SHADOWGRP -@@ -359,7 +362,7 @@ static void open_files (void) +@@ -362,7 +365,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); @@ -602,7 +596,7 @@ Index: shadow-4.5/src/groupadd.c } } #endif /* SHADOWGRP */ -@@ -489,7 +492,7 @@ static void check_flags (void) +@@ -495,7 +498,7 @@ static void check_flags (void) fprintf (stderr, _("%s: group '%s' already exists\n"), Prog, group_name); @@ -610,8 +604,8 @@ Index: shadow-4.5/src/groupadd.c + fail_exit (E_NAME_IN_USE); } - if (gflg && (getgrgid (group_id) != NULL)) { -@@ -508,7 +511,7 @@ static void check_flags (void) + if (gflg && (prefix_getgrgid (group_id) != NULL)) { +@@ -514,7 +517,7 @@ static void check_flags (void) fprintf (stderr, _("%s: GID '%lu' already exists\n"), Prog, (unsigned long int) group_id); @@ -620,7 +614,7 @@ Index: shadow-4.5/src/groupadd.c } } } -@@ -536,7 +539,7 @@ static void check_perms (void) +@@ -542,7 +545,7 @@ static void check_perms (void) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -629,7 +623,7 @@ Index: shadow-4.5/src/groupadd.c } retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); -@@ -556,7 +559,7 @@ static void check_perms (void) +@@ -562,7 +565,7 @@ static void check_perms (void) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -638,7 +632,7 @@ Index: shadow-4.5/src/groupadd.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -588,7 +591,7 @@ int main (int argc, char **argv) +@@ -595,7 +598,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -647,7 +641,7 @@ Index: shadow-4.5/src/groupadd.c } /* -@@ -610,7 +613,7 @@ int main (int argc, char **argv) +@@ -617,7 +620,7 @@ int main (int argc, char **argv) if (!gflg) { if (find_new_gid (rflg, &group_id, NULL) < 0) { @@ -656,11 +650,10 @@ Index: shadow-4.5/src/groupadd.c } } -Index: shadow-4.5/src/groupdel.c -=================================================================== ---- shadow-4.5.orig/src/groupdel.c -+++ shadow-4.5/src/groupdel.c -@@ -102,6 +102,15 @@ static /*@noreturn@*/void usage (int sta +diff -up shadow-4.6/src/groupdel.c.audit-update shadow-4.6/src/groupdel.c +--- shadow-4.6/src/groupdel.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/groupdel.c 2018-05-28 15:01:09.914717585 +0200 +@@ -105,6 +105,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -676,7 +669,7 @@ Index: shadow-4.5/src/groupdel.c /* * grp_update - update group file entries * -@@ -128,7 +137,7 @@ static void grp_update (void) +@@ -131,7 +140,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, gr_dbname ()); @@ -685,7 +678,7 @@ Index: shadow-4.5/src/groupdel.c } #ifdef SHADOWGRP -@@ -140,7 +149,7 @@ static void grp_update (void) +@@ -143,7 +152,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, sgr_dbname ()); @@ -694,7 +687,7 @@ Index: shadow-4.5/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -159,12 +168,12 @@ static void close_files (void) +@@ -162,12 +171,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -709,7 +702,7 @@ Index: shadow-4.5/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -184,12 +193,12 @@ static void close_files (void) +@@ -187,12 +196,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -725,7 +718,7 @@ Index: shadow-4.5/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -203,13 +212,6 @@ static void close_files (void) +@@ -206,13 +215,6 @@ static void close_files (void) } #endif /* SHADOWGRP */ @@ -739,7 +732,7 @@ Index: shadow-4.5/src/groupdel.c SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name)); del_cleanup (cleanup_report_del_group); } -@@ -226,7 +228,7 @@ static void open_files (void) +@@ -229,7 +231,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -748,7 +741,7 @@ Index: shadow-4.5/src/groupdel.c } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP -@@ -235,7 +237,7 @@ static void open_files (void) +@@ -238,7 +240,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -757,7 +750,7 @@ Index: shadow-4.5/src/groupdel.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -253,7 +255,7 @@ static void open_files (void) +@@ -256,7 +258,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); @@ -766,7 +759,7 @@ Index: shadow-4.5/src/groupdel.c } #ifdef SHADOWGRP if (is_shadow_grp) { -@@ -262,7 +264,7 @@ static void open_files (void) +@@ -265,7 +267,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); @@ -775,7 +768,7 @@ Index: shadow-4.5/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -303,7 +305,7 @@ static void group_busy (gid_t gid) +@@ -306,7 +308,7 @@ static void group_busy (gid_t gid) fprintf (stderr, _("%s: cannot remove the primary group of user '%s'\n"), Prog, pwd->pw_name); @@ -784,7 +777,7 @@ Index: shadow-4.5/src/groupdel.c } /* -@@ -384,7 +386,7 @@ int main (int argc, char **argv) +@@ -391,7 +393,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -793,7 +786,7 @@ Index: shadow-4.5/src/groupdel.c } process_flags (argc, argv); -@@ -398,7 +400,7 @@ int main (int argc, char **argv) +@@ -405,7 +407,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -802,7 +795,7 @@ Index: shadow-4.5/src/groupdel.c } retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); -@@ -419,7 +421,7 @@ int main (int argc, char **argv) +@@ -426,7 +428,7 @@ int main (int argc, char **argv) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -811,7 +804,7 @@ Index: shadow-4.5/src/groupdel.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -439,7 +441,7 @@ int main (int argc, char **argv) +@@ -446,7 +448,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); @@ -820,7 +813,7 @@ Index: shadow-4.5/src/groupdel.c } group_id = grp->gr_gid; -@@ -463,7 +465,7 @@ int main (int argc, char **argv) +@@ -470,7 +472,7 @@ int main (int argc, char **argv) _("%s: %s is the NIS master\n"), Prog, nis_master); } @@ -829,11 +822,10 @@ Index: shadow-4.5/src/groupdel.c } #endif -Index: shadow-4.5/src/groupmod.c -=================================================================== ---- shadow-4.5.orig/src/groupmod.c -+++ shadow-4.5/src/groupmod.c -@@ -438,7 +438,7 @@ static void close_files (void) +diff -up shadow-4.6/src/groupmod.c.audit-update shadow-4.6/src/groupmod.c +--- shadow-4.6/src/groupmod.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/groupmod.c 2018-05-28 15:01:09.915717607 +0200 +@@ -449,7 +449,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -842,7 +834,7 @@ Index: shadow-4.5/src/groupmod.c info_group.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -461,7 +461,7 @@ static void close_files (void) +@@ -472,7 +472,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -851,7 +843,7 @@ Index: shadow-4.5/src/groupmod.c info_gshadow.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -484,7 +484,7 @@ static void close_files (void) +@@ -495,7 +495,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -860,7 +852,7 @@ Index: shadow-4.5/src/groupmod.c info_passwd.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -499,8 +499,8 @@ static void close_files (void) +@@ -510,8 +510,8 @@ static void close_files (void) } #ifdef WITH_AUDIT @@ -871,7 +863,7 @@ Index: shadow-4.5/src/groupmod.c group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -512,6 +512,8 @@ static void close_files (void) +@@ -523,6 +523,8 @@ static void close_files (void) */ static void prepare_failure_reports (void) { @@ -880,7 +872,7 @@ Index: shadow-4.5/src/groupmod.c info_group.name = group_name; #ifdef SHADOWGRP info_gshadow.name = group_name; -@@ -524,76 +526,106 @@ static void prepare_failure_reports (voi +@@ -535,76 +537,106 @@ static void prepare_failure_reports (voi #endif info_passwd.audit_msg = xmalloc (512); @@ -1014,7 +1006,7 @@ Index: shadow-4.5/src/groupmod.c "%lu", (unsigned long int) group_newid); } info_group.audit_msg[511] = '\0'; -@@ -601,6 +633,11 @@ static void prepare_failure_reports (voi +@@ -612,6 +644,11 @@ static void prepare_failure_reports (voi info_gshadow.audit_msg[511] = '\0'; #endif info_passwd.audit_msg[511] = '\0'; @@ -1026,10 +1018,9 @@ Index: shadow-4.5/src/groupmod.c // FIXME: add a system cleanup add_cleanup (cleanup_report_mod_group, &info_group); -Index: shadow-4.5/src/chage.c -=================================================================== ---- shadow-4.5.orig/src/chage.c -+++ shadow-4.5/src/chage.c +diff -up shadow-4.6/src/chage.c.audit-update shadow-4.6/src/chage.c +--- shadow-4.6/src/chage.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/chage.c 2018-05-28 15:01:09.915717607 +0200 @@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int #ifdef WITH_AUDIT @@ -1117,10 +1108,9 @@ Index: shadow-4.5/src/chage.c user_name, (unsigned int) user_uid, 1); } #endif -Index: shadow-4.5/src/newgrp.c -=================================================================== ---- shadow-4.5.orig/src/newgrp.c -+++ shadow-4.5/src/newgrp.c +diff -up shadow-4.6/src/newgrp.c.audit-update shadow-4.6/src/newgrp.c +--- shadow-4.6/src/newgrp.c.audit-update 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/newgrp.c 2018-05-28 15:01:09.915717607 +0200 @@ -206,11 +206,12 @@ static void check_perms (const struct gr strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT @@ -1203,7 +1193,7 @@ Index: shadow-4.5/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -456,7 +457,7 @@ int main (int argc, char **argv) +@@ -457,7 +458,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, @@ -1212,7 +1202,7 @@ Index: shadow-4.5/src/newgrp.c #endif SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); -@@ -572,15 +573,26 @@ int main (int argc, char **argv) +@@ -573,15 +574,26 @@ int main (int argc, char **argv) perror ("getgroups"); #ifdef WITH_AUDIT if (group) { @@ -1243,7 +1233,7 @@ Index: shadow-4.5/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -721,10 +733,10 @@ int main (int argc, char **argv) +@@ -738,10 +750,10 @@ int main (int argc, char **argv) perror ("setgid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1256,7 +1246,7 @@ Index: shadow-4.5/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -733,10 +745,10 @@ int main (int argc, char **argv) +@@ -750,10 +762,10 @@ int main (int argc, char **argv) perror ("setuid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1269,7 +1259,7 @@ Index: shadow-4.5/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -750,10 +762,10 @@ int main (int argc, char **argv) +@@ -767,10 +779,10 @@ int main (int argc, char **argv) execl (SHELL, "sh", "-c", command, (char *) 0); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1282,7 +1272,7 @@ Index: shadow-4.5/src/newgrp.c #endif perror (SHELL); exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); -@@ -817,11 +829,11 @@ int main (int argc, char **argv) +@@ -834,11 +846,11 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT @@ -1296,7 +1286,7 @@ Index: shadow-4.5/src/newgrp.c #endif /* * Exec the login shell and go away. We are trying to get back to -@@ -845,15 +857,24 @@ int main (int argc, char **argv) +@@ -862,15 +874,24 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { @@ -1325,20 +1315,19 @@ Index: shadow-4.5/src/newgrp.c } #endif exit (EXIT_FAILURE); -Index: shadow-4.5/src/useradd.c -=================================================================== ---- shadow-4.5.orig/src/useradd.c -+++ shadow-4.5/src/useradd.c -@@ -225,6 +225,8 @@ static void create_mail (void); +diff -up shadow-4.6/src/useradd.c.audit-update shadow-4.6/src/useradd.c +--- shadow-4.6/src/useradd.c.audit-update 2018-05-28 15:01:09.903717352 +0200 ++++ shadow-4.6/src/useradd.c 2018-05-28 15:06:36.824662074 +0200 +@@ -229,6 +229,8 @@ static void create_mail (void); */ static void fail_exit (int code) { + int type; + if (home_added) { - if (rmdir (user_home) != 0) { + if (rmdir (prefix_user_home) != 0) { fprintf (stderr, -@@ -238,12 +240,6 @@ static void fail_exit (int code) +@@ -242,12 +244,6 @@ static void fail_exit (int code) if (spw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); @@ -1351,7 +1340,7 @@ Index: shadow-4.5/src/useradd.c /* continue */ } } -@@ -251,12 +247,6 @@ static void fail_exit (int code) +@@ -255,12 +251,6 @@ static void fail_exit (int code) if (pw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); @@ -1364,7 +1353,7 @@ Index: shadow-4.5/src/useradd.c /* continue */ } } -@@ -264,12 +254,6 @@ static void fail_exit (int code) +@@ -268,12 +258,6 @@ static void fail_exit (int code) if (gr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); @@ -1377,7 +1366,7 @@ Index: shadow-4.5/src/useradd.c /* continue */ } } -@@ -278,12 +262,6 @@ static void fail_exit (int code) +@@ -282,12 +266,6 @@ static void fail_exit (int code) if (sgr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); @@ -1390,7 +1379,7 @@ Index: shadow-4.5/src/useradd.c /* continue */ } } -@@ -293,12 +271,6 @@ static void fail_exit (int code) +@@ -297,12 +275,6 @@ static void fail_exit (int code) if (sub_uid_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); @@ -1403,7 +1392,7 @@ Index: shadow-4.5/src/useradd.c /* continue */ } } -@@ -306,20 +278,19 @@ static void fail_exit (int code) +@@ -310,20 +282,19 @@ static void fail_exit (int code) if (sub_gid_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); @@ -1431,7 +1420,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -626,7 +597,7 @@ static int set_defaults (void) +@@ -673,7 +644,7 @@ static int set_defaults (void) } #ifdef WITH_AUDIT audit_logger (AUDIT_USYS_CONFIG, Prog, @@ -1440,7 +1429,7 @@ Index: shadow-4.5/src/useradd.c NULL, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -896,12 +867,6 @@ static void grp_update (void) +@@ -950,12 +921,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1453,7 +1442,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -915,18 +880,12 @@ static void grp_update (void) +@@ -969,18 +934,12 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), ngrp->gr_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1475,7 +1464,7 @@ Index: shadow-4.5/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -971,12 +930,6 @@ static void grp_update (void) +@@ -1025,12 +984,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1488,7 +1477,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -990,18 +943,13 @@ static void grp_update (void) +@@ -1044,18 +997,13 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), nsgrp->sg_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1511,7 +1500,7 @@ Index: shadow-4.5/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1344,7 +1292,7 @@ static void process_flags (int argc, cha +@@ -1407,7 +1355,7 @@ static void process_flags (int argc, cha Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1520,7 +1509,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1447,7 +1395,7 @@ static void close_files (void) +@@ -1522,7 +1470,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1529,7 +1518,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1460,7 +1408,7 @@ static void close_files (void) +@@ -1535,7 +1483,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1538,7 +1527,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1472,7 +1420,7 @@ static void close_files (void) +@@ -1547,7 +1495,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1547,7 +1536,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1486,7 +1434,7 @@ static void close_files (void) +@@ -1561,7 +1509,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1556,7 +1545,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1502,7 +1450,7 @@ static void close_files (void) +@@ -1577,7 +1525,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1565,7 +1554,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1516,7 +1464,7 @@ static void close_files (void) +@@ -1591,7 +1539,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1574,7 +1563,7 @@ Index: shadow-4.5/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1708,7 +1656,7 @@ static void grp_add (void) +@@ -1783,7 +1731,7 @@ static void grp_add (void) Prog, gr_dbname (), grp.gr_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1583,7 +1572,7 @@ Index: shadow-4.5/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1724,7 +1672,7 @@ static void grp_add (void) +@@ -1799,7 +1747,7 @@ static void grp_add (void) Prog, sgr_dbname (), sgrp.sg_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1592,7 +1581,7 @@ Index: shadow-4.5/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1734,7 +1682,7 @@ static void grp_add (void) +@@ -1809,7 +1757,7 @@ static void grp_add (void) SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1601,7 +1590,7 @@ Index: shadow-4.5/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -1895,12 +1843,6 @@ static void usr_update (void) +@@ -1970,12 +1918,6 @@ static void usr_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, spw_dbname (), spent.sp_namp); @@ -1614,7 +1603,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_PW_UPDATE); } #ifdef ENABLE_SUBIDS -@@ -1922,7 +1864,7 @@ static void usr_update (void) +@@ -1997,7 +1939,7 @@ static void usr_update (void) #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1623,10 +1612,10 @@ Index: shadow-4.5/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -1957,12 +1899,6 @@ static void create_home (void) +@@ -2032,12 +1974,6 @@ static void create_home (void) fprintf (stderr, _("%s: cannot create directory %s\n"), - Prog, user_home); + Prog, prefix_user_home); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", @@ -1635,8 +1624,8 @@ Index: shadow-4.5/src/useradd.c -#endif fail_exit (E_HOMEDIR); } - chown (user_home, user_id, user_gid); -@@ -1970,8 +1906,8 @@ static void create_home (void) + (void) chown (prefix_user_home, user_id, user_gid); +@@ -2045,8 +1981,8 @@ static void create_home (void) 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); home_added = true; #ifdef WITH_AUDIT @@ -1647,9 +1636,9 @@ Index: shadow-4.5/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -2151,12 +2087,6 @@ int main (int argc, char **argv) +@@ -2231,12 +2167,6 @@ int main (int argc, char **argv) */ - if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ + if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); -#ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, @@ -1660,7 +1649,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_NAME_IN_USE); } -@@ -2172,12 +2102,6 @@ int main (int argc, char **argv) +@@ -2252,12 +2182,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); @@ -1673,7 +1662,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_NAME_IN_USE); } } -@@ -2207,12 +2131,6 @@ int main (int argc, char **argv) +@@ -2287,12 +2211,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); @@ -1686,7 +1675,7 @@ Index: shadow-4.5/src/useradd.c fail_exit (E_UID_IN_USE); } } -@@ -2285,9 +2203,10 @@ int main (int argc, char **argv) +@@ -2365,9 +2283,10 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -1700,11 +1689,10 @@ Index: shadow-4.5/src/useradd.c #endif /* WITH_AUDIT */ rv = E_SE_UPDATE; } -Index: shadow-4.5/src/userdel.c -=================================================================== ---- shadow-4.5.orig/src/userdel.c -+++ shadow-4.5/src/userdel.c -@@ -214,9 +214,9 @@ static void update_groups (void) +diff -up shadow-4.6/src/userdel.c.audit-update shadow-4.6/src/userdel.c +--- shadow-4.6/src/userdel.c.audit-update 2018-05-28 15:01:09.909717479 +0200 ++++ shadow-4.6/src/userdel.c 2018-05-28 15:01:09.916717628 +0200 +@@ -219,9 +219,9 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ #ifdef WITH_AUDIT @@ -1717,7 +1705,7 @@ Index: shadow-4.5/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n", -@@ -276,9 +276,9 @@ static void update_groups (void) +@@ -281,9 +281,9 @@ static void update_groups (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1730,7 +1718,7 @@ Index: shadow-4.5/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n", -@@ -355,9 +355,9 @@ static void remove_usergroup (void) +@@ -360,9 +360,9 @@ static void remove_usergroup (void) } #ifdef WITH_AUDIT @@ -1743,7 +1731,7 @@ Index: shadow-4.5/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -373,9 +373,9 @@ static void remove_usergroup (void) +@@ -378,9 +378,9 @@ static void remove_usergroup (void) fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1756,7 +1744,7 @@ Index: shadow-4.5/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -537,7 +537,7 @@ static void fail_exit (int code) +@@ -542,7 +542,7 @@ static void fail_exit (int code) #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1765,7 +1753,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -557,24 +557,12 @@ static void open_files (void) +@@ -562,24 +562,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); @@ -1790,7 +1778,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { -@@ -582,12 +570,6 @@ static void open_files (void) +@@ -587,12 +575,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); @@ -1803,7 +1791,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_PW_UPDATE); } spw_locked = true; -@@ -595,12 +577,6 @@ static void open_files (void) +@@ -600,12 +582,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -1816,7 +1804,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_PW_UPDATE); } } -@@ -608,23 +584,11 @@ static void open_files (void) +@@ -613,23 +589,11 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -1840,7 +1828,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP -@@ -633,24 +597,12 @@ static void open_files (void) +@@ -638,24 +602,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -1865,7 +1853,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_GRP_UPDATE); } } -@@ -661,24 +613,12 @@ static void open_files (void) +@@ -666,24 +618,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); @@ -1890,7 +1878,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_SUB_UID_UPDATE); } } -@@ -687,24 +627,12 @@ static void open_files (void) +@@ -692,24 +632,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); @@ -1915,7 +1903,7 @@ Index: shadow-4.5/src/userdel.c fail_exit (E_SUB_GID_UPDATE); } } -@@ -749,7 +677,7 @@ static void update_user (void) +@@ -754,7 +682,7 @@ static void update_user (void) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1924,7 +1912,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ -@@ -843,7 +771,7 @@ static int remove_mailbox (void) +@@ -862,7 +790,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1933,7 +1921,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -859,7 +787,7 @@ static int remove_mailbox (void) +@@ -879,7 +807,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1942,7 +1930,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -869,8 +797,8 @@ static int remove_mailbox (void) +@@ -889,8 +817,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1953,7 +1941,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -887,7 +815,7 @@ static int remove_mailbox (void) +@@ -908,7 +836,7 @@ static int remove_mailbox (void) mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1962,7 +1950,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -902,7 +830,7 @@ static int remove_mailbox (void) +@@ -925,7 +853,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1971,7 +1959,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -912,8 +840,8 @@ static int remove_mailbox (void) +@@ -935,8 +863,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1982,7 +1970,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -1111,7 +1039,7 @@ int main (int argc, char **argv) +@@ -1149,7 +1077,7 @@ int main (int argc, char **argv) Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1991,7 +1979,7 @@ Index: shadow-4.5/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1155,7 +1083,7 @@ int main (int argc, char **argv) +@@ -1205,7 +1133,7 @@ int main (int argc, char **argv) if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -2000,7 +1988,7 @@ Index: shadow-4.5/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1232,8 +1160,8 @@ int main (int argc, char **argv) +@@ -1282,8 +1210,8 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT else { @@ -2011,7 +1999,7 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -1242,7 +1170,7 @@ int main (int argc, char **argv) +@@ -1292,7 +1220,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, @@ -2020,7 +2008,7 @@ Index: shadow-4.5/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } -@@ -1255,8 +1183,8 @@ int main (int argc, char **argv) +@@ -1305,8 +1233,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2031,11 +2019,10 @@ Index: shadow-4.5/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -Index: shadow-4.5/src/usermod.c -=================================================================== ---- shadow-4.5.orig/src/usermod.c -+++ shadow-4.5/src/usermod.c -@@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas +diff -up shadow-4.6/src/usermod.c.audit-update shadow-4.6/src/usermod.c +--- shadow-4.6/src/usermod.c.audit-update 2018-05-28 15:01:09.912717543 +0200 ++++ shadow-4.6/src/usermod.c 2018-05-28 15:08:25.424969050 +0200 +@@ -453,8 +453,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2046,7 +2033,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); strcpy (buf, "!"); -@@ -467,8 +467,8 @@ static char *new_pw_passwd (char *pw_pas +@@ -473,8 +473,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2057,7 +2044,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); s = pw_pass; -@@ -479,7 +479,7 @@ static char *new_pw_passwd (char *pw_pas +@@ -485,7 +485,7 @@ static char *new_pw_passwd (char *pw_pas } else if (pflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2066,7 +2053,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user '%s' password", user_newname)); -@@ -508,8 +508,8 @@ static void new_pwent (struct passwd *pw +@@ -514,8 +514,8 @@ static void new_pwent (struct passwd *pw fail_exit (E_NAME_IN_USE); } #ifdef WITH_AUDIT @@ -2077,7 +2064,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -529,8 +529,8 @@ static void new_pwent (struct passwd *pw +@@ -535,8 +535,8 @@ static void new_pwent (struct passwd *pw if (uflg) { #ifdef WITH_AUDIT @@ -2088,7 +2075,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -540,8 +540,8 @@ static void new_pwent (struct passwd *pw +@@ -546,8 +546,8 @@ static void new_pwent (struct passwd *pw } if (gflg) { #ifdef WITH_AUDIT @@ -2099,7 +2086,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -551,8 +551,8 @@ static void new_pwent (struct passwd *pw +@@ -557,8 +557,8 @@ static void new_pwent (struct passwd *pw } if (cflg) { #ifdef WITH_AUDIT @@ -2110,7 +2097,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif pwent->pw_gecos = user_newcomment; -@@ -560,8 +560,8 @@ static void new_pwent (struct passwd *pw +@@ -566,8 +566,8 @@ static void new_pwent (struct passwd *pw if (dflg) { #ifdef WITH_AUDIT @@ -2121,7 +2108,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -571,8 +571,8 @@ static void new_pwent (struct passwd *pw +@@ -577,8 +577,8 @@ static void new_pwent (struct passwd *pw } if (sflg) { #ifdef WITH_AUDIT @@ -2132,7 +2119,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -602,8 +602,8 @@ static void new_spent (struct spwd *spen +@@ -608,8 +608,8 @@ static void new_spent (struct spwd *spen if (fflg) { #ifdef WITH_AUDIT @@ -2143,7 +2130,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -619,8 +619,8 @@ static void new_spent (struct spwd *spen +@@ -625,8 +625,8 @@ static void new_spent (struct spwd *spen date_to_str (old_exp, sizeof(old_exp), user_expire * DAY); #ifdef WITH_AUDIT @@ -2154,7 +2141,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -703,9 +703,9 @@ static /*@noreturn@*/void fail_exit (int +@@ -709,9 +709,9 @@ static /*@noreturn@*/void fail_exit (int #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT @@ -2167,7 +2154,7 @@ Index: shadow-4.5/src/usermod.c #endif exit (code); } -@@ -759,9 +759,12 @@ static void update_group (void) +@@ -765,9 +765,12 @@ static void update_group (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2183,7 +2170,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in group '%s'", -@@ -775,9 +778,11 @@ static void update_group (void) +@@ -781,9 +784,11 @@ static void update_group (void) ngrp->gr_mem = del_list (ngrp->gr_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2198,7 +2185,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from group '%s'", -@@ -790,9 +795,11 @@ static void update_group (void) +@@ -796,9 +801,11 @@ static void update_group (void) ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2213,7 +2200,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to group '%s'", user_newname, ngrp->gr_name)); -@@ -867,9 +874,10 @@ static void update_gshadow (void) +@@ -873,9 +880,10 @@ static void update_gshadow (void) nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2227,7 +2214,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "change admin '%s' to '%s' in shadow group '%s'", -@@ -889,9 +897,10 @@ static void update_gshadow (void) +@@ -895,9 +903,10 @@ static void update_gshadow (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2241,7 +2228,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in shadow group '%s'", -@@ -905,9 +914,10 @@ static void update_gshadow (void) +@@ -911,9 +920,10 @@ static void update_gshadow (void) nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2255,7 +2242,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'", -@@ -920,9 +930,10 @@ static void update_gshadow (void) +@@ -926,9 +936,10 @@ static void update_gshadow (void) nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2269,7 +2256,7 @@ Index: shadow-4.5/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_name)); -@@ -1758,8 +1769,8 @@ static void move_home (void) +@@ -1789,8 +1800,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { @@ -2280,7 +2267,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1777,8 +1788,8 @@ static void move_home (void) +@@ -1808,8 +1819,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT @@ -2291,8 +2278,8 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif -@@ -1797,9 +1808,9 @@ static void move_home (void) - Prog, user_home); +@@ -1828,9 +1839,9 @@ static void move_home (void) + Prog, prefix_user_home); } #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, @@ -2303,7 +2290,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); -@@ -2003,8 +2014,8 @@ static void move_mailbox (void) +@@ -2045,8 +2056,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2314,7 +2301,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2022,8 +2033,8 @@ static void move_mailbox (void) +@@ -2072,8 +2083,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2325,7 +2312,7 @@ Index: shadow-4.5/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2215,8 +2226,8 @@ int main (int argc, char **argv) +@@ -2267,8 +2278,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -2336,7 +2323,7 @@ Index: shadow-4.5/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2228,8 +2239,8 @@ int main (int argc, char **argv) +@@ -2280,8 +2291,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2347,7 +2334,7 @@ Index: shadow-4.5/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2267,8 +2278,8 @@ int main (int argc, char **argv) +@@ -2319,8 +2330,8 @@ int main (int argc, char **argv) */ #ifdef WITH_AUDIT if (uflg || gflg) { diff --git a/shadow-4.6-getenforce.patch b/shadow-4.6-getenforce.patch new file mode 100644 index 0000000..8a55bf5 --- /dev/null +++ b/shadow-4.6-getenforce.patch @@ -0,0 +1,21 @@ +diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c +--- shadow-4.6/lib/selinux.c.getenforce 2018-05-28 15:10:15.870315221 +0200 ++++ shadow-4.6/lib/selinux.c 2018-05-28 15:10:15.894315731 +0200 +@@ -75,7 +75,7 @@ int set_selinux_file_context (const char + } + return 0; + error: +- if (security_getenforce () != 0) { ++ if (security_getenforce () > 0) { + return 1; + } + return 0; +@@ -95,7 +95,7 @@ int reset_selinux_file_context (void) + selinux_checked = true; + } + if (selinux_enabled) { +- if (setfscreatecon (NULL) != 0) { ++ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) { + return 1; + } + } diff --git a/shadow-4.6-move-home.patch b/shadow-4.6-move-home.patch new file mode 100644 index 0000000..cff9561 --- /dev/null +++ b/shadow-4.6-move-home.patch @@ -0,0 +1,15 @@ +diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c +--- shadow-4.6/src/usermod.c.move-home 2018-05-28 14:59:05.594076665 +0200 ++++ shadow-4.6/src/usermod.c 2018-05-28 15:00:28.479837392 +0200 +@@ -1845,6 +1845,11 @@ static void move_home (void) + Prog, prefix_user_home, prefix_user_newhome); + fail_exit (E_HOMEDIR); + } ++ } else { ++ fprintf (stderr, ++ _("%s: The previous home directory (%s) does " ++ "not exist or is inaccessible. Move cannot be completed.\n"), ++ Prog, prefix_user_home); + } + } + diff --git a/shadow-4.5-orig-context.patch b/shadow-4.6-orig-context.patch similarity index 65% rename from shadow-4.5-orig-context.patch rename to shadow-4.6-orig-context.patch index a1c2235..ea522e7 100644 --- a/shadow-4.5-orig-context.patch +++ b/shadow-4.6-orig-context.patch @@ -1,8 +1,7 @@ -Index: shadow-4.5/lib/commonio.c -=================================================================== ---- shadow-4.5.orig/lib/commonio.c -+++ shadow-4.5/lib/commonio.c -@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db * +diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c +--- shadow-4.6/lib/commonio.c.orig-context 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/lib/commonio.c 2018-05-28 14:56:37.287929667 +0200 +@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db * snprintf (buf, sizeof buf, "%s-", db->filename); #ifdef WITH_SELINUX @@ -11,7 +10,7 @@ Index: shadow-4.5/lib/commonio.c errors++; } #endif -@@ -974,7 +974,7 @@ int commonio_close (struct commonio_db * +@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db * snprintf (buf, sizeof buf, "%s+", db->filename); #ifdef WITH_SELINUX @@ -20,10 +19,9 @@ Index: shadow-4.5/lib/commonio.c errors++; } #endif -Index: shadow-4.5/libmisc/copydir.c -=================================================================== ---- shadow-4.5.orig/libmisc/copydir.c -+++ shadow-4.5/libmisc/copydir.c +diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c +--- shadow-4.6/libmisc/copydir.c.orig-context 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/libmisc/copydir.c 2018-05-28 14:56:37.287929667 +0200 @@ -484,7 +484,7 @@ static int copy_dir (const char *src, co */ @@ -60,11 +58,10 @@ Index: shadow-4.5/libmisc/copydir.c return -1; } #endif /* WITH_SELINUX */ -Index: shadow-4.5/lib/prototypes.h -=================================================================== ---- shadow-4.5.orig/lib/prototypes.h -+++ shadow-4.5/lib/prototypes.h -@@ -311,7 +311,7 @@ extern /*@observer@*/const char *crypt_m +diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h +--- shadow-4.6/lib/prototypes.h.orig-context 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/lib/prototypes.h 2018-05-28 14:56:37.287929667 +0200 +@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m /* selinux.c */ #ifdef WITH_SELINUX @@ -73,10 +70,9 @@ Index: shadow-4.5/lib/prototypes.h extern int reset_selinux_file_context (void); #endif -Index: shadow-4.5/lib/selinux.c -=================================================================== ---- shadow-4.5.orig/lib/selinux.c -+++ shadow-4.5/lib/selinux.c +diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c +--- shadow-4.6/lib/selinux.c.orig-context 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/lib/selinux.c 2018-05-28 14:56:37.287929667 +0200 @@ -50,7 +50,7 @@ static bool selinux_enabled; * Callers may have to Reset SELinux to create files with default * contexts with reset_selinux_file_context @@ -118,16 +114,15 @@ Index: shadow-4.5/lib/selinux.c } /* -Index: shadow-4.5/src/useradd.c -=================================================================== ---- shadow-4.5.orig/src/useradd.c -+++ shadow-4.5/src/useradd.c -@@ -1945,7 +1945,7 @@ static void create_home (void) +diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c +--- shadow-4.6/src/useradd.c.orig-context 2018-05-28 14:56:37.288929688 +0200 ++++ shadow-4.6/src/useradd.c 2018-05-28 14:58:02.242730903 +0200 +@@ -2020,7 +2020,7 @@ static void create_home (void) { - if (access (user_home, F_OK) != 0) { + if (access (prefix_user_home, F_OK) != 0) { #ifdef WITH_SELINUX -- if (set_selinux_file_context (user_home) != 0) { -+ if (set_selinux_file_context (user_home, NULL) != 0) { +- if (set_selinux_file_context (prefix_user_home) != 0) { ++ if (set_selinux_file_context (prefix_user_home, NULL) != 0) { fprintf (stderr, _("%s: cannot set SELinux context for home directory %s\n"), Prog, user_home); diff --git a/shadow-4.1.5-redhat.patch b/shadow-4.6-redhat.patch similarity index 60% rename from shadow-4.1.5-redhat.patch rename to shadow-4.6-redhat.patch index ef26cbd..7a8be2e 100644 --- a/shadow-4.1.5-redhat.patch +++ b/shadow-4.6-redhat.patch @@ -1,7 +1,6 @@ -Index: shadow-4.5/src/useradd.c -=================================================================== ---- shadow-4.5.orig/src/useradd.c -+++ shadow-4.5/src/useradd.c +diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c +--- shadow-4.6/src/useradd.c.redhat 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/src/useradd.c 2018-05-28 13:37:16.695651258 +0200 @@ -98,7 +98,7 @@ const char *Prog; static gid_t def_group = 100; static const char *def_gname = "other"; @@ -20,19 +19,19 @@ Index: shadow-4.5/src/useradd.c static uid_t user_id; static gid_t user_gid; static const char *user_comment = ""; -@@ -1059,9 +1059,9 @@ static void process_flags (int argc, cha +@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:", +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:", #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U", +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", ++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U", #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { -@@ -1212,6 +1212,7 @@ static void process_flags (int argc, cha +@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha case 'M': Mflg = true; break; diff --git a/shadow-4.5-selinux.patch b/shadow-4.6-selinux.patch similarity index 75% rename from shadow-4.5-selinux.patch rename to shadow-4.6-selinux.patch index cd1a3b4..dfd5140 100644 --- a/shadow-4.5-selinux.patch +++ b/shadow-4.6-selinux.patch @@ -1,7 +1,6 @@ -Index: shadow-4.5/lib/semanage.c -=================================================================== ---- shadow-4.5.orig/lib/semanage.c -+++ shadow-4.5/lib/semanage.c +diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c +--- shadow-4.6/lib/semanage.c.selinux 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/lib/semanage.c 2018-05-28 13:38:20.551008911 +0200 @@ -294,6 +294,9 @@ int set_seuser (const char *login_name, ret = 0; @@ -23,11 +22,10 @@ Index: shadow-4.5/lib/semanage.c done: semanage_handle_destroy (handle); return ret; -Index: shadow-4.5/src/useradd.c -=================================================================== ---- shadow-4.5.orig/src/useradd.c -+++ shadow-4.5/src/useradd.c -@@ -2042,6 +2042,7 @@ static void create_mail (void) +diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c +--- shadow-4.6/src/useradd.c.selinux 2018-05-28 13:43:30.996748997 +0200 ++++ shadow-4.6/src/useradd.c 2018-05-28 13:44:04.645486199 +0200 +@@ -2120,6 +2120,7 @@ static void create_mail (void) */ int main (int argc, char **argv) { @@ -35,14 +33,14 @@ Index: shadow-4.5/src/useradd.c #ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM pam_handle_t *pamh = NULL; -@@ -2262,27 +2263,11 @@ int main (int argc, char **argv) +@@ -2342,27 +2343,11 @@ int main (int argc, char **argv) usr_update (); - if (mflg) { - create_home (); - if (home_added) { -- copy_tree (def_template, user_home, false, false, +- copy_tree (def_template, prefix_user_home, false, false, - (uid_t)-1, user_id, (gid_t)-1, user_gid); - } else { - fprintf (stderr, @@ -66,7 +64,7 @@ Index: shadow-4.5/src/useradd.c /* * tallylog_reset needs to be able to lookup * a valid existing user name, -@@ -2293,8 +2278,9 @@ int main (int argc, char **argv) +@@ -2373,8 +2358,9 @@ int main (int argc, char **argv) } #ifdef WITH_SELINUX @@ -78,7 +76,7 @@ Index: shadow-4.5/src/useradd.c fprintf (stderr, _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); -@@ -2303,14 +2289,31 @@ int main (int argc, char **argv) +@@ -2383,14 +2369,31 @@ int main (int argc, char **argv) "adding SELinux user mapping", user_name, (unsigned int) user_id, 0); #endif /* WITH_AUDIT */ @@ -95,7 +93,7 @@ Index: shadow-4.5/src/useradd.c + if (mflg) { + create_home (); + if (home_added) { -+ copy_tree (def_template, user_home, false, true, ++ copy_tree (def_template, prefix_user_home, false, true, + (uid_t)-1, user_id, (gid_t)-1, user_gid); + } else { + fprintf (stderr, diff --git a/shadow-4.6-usermod-crash.patch b/shadow-4.6-usermod-crash.patch new file mode 100644 index 0000000..d2861b3 --- /dev/null +++ b/shadow-4.6-usermod-crash.patch @@ -0,0 +1,42 @@ +diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c +--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash 2018-04-29 18:42:37.000000000 +0200 ++++ shadow-4.6/libmisc/prefix_flag.c 2018-05-28 15:14:10.642302440 +0200 +@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi + { + long long int gid; + char *endptr; ++ struct group *g; + + if (NULL == grname) { + return NULL; +@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi + && (gid == (gid_t)gid)) { + return prefix_getgrgid ((gid_t) gid); + } +- return prefix_getgrnam (grname); ++ g = prefix_getgrnam (grname); ++ return g ? __gr_dup(g) : NULL; + } + else + return getgr_nam_gid(grname); +diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c +--- shadow-4.6/src/usermod.c.usermod-crash 2018-05-28 15:12:37.920332763 +0200 ++++ shadow-4.6/src/usermod.c 2018-05-28 15:15:50.337422470 +0200 +@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha + prefix_user_home = xmalloc(len); + wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home); + assert (wlen == (int) len -1); ++ if (user_newhome) { ++ len = strlen(prefix) + strlen(user_newhome) + 2; ++ prefix_user_newhome = xmalloc(len); ++ wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); ++ assert (wlen == (int) len -1); ++ } + +- len = strlen(prefix) + strlen(user_newhome) + 2; +- prefix_user_newhome = xmalloc(len); +- wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); +- assert (wlen == (int) len -1); + } + else { + prefix_user_home = user_home; diff --git a/shadow-utils.spec b/shadow-utils.spec index 883e02c..35732ac 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.5 -Release: 10%{?dist} +Version: 4.6 +Release: 1%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz @@ -10,28 +10,26 @@ Source2: shadow-utils.useradd Source3: shadow-utils.login.defs Source4: shadow-bsd.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt -Patch0: shadow-4.1.5-redhat.patch +Patch0: shadow-4.6-redhat.patch Patch1: shadow-4.5-goodname.patch Patch2: shadow-4.1.5.1-info-parent-dir.patch -Patch6: shadow-4.5-selinux.patch -Patch7: shadow-4.1.5-2ndskip.patch -Patch10: shadow-4.5-orig-context.patch +Patch6: shadow-4.6-selinux.patch +Patch10: shadow-4.6-orig-context.patch Patch11: shadow-4.1.5.1-logmsg.patch Patch14: shadow-4.1.5.1-default-range.patch Patch15: shadow-4.3.1-manfix.patch Patch17: shadow-4.1.5.1-userdel-helpfix.patch Patch19: shadow-4.2.1-date-parsing.patch -Patch20: shadow-4.1.5.1-ingroup.patch -Patch21: shadow-4.1.5.1-move-home.patch -Patch22: shadow-4.3.1-audit-update.patch +Patch21: shadow-4.6-move-home.patch +Patch22: shadow-4.6-audit-update.patch Patch23: shadow-4.5-usermod-unlock.patch Patch24: shadow-4.2.1-no-lock-dos.patch Patch28: shadow-4.3.1-selinux-perms.patch Patch29: shadow-4.2.1-null-tm.patch -Patch30: shadow-4.1.5.1-newgrp-grouplist.patch -Patch31: shadow-4.5-userdel-chroot.patch +Patch31: shadow-4.6-getenforce.patch Patch32: shadow-4.5-crypt_h.patch Patch33: shadow-4.5-long-entry.patch +Patch34: shadow-4.6-usermod-crash.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -67,24 +65,22 @@ are used for managing group accounts. %patch1 -p1 -b .goodname %patch2 -p1 -b .info-parent-dir %patch6 -p1 -b .selinux -%patch7 -p1 -b .2ndskip %patch10 -p1 -b .orig-context %patch11 -p1 -b .logmsg %patch14 -p1 -b .default-range %patch15 -p1 -b .manfix %patch17 -p1 -b .userdel %patch19 -p1 -b .date-parsing -%patch20 -p1 -b .ingroup %patch21 -p1 -b .move-home %patch22 -p1 -b .audit-update %patch23 -p1 -b .unlock %patch24 -p1 -b .no-lock-dos %patch28 -p1 -b .selinux-perms %patch29 -p1 -b .null-tm -%patch30 -p1 -b .grouplist -%patch31 -p1 -b .userdel-chroot +%patch31 -p1 -b .getenforce %patch32 -p1 -b .crypt_h %patch33 -p1 -b .long-entry +%patch34 -p1 -b .usermod-crash iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -237,6 +233,9 @@ done %{_mandir}/man8/vigr.8* %changelog +* Mon May 28 2018 Tomáš Mráz - 2:4.6-1 +- update to current upstream release 4.6 + * Fri Apr 20 2018 Tomáš Mráz - 2:4.5-10 - Raise limit for passwd and shadow entry length but also prevent writing longer entries (#1422497) diff --git a/sources b/sources index a50063e..2093465 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (shadow-4.5.tar.xz) = e57f8db54df23301c229d4be30d4cbb67efa1d1809cffcff79adc480b6019fb2b5fd09e112e82a3f00ad5a6b2994592adac93f70a631cf666b6f4723b61c87b5 -SHA512 (shadow-4.5.tar.xz.asc) = 42739e5e36e0dd1ff8e9d8721f5b4b222113afd91c927b580bc0b587d59dcdecdf938c978405b80f15a70b17f2d0589f8b6277e0e9bd23a5f3c2fc924c9b1e24 +SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631 +SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed