- improve audit logging (#211659)

- improve "-l" option. Do not reset faillog if it's used (#213450).
This commit is contained in:
Peter Vrabec 2006-11-03 15:29:36 +00:00
parent 7d0c959713
commit 967e600d2f
3 changed files with 34 additions and 14 deletions

View File

@ -1,5 +1,5 @@
--- shadow-4.0.16/man/useradd.8.lOption 2006-06-06 10:41:47.000000000 +0200
+++ shadow-4.0.16/man/useradd.8 2006-06-06 10:42:59.000000000 +0200
--- shadow-4.0.17/man/useradd.8.lOption 2006-11-02 18:23:50.000000000 +0100
+++ shadow-4.0.17/man/useradd.8 2006-11-02 18:23:50.000000000 +0100
@@ -96,6 +96,9 @@
\fB\-m\fR
option. The default is to not create the directory and to not copy any files.
@ -10,8 +10,8 @@
\fB-n\fR
A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
.TP 3n
--- shadow-4.0.16/src/useradd.c.lOption 2006-06-06 10:41:47.000000000 +0200
+++ shadow-4.0.16/src/useradd.c 2006-06-06 10:41:47.000000000 +0200
--- shadow-4.0.17/src/useradd.c.lOption 2006-11-02 18:23:50.000000000 +0100
+++ shadow-4.0.17/src/useradd.c 2006-11-02 18:26:46.000000000 +0100
@@ -124,6 +124,7 @@
Gflg = 0, /* secondary group set for new account */
kflg = 0, /* specify a directory to fill new user directory */
@ -28,7 +28,7 @@
" -M, do not create user's home directory(overrides /etc/login.defs)\n"
" -r, create system account\n"
" -o, --non-unique allow create user with duplicate\n"
@@ -1035,7 +1037,7 @@
@@ -1041,7 +1043,7 @@
{NULL, 0, NULL, '\0'}
};
while ((c =
@ -37,7 +37,7 @@
long_options, NULL)) != -1) {
switch (c) {
case 'b':
@@ -1175,6 +1177,9 @@
@@ -1181,6 +1183,9 @@
case 'm':
mflg++;
break;
@ -47,13 +47,12 @@
case 'o':
oflg++;
break;
@@ -1540,7 +1545,8 @@
@@ -1549,7 +1554,7 @@
* no user with this UID exists yet (entries for shared UIDs
* are left unchanged). --marekm
*/
if (!getpwuid (user_id)) {
- if (!getpwuid (user_id)) {
+ if (!getpwuid (user_id) && !lflg) {
faillog_reset (user_id);
- lastlog_reset (user_id);
+ if (!lflg)
+ lastlog_reset (user_id);
lastlog_reset (user_id);
}
/*

View File

@ -0,0 +1,15 @@
diff -Nurp shadow-4.0.17.orig/src/useradd.c shadow-4.0.17/src/useradd.c
--- shadow-4.0.17.orig/src/useradd.c 2006-10-02 18:25:30.000000000 +0100
+++ shadow-4.0.17/src/useradd.c 2006-10-02 18:25:43.000000000 +0100
@@ -1611,6 +1611,10 @@ static void create_home (void)
_
("%s: cannot create directory %s\n"),
Prog, user_home);
+#ifdef WITH_AUDIT
+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "adding home directory", user_name, user_id, 0);
+#endif
fail_exit (E_HOMEDIR);
}
chown (user_home, user_id, user_gid);

View File

@ -5,7 +5,7 @@
Summary: Utilities for managing accounts and shadow password files.
Name: shadow-utils
Version: 4.0.18.1
Release: 1%{?dist}
Release: 2%{?dist}
Epoch: 2
URL: http://shadow.pld.org.pl/
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@ -20,6 +20,7 @@ Patch4: shadow-4.0.13-newgrpPwd.patch
Patch5: shadow-4.0.16-lOption.patch
Patch6: shadow-4.0.17-notInheritFd.patch
Patch7: shadow-4.0.17-exitValues.patch
Patch8: shadow-4.0.17-auditLogging.patch
License: BSD
Group: System Environment/Base
@ -57,6 +58,7 @@ cp %{SOURCE3} lib/nscd.c
%patch6 -p1 -b .notInheritFd
%patch7 -p1 -b .exitValues
%patch8 -p1 -b .auditLogging
rm po/*.gmo
rm po/stamp-po
@ -211,6 +213,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/man8/faillog.8*
%changelog
* Fri Nov 03 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-2
- improve audit logging (#211659)
- improve "-l" option. Do not reset faillog if it's used (#213450).
* Wed Nov 01 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-1
- upgrade