From b1dccbc445d9c9d8db3ae105b3f835a493be7da9 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 3 Feb 2016 14:01:19 +0100
Subject: [PATCH] add possibility to clear or set lastlog record for user via
lastlog
---
shadow-4.2.1-lastlog-unexpire.patch | 249 ++++++++++++++++++++++++++++
shadow-utils.spec | 7 +-
2 files changed, 255 insertions(+), 1 deletion(-)
create mode 100644 shadow-4.2.1-lastlog-unexpire.patch
diff --git a/shadow-4.2.1-lastlog-unexpire.patch b/shadow-4.2.1-lastlog-unexpire.patch
new file mode 100644
index 0000000..2596820
--- /dev/null
+++ b/shadow-4.2.1-lastlog-unexpire.patch
@@ -0,0 +1,249 @@
+diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
+--- shadow-4.2.1/man/lastlog.8.xml.unexpire 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/man/lastlog.8.xml 2016-02-03 11:50:20.481293785 +0100
+@@ -105,6 +105,17 @@
+ </varlistentry>
+ <varlistentry>
+ <term>
++ <option>-C</option>, <option>--clear</option>
++ </term>
++ <listitem>
++ <para>
++ Clear lastlog record of an user. This option can be used only together
++ with <option>-u</option> (<option>--user</option>)).
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
+ <option>-h</option>, <option>--help</option>
+ </term>
+ <listitem>
+@@ -123,6 +134,17 @@
+ </para>
+ </listitem>
+ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>-S</option>, <option>--set</option>
++ </term>
++ <listitem>
++ <para>
++ Set lastlog record of an user to the current time. This option can be
++ used only together with <option>-u</option> (<option>--user</option>)).
++ </para>
++ </listitem>
++ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>-t</option>, <option>--time</option> <replaceable>DAYS</replaceable>
+diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
+--- shadow-4.2.1/src/lastlog.c.unexpire 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/lastlog.c 2016-02-03 11:35:26.971273603 +0100
+@@ -71,6 +71,8 @@ static struct stat statbuf; /* fstat buf
+ static bool uflg = false; /* print only an user of range of users */
+ static bool tflg = false; /* print is restricted to most recent days */
+ static bool bflg = false; /* print excludes most recent days */
++static bool Cflg = false; /* clear record for user */
++static bool Sflg = false; /* set record for user */
+
+ #define NOW (time ((time_t *) 0))
+
+@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
+ "Options:\n"),
+ Prog);
+ (void) fputs (_(" -b, --before DAYS print only lastlog records older than DAYS\n"), usageout);
++ (void) fputs (_(" -C, --clear clear lastlog record of an user (usable only with -u)\n"), usageout);
+ (void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
++ (void) fputs (_(" -S, --set set lastlog record to current time (usable only with -u)\n"), usageout);
+ (void) fputs (_(" -t, --time DAYS print only lastlog records more recent than DAYS\n"), usageout);
+ (void) fputs (_(" -u, --user LOGIN print lastlog record of the specified LOGIN\n"), usageout);
+ (void) fputs ("\n", usageout);
+@@ -194,6 +198,80 @@ static void print (void)
+ }
+ }
+
++static void update_one (/*@null@*/const struct passwd *pw)
++{
++ off_t offset;
++ struct lastlog ll;
++ int err;
++
++ if (NULL == pw) {
++ return;
++ }
++
++ offset = (off_t) pw->pw_uid * sizeof (ll);
++ /* fseeko errors are not really relevant for us. */
++ err = fseeko (lastlogfile, offset, SEEK_SET);
++ assert (0 == err);
++
++ memzero (&ll, sizeof (ll));
++
++ if (Sflg) {
++ ll.ll_time = NOW;
++#ifdef HAVE_LL_HOST
++ strcpy (ll.ll_host, "localhost");
++#endif
++ strcpy (ll.ll_line, "lastlog");
++#ifdef WITH_AUDIT
++ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
++ "clearing-lastlog",
++ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
++#endif
++ }
++#ifdef WITH_AUDIT
++ else {
++ audit_logger (AUDIT_ACCT_UNLOCK, Prog,
++ "refreshing-lastlog",
++ pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
++ }
++#endif
++
++ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
++ fprintf (stderr,
++ _("%s: Failed to update the entry for UID %lu\n"),
++ Prog, (unsigned long int)pw->pw_uid);
++ exit (EXIT_FAILURE);
++ }
++}
++
++static void update (void)
++{
++ const struct passwd *pwent;
++
++ if (!uflg) /* safety measure */
++ return;
++
++ if (has_umin && has_umax && (umin == umax)) {
++ update_one (getpwuid ((uid_t)umin));
++ } else {
++ setpwent ();
++ while ( (pwent = getpwent ()) != NULL ) {
++ if ((has_umin && (pwent->pw_uid < (uid_t)umin))
++ || (has_umax && (pwent->pw_uid > (uid_t)umax))) {
++ continue;
++ }
++ update_one (pwent);
++ }
++ endpwent ();
++ }
++
++ if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
++ fprintf (stderr,
++ _("%s: Failed to update the lastlog file\n"),
++ Prog);
++ exit (EXIT_FAILURE);
++ }
++}
++
+ int main (int argc, char **argv)
+ {
+ /*
+@@ -208,18 +286,24 @@ int main (int argc, char **argv)
+
+ process_root_flag ("-R", argc, argv);
+
++#ifdef WITH_AUDIT
++ audit_help_open ();
++#endif
++
+ {
+ int c;
+ static struct option const longopts[] = {
+ {"before", required_argument, NULL, 'b'},
++ {"clear", no_argument, NULL, 'C'},
+ {"help", no_argument, NULL, 'h'},
+ {"root", required_argument, NULL, 'R'},
++ {"set", no_argument, NULL, 'S'},
+ {"time", required_argument, NULL, 't'},
+ {"user", required_argument, NULL, 'u'},
+ {NULL, 0, NULL, '\0'}
+ };
+
+- while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
++ while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
+ NULL)) != -1) {
+ switch (c) {
+ case 'b':
+@@ -235,11 +319,21 @@ int main (int argc, char **argv)
+ bflg = true;
+ break;
+ }
++ case 'C':
++ {
++ Cflg = true;
++ break;
++ }
+ case 'h':
+ usage (EXIT_SUCCESS);
+ /*@notreached@*/break;
+ case 'R': /* no-op, handled in process_root_flag () */
+ break;
++ case 'S':
++ {
++ Sflg = true;
++ break;
++ }
+ case 't':
+ {
+ unsigned long days;
+@@ -294,9 +388,21 @@ int main (int argc, char **argv)
+ Prog, argv[optind]);
+ usage (EXIT_FAILURE);
+ }
++ if (Cflg && Sflg) {
++ fprintf (stderr,
++ _("%s: Option -C cannot be used together with option -S\n"),
++ Prog);
++ usage (EXIT_FAILURE);
++ }
++ if ((Cflg || Sflg) && !uflg) {
++ fprintf (stderr,
++ _("%s: Options -C and -S require option -u to specify the user\n"),
++ Prog);
++ usage (EXIT_FAILURE);
++ }
+ }
+
+- lastlogfile = fopen (LASTLOG_FILE, "r");
++ lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
+ if (NULL == lastlogfile) {
+ perror (LASTLOG_FILE);
+ exit (EXIT_FAILURE);
+@@ -310,7 +416,10 @@ int main (int argc, char **argv)
+ exit (EXIT_FAILURE);
+ }
+
+- print ();
++ if (Cflg || Sflg)
++ update ();
++ else
++ print ();
+
+ (void) fclose (lastlogfile);
+
+diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
+--- shadow-4.2.1/src/Makefile.am.unexpire 2014-05-08 10:43:11.000000000 +0200
++++ shadow-4.2.1/src/Makefile.am 2016-02-03 11:35:26.971273603 +0100
+@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
+ grpck_LDADD = $(LDADD) $(LIBSELINUX)
+ grpconv_LDADD = $(LDADD) $(LIBSELINUX)
+ grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
++lastlog_LDADD = $(LDADD) $(LIBAUDIT)
+ login_SOURCES = \
+ login.c \
+ login_nopam.c
+diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
+--- shadow-4.2.1/src/Makefile.in.unexpire 2014-05-09 18:49:48.000000000 +0200
++++ shadow-4.2.1/src/Makefile.in 2016-02-03 11:35:26.972273609 +0100
+@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
+ $(top_builddir)/lib/libshadow.la
+ lastlog_SOURCES = lastlog.c
+ lastlog_OBJECTS = lastlog.$(OBJEXT)
+-lastlog_LDADD = $(LDADD)
++lastlog_LDADD = $(LDADD) $(LIBAUDIT)
+ lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(top_builddir)/libmisc/libmisc.a \
+ $(top_builddir)/lib/libshadow.la
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 21eb936..404d754 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.2.1
-Release: 5%{?dist}
+Release: 6%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
@@ -33,6 +33,7 @@ Patch22: shadow-4.2.1-audit-update.patch
Patch23: shadow-4.2.1-usermod-unlock.patch
Patch24: shadow-4.2.1-no-lock-dos.patch
Patch25: shadow-4.2.1-defs-chroot.patch
+Patch26: shadow-4.2.1-lastlog-unexpire.patch
License: BSD and GPLv2+
Group: System Environment/Base
@@ -86,6 +87,7 @@ are used for managing group accounts.
%patch23 -p1 -b .unlock
%patch24 -p1 -b .no-lock-dos
%patch25 -p1 -b .defs-chroot
+%patch26 -p1 -b .unexpire
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -252,6 +254,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
+* Wed Feb 3 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-6
+- add possibility to clear or set lastlog record for user via lastlog
+
* Fri Jan 8 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-5
- do not use obscure permissions for binaries
- remove unused commands from login.defs(5) cross-reference