diff --git a/.cvsignore b/.cvsignore index 1aa7c2d..5e650b5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,4 +1,3 @@ shadow-4.0.17-login.defs shadow-4.0.18.1-useradd -shadow-4.1.1.tar.bz2 -shadow-4.1.2.tar.bz2 +shadow-4.1.3.tar.bz2 diff --git a/shadow-4.0.17-login.defs b/shadow-4.0.17-login.defs deleted file mode 100644 index 18733bf..0000000 --- a/shadow-4.0.17-login.defs +++ /dev/null @@ -1,58 +0,0 @@ -# *REQUIRED* -# Directory where mailboxes reside, _or_ name of file, relative to the -# home directory. If you _do_ define both, MAIL_DIR takes precedence. -# QMAIL_DIR is for Qmail -# -#QMAIL_DIR Maildir -MAIL_DIR /var/spool/mail -#MAIL_FILE .mail - -# Password aging controls: -# -# PASS_MAX_DAYS Maximum number of days a password may be used. -# PASS_MIN_DAYS Minimum number of days allowed between password changes. -# PASS_MIN_LEN Minimum acceptable password length. -# PASS_WARN_AGE Number of days warning given before a password expires. -# -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -PASS_MIN_LEN 5 -PASS_WARN_AGE 7 - -# -# Min/max values for automatic uid selection in useradd -# -UID_MIN 500 -UID_MAX 60000 - -# -# Min/max values for automatic gid selection in groupadd -# -GID_MIN 500 -GID_MAX 60000 - -# -# If defined, this command is run when removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed (passed as the first argument). -# -#USERDEL_CMD /usr/sbin/userdel_local - -# -# If useradd should create home directories for users by default -# On RH systems, we do. This option is overridden with the -m flag on -# useradd command line. -# -CREATE_HOME yes - -# The permission mask is initialized to this value. If not specified, -# the permission mask will be initialized to 022. -UMASK 077 - -# This enables userdel to remove user groups if no members exist. -# -USERGROUPS_ENAB yes - -# Use MD5 or DES to encrypt password? Red Hat use MD5 by default. -MD5_CRYPT_ENAB yes - diff --git a/shadow-4.1.1-selinuxUserMappings.patch b/shadow-4.1.1-selinuxUserMappings.patch deleted file mode 100644 index a6f1df6..0000000 --- a/shadow-4.1.1-selinuxUserMappings.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -up shadow-4.1.1/src/usermod.c.selinux-user shadow-4.1.1/src/usermod.c ---- shadow-4.1.1/src/usermod.c.selinux-user 2008-09-09 17:28:45.673915250 +0200 -+++ shadow-4.1.1/src/usermod.c 2008-09-09 17:35:39.000000000 +0200 -@@ -116,6 +116,7 @@ static int - oflg = 0, /* permit non-unique user ID to be specified with -u */ - pflg = 0, /* new encrypted password */ - sflg = 0, /* new shell program */ -+ Sflg = 0, /* new selinux user */ - uflg = 0, /* specify new user ID */ - Uflg = 0; /* unlock the password */ - -@@ -967,8 +968,10 @@ static void process_flags (int argc, cha - break; - #ifdef WITH_SELINUX - case 'Z': -- if (is_selinux_enabled() > 0) -- user_selinux = optarg; -+ if (is_selinux_enabled() > 0) { -+ user_selinux = optarg; -+ Sflg++; -+ } - else { - fprintf (stderr, _("%s: -Z requires SELinux enabled kernel\n"), Prog); - exit (E_BAD_ARG); -@@ -1015,7 +1018,7 @@ static void process_flags (int argc, cha - } - - if (Uflg + uflg + sflg + pflg + oflg + mflg + Lflg + lflg + Gflg + -- gflg + fflg + eflg + dflg + cflg == 0) { -+ gflg + fflg + eflg + dflg + cflg + Sflg == 0) { - fprintf (stderr, _("%s: no changes\n"), Prog); - exit (E_SUCCESS); - } diff --git a/shadow-4.1.2-audit.patch b/shadow-4.1.2-audit.patch deleted file mode 100644 index 89a53bf..0000000 --- a/shadow-4.1.2-audit.patch +++ /dev/null @@ -1,447 +0,0 @@ -diff -urp shadow-4.1.2.orig/src/groupadd.c shadow-4.1.2/src/groupadd.c ---- shadow-4.1.2.orig/src/groupadd.c 2008-09-02 08:31:11.000000000 -0400 -+++ shadow-4.1.2/src/groupadd.c 2008-09-02 09:05:14.000000000 -0400 -@@ -205,7 +205,7 @@ static void grp_update (void) - } - #endif /* SHADOWGRP */ - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group", group_name, -+ audit_logger (AUDIT_ADD_GROUP, Prog, "adding group", group_name, - group_id, 1); - #endif - SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", -@@ -269,7 +269,7 @@ static void open_files (void) - if (!gr_lock ()) { - fprintf (stderr, _("%s: unable to lock group file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "locking group file", -+ audit_logger (AUDIT_ADD_GROUP, Prog, "locking group file", - group_name, -1, 0); - #endif - exit (E_GRP_UPDATE); -@@ -277,7 +277,7 @@ static void open_files (void) - if (!gr_open (O_RDWR)) { - fprintf (stderr, _("%s: unable to open group file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening group file", -+ audit_logger (AUDIT_ADD_GROUP, Prog, "opening group file", - group_name, -1, 0); - #endif - fail_exit (E_GRP_UPDATE); -@@ -310,7 +310,7 @@ static void fail_exit (int code) - - #ifdef WITH_AUDIT - if (code != E_SUCCESS) { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding group", -+ audit_logger (AUDIT_ADD_GROUP, Prog, "adding group", - group_name, -1, 0); - } - #endif -diff -urp shadow-4.1.2.orig/src/groupdel.c shadow-4.1.2/src/groupdel.c ---- shadow-4.1.2.orig/src/groupdel.c 2008-09-02 08:31:11.000000000 -0400 -+++ shadow-4.1.2/src/groupdel.c 2008-09-02 09:04:18.000000000 -0400 -@@ -100,7 +100,7 @@ static void fail_exit (int code) - #endif - - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting group", -+ audit_logger (AUDIT_DEL_GROUP, Prog, "deleting group", - group_name, -1, 0); - #endif - -@@ -143,7 +143,7 @@ static void grp_update (void) - static void close_files (void) - { - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting group", group_name, -+ audit_logger (AUDIT_DEL_GROUP, Prog, "deleting group", group_name, - group_id, 1); - #endif - SYSLOG ((LOG_INFO, "remove group `%s'\n", group_name)); -@@ -316,7 +316,7 @@ int main (int argc, char **argv) - fprintf (stderr, _("%s: group %s does not exist\n"), - Prog, group_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_GROUP, Prog, - "deleting group", - group_name, -1, 0); - #endif -@@ -338,7 +338,7 @@ int main (int argc, char **argv) - Prog, group_name); - - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting group", -+ audit_logger (AUDIT_DEL_GROUP, Prog, "deleting group", - group_name, -1, 0); - #endif - if (!yp_get_default_domain (&nis_domain) && -diff -urp shadow-4.1.2.orig/src/useradd.c shadow-4.1.2/src/useradd.c ---- shadow-4.1.2.orig/src/useradd.c 2008-09-02 08:31:11.000000000 -0400 -+++ shadow-4.1.2/src/useradd.c 2008-09-02 08:47:31.000000000 -0400 -@@ -216,7 +216,7 @@ static void fail_exit (int code) - #endif - - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -1, -+ audit_logger (AUDIT_ADD_USER, Prog, "adding user", user_name, -1, - 0); - #endif - SYSLOG ((LOG_INFO, "failed adding user `%s', data deleted", user_name)); -@@ -793,7 +793,7 @@ static void grp_update (void) - fail_exit (E_GRP_UPDATE); - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding user to group", user_name, -1, 1); - #endif - SYSLOG ((LOG_INFO, "add `%s' to group `%s'", -@@ -844,7 +844,7 @@ static void grp_update (void) - fail_exit (E_GRP_UPDATE); - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding user to shadow group", user_name, -1, 1); - #endif - SYSLOG ((LOG_INFO, "add `%s' to shadow group `%s'", -@@ -1162,7 +1162,7 @@ static void process_flags (int argc, cha - ("%s: invalid user name '%s'\n"), - Prog, user_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", -+ audit_logger (AUDIT_ADD_USER, Prog, "adding user", - user_name, -1, 0); - #endif - exit (E_BAD_ARG); -@@ -1251,7 +1251,7 @@ static void open_files (void) - if (!pw_lock ()) { - fprintf (stderr, _("%s: unable to lock password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "locking password file", user_name, user_id, 0); - #endif - exit (E_PW_UPDATE); -@@ -1260,7 +1260,7 @@ static void open_files (void) - if (!pw_open (O_RDWR)) { - fprintf (stderr, _("%s: unable to open password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "opening password file", user_name, user_id, 0); - #endif - fail_exit (E_PW_UPDATE); -@@ -1271,7 +1271,7 @@ static void open_files (void) - _("%s: cannot lock shadow password file\n"), - Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "locking shadow password file", user_name, - user_id, 0); - #endif -@@ -1283,7 +1283,7 @@ static void open_files (void) - _("%s: cannot open shadow password file\n"), - Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "opening shadow password file", user_name, - user_id, 0); - #endif -@@ -1385,6 +1385,10 @@ static void grp_add (void) - * Write out the new group file entry. - */ - if (!gr_update (&grp)) { -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_GROUP, Prog, -+ "adding group", grp.gr_name, -1, 0); -+#endif - fprintf (stderr, _("%s: error adding new group entry\n"), Prog); - fail_exit (E_GRP_UPDATE); - } -@@ -1393,11 +1397,19 @@ static void grp_add (void) - * Write out the new shadow group entries as well. - */ - if (is_shadow_grp && !sgr_update (&sgrp)) { -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_GROUP, Prog, -+ "adding group", grp.gr_name, -1, 0); -+#endif - fprintf (stderr, _("%s: error adding new group entry\n"), Prog); - fail_exit (E_GRP_UPDATE); - } - #endif /* SHADOWGRP */ - SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_GROUP, Prog, "adding group", -+ grp.gr_name, -1, 1); -+#endif - do_grp_update++; - } - -@@ -1486,13 +1498,13 @@ static void usr_update (void) - ("%s: error adding new shadow password entry\n"), - Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding shadow password", user_name, user_id, 0); - #endif - fail_exit (E_PW_UPDATE); - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, -+ audit_logger (AUDIT_ADD_USER, Prog, "adding user", user_name, - user_id, 1); - #endif - -@@ -1522,7 +1534,7 @@ static void selinux_update_mapping () { - _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), - Prog, user_name, user_selinux); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding SELinux user mapping", user_name, user_id, 0); - #endif - } -@@ -1551,7 +1563,7 @@ static void create_home (void) - ("%s: cannot create directory %s\n"), - Prog, user_home); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", user_name, - user_id, 0); - #endif -@@ -1562,7 +1574,7 @@ static void create_home (void) - 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); - home_added++; - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", user_name, user_id, 1); - #endif - #ifdef WITH_SELINUX -@@ -1722,7 +1734,7 @@ int main (int argc, char **argv) - if (getpwnam (user_name)) { /* local, no need for xgetpwnam */ - fprintf (stderr, _("%s: user %s exists\n"), Prog, user_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", -+ audit_logger (AUDIT_ADD_USER, Prog, "adding user", - user_name, -1, 0); - #endif - fail_exit (E_NAME_IN_USE); -@@ -1741,7 +1753,7 @@ int main (int argc, char **argv) - ("%s: group %s exists - if you want to add this user to that group, use -g.\n"), - Prog, user_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_ADD_GROUP, Prog, - "adding group", user_name, -1, 0); - #endif - fail_exit (E_NAME_IN_USE); -@@ -1772,7 +1784,7 @@ int main (int argc, char **argv) - if (getpwuid (user_id) != NULL) { - fprintf (stderr, _("%s: UID %u is not unique\n"), Prog, (unsigned int) user_id); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "adding user", user_name, user_id, 0); -+ audit_logger (AUDIT_ADD_USER, Prog, "adding user", user_name, user_id, 0); - #endif - fail_exit (E_UID_IN_USE); - } -diff -urp shadow-4.1.2.orig/src/userdel.c shadow-4.1.2/src/userdel.c ---- shadow-4.1.2.orig/src/userdel.c 2008-09-02 08:31:11.000000000 -0400 -+++ shadow-4.1.2/src/userdel.c 2008-09-02 09:03:20.000000000 -0400 -@@ -170,7 +170,7 @@ static void update_groups (void) - * Update the DBM group file with the new entry as well. - */ - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting user from group", user_name, user_id, - 0); - #endif -@@ -220,8 +220,8 @@ static void update_groups (void) - #endif - - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -- "deleting group", user_name, user_id, 0); -+ audit_logger (AUDIT_DEL_GROUP, Prog, "deleting group", -+ grp->gr_name, -1, 1); - #endif - SYSLOG ((LOG_INFO, - "removed group `%s' owned by `%s'\n", -@@ -270,7 +270,7 @@ static void update_groups (void) - exit (E_GRP_UPDATE); - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting user from shadow group", user_name, - user_id, 0); - #endif -@@ -327,7 +327,7 @@ static void fail_exit (int code) - sgr_unlock (); - #endif - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting user", user_name, -+ audit_logger (AUDIT_DEL_USER, Prog, "deleting user", user_name, - user_id, 0); - #endif - exit (code); -@@ -344,7 +344,7 @@ static void open_files (void) - if (!pw_lock ()) { - fprintf (stderr, _("%s: unable to lock password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "locking password file", user_name, user_id, 0); - #endif - exit (E_PW_UPDATE); -@@ -352,7 +352,7 @@ static void open_files (void) - if (!pw_open (O_RDWR)) { - fprintf (stderr, _("%s: unable to open password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "opening password file", user_name, user_id, 0); - #endif - fail_exit (E_PW_UPDATE); -@@ -361,7 +361,7 @@ static void open_files (void) - fprintf (stderr, - _("%s: cannot lock shadow password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "locking shadow password file", user_name, - user_id, 0); - #endif -@@ -371,7 +371,7 @@ static void open_files (void) - fprintf (stderr, - _("%s: cannot open shadow password file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "opening shadow password file", user_name, - user_id, 0); - #endif -@@ -380,7 +380,7 @@ static void open_files (void) - if (!gr_lock ()) { - fprintf (stderr, _("%s: unable to lock group file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "locking group file", -+ audit_logger (AUDIT_DEL_USER, Prog, "locking group file", - user_name, user_id, 0); - #endif - fail_exit (E_GRP_UPDATE); -@@ -388,7 +388,7 @@ static void open_files (void) - if (!gr_open (O_RDWR)) { - fprintf (stderr, _("%s: cannot open group file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "opening group file", -+ audit_logger (AUDIT_DEL_USER, Prog, "opening group file", - user_name, user_id, 0); - #endif - fail_exit (E_GRP_UPDATE); -@@ -398,7 +398,7 @@ static void open_files (void) - fprintf (stderr, - _("%s: unable to lock shadow group file\n"), Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "locking shadow group file", user_name, user_id, - 0); - #endif -@@ -408,7 +408,7 @@ static void open_files (void) - fprintf (stderr, _("%s: cannot open shadow group file\n"), - Prog); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "opening shadow group file", user_name, user_id, - 0); - #endif -@@ -436,7 +436,7 @@ static void update_user (void) - fail_exit (E_PW_UPDATE); - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting user entries", -+ audit_logger (AUDIT_DEL_USER, Prog, "deleting user entries", - user_name, user_id, 1); - #endif - SYSLOG ((LOG_INFO, "delete user `%s'\n", user_name)); -@@ -476,7 +476,7 @@ static void user_busy (const char *name, - _("%s: user %s is currently logged in\n"), Prog, name); - if (!fflg) { - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting user logged in", name, -1, 0); - #endif - exit (E_USER_BUSY); -@@ -577,7 +577,7 @@ static void remove_mailbox (void) - if (fflg) { - unlink (mailfile); /* always remove, ignore errors */ - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting mail file", -+ audit_logger (AUDIT_DEL_USER, Prog, "deleting mail file", - user_name, user_id, 1); - #endif - return; -@@ -589,7 +589,7 @@ static void remove_mailbox (void) - ("%s: %s not owned by %s, not removing\n"), - Prog, mailfile, user_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting mail file", -+ audit_logger (AUDIT_DEL_USER, Prog, "deleting mail file", - user_name, user_id, 0); - #endif - return; -@@ -601,7 +601,7 @@ static void remove_mailbox (void) - } - #ifdef WITH_AUDIT - else { -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, "deleting mail file", -+ audit_logger (AUDIT_DEL_USER, Prog, "deleting mail file", - user_name, user_id, 1); - } - #endif -@@ -713,7 +713,7 @@ int main (int argc, char **argv) - fprintf (stderr, _("%s: user %s does not exist\n"), - Prog, user_name); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting user not found", user_name, -1, 0); - #endif - exit (E_NOTFOUND); -@@ -799,14 +799,14 @@ int main (int argc, char **argv) - _("%s: error removing directory %s\n"), - Prog, user_home); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting home directory", user_name, - user_id, 1); - #endif - errors++; - } - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting home directory", user_name, user_id, 1); - #endif - } -@@ -838,7 +838,7 @@ int main (int argc, char **argv) - #endif /* USE_PAM */ - #ifdef WITH_AUDIT - if (errors) -- audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ audit_logger (AUDIT_DEL_USER, Prog, - "deleting home directory", user_name, -1, 0); - #endif - exit (errors ? E_HOMEDIR : E_SUCCESS); diff --git a/shadow-4.1.2-checkName.patch b/shadow-4.1.2-checkName.patch deleted file mode 100644 index 321bdba..0000000 --- a/shadow-4.1.2-checkName.patch +++ /dev/null @@ -1,32 +0,0 @@ -diff -up shadow-4.1.2/src/groupmems.c.checkName shadow-4.1.2/src/groupmems.c ---- shadow-4.1.2/src/groupmems.c.checkName 2008-09-24 11:17:02.000000000 +0200 -+++ shadow-4.1.2/src/groupmems.c 2008-09-24 14:03:01.000000000 +0200 -@@ -43,6 +43,7 @@ - #include - #include "defines.h" - #include "groupio.h" -+#include "chkname.h" - - /* Exit Status Values */ - -@@ -54,6 +55,7 @@ - #define EXIT_NOT_PRIMARY 5 /* not primary owner of group */ - #define EXIT_NOT_MEMBER 6 /* member of group does not exist */ - #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ -+#define E_BAD_ARG 8 /* invalid argument to option */ - - #define TRUE 1 - #define FALSE 0 -@@ -225,6 +227,12 @@ int main (int argc, char **argv) - usage (); - } - -+ /* check if user names is valid */ -+ if ( adduser && !check_user_name (adduser)) { -+ fprintf (stderr, _("%s is not a valid user name\n"), adduser); -+ exit (E_BAD_ARG); -+ } -+ - if (!isroot () && NULL != thisgroup) { - fputs (_("Only root can add members to different groups\n"), - stderr); diff --git a/shadow-4.1.2-gmNoGroup.patch b/shadow-4.1.2-gmNoGroup.patch deleted file mode 100644 index 67e14ea..0000000 --- a/shadow-4.1.2-gmNoGroup.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up shadow-4.1.2/src/groupmems.c.gmNoGroup shadow-4.1.2/src/groupmems.c ---- shadow-4.1.2/src/groupmems.c.gmNoGroup 2008-09-24 15:00:30.000000000 +0200 -+++ shadow-4.1.2/src/groupmems.c 2008-09-24 15:07:20.000000000 +0200 -@@ -56,6 +56,7 @@ - #define EXIT_NOT_MEMBER 6 /* member of group does not exist */ - #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */ - #define E_BAD_ARG 8 /* invalid argument to option */ -+#define EXIT_NOT_GROUP 8 /* group does not exist */ - - #define TRUE 1 - #define FALSE 0 -@@ -293,6 +294,10 @@ int main (int argc, char **argv) - } - - grp = (struct group *) gr_locate (name); -+ if (NULL == grp) { -+ fputs (_("Specified group does not exist\n"), stderr); -+ exit (EXIT_NOT_GROUP); -+ } - - if (NULL != adduser) { - grp->gr_mem = addtogroup (adduser, grp->gr_mem); diff --git a/shadow-4.1.2-gmSEGV.patch b/shadow-4.1.2-gmSEGV.patch deleted file mode 100644 index 848dddb..0000000 --- a/shadow-4.1.2-gmSEGV.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up shadow-4.1.2/src/groupmems.c.gmSEGV shadow-4.1.2/src/groupmems.c ---- shadow-4.1.2/src/groupmems.c.gmSEGV 2008-04-22 22:05:11.000000000 +0200 -+++ shadow-4.1.2/src/groupmems.c 2008-09-02 08:30:52.000000000 +0200 -@@ -95,7 +95,7 @@ static char *whoami (void) - } - } - --static void addtogroup (char *user, char **members) -+static char **addtogroup (char *user, char **members) - { - int i; - -@@ -109,6 +109,8 @@ static void addtogroup (char *user, char - members = (char **) realloc (members, sizeof (char *) * (i+2)); - members[i] = user; - members[i + 1] = NULL; -+ -+ return members; - } - - static void rmfromgroup (char *user, char **members) -@@ -285,7 +287,7 @@ int main (int argc, char **argv) - grp = (struct group *) gr_locate (name); - - if (NULL != adduser) { -- addtogroup (adduser, grp->gr_mem); -+ grp->gr_mem = addtogroup (adduser, grp->gr_mem); - gr_update (grp); - } else if (NULL != deluser) { - rmfromgroup (deluser, grp->gr_mem); diff --git a/shadow-4.1.2-goodname.patch b/shadow-4.1.2-goodname.patch deleted file mode 100644 index 273ad2b..0000000 --- a/shadow-4.1.2-goodname.patch +++ /dev/null @@ -1,93 +0,0 @@ -diff -up shadow-4.1.2/libmisc/chkname.c.goodname shadow-4.1.2/libmisc/chkname.c ---- shadow-4.1.2/libmisc/chkname.c.goodname 2008-04-27 02:40:13.000000000 +0200 -+++ shadow-4.1.2/libmisc/chkname.c 2008-05-26 14:37:09.000000000 +0200 -@@ -50,16 +50,24 @@ - static int good_name (const char *name) - { - /* -- * User/group names must match [a-z_][a-z0-9_-]*[$] -- */ -- if (!*name || !((*name >= 'a' && *name <= 'z') || *name == '_')) -+ * User/group names must match gnu e-regex: -+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? -+ * -+ * as a non-POSIX, extension, allow "$" as the last char for -+ * sake of Samba 3.x "add machine script" -+ */ -+ if (!*name || !((*name >= 'a' && *name <= 'z') -+ || (*name >= 'A' && *name <= 'Z') -+ || (*name >= '0' && *name <= '9') -+ || *name == '_' || *name == '.')) - return 0; - - while (*++name) { -- if (!((*name >= 'a' && *name <= 'z') || -- (*name >= '0' && *name <= '9') || -- *name == '_' || *name == '-' || -- (*name == '$' && *(name + 1) == '\0'))) -+ if (!( (*name >= 'a' && *name <= 'z') -+ || (*name >= 'A' && *name <= 'Z') -+ || (*name >= '0' && *name <= '9') -+ || *name == '_' || *name == '.' || *name == '-' -+ || (*name == '$' && *(name + 1) == '\0'))) - return 0; - } - -@@ -75,10 +83,9 @@ int check_user_name (const char *name) - #endif - - /* -- * User names are limited by whatever utmp can -- * handle (usually max 8 characters). -+ * User names are limited by whatever utmp can handle. - */ -- if (strlen (name) > sizeof (ut.ut_user)) -+ if (strlen(name) + 1 > sizeof(ut.ut_user)) - return 0; - - return good_name (name); -@@ -86,11 +93,13 @@ int check_user_name (const char *name) - - int check_group_name (const char *name) - { -- /* -- * Arbitrary limit for group names - max 16 -- * characters (same as on HP-UX 10). -- */ -- if (strlen (name) > 16) -+#if HAVE_UTMPX_H -+ struct utmpx ut; -+#else -+ struct utmp ut; -+#endif -+ -+ if (strlen(name) + 1 > sizeof(ut.ut_user)) - return 0; - - return good_name (name); -diff -up shadow-4.1.2/man/groupadd.8.goodname shadow-4.1.2/man/groupadd.8 ---- shadow-4.1.2/man/groupadd.8.goodname 2008-05-26 14:37:09.000000000 +0200 -+++ shadow-4.1.2/man/groupadd.8 2008-05-26 14:40:51.000000000 +0200 -@@ -150,9 +150,7 @@ Shadow password suite configuration\&. - .RE - .SH "CAVEATS" - .PP --Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$] --.PP --Groupnames may only be up to 16 characters long\&. -+Groupnames may only be up to 32 characters long\&. - .PP - You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. - .PP -diff -up shadow-4.1.2/man/useradd.8.goodname shadow-4.1.2/man/useradd.8 ---- shadow-4.1.2/man/useradd.8.goodname 2008-05-26 14:37:09.000000000 +0200 -+++ shadow-4.1.2/man/useradd.8 2008-05-26 14:41:48.000000000 +0200 -@@ -293,8 +293,6 @@ You may not add a user to a NIS or LDAP - Similarly, if the username already exists in an external user database such as NIS or LDAP, - \fBuseradd\fR - will deny the user account creation request\&. --.PP --Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$] - .SH "CONFIGURATION" - .PP - The following configuration variables in diff --git a/shadow-4.1.2-redhat.patch b/shadow-4.1.2-redhat.patch deleted file mode 100644 index 75c84a8..0000000 --- a/shadow-4.1.2-redhat.patch +++ /dev/null @@ -1,269 +0,0 @@ -diff -up shadow-4.1.2/libmisc/find_new_ids.c.redhat shadow-4.1.2/libmisc/find_new_ids.c ---- shadow-4.1.2/libmisc/find_new_ids.c.redhat 2008-04-22 00:00:19.000000000 +0200 -+++ shadow-4.1.2/libmisc/find_new_ids.c 2008-05-26 14:18:43.000000000 +0200 -@@ -56,11 +56,11 @@ int find_new_uid (int sys_user, uid_t *u - assert (uid != NULL); - - if (sys_user == 0) { -- uid_min = getdef_unum ("UID_MIN", 1000); -+ uid_min = getdef_unum ("UID_MIN", 500); - uid_max = getdef_unum ("UID_MAX", 60000); - } else { - uid_min = getdef_unum ("SYS_UID_MIN", 1); -- uid_max = getdef_unum ("UID_MIN", 1000) - 1; -+ uid_max = getdef_unum ("UID_MIN", 500) - 1; - uid_max = getdef_unum ("SYS_UID_MAX", uid_max); - } - -@@ -139,11 +139,11 @@ int find_new_gid (int sys_group, gid_t * - assert (gid != NULL); - - if (sys_group == 0) { -- gid_min = getdef_unum ("GID_MIN", 1000); -+ gid_min = getdef_unum ("GID_MIN", 500); - gid_max = getdef_unum ("GID_MAX", 60000); - } else { - gid_min = getdef_unum ("SYS_GID_MIN", 1); -- gid_max = getdef_unum ("GID_MIN", 1000) - 1; -+ gid_max = getdef_unum ("GID_MIN", 500) - 1; - gid_max = getdef_unum ("SYS_GID_MAX", gid_max); - } - -diff -up shadow-4.1.2/src/useradd.c.redhat shadow-4.1.2/src/useradd.c ---- shadow-4.1.2/src/useradd.c.redhat 2008-05-19 22:31:52.000000000 +0200 -+++ shadow-4.1.2/src/useradd.c 2008-05-26 14:18:43.000000000 +0200 -@@ -85,7 +85,7 @@ - static gid_t def_group = 100; - static const char *def_gname = "other"; - static const char *def_home = "/home"; --static const char *def_shell = ""; -+static const char *def_shell = "/sbin/nologin"; - static const char *def_template = SKEL_DIR; - static const char *def_create_mail_spool = "no"; - -@@ -97,7 +97,7 @@ static char def_file[] = USER_DEFAULTS_F - #define VALID(s) (strcspn (s, ":\n") == strlen (s)) - - static const char *user_name = ""; --static const char *user_pass = "!"; -+static const char *user_pass = "!!"; - static uid_t user_id; - static gid_t user_gid; - static const char *user_comment = ""; -@@ -133,6 +133,7 @@ static int - kflg = 0, /* specify a directory to fill new user directory */ - lflg = 0, /* do not add user to lastlog database file */ - mflg = 0, /* create user's home directory if it doesn't exist */ -+ Mflg = 0, /* do NOT create user's home directory no matter what */ - Nflg = 0, /* do not create a group having the same name as the user, but add the user to def_group (or the group specified with -g) */ - oflg = 0, /* permit non-unique user ID to be specified with -u */ - rflg = 0, /* create a system account */ -@@ -656,6 +657,7 @@ static void usage (void) - " faillog databases\n" - " -m, --create-home create home directory for the new user\n" - " account\n" -+ " -M, do not create user's home directory(overrides /etc/login.defs)\n" - " -N, --no-user-group do not create a group with the same name as\n" - " the user\n" - " -o, --non-unique allow create user with duplicate\n" -@@ -886,7 +888,7 @@ static void process_flags (int argc, cha - {NULL, 0, NULL, '\0'} - }; - while ((c = -- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U", -+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U", - long_options, NULL)) != -1) { - switch (c) { - case 'b': -@@ -1026,6 +1028,10 @@ static void process_flags (int argc, cha - case 'm': - mflg++; - break; -+ case 'M': -+ Mflg++; -+ break; -+ case 'n': - case 'N': - Nflg++; - break; -@@ -1079,6 +1085,9 @@ static void process_flags (int argc, cha - Uflg = getdef_bool ("USERGROUPS_ENAB"); - } - -+ if (mflg && Mflg) /* the admin is not decided .. create or not ? */ -+ usage(); -+ - /* - * Certain options are only valid in combination with others. - * Check it here so that they can be specified in any order. -@@ -1628,6 +1637,14 @@ int main (int argc, char **argv) - } - #endif /* USE_PAM */ - -+ if (!rflg) /* for system accounts defaults are ignored and we -+ * do not create a home dir -- gafton */ -+ if (getdef_bool("CREATE_HOME")) -+ mflg = 1; -+ -+ if (Mflg) /* absolutely sure that we do not create home dirs */ -+ mflg = 0; -+ - /* - * See if we are messing with the defaults file, or creating - * a new user. -@@ -1727,27 +1744,22 @@ int main (int argc, char **argv) - ("%s: warning: the home directory already exists.\n" - "Not copying any file from skel directory into it.\n"), - Prog); -- -- } else if (getdef_str ("CREATE_HOME")) { -- /* -- * RedHat added the CREATE_HOME option in login.defs in their -- * version of shadow-utils (which makes -m the default, with -- * new -M option to turn it off). Unfortunately, this -- * changes the way useradd works (it can be run by scripts -- * expecting some standard behaviour), compared to other -- * Unices and other Linux distributions, and also adds a lot -- * of confusion :-(. -- * So we now recognize CREATE_HOME and give a warning here -- * (better than "configuration error ... notify administrator" -- * errors in every program that reads /etc/login.defs). -MM -- */ -- fprintf (stderr, -- _ -- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"), -- Prog); - } -- -- create_mail (); -+ /* Warning removed to protect the innocent. */ -+ /* -+ * The whole idea about breaking some stupid scripts by creating a new -+ * variable is crap - I could care less about the scripts. Historically -+ * adduser type programs have always created the home directories and -+ * I don't like the idea of providing a script when we can fix the -+ * binary itself. And if the scripts are using the right options to the -+ * useradd then they will not break. If not, they depend on unspecified -+ * behavior and they will break, but they were broken anyway to begin -+ * with --gafton -+ */ -+ -+ /* Do not create mail directory for system accounts */ -+ if( !rflg ) -+ create_mail (); - - close_files (); - -diff -up shadow-4.1.2/man/useradd.8.redhat shadow-4.1.2/man/useradd.8 ---- shadow-4.1.2/man/useradd.8.redhat 2008-05-25 01:20:26.000000000 +0200 -+++ shadow-4.1.2/man/useradd.8 2008-05-26 14:26:14.000000000 +0200 -@@ -27,7 +27,7 @@ option, the - \fBuseradd\fR - command creates a new user account using the values specified on the command line plus the default values from the system\&. Depending on command line options, the - \fBuseradd\fR --command will update system files and may also create the new user\'s home directory and copy initial files\&. -+command will update system files and may also create the new user\'s home directory and copy initial files\&. The version provided with Red Hat Linux will create a group for each user added to the system by default\&. - .SH "OPTIONS" - .PP - The options which apply to the -@@ -84,8 +84,7 @@ The number of days after a password expi - .PP - \fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR - .RS 4 --The group name or number of the user\'s initial login group\&. The group name must exist\&. A group number must refer to an already existing group\&. The default group number is 1 or whatever is specified in --\fI/etc/default/useradd\fR\&. -+The group name or number of the user\'s initial login group\&. The group name must exist\&. A group number must refer to an already existing group\&. - .RE - .PP - \fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,\&.\&.\&.\fR[\fI,GROUPN\fR]]] -@@ -143,6 +142,13 @@ Do not add the user to the lastlog and f - By default, the user\'s entries in the lastlog and faillog databases are resetted to avoid reusing the entry from a previously deleted user\&. - .RE - .PP -+\fB-M\fR -+.RS 4 -+The user\'s home directory will not be created, even if the system wide settings from -+\fI/etc/login.defs\fR -+is to create home dirs\. -+.RE -+.PP - \fB\-m\fR, \fB\-\-create\-home\fR - .RS 4 - Create the user\'s home directory if it does not exist\&. The files and directories contained in the skeleton directory (which can be defined with the -@@ -195,6 +201,19 @@ range, defined in - counterparts for the creation of groups)\&. - .RE - .PP -+\fB-r\fR -+.RS 4 -+This flag is used to create a system account\. That is, a user with a UID lower than the value of UID_MIN defined in -+\fI/etc/login.defs\fR -+and whose password does not expire\. Note that -+\fBuseradd\fR -+will not create a home directory for such an user, regardless of the default setting in -+\fI/etc/login.defs\fR\. -+You have to specify -+\fB-m\fR -+option if you want a home directory for a system account to be created\. This is an option added by Red Hat\. -+.RE -+.PP - \fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR - .RS 4 - The name of the user\'s login shell\&. The default is to leave this field blank, which causes the system to select the default login shell\&. -@@ -265,6 +284,8 @@ The name of a new user\'s login shell\&. - The system administrator is responsible for placing the default user files in the - \fI/etc/skel/\fR - directory\&. -+.br -+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions\&. - .SH "CAVEATS" - .PP - You may not add a user to a NIS or LDAP group\&. This must be performed on the corresponding server\&. -@@ -407,6 +428,11 @@ Group account information\&. - Secure group account information\&. - .RE - .PP -+\fI/etc/gshadow\fR -+.RS 4 -+Secure group account information\. -+.RE -+.PP - \fI/etc/default/useradd\fR - .RS 4 - Default values for account creation\&. -diff -up shadow-4.1.2/man/groupadd.8.redhat shadow-4.1.2/man/groupadd.8 ---- shadow-4.1.2/man/groupadd.8.redhat 2008-05-25 01:20:05.000000000 +0200 -+++ shadow-4.1.2/man/groupadd.8 2008-05-26 14:35:49.000000000 +0200 -@@ -14,7 +14,7 @@ - groupadd \- create a new group - .SH "SYNOPSIS" - .HP 9 --\fBgroupadd\fR [\-g\ \fIGID\fR\ [\-o]] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR -+\fBgroupadd\fR [\-g\ \fIgid\fR\ [\-o]] [\-r] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR - .SH "DESCRIPTION" - .PP - The -@@ -34,11 +34,22 @@ This option causes the command to simply - is turned off)\&. - .RE - .PP -+\fB-r\fR -+.RS 4 -+This flag instructs -+\fBgroupadd\fR -+to add a system account\. The first available -+\fIgid\fR -+lower than 500 will be automatically selected unless the -+\fB-g\fR -+option is also given on the command line\. This is an option added by Red Hat\. -+.RE -+.PP - \fB\-g\fR, \fB\-\-gid\fR \fIGID\fR - .RS 4 - The numerical value of the group\'s ID\&. This value must be unique, unless the - \fB\-o\fR --option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than 999 and greater than every other group\&. Values between 0 and 999 are typically reserved for system accounts\&. -+option is used\&. The value must be non\-negative\&. The default is to use the smallest ID value greater than 499 and greater than every other group\&. Values between 0 and 500 are typically reserved for system accounts\&. - .RE - .PP - \fB\-h\fR, \fB\-\-help\fR diff --git a/shadow-4.1.2-selinux.patch b/shadow-4.1.2-selinux.patch deleted file mode 100644 index caf43b2..0000000 --- a/shadow-4.1.2-selinux.patch +++ /dev/null @@ -1,490 +0,0 @@ -diff -up /dev/null shadow-4.1.2/libmisc/system.c ---- /dev/null 2008-07-15 12:00:55.602698860 +0200 -+++ shadow-4.1.2/libmisc/system.c 2008-07-24 10:14:24.000000000 +0200 -@@ -0,0 +1,37 @@ -+#include -+ -+#ident "$Id: shell.c,v 1.13 2006/01/18 19:38:27 kloczek Exp $" -+ -+#include -+#include -+#include -+#include "prototypes.h" -+#include "defines.h" -+ -+int safe_system(const char *command, const char *argv[], const char *env[], int ignore_stderr) -+{ -+ int status = -1; -+ int fd; -+ pid_t pid; -+ -+ pid = fork(); -+ if (pid < 0) -+ return -1; -+ -+ if (pid) { /* Parent */ -+ waitpid(pid, &status, 0); -+ return status; -+ } -+ -+ fd = open("/dev/null", O_RDWR); -+ /* Child */ -+ dup2(fd,0); // Close Stdin -+ if (ignore_stderr) -+ dup2(fd,2); // Close Stderr -+ -+ execve(command, (char *const *) argv, (char *const *) env); -+ fprintf (stderr, -+ _("Failed to exec '%s'\n"), argv[0]); -+ exit (-1); -+} -+ -diff -up shadow-4.1.2/libmisc/copydir.c.selinux shadow-4.1.2/libmisc/copydir.c ---- shadow-4.1.2/libmisc/copydir.c.selinux 2008-05-24 17:35:17.000000000 +0200 -+++ shadow-4.1.2/libmisc/copydir.c 2008-07-24 10:14:24.000000000 +0200 -@@ -85,7 +85,7 @@ static int copy_file (const char *src, c - * symlink, directory, ... - * - */ --static int selinux_file_context (const char *dst_name) -+int selinux_file_context (const char *dst_name) - { - security_context_t scontext = NULL; - -@@ -256,6 +256,12 @@ int copy_tree (const char *src_root, con - src_orig = 0; - dst_orig = 0; - } -+ -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ setfscreatecon (NULL); -+#endif -+ - return err; - } - -diff -up shadow-4.1.2/libmisc/Makefile.am.selinux shadow-4.1.2/libmisc/Makefile.am ---- shadow-4.1.2/libmisc/Makefile.am.selinux 2008-01-27 15:21:48.000000000 +0100 -+++ shadow-4.1.2/libmisc/Makefile.am 2008-07-24 10:14:24.000000000 +0200 -@@ -43,6 +43,7 @@ libmisc_a_SOURCES = \ - setugid.c \ - setupenv.c \ - shell.c \ -+ system.c \ - strtoday.c \ - sub.c \ - sulog.c \ -diff -up shadow-4.1.2/src/useradd.c.selinux shadow-4.1.2/src/useradd.c ---- shadow-4.1.2/src/useradd.c.selinux 2008-07-24 10:13:23.000000000 +0200 -+++ shadow-4.1.2/src/useradd.c 2008-07-24 10:14:24.000000000 +0200 -@@ -104,6 +104,7 @@ static const char *user_comment = ""; - static const char *user_home = ""; - static const char *user_shell = ""; - static const char *create_mail_spool = ""; -+static const char *user_selinux = ""; - - static long user_expire = -1; - static int is_shadow_pwd; -@@ -176,6 +177,7 @@ static int set_defaults (void); - static int get_groups (char *); - static void usage (void); - static void new_pwent (struct passwd *); -+static void selinux_update_mapping (void); - - static long scale_age (long); - static void new_spent (struct spwd *); -@@ -376,6 +378,7 @@ static void get_defaults (void) - def_create_mail_spool = xstrdup (cp); - } - } -+ fclose(fp); - } - - /* -@@ -668,6 +671,9 @@ static void usage (void) - " -s, --shell SHELL the login shell for the new user account\n" - " -u, --uid UID force use the UID for the new user account\n" - " -U, --user-group create a group with the same name as the user\n" -+#ifdef WITH_SELINUX -+ " -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n" -+#endif - "\n"), stderr); - exit (E_USAGE); - } -@@ -883,12 +889,19 @@ static void process_flags (int argc, cha - {"password", required_argument, NULL, 'p'}, - {"system", no_argument, NULL, 'r'}, - {"shell", required_argument, NULL, 's'}, -+#ifdef WITH_SELINUX -+ {"selinux-user", required_argument, NULL, 'Z'}, -+#endif - {"uid", required_argument, NULL, 'u'}, - {"user-group", no_argument, NULL, 'U'}, - {NULL, 0, NULL, '\0'} - }; - while ((c = -+#ifdef WITH_SELINUX -+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:UZ:", -+#else - getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:lmMnNop:rs:u:U", -+#endif - long_options, NULL)) != -1) { - switch (c) { - case 'b': -@@ -1073,6 +1086,17 @@ static void process_flags (int argc, cha - case 'U': - Uflg++; - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ if (is_selinux_enabled() > 0) -+ user_selinux = optarg; -+ else { -+ fprintf (stderr,_("%s: -Z requires SELinux enabled kernel\n"), Prog); -+ -+ exit (E_BAD_ARG); -+ } -+ break; -+#endif - default: - usage (); - } -@@ -1479,6 +1503,33 @@ static void usr_update (void) - grp_update (); - } - -+static void selinux_update_mapping () { -+ -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled() <= 0) return; -+ -+ if (*user_selinux) { /* must be done after passwd write() */ -+ const char *argv[7]; -+ argv[0] = "/usr/sbin/semanage"; -+ argv[1] = "login"; -+ argv[2] = "-a"; -+ argv[3] = "-s"; -+ argv[4] = user_selinux; -+ argv[5] = user_name; -+ argv[6] = NULL; -+ if (safe_system(argv[0], argv, NULL, 0)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "adding SELinux user mapping", user_name, user_id, 0); -+#endif -+ } -+ } -+#endif -+ -+} - /* - * create_home - create the user's home directory - * -@@ -1488,7 +1539,11 @@ static void usr_update (void) - */ - static void create_home (void) - { -+ - if (access (user_home, F_OK)) { -+#ifdef WITH_SELINUX -+ selinux_file_context (user_home); -+#endif - /* XXX - create missing parent directories. --marekm */ - if (mkdir (user_home, 0)) { - fprintf (stderr, -@@ -1510,6 +1565,10 @@ static void create_home (void) - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "adding home directory", user_name, user_id, 1); - #endif -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ setfscreatecon (NULL); -+#endif - } - } - -@@ -1763,6 +1822,8 @@ int main (int argc, char **argv) - - close_files (); - -+ selinux_update_mapping(); -+ - nscd_flush_cache ("passwd"); - nscd_flush_cache ("group"); - -diff -up shadow-4.1.2/src/usermod.c.selinux shadow-4.1.2/src/usermod.c ---- shadow-4.1.2/src/usermod.c.selinux 2008-05-24 17:35:17.000000000 +0200 -+++ shadow-4.1.2/src/usermod.c 2008-07-24 10:14:24.000000000 +0200 -@@ -94,6 +94,7 @@ static char *user_newcomment; - static char *user_home; - static char *user_newhome; - static char *user_shell; -+static const char *user_selinux = ""; - static char *user_newshell; - static long user_expire; - static long user_newexpire; -@@ -141,6 +142,7 @@ static void date_to_str (char *buf, size - static int get_groups (char *); - static void usage (void); - static void new_pwent (struct passwd *); -+static void selinux_update_mapping (void); - - static void new_spent (struct spwd *); - static void fail_exit (int); -@@ -323,6 +325,9 @@ static void usage (void) - " -s, --shell SHELL new login shell for the user account\n" - " -u, --uid UID new UID for the user account\n" - " -U, --unlock unlock the user account\n" -+#ifdef WITH_SELINUX -+ " -Z, --selinux-user new selinux user mapping for the user account\n" -+#endif - "\n"), stderr); - exit (E_USAGE); - } -@@ -849,13 +854,20 @@ static void process_flags (int argc, cha - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+#ifdef WITH_SELINUX -+ {"selinux-user", required_argument, NULL, 'Z'}, -+#endif - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, - {"unlock", no_argument, NULL, 'U'}, - {NULL, 0, NULL, '\0'} - }; - while ((c = -- getopt_long (argc, argv, "ac:d:e:f:g:G:hl:Lmop:s:u:U", -+#ifdef WITH_SELINUX -+ getopt_long (argc, argv, "ac:d:e:f:g:G:hl:Lmop:s:u:UZ:", -+#else -+ getopt_long (argc, argv, "ac:d:e:f:g:G:hl:Lmop:s:u:U", -+#endif - long_options, NULL)) != -1) { - switch (c) { - case 'a': -@@ -956,6 +968,16 @@ static void process_flags (int argc, cha - case 'U': - Uflg++; - break; -+#ifdef WITH_SELINUX -+ case 'Z': -+ if (is_selinux_enabled() > 0) -+ user_selinux = optarg; -+ else { -+ fprintf (stderr, _("%s: -Z requires SELinux enabled kernel\n"), Prog); -+ exit (E_BAD_ARG); -+ } -+ break; -+#endif - default: - usage (); - } -@@ -1534,6 +1556,8 @@ int main (int argc, char **argv) - nscd_flush_cache ("passwd"); - nscd_flush_cache ("group"); - -+ selinux_update_mapping(); -+ - if (mflg) - move_home (); - -@@ -1562,3 +1586,62 @@ int main (int argc, char **argv) - exit (E_SUCCESS); - /* NOT REACHED */ - } -+ -+static void selinux_update_mapping () { -+#ifdef WITH_SELINUX -+ const char *argv[7]; -+ -+ if (is_selinux_enabled() <= 0) return; -+ -+ if (*user_selinux) { -+ argv[0] = "/usr/sbin/semanage"; -+ argv[1] = "login"; -+ argv[2] = "-m"; -+ argv[3] = "-s"; -+ argv[4] = user_selinux; -+ argv[5] = user_name; -+ argv[6] = NULL; -+ if (safe_system(argv[0], argv, NULL, 1)) { -+ argv[2] = "-a"; -+ if (safe_system(argv[0], argv, NULL, 0)) { -+ fprintf (stderr, -+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), -+ Prog, user_name, user_selinux); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "modifying User mapping ", user_name, user_id, 0); -+#endif -+ } -+ } -+ } -+ -+ if (dflg || *user_selinux) { -+ argv[0] = "/usr/sbin/genhomedircon"; -+ argv[1] = NULL; -+ if(safe_system(argv[0], argv, NULL,0)) { -+ fprintf (stderr, -+ _("%s: warning: unable to relabel the homedir %s for %s.\n"), -+ Prog, user_home, user_name); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "relabeling home directory", user_name, user_id, 0); -+#endif -+ } -+ -+ argv[0] = "/sbin/restorecon"; -+ argv[1] = "-F"; -+ argv[2] = "-R"; -+ argv[3] = user_home; -+ argv[4] = NULL; -+ if (safe_system(argv[0], argv, NULL, 0)) { -+ fprintf (stderr, -+ _("%s: warning: unable to relabel the homedir %s for %s.\n"), -+ Prog, user_home, user_name); -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, -+ "relabeling home directory", user_name, user_id, 0); -+#endif -+ } -+ } -+#endif -+} -diff -up shadow-4.1.2/src/userdel.c.selinux shadow-4.1.2/src/userdel.c ---- shadow-4.1.2/src/userdel.c.selinux 2008-05-24 17:35:17.000000000 +0200 -+++ shadow-4.1.2/src/userdel.c 2008-07-24 10:14:24.000000000 +0200 -@@ -811,6 +811,17 @@ int main (int argc, char **argv) - #endif - } - -+#ifdef WITH_SELINUX -+ if (is_selinux_enabled() > 0) { -+ const char *argv[5]; -+ argv[0] = "/usr/sbin/semanage"; -+ argv[1] = "login"; -+ argv[2] = "-d"; -+ argv[3] = user_name; -+ argv[4] = NULL; -+ safe_system(argv[0], argv, NULL, 1); -+ } -+#endif - /* - * Cancel any crontabs or at jobs. Have to do this before we remove - * the entry from /etc/passwd. -diff -up shadow-4.1.2/man/useradd.8.selinux shadow-4.1.2/man/useradd.8 ---- shadow-4.1.2/man/useradd.8.selinux 2008-07-24 10:13:23.000000000 +0200 -+++ shadow-4.1.2/man/useradd.8 2008-07-24 10:20:27.000000000 +0200 -@@ -239,6 +239,11 @@ options are not specified) is defined by - variable in - \fIlogin\&.defs\fR\&. - .RE -+.PP -+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR -+.RS 4 -+The SELinux user for the user\'s login\. The default is to leave this field blank, which causes the system to select the default SELinux user\. -+.RE - .SS "Changing the default values" - .PP - When invoked with only the -diff -up shadow-4.1.2/man/usermod.8.xml.selinux shadow-4.1.2/man/usermod.8.xml ---- shadow-4.1.2/man/usermod.8.xml.selinux 2007-12-31 17:48:34.000000000 +0100 -+++ shadow-4.1.2/man/usermod.8.xml 2008-07-24 10:14:24.000000000 +0200 -@@ -245,6 +245,19 @@ - - - -+ -+ -+ , -+ SEUSER -+ -+ -+ -+ The SELinux user for the user's login. The default is to leave this -+ field the blank, which causes the system to select the default -+ SELinux user. -+ -+ -+ - - - -diff -up shadow-4.1.2/man/usermod.8.selinux shadow-4.1.2/man/usermod.8 ---- shadow-4.1.2/man/usermod.8.selinux 2008-05-25 01:20:28.000000000 +0200 -+++ shadow-4.1.2/man/usermod.8 2008-07-24 10:21:39.000000000 +0200 -@@ -133,6 +133,11 @@ Note: if you wish to unlock the account - value from - \fI/etc/default/useradd\fR)\&. - .RE -+.PP -+\fB\-Z\fR, \fB\-\-selinux-user\fR \fISEUSER\fR -+.RS 4 -+The SELinux user for the user\'s login\. The default is to leave this field blank, which causes the system to select the default SELinux user. -+.RE - .SH "CAVEATS" - .PP - -diff -up shadow-4.1.2/man/useradd.8.xml.selinux shadow-4.1.2/man/useradd.8.xml ---- shadow-4.1.2/man/useradd.8.xml.selinux 2008-05-20 00:18:17.000000000 +0200 -+++ shadow-4.1.2/man/useradd.8.xml 2008-07-24 10:14:24.000000000 +0200 -@@ -363,6 +363,19 @@ - - - -+ -+ -+ , -+ SEUSER -+ -+ -+ -+ The SELinux user for the user's login. The default is to leave this -+ field blank, which causes the system to select the default SELinux -+ user. -+ -+ -+ - - - -diff -up shadow-4.1.2/lib/defines.h.selinux shadow-4.1.2/lib/defines.h ---- shadow-4.1.2/lib/defines.h.selinux 2008-05-24 19:35:54.000000000 +0200 -+++ shadow-4.1.2/lib/defines.h 2008-07-24 10:14:24.000000000 +0200 -@@ -321,4 +321,7 @@ extern char *strerror (); - # define unused - #endif - -+#ifdef WITH_SELINUX -+#include -+#endif - #endif /* _DEFINES_H_ */ -diff -up shadow-4.1.2/lib/prototypes.h.selinux shadow-4.1.2/lib/prototypes.h ---- shadow-4.1.2/lib/prototypes.h.selinux 2008-04-27 02:40:13.000000000 +0200 -+++ shadow-4.1.2/lib/prototypes.h 2008-07-24 10:14:24.000000000 +0200 -@@ -83,6 +83,10 @@ extern int copy_tree (const char *src_ro - long int uid, long int gid); - extern int remove_tree (const char *root); - -+#ifdef WITH_SELINUX -+extern int selinux_file_context (const char *dst_name); -+#endif -+ - /* encrypt.c */ - extern char *pw_encrypt (const char *, const char *); - -@@ -226,6 +230,9 @@ extern struct spwd *__spw_dup (const str - /* shell.c */ - extern int shell (const char *, const char *, char *const *); - -+/* system.c */ -+extern int safe_system(const char *command, const char *argv[], const char *env[], int ignore_stderr); -+ - /* strtoday.c */ - extern long strtoday (const char *); - diff --git a/shadow-4.1.2-sysAccountDownhill.patch b/shadow-4.1.2-sysAccountDownhill.patch deleted file mode 100644 index 2071190..0000000 --- a/shadow-4.1.2-sysAccountDownhill.patch +++ /dev/null @@ -1,99 +0,0 @@ -diff -up shadow-4.1.2/libmisc/find_new_ids.c.sysAccountDownhill shadow-4.1.2/libmisc/find_new_ids.c ---- shadow-4.1.2/libmisc/find_new_ids.c.sysAccountDownhill 2008-05-26 14:52:49.000000000 +0200 -+++ shadow-4.1.2/libmisc/find_new_ids.c 2008-05-26 14:58:55.000000000 +0200 -@@ -52,6 +52,7 @@ int find_new_uid (int sys_user, uid_t *u - { - const struct passwd *pwd; - uid_t uid_min, uid_max, user_id; -+ char * index; - - assert (uid != NULL); - -@@ -62,6 +63,8 @@ int find_new_uid (int sys_user, uid_t *u - uid_min = getdef_unum ("SYS_UID_MIN", 1); - uid_max = getdef_unum ("UID_MIN", 500) - 1; - uid_max = getdef_unum ("SYS_UID_MAX", uid_max); -+ index = alloca (sizeof (char) * uid_max +1); -+ memset (index, 0, sizeof (char) * uid_max + 1); - } - - if ( (NULL != preferred_uid) -@@ -91,12 +94,28 @@ int find_new_uid (int sys_user, uid_t *u - pw_rewind (); - while ( ((pwd = getpwent ()) != NULL) - || ((pwd = pw_next ()) != NULL)) { -- if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { -- user_id = pwd->pw_uid + 1; -+ if (sys_user == 0) { -+ if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) { -+ user_id = pwd->pw_uid + 1; -+ } -+ } -+ else { -+ /* create index of occupied system accounts UIDs */ -+ if (pwd->pw_uid <= uid_max) -+ index[pwd->pw_uid] = 1; - } - } - endpwent (); - -+ /* find free system account */ -+ if(sys_user) { -+ for( user_id = uid_max; (user_id >= uid_min) && index[user_id]; user_id--); -+ if ( user_id < uid_min ) { -+ fputs (_("Can't get unique UID (no more available UIDs)\n"), stderr); -+ return -1; -+ } -+ } -+ - /* - * If a user with UID equal to UID_MAX exists, the above algorithm - * will give us UID_MAX+1 even if not unique. Search for the first -@@ -135,6 +154,7 @@ int find_new_gid (int sys_group, gid_t * - { - const struct group *grp; - gid_t gid_min, gid_max, group_id; -+ char * index; - - assert (gid != NULL); - -@@ -145,6 +165,8 @@ int find_new_gid (int sys_group, gid_t * - gid_min = getdef_unum ("SYS_GID_MIN", 1); - gid_max = getdef_unum ("GID_MIN", 500) - 1; - gid_max = getdef_unum ("SYS_GID_MAX", gid_max); -+ index = alloca (sizeof (char) * gid_max +1); -+ memset (index, 0, sizeof (char) * gid_max + 1); - } - - if ( (NULL != preferred_gid) -@@ -173,12 +195,28 @@ int find_new_gid (int sys_group, gid_t * - gr_rewind (); - while ( ((grp = getgrent ()) != NULL) - || ((grp = gr_next ()) != NULL)) { -- if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { -- group_id = grp->gr_gid + 1; -+ if (sys_group == 0) { -+ if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) { -+ group_id = grp->gr_gid + 1; -+ } -+ } -+ else { -+ /* create index of occupied system accounts GIDs */ -+ if (grp->gr_gid <= gid_max) -+ index[grp->gr_gid] = 1; - } - } - endgrent (); - -+ /* find free system account */ -+ if(sys_group) { -+ for( group_id = gid_max; (group_id >= gid_min) && index[group_id]; group_id--); -+ if ( group_id < gid_min ) { -+ fputs (_("Can't get unique GID (no more available GIDs)\n"), stderr); -+ return -1; -+ } -+ } -+ - /* - * If a group with GID equal to GID_MAX exists, the above algorithm - * will give us GID_MAX+1 even if not unique. Search for the first diff --git a/shadow-4.1.2-uid.patch b/shadow-4.1.2-uid.patch deleted file mode 100644 index 96b04e3..0000000 --- a/shadow-4.1.2-uid.patch +++ /dev/null @@ -1,532 +0,0 @@ -diff -up /dev/null shadow-4.1.2/lib/get_gid.c ---- /dev/null 2009-03-16 11:03:38.574001227 +0100 -+++ shadow-4.1.2/lib/get_gid.c 2009-03-23 18:45:59.000000000 +0100 -@@ -0,0 +1,54 @@ -+/* -+ * Copyright (c) 2009 , Nicolas François -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the copyright holders or contributors may not be used to -+ * endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include -+ -+#ident "$Id$" -+ -+#include "prototypes.h" -+#include "defines.h" -+ -+int get_gid (const char *gidstr, gid_t *gid) -+{ -+ long long int val; -+ char *endptr; -+ -+ errno = 0; -+ val = strtoll (gidstr, &endptr, 10); -+ if ( ('\0' == gidstr) -+ || ('\0' != *endptr) -+ || (ERANGE == errno) -+ || (val != (gid_t)val)) { -+ return 0; -+ } -+ -+ *gid = (gid_t)val; -+ return 1; -+} -+ -diff -up /dev/null shadow-4.1.2/lib/get_uid.c ---- /dev/null 2009-03-16 11:03:38.574001227 +0100 -+++ shadow-4.1.2/lib/get_uid.c 2009-03-23 18:45:59.000000000 +0100 -@@ -0,0 +1,55 @@ -+/* -+ * Copyright (c) 2009 , Nicolas François -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the copyright holders or contributors may not be used to -+ * endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+#include -+ -+#ident "$Id$" -+ -+#include "prototypes.h" -+#include "defines.h" -+ -+int get_uid (const char *uidstr, uid_t *uid) -+{ -+ long long int val; -+ char *endptr; -+ -+ errno = 0; -+ val = strtoll (uidstr, &endptr, 10); -+ if ( ('\0' == uidstr) -+ || ('\0' != *endptr) -+ || (ERANGE == errno) -+ || (val != (uid_t)val)) { -+ return 0; -+ } -+ -+ *uid = (uid_t)val; -+ return 1; -+} -+ -+ -diff -up shadow-4.1.2/lib/Makefile.am.uid shadow-4.1.2/lib/Makefile.am ---- shadow-4.1.2/lib/Makefile.am.uid 2008-01-06 14:57:28.000000000 +0100 -+++ shadow-4.1.2/lib/Makefile.am 2009-03-23 18:45:59.000000000 +0100 -@@ -17,6 +17,8 @@ libshadow_la_SOURCES = \ - fputsx.c \ - getdef.c \ - getdef.h \ -+ get_gid.c \ -+ get_uid.c \ - groupio.c \ - groupmem.c \ - groupio.h \ -diff -up shadow-4.1.2/lib/prototypes.h.uid shadow-4.1.2/lib/prototypes.h ---- shadow-4.1.2/lib/prototypes.h.uid 2009-03-23 18:45:59.000000000 +0100 -+++ shadow-4.1.2/lib/prototypes.h 2009-03-23 18:45:59.000000000 +0100 -@@ -110,6 +110,12 @@ extern int find_new_gid (int sys_group, - /* getlong.c */ - extern int getlong(const char *numstr, long int *result); - -+/* get_gid.c */ -+extern int get_gid (const char *gidstr, gid_t *gid); -+ -+/* get_uid.c */ -+extern int get_uid (const char *uidstr, uid_t *uid); -+ - /* fputsx.c */ - extern char *fgetsx (char *, int, FILE *); - extern int fputsx (const char *, FILE *); -diff -up shadow-4.1.2/src/groupadd.c.uid shadow-4.1.2/src/groupadd.c ---- shadow-4.1.2/src/groupadd.c.uid 2009-03-23 18:45:59.000000000 +0100 -+++ shadow-4.1.2/src/groupadd.c 2009-03-23 18:45:59.000000000 +0100 -@@ -98,7 +98,6 @@ static void check_new_name (void); - static void close_files (void); - static void open_files (void); - static void fail_exit (int code); --static gid_t get_gid (const char *gidstr); - static void process_flags (int argc, char **argv); - static void check_flags (void); - static void check_perms (void); -@@ -326,22 +325,6 @@ static void fail_exit (int code) - exit (code); - } - --/* -- * get_id - validate and get group ID -- */ --static gid_t get_gid (const char *gidstr) --{ -- long val; -- char *errptr; -- -- val = strtol (gidstr, &errptr, 10); -- if (('\0' != *errptr) || (errno == ERANGE) || (val < 0)) { -- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), -- Prog, gidstr); -- exit (E_BAD_ARG); -- } -- return val; --} - - /* - * process_flags - parse the command line options -@@ -383,7 +366,13 @@ static void process_flags (int argc, cha - break; - case 'g': - gflg++; -- group_id = get_gid (optarg); -+ if ( (get_gid (optarg, &group_id) == 0) -+ || (group_id == (gid_t)-1)) { -+ fprintf (stderr, -+ _("%s: invalid group ID '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } - break; - case 'h': - usage (); -diff -up shadow-4.1.2/src/groupmod.c.uid shadow-4.1.2/src/groupmod.c ---- shadow-4.1.2/src/groupmod.c.uid 2008-04-27 02:40:13.000000000 +0200 -+++ shadow-4.1.2/src/groupmod.c 2009-03-23 18:45:59.000000000 +0100 -@@ -100,7 +100,6 @@ static void check_new_name (void); - static void process_flags (int, char **); - static void close_files (void); - static void open_files (void); --static gid_t get_gid (const char *gidstr); - static void update_primary_groups (gid_t ogid, gid_t ngid); - - /* -@@ -361,23 +360,6 @@ static void check_new_name (void) - } - - /* -- * get_id - validate and get group ID -- */ --static gid_t get_gid (const char *gidstr) --{ -- long val; -- char *errptr; -- -- val = strtol (gidstr, &errptr, 10); -- if (*errptr || errno == ERANGE || val < 0) { -- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, -- gidstr); -- fail_exit (E_BAD_ARG); -- } -- return val; --} -- --/* - * process_flags - perform command line argument setting - * - * process_flags() interprets the command line arguments and sets the -@@ -404,7 +386,13 @@ static void process_flags (int argc, cha - switch (c) { - case 'g': - gflg++; -- group_newid = get_gid (optarg); -+ if ( (get_gid (optarg, &group_newid) == 0) -+ || (group_newid == (gid_t)-1)) { -+ fprintf (stderr, -+ _("%s: invalid group ID '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } - #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, - Prog, "modifying group", -diff -up shadow-4.1.2/src/newusers.c.uid shadow-4.1.2/src/newusers.c ---- shadow-4.1.2/src/newusers.c.uid 2008-04-27 02:40:13.000000000 +0200 -+++ shadow-4.1.2/src/newusers.c 2009-03-23 18:45:59.000000000 +0100 -@@ -90,7 +90,7 @@ static pam_handle_t *pamh = NULL; - static void usage (void); - static void fail_exit (int); - static int add_group (const char *, const char *, gid_t *, gid_t); --static int get_uid (const char *, uid_t *); -+static int get_user_id (const char *, uid_t *); - static int add_user (const char *, uid_t, gid_t); - static void update_passwd (struct passwd *, const char *); - static int add_passwd (struct passwd *, const char *); -@@ -178,22 +178,26 @@ static int add_group (const char *name, - * The GID is a number, which means either this is a brand - * new group, or an existing group. - */ -- char *endptr; -- long int i = strtoul (gid, &endptr, 10); -- if ((*endptr != '\0') && (errno != ERANGE)) { -+ if (get_gid (gid, &grent.gr_gid) == 0) { - fprintf (stderr, -- _("%s: group ID `%s' is not valid\n"), -+ _("%s: invalid group ID '%s'\n"), - Prog, gid); - return -1; - } -- if ( (getgrgid (i) != NULL) -- || (gr_locate_gid (i) != NULL)) { -+ if ( (getgrgid ((gid_t) grent.gr_gid) != NULL) -+ || (gr_locate_gid ((gid_t) grent.gr_gid) != NULL)) { - /* The user will use this ID for her - * primary group */ -- *ngid = i; -+ *ngid = (gid_t) grent.gr_gid; - return 0; - } -- grent.gr_gid = i; -+ /* Do not create groups with GID == (gid_t)-1 */ -+ if (grent.gr_gid == (gid_t)-1) { -+ fprintf (stderr, -+ _("%s: invalid group ID '%s'\n"), -+ Prog, gid); -+ return -1; -+ } - } else { - /* The gid parameter can be "" or a name which is not - * already the name of an existing group. -@@ -267,7 +271,7 @@ static int add_group (const char *name, - return 0; - } - --static int get_uid (const char *uid, uid_t *nuid) { -+static int get_user_id (const char *uid, uid_t *nuid) { - const struct passwd *pwd = NULL; - - /* -@@ -275,15 +279,11 @@ static int get_uid (const char *uid, uid - * caller provided, or the next available UID. - */ - if (isdigit (uid[0])) { -- char *endptr; -- long int i = strtoul (uid, &endptr, 10); -- if ((*endptr != '\0') && (errno != ERANGE)) { -- fprintf (stderr, -- _("%s: user ID `%s' is not valid\n"), -+ if ((get_uid (uid, nuid) == 0) || (*nuid == (uid_t)-1)) { -+ fprintf (stderr, _("%s: invalid user ID '%s'\n"), - Prog, uid); - return -1; - } -- *nuid = i; - } else { - if ('\0' != uid[0]) { - /* local, no need for xgetpwnam */ -@@ -740,7 +740,7 @@ int main (int argc, char **argv) - } - - if ( (NULL == pw) -- && (get_uid (fields[2], &uid) != 0)) { -+ && (get_user_id (fields[2], &uid) != 0)) { - fprintf (stderr, - _("%s: line %d: can't create user\n"), - Prog, line); -diff -up shadow-4.1.2/src/useradd.c.uid shadow-4.1.2/src/useradd.c ---- shadow-4.1.2/src/useradd.c.uid 2009-03-23 18:45:59.000000000 +0100 -+++ shadow-4.1.2/src/useradd.c 2009-03-23 18:45:59.000000000 +0100 -@@ -170,7 +170,6 @@ static int home_added; - static void fail_exit (int); - static struct group *getgr_nam_gid (const char *); - static long get_number (const char *); --static uid_t get_uid (const char *); - static void get_defaults (void); - static void show_defaults (void); - static int set_defaults (void); -@@ -225,39 +224,30 @@ static void fail_exit (int code) - - static struct group *getgr_nam_gid (const char *grname) - { -- long gid; -- char *errptr; -- -- gid = strtol (grname, &errptr, 10); -- if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && gid >= 0) -+ long long int gid; -+ char *endptr; -+ -+ errno = 0; -+ gid = strtoll (grname, &endptr, 10); -+ if ( ('\0' != *grname) -+ && ('\0' == *endptr) -+ && (ERANGE != errno) -+ && (gid == (gid_t)gid)) { - return xgetgrgid (gid); -+ } - return xgetgrnam (grname); - } - - static long get_number (const char *numstr) - { - long val; -- char *errptr; -+ char *endptr; - -- val = strtol (numstr, &errptr, 10); -- if (*errptr || errno == ERANGE) { -- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, -- numstr); -- exit (E_BAD_ARG); -- } -- return val; --} -- --static uid_t get_uid (const char *uidstr) --{ -- long val; -- char *errptr; -- -- val = strtol (uidstr, &errptr, 10); -- if (*errptr || errno == ERANGE || val < 0) { -- fprintf (stderr, -- _("%s: invalid numeric argument '%s'\n"), Prog, -- uidstr); -+ errno = 0; -+ val = strtol (numstr, &endptr, 10); -+ if (('\0' == *numstr) || ('\0' != *endptr) || (ERANGE == errno)) { -+ fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), -+ Prog, numstr); - exit (E_BAD_ARG); - } - return val; -@@ -302,26 +292,13 @@ static void get_defaults (void) - * Primary GROUP identifier - */ - if (MATCH (buf, DGROUP)) { -- unsigned int val = (unsigned int) strtoul (cp, &ep, 10); -- const struct group *grp; -- -- if (*cp != '\0' && *ep == '\0') { /* valid number */ -- def_group = val; -- /* local, no need for xgetgrgid */ -- if ((grp = getgrgid (def_group))) { -- def_gname = xstrdup (grp->gr_name); -- } else { -- fprintf (stderr, -- _("%s: unknown GID %s\n"), -- Prog, cp); -- } -- /* local, no need for xgetgrnam */ -- } else if ((grp = getgrnam (cp))) { -- def_group = grp->gr_gid; -- def_gname = xstrdup (cp); -+ const struct group *grp = getgr_nam_gid (cp); -+ if (NULL == grp) { -+ fprintf (stderr, _("%s: unknown GID %s\n"), -+ Prog, cp); - } else { -- fprintf (stderr, -- _("%s: unknown group %s\n"), Prog, cp); -+ def_group = grp->gr_gid; -+ def_gname = xstrdup (grp->gr_name); - } - } - -@@ -343,12 +320,17 @@ static void get_defaults (void) - * Default Password Inactive value - */ - else if (MATCH (buf, INACT)) { -+ errno = 0; - long val = strtol (cp, &ep, 10); - -- if (*cp || errno == ERANGE) -+ if ( ('\0' != *cp) -+ && ('\0' == *ep) -+ && (ERANGE != errno) -+ && (val >= 0)) { - def_inactive = val; -- else -+ } else { - def_inactive = -1; -+ } - } - - /* -@@ -1080,7 +1062,13 @@ static void process_flags (int argc, cha - sflg++; - break; - case 'u': -- user_id = get_uid (optarg); -+ if ( (get_uid (optarg, &user_id) == 0) -+ || (user_id == (gid_t)-1)) { -+ fprintf (stderr, -+ _("%s: invalid user ID '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } - uflg++; - break; - case 'U': -diff -up shadow-4.1.2/src/usermod.c.uid shadow-4.1.2/src/usermod.c ---- shadow-4.1.2/src/usermod.c.uid 2009-03-23 18:45:59.000000000 +0100 -+++ shadow-4.1.2/src/usermod.c 2009-03-23 18:48:36.000000000 +0100 -@@ -155,7 +155,6 @@ static void update_gshadow (void); - static void grp_update (void); - - static long get_number (const char *); --static uid_t get_id (const char *); - static void process_flags (int, char **); - static void close_files (void); - static void open_files (void); -@@ -193,12 +192,17 @@ static void date_to_str (char *buf, size - */ - static struct group *getgr_nam_gid (const char *grname) - { -- long val; -- char *errptr; -- -- val = strtol (grname, &errptr, 10); -- if (*grname != '\0' && *errptr == '\0' && errno != ERANGE && val >= 0) -+ long long int val; -+ char *endptr; -+ -+ errno = 0; -+ val = strtoll (grname, &endptr, 10); -+ if ( ('\0' != *grname) -+ && ('\0' == *endptr) -+ && (ERANGE != errno) -+ && (val == (gid_t)val)) { - return xgetgrgid (val); -+ } - return xgetgrnam (grname); - } - -@@ -752,20 +756,6 @@ static long get_number (const char *nums - return val; - } - --static uid_t get_id (const char *uidstr) --{ -- long val; -- char *errptr; -- -- val = strtol (uidstr, &errptr, 10); -- if (*errptr || errno == ERANGE || val < 0) { -- fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, -- uidstr); -- exit (E_BAD_ARG); -- } -- return val; --} -- - /* - * process_flags - perform command line argument setting - * -@@ -963,7 +953,13 @@ static void process_flags (int argc, cha - sflg++; - break; - case 'u': -- user_newid = get_id (optarg); -+ if ( (get_uid (optarg, &user_newid) ==0) -+ || (user_newid == (uid_t)-1)) { -+ fprintf (stderr, -+ _("%s: invalid user ID '%s'\n"), -+ Prog, optarg); -+ exit (E_BAD_ARG); -+ } - uflg++; - break; - case 'U': diff --git a/shadow-4.1.3-goodname.patch b/shadow-4.1.3-goodname.patch new file mode 100644 index 0000000..43b933f --- /dev/null +++ b/shadow-4.1.3-goodname.patch @@ -0,0 +1,68 @@ +diff -up shadow-4.1.3/libmisc/chkname.c.goodname shadow-4.1.3/libmisc/chkname.c +--- shadow-4.1.3/libmisc/chkname.c.goodname 2008-12-23 23:42:21.000000000 +0100 ++++ shadow-4.1.3/libmisc/chkname.c 2009-04-14 11:46:21.000000000 +0200 +@@ -54,20 +54,28 @@ + static bool is_valid_name (const char *name) + { + /* +- * User/group names must match [a-z_][a-z0-9_-]*[$] +- */ +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { ++ * User/group names must match gnu e-regex: ++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? ++ * ++ * as a non-POSIX, extension, allow "$" as the last char for ++ * sake of Samba 3.x "add machine script" ++ */ ++ if ( ('\0' == *name) || ++ !((*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') ++ )) { + return false; + } + + while ('\0' != *++name) { +- if (!(( ('a' <= *name) && ('z' >= *name) ) || +- ( ('0' <= *name) && ('9' >= *name) ) || +- ('_' == *name) || +- ('-' == *name) || +- ( ('$' == *name) && ('\0' == *(name + 1)) ) +- )) { ++ if (!( (*name >= 'a' && *name <= 'z') || ++ (*name >= 'A' && *name <= 'Z') || ++ (*name >= '0' && *name <= '9') || ++ (*name == '_') || (*name == '.') || (*name == '-') || ++ (*name == '$' && *(name + 1) == '\0') ++ )) { + return false; + } + } +diff -up shadow-4.1.3/man/groupadd.8.goodname shadow-4.1.3/man/groupadd.8 +--- shadow-4.1.3/man/groupadd.8.goodname 2009-04-12 04:46:15.000000000 +0200 ++++ shadow-4.1.3/man/groupadd.8 2009-04-14 11:45:13.000000000 +0200 +@@ -139,9 +139,7 @@ Shadow password suite configuration\&. + .RE + .SH "CAVEATS" + .PP +-Groupnames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP +-Groupnames may only be up to 16 characters long\&. ++Groupnames may only be up to 32 characters long\&. + .PP + You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&. + .PP +diff -up shadow-4.1.3/man/useradd.8.goodname shadow-4.1.3/man/useradd.8 +--- shadow-4.1.3/man/useradd.8.goodname 2009-04-12 04:46:35.000000000 +0200 ++++ shadow-4.1.3/man/useradd.8 2009-04-14 11:45:13.000000000 +0200 +@@ -385,8 +385,6 @@ Similarly, if the username already exist + \fBuseradd\fR + will deny the user account creation request\&. + .PP +-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]? +-.PP + Usernames may only be up to 32 characters long\&. + .SH "CONFIGURATION" + .PP diff --git a/shadow-4.1.3-redhat.patch b/shadow-4.1.3-redhat.patch new file mode 100644 index 0000000..2b0ce43 --- /dev/null +++ b/shadow-4.1.3-redhat.patch @@ -0,0 +1,55 @@ +diff -up shadow-4.1.3-rc1/libmisc/find_new_gid.c.redhat shadow-4.1.3-rc1/libmisc/find_new_gid.c +--- shadow-4.1.3-rc1/libmisc/find_new_gid.c.redhat 2009-04-06 15:46:43.000000000 +0200 ++++ shadow-4.1.3-rc1/libmisc/find_new_gid.c 2009-04-06 15:48:29.000000000 +0200 +@@ -56,11 +56,11 @@ int find_new_gid (bool sys_group, gid_t + assert (gid != NULL); + + if (!sys_group) { +- gid_min = getdef_ulong ("GID_MIN", 1000L); ++ gid_min = getdef_ulong ("GID_MIN", 500L); + gid_max = getdef_ulong ("GID_MAX", 60000L); + } else { + gid_min = getdef_ulong ("SYS_GID_MIN", 1L); +- gid_max = getdef_ulong ("GID_MIN", 1000L) - 1; ++ gid_max = getdef_ulong ("GID_MIN", 500L) - 1; + gid_max = getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max); + } + used_gids = alloca (sizeof (char) * gid_max +1); +diff -up shadow-4.1.3-rc1/libmisc/find_new_uid.c.redhat shadow-4.1.3-rc1/libmisc/find_new_uid.c +--- shadow-4.1.3-rc1/libmisc/find_new_uid.c.redhat 2009-04-06 15:46:49.000000000 +0200 ++++ shadow-4.1.3-rc1/libmisc/find_new_uid.c 2009-04-06 15:48:46.000000000 +0200 +@@ -56,11 +56,11 @@ int find_new_uid (bool sys_user, uid_t * + assert (uid != NULL); + + if (!sys_user) { +- uid_min = getdef_ulong ("UID_MIN", 1000L); ++ uid_min = getdef_ulong ("UID_MIN", 500L); + uid_max = getdef_ulong ("UID_MAX", 60000L); + } else { + uid_min = getdef_ulong ("SYS_UID_MIN", 1L); +- uid_max = getdef_ulong ("UID_MIN", 1000L) - 1; ++ uid_max = getdef_ulong ("UID_MIN", 500L) - 1; + uid_max = getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max); + } + used_uids = alloca (sizeof (char) * uid_max +1); +diff -up shadow-4.1.3-rc1/src/useradd.c.redhat shadow-4.1.3-rc1/src/useradd.c +--- shadow-4.1.3-rc1/src/useradd.c.redhat 2009-04-06 15:49:02.000000000 +0200 ++++ shadow-4.1.3-rc1/src/useradd.c 2009-04-06 15:55:22.000000000 +0200 +@@ -89,7 +89,7 @@ char *Prog; + static gid_t def_group = 100; + static const char *def_gname = "other"; + static const char *def_home = "/home"; +-static const char *def_shell = ""; ++static const char *def_shell = "/sbin/nologin"; + static const char *def_template = SKEL_DIR; + static const char *def_create_mail_spool = "no"; + +@@ -101,7 +101,7 @@ static char def_file[] = USER_DEFAULTS_F + #define VALID(s) (strcspn (s, ":\n") == strlen (s)) + + static const char *user_name = ""; +-static const char *user_pass = "!"; ++static const char *user_pass = "!!"; + static uid_t user_id; + static gid_t user_gid; + static const char *user_comment = ""; diff --git a/shadow-utils.spec b/shadow-utils.spec index cc3fa54..186c57c 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,36 +1,22 @@ -%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} -%define WITH_SELINUX 1 -%endif - Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.1.2 -Release: 13%{?dist} +Version: 4.1.3 +Release: 1%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-%{version}.tar.bz2 Source1: shadow-4.0.17-login.defs Source2: shadow-4.0.18.1-useradd - -Patch0: shadow-4.1.2-redhat.patch -Patch1: shadow-4.1.2-goodname.patch -Patch2: shadow-4.1.2-selinux.patch -Patch3: shadow-4.1.2-sysAccountDownhill.patch -Patch4: shadow-4.1.2-gmSEGV.patch -Patch5: shadow-4.1.2-audit.patch -Patch6: shadow-4.1.1-selinuxUserMappings.patch -Patch7: shadow-4.1.2-checkName.patch -Patch8: shadow-4.1.2-gmNoGroup.patch -Patch9: shadow-4.1.2-uid.patch - +Patch0: shadow-4.1.3-redhat.patch +Patch1: shadow-4.1.3-goodname.patch License: BSD and GPLv2+ Group: System Environment/Base -BuildRequires: autoconf, automake, libtool, gettext-devel BuildRequires: libselinux-devel >= 1.25.2-1 BuildRequires: audit-libs-devel >= 1.6.5 +#BuildRequires: autoconf, automake, libtool, gettext-devel Requires: libselinux >= 1.25.2-1 Requires: audit-libs >= 1.6.5 -Requires: setup policycoreutils +Requires: setup Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) %description @@ -49,34 +35,23 @@ are used for managing group accounts. %setup -q -n shadow-%{version} %patch0 -p1 -b .redhat %patch1 -p1 -b .goodname -%patch2 -p1 -b .selinux -%patch3 -p1 -b .sysAccountDownhill -%patch4 -p1 -b .gmSEGV -%patch5 -p1 -b .audit -%patch6 -p1 -b .selinuxUserMappings -%patch7 -p1 -b .checkName -%patch8 -p1 -b .gmNoGroup -%patch9 -p1 -b .uid iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO -rm po/*.gmo -rm po/stamp-po - -aclocal -libtoolize --force -automake -a -autoconf +#rm po/*.gmo +#rm po/stamp-po +#aclocal +#libtoolize --force +#automake -a +#autoconf %build %configure \ --enable-shadowgrp \ --with-audit \ --with-sha-crypt \ -%if %{WITH_SELINUX} --with-selinux \ -%endif --without-libcrack \ --without-libpam \ --disable-shared @@ -199,11 +174,11 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/vigr.8* %changelog -* Tue Mar 24 2009 Peter Vrabec 2:4.1.2-13 -- do not allow UID/GID = 4294967295 (#484040,#133664) +* Tue Apr 14 2009 Peter Vrabec 2:4.1.3-1 +- upgrade -* Wed Feb 25 2009 Fedora Release Engineering - 2:4.1.2-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild +* Tue Mar 24 2009 Peter Vrabec 2:4.1.2-12 +- don not allow UID/GID = 4294967295 (#484040) * Mon Jan 19 2009 Peter Vrabec 2:4.1.2-11 - fix license tag (#226416) diff --git a/sources b/sources index 0c72fb3..beeb25f 100644 --- a/sources +++ b/sources @@ -1,4 +1,3 @@ e91727c55dbafc9915250e31535f13bb shadow-4.0.17-login.defs ebdf46b79f9b414353c9ae8aba4d55cc shadow-4.0.18.1-useradd -b1aa30abb3cce16a37b53e45e1ec70a4 shadow-4.1.1.tar.bz2 -ce90cbe9cba7f6673cb10cad49083c1c shadow-4.1.2.tar.bz2 +d222bd50f64d52a32882c82ab1e85f28 shadow-4.1.3.tar.bz2