diff --git a/.gitignore b/.gitignore index 422ed12..f5831ce 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,5 @@ shadow-4.1.4.2.tar.bz2 /shadow-4.13.tar.xz.asc /shadow-4.14.0.tar.xz /shadow-4.14.0.tar.xz.asc +/shadow-4.15.0.tar.xz +/shadow-4.15.0.tar.xz.asc diff --git a/shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch b/shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch deleted file mode 100644 index 97b709a..0000000 --- a/shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 48aa12af31c0b72872b411857d03a518a4200a3d Mon Sep 17 00:00:00 2001 -From: Johannes Segitz -Date: Tue, 26 Sep 2023 15:14:14 +0200 -Subject: [PATCH] useradd: Set proper SELinux labels for def_usrtemplate - -Fixes: 74c17c716 ("Add support for skeleton files from /usr/etc/skel") - -Signed-off-by: Johannes Segitz ---- - src/useradd.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 76a4d649..fe62a051 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -2788,7 +2788,7 @@ int main (int argc, char **argv) - if (home_added) { - copy_tree (def_template, prefix_user_home, false, true, - (uid_t)-1, user_id, (gid_t)-1, user_gid); -- copy_tree (def_usrtemplate, prefix_user_home, false, false, -+ copy_tree (def_usrtemplate, prefix_user_home, false, true, - (uid_t)-1, user_id, (gid_t)-1, user_gid); - } else { - fprintf (stderr, --- -2.41.0 - diff --git a/shadow-4.14.0-account-tools-setuid.patch b/shadow-4.15.0-account-tools-setuid.patch similarity index 81% rename from shadow-4.14.0-account-tools-setuid.patch rename to shadow-4.15.0-account-tools-setuid.patch index 17d8918..d162487 100644 --- a/shadow-4.14.0-account-tools-setuid.patch +++ b/shadow-4.15.0-account-tools-setuid.patch @@ -1,7 +1,6 @@ -diff --git a/src/chpasswd.c b/src/chpasswd.c -index 3a4bd4fe..246e4176 100644 ---- a/src/chpasswd.c -+++ b/src/chpasswd.c +diff -up shadow-4.15.0/src/chpasswd.c.account-tools-setuid shadow-4.15.0/src/chpasswd.c +--- shadow-4.15.0/src/chpasswd.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/chpasswd.c 2024-03-11 11:21:57.561150382 +0100 @@ -443,9 +443,11 @@ int main (int argc, char **argv) char *cp; const char *salt; @@ -14,7 +13,7 @@ index 3a4bd4fe..246e4176 100644 int errors = 0; int line = 0; -@@ -470,19 +472,23 @@ int main (int argc, char **argv) +@@ -469,19 +471,23 @@ int main (int argc, char **argv) process_root_flag ("-R", argc, argv); prefix = process_prefix_flag ("-P", argc, argv); @@ -26,7 +25,7 @@ index 3a4bd4fe..246e4176 100644 #endif /* USE_PAM */ +#endif /* ACCT_TOOLS_SETUID */ - OPENLOG ("chpasswd"); + OPENLOG (Prog); check_perms (); @@ -38,15 +37,15 @@ index 3a4bd4fe..246e4176 100644 { is_shadow_pwd = spw_file_present (); -@@ -544,6 +550,7 @@ int main (int argc, char **argv) +@@ -543,6 +549,7 @@ int main (int argc, char **argv) } newpwd = cp; +#ifdef ACCT_TOOLS_SETUID #ifdef USE_PAM if (use_pam) { - if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) { -@@ -554,6 +561,7 @@ int main (int argc, char **argv) + if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) { +@@ -553,6 +560,7 @@ int main (int argc, char **argv) } } else #endif /* USE_PAM */ @@ -54,7 +53,7 @@ index 3a4bd4fe..246e4176 100644 { const struct spwd *sp; struct spwd newsp; -@@ -673,9 +681,11 @@ int main (int argc, char **argv) +@@ -672,9 +680,11 @@ int main (int argc, char **argv) * password database. */ if (0 != errors) { @@ -66,7 +65,7 @@ index 3a4bd4fe..246e4176 100644 { fprintf (stderr, _("%s: error detected, changes ignored\n"), -@@ -684,9 +694,11 @@ int main (int argc, char **argv) +@@ -683,9 +693,11 @@ int main (int argc, char **argv) fail_exit (1); } @@ -78,10 +77,9 @@ index 3a4bd4fe..246e4176 100644 { /* Save the changes */ close_files (); -diff --git a/src/groupmems.c b/src/groupmems.c -index 63a1601c..73f7310e 100644 ---- a/src/groupmems.c -+++ b/src/groupmems.c +diff -up shadow-4.15.0/src/groupmems.c.account-tools-setuid shadow-4.15.0/src/groupmems.c +--- shadow-4.15.0/src/groupmems.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/groupmems.c 2024-03-11 11:16:18.365408572 +0100 @@ -14,9 +14,11 @@ #include #include @@ -94,7 +92,7 @@ index 63a1601c..73f7310e 100644 #include #include "alloc.h" -@@ -430,6 +432,7 @@ static void process_flags (int argc, char **argv) +@@ -430,6 +432,7 @@ static void process_flags (int argc, cha static void check_perms (void) { if (!list) { @@ -112,12 +110,11 @@ index 63a1601c..73f7310e 100644 } } -diff --git a/src/newusers.c b/src/newusers.c -index 09e14a48..96b60de2 100644 ---- a/src/newusers.c -+++ b/src/newusers.c +diff -up shadow-4.15.0/src/newusers.c.account-tools-setuid shadow-4.15.0/src/newusers.c +--- shadow-4.15.0/src/newusers.c.account-tools-setuid 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/newusers.c 2024-03-11 11:20:07.198909046 +0100 @@ -59,6 +59,7 @@ - const char *Prog; + static const char Prog[] = "newusers"; static bool rflg = false; /* create a system account */ +#ifndef ACCT_TOOLS_SETUID @@ -172,7 +169,7 @@ index 09e14a48..96b60de2 100644 (void) fputs ("\n", usageout); exit (status); -@@ -405,6 +413,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid) +@@ -405,6 +413,7 @@ static int add_user (const char *name, u return (pw_update (&pwent) == 0) ? -1 : 0; } @@ -180,7 +177,7 @@ index 09e14a48..96b60de2 100644 #ifndef USE_PAM /* * update_passwd - update the password in the passwd entry -@@ -457,6 +466,7 @@ static int update_passwd (struct passwd *pwd, const char *password) +@@ -457,6 +466,7 @@ static int update_passwd (struct passwd return 0; } #endif /* !USE_PAM */ @@ -188,7 +185,7 @@ index 09e14a48..96b60de2 100644 /* * add_passwd - add or update the encrypted password -@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pwd, const char *password) +@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pw { const struct spwd *sp; struct spwd spent; @@ -202,7 +199,7 @@ index 09e14a48..96b60de2 100644 #ifndef USE_PAM void *crypt_arg = NULL; if (NULL != crypt_method) { -@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pwd, const char *password) +@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pw return update_passwd (pwd, password); } #endif /* USE_PAM */ @@ -218,7 +215,7 @@ index 09e14a48..96b60de2 100644 if (NULL != sp) { spent = *sp; if ( (NULL != crypt_method) -@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pwd, const char *password) +@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pw if (strcmp (pwd->pw_passwd, "x") != 0) { return update_passwd (pwd, password); } @@ -227,7 +224,7 @@ index 09e14a48..96b60de2 100644 /* * If there is already a shadow entry, do not touch it. * If there is already a passwd entry with a password, do not -@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pwd, const char *password) +@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pw || (strcmp (pwd->pw_passwd, "x") != 0)) { return 0; } @@ -244,7 +241,7 @@ index 09e14a48..96b60de2 100644 if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) { spent.sp_pwdp = (char *)password; } else { -@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pwd, const char *password) +@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pw static void process_flags (int argc, char **argv) { int c; @@ -288,7 +285,7 @@ index 09e14a48..96b60de2 100644 "bhr", #endif long_options, NULL)) != -1) { -@@ -646,11 +666,13 @@ static void process_flags (int argc, char **argv) +@@ -646,11 +666,13 @@ static void process_flags (int argc, cha case 'b': allow_bad_names = true; break; @@ -302,7 +299,7 @@ index 09e14a48..96b60de2 100644 case 'h': usage (EXIT_SUCCESS); break; -@@ -659,6 +681,7 @@ static void process_flags (int argc, char **argv) +@@ -659,6 +681,7 @@ static void process_flags (int argc, cha break; case 'R': /* no-op, handled in process_root_flag () */ break; @@ -310,7 +307,7 @@ index 09e14a48..96b60de2 100644 #ifndef USE_PAM #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) case 's': -@@ -698,6 +721,7 @@ static void process_flags (int argc, char **argv) +@@ -698,6 +721,7 @@ static void process_flags (int argc, cha break; #endif /* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */ #endif /* !USE_PAM */ @@ -318,7 +315,7 @@ index 09e14a48..96b60de2 100644 default: usage (EXIT_FAILURE); break; -@@ -730,6 +754,7 @@ static void process_flags (int argc, char **argv) +@@ -730,6 +754,7 @@ static void process_flags (int argc, cha */ static void check_flags (void) { @@ -347,9 +344,9 @@ index 09e14a48..96b60de2 100644 #endif /* USE_PAM */ +#endif /* ACCT_TOOLS_SETUID */ - Prog = Basename (argv[0]); log_set_progname(Prog); -@@ -1196,6 +1224,7 @@ int main (int argc, char **argv) + log_set_logfd(stderr); +@@ -1195,6 +1223,7 @@ int main (int argc, char **argv) } newpw = *pw; @@ -357,7 +354,7 @@ index 09e14a48..96b60de2 100644 #ifdef USE_PAM /* keep the list of user/password for later update by PAM */ nusers++; -@@ -1212,6 +1241,7 @@ int main (int argc, char **argv) +@@ -1211,6 +1240,7 @@ int main (int argc, char **argv) usernames[nusers-1] = strdup (fields[0]); passwords[nusers-1] = strdup (fields[1]); #endif /* USE_PAM */ @@ -365,7 +362,7 @@ index 09e14a48..96b60de2 100644 if (add_passwd (&newpw, fields[1]) != 0) { fprintf (stderr, _("%s: line %d: can't update password\n"), -@@ -1328,6 +1358,7 @@ int main (int argc, char **argv) +@@ -1327,6 +1357,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); @@ -373,7 +370,7 @@ index 09e14a48..96b60de2 100644 #ifdef USE_PAM unsigned int i; /* Now update the passwords using PAM */ -@@ -1340,6 +1371,7 @@ int main (int argc, char **argv) +@@ -1339,6 +1370,7 @@ int main (int argc, char **argv) } } #endif /* USE_PAM */ diff --git a/shadow-4.14.0-audit-update.patch b/shadow-4.15.0-audit-update.patch similarity index 80% rename from shadow-4.14.0-audit-update.patch rename to shadow-4.15.0-audit-update.patch index 0ff7dae..a625c5c 100644 --- a/shadow-4.14.0-audit-update.patch +++ b/shadow-4.15.0-audit-update.patch @@ -1,7 +1,7 @@ -diff -up shadow-4.14.0/libmisc/audit_help.c.audit-update shadow-4.14.0/libmisc/audit_help.c ---- shadow-4.14.0/libmisc/audit_help.c.audit-update 2023-05-26 04:56:11.000000000 +0200 -+++ shadow-4.14.0/libmisc/audit_help.c 2023-08-04 09:30:25.206963536 +0200 -@@ -46,7 +46,7 @@ void audit_help_open (void) +diff -up shadow-4.15.0/lib/audit_help.c.audit-update shadow-4.15.0/lib/audit_help.c +--- shadow-4.15.0/lib/audit_help.c.audit-update 2024-03-01 02:50:52.000000000 +0100 ++++ shadow-4.15.0/lib/audit_help.c 2024-03-11 10:56:20.233991612 +0100 +@@ -48,7 +48,7 @@ void audit_help_open (void) * This function will log a message to the audit system using a predefined * message format. Parameter usage is as follows: * @@ -10,7 +10,7 @@ diff -up shadow-4.14.0/libmisc/audit_help.c.audit-update shadow-4.14.0/libmisc/a * attributes. * pgname - program's name * op - operation. "adding user", "changing finger info", "deleting group" -@@ -66,6 +66,39 @@ void audit_logger (int type, unused cons +@@ -68,6 +68,39 @@ void audit_logger (int type, MAYBE_UNUSE } } @@ -27,7 +27,7 @@ diff -up shadow-4.14.0/libmisc/audit_help.c.audit-update shadow-4.14.0/libmisc/a + * only when user is NULL. + * grp - group name associated with event + */ -+void audit_logger_with_group (int type, unused const char *pgname, ++void audit_logger_with_group (int type, MAYBE_UNUSED const char *pgname, + const char *op, const char *name, unsigned int id, + const char *grp, shadow_audit_result result) +{ @@ -50,10 +50,10 @@ diff -up shadow-4.14.0/libmisc/audit_help.c.audit-update shadow-4.14.0/libmisc/a void audit_logger_message (const char *message, shadow_audit_result result) { if (audit_fd < 0) { -diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmisc/cleanup_group.c ---- shadow-4.14.0/libmisc/cleanup_group.c.audit-update 2023-05-26 04:56:11.000000000 +0200 -+++ shadow-4.14.0/libmisc/cleanup_group.c 2023-08-04 09:30:25.207963539 +0200 -@@ -61,7 +61,7 @@ void cleanup_report_mod_group (void *cle +diff -up shadow-4.15.0/lib/cleanup_group.c.audit-update shadow-4.15.0/lib/cleanup_group.c +--- shadow-4.15.0/lib/cleanup_group.c.audit-update 2024-03-01 02:50:52.000000000 +0100 ++++ shadow-4.15.0/lib/cleanup_group.c 2024-03-11 10:56:20.233991612 +0100 +@@ -62,7 +62,7 @@ void cleanup_report_mod_group (void *cle gr_dbname (), info->action)); #ifdef WITH_AUDIT @@ -62,7 +62,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -79,7 +79,7 @@ void cleanup_report_mod_gshadow (void *c +@@ -80,7 +80,7 @@ void cleanup_report_mod_gshadow (void *c sgr_dbname (), info->action)); #ifdef WITH_AUDIT @@ -71,7 +71,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -100,7 +100,7 @@ void cleanup_report_add_group_group (voi +@@ -101,7 +101,7 @@ void cleanup_report_add_group_group (voi SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, log_get_progname(), @@ -80,7 +80,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -119,8 +119,8 @@ void cleanup_report_add_group_gshadow (v +@@ -120,8 +120,8 @@ void cleanup_report_add_group_gshadow (v SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ())); #ifdef WITH_AUDIT @@ -91,7 +91,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -142,8 +142,8 @@ void cleanup_report_del_group_group (voi +@@ -143,8 +143,8 @@ void cleanup_report_del_group_group (voi "failed to remove group %s from %s", name, gr_dbname ())); #ifdef WITH_AUDIT @@ -102,7 +102,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -165,8 +165,8 @@ void cleanup_report_del_group_gshadow (v +@@ -166,8 +166,8 @@ void cleanup_report_del_group_gshadow (v "failed to remove group %s from %s", name, sgr_dbname ())); #ifdef WITH_AUDIT @@ -113,7 +113,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -186,7 +186,7 @@ void cleanup_unlock_group (unused void * +@@ -187,7 +187,7 @@ void cleanup_unlock_group (MAYBE_UNUSED log_get_progname(), gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); #ifdef WITH_AUDIT @@ -122,7 +122,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis SHADOW_AUDIT_FAILURE); #endif } -@@ -206,7 +206,7 @@ void cleanup_unlock_gshadow (unused void +@@ -207,7 +207,7 @@ void cleanup_unlock_gshadow (MAYBE_UNUSE log_get_progname(), sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); #ifdef WITH_AUDIT @@ -131,10 +131,10 @@ diff -up shadow-4.14.0/libmisc/cleanup_group.c.audit-update shadow-4.14.0/libmis SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc/cleanup_user.c ---- shadow-4.14.0/libmisc/cleanup_user.c.audit-update 2023-05-26 04:56:11.000000000 +0200 -+++ shadow-4.14.0/libmisc/cleanup_user.c 2023-08-04 09:30:25.207963539 +0200 -@@ -43,7 +43,7 @@ void cleanup_report_mod_passwd (void *cl +diff -up shadow-4.15.0/lib/cleanup_user.c.audit-update shadow-4.15.0/lib/cleanup_user.c +--- shadow-4.15.0/lib/cleanup_user.c.audit-update 2024-03-01 02:50:52.000000000 +0100 ++++ shadow-4.15.0/lib/cleanup_user.c 2024-03-11 10:56:20.233991612 +0100 +@@ -44,7 +44,7 @@ void cleanup_report_mod_passwd (void *cl pw_dbname (), info->action)); #ifdef WITH_AUDIT @@ -143,7 +143,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -64,7 +64,7 @@ void cleanup_report_add_user_passwd (voi +@@ -65,7 +65,7 @@ void cleanup_report_add_user_passwd (voi SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, log_get_progname(), @@ -152,7 +152,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -83,8 +83,8 @@ void cleanup_report_add_user_shadow (voi +@@ -84,8 +84,8 @@ void cleanup_report_add_user_shadow (voi SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ())); #ifdef WITH_AUDIT @@ -163,7 +163,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -103,7 +103,7 @@ void cleanup_unlock_passwd (unused void +@@ -104,7 +104,7 @@ void cleanup_unlock_passwd (MAYBE_UNUSED log_get_progname(), pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT @@ -172,7 +172,7 @@ diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc SHADOW_AUDIT_FAILURE); #endif } -@@ -122,7 +122,7 @@ void cleanup_unlock_shadow (unused void +@@ -123,7 +123,7 @@ void cleanup_unlock_shadow (MAYBE_UNUSED log_get_progname(), spw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT @@ -181,10 +181,10 @@ diff -up shadow-4.14.0/libmisc/cleanup_user.c.audit-update shadow-4.14.0/libmisc SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.14.0/lib/prototypes.h.audit-update shadow-4.14.0/lib/prototypes.h ---- shadow-4.14.0/lib/prototypes.h.audit-update 2023-08-03 18:28:35.000000000 +0200 -+++ shadow-4.14.0/lib/prototypes.h 2023-08-04 09:30:25.207963539 +0200 -@@ -202,12 +202,21 @@ extern int audit_fd; +diff -up shadow-4.15.0/lib/prototypes.h.audit-update shadow-4.15.0/lib/prototypes.h +--- shadow-4.15.0/lib/prototypes.h.audit-update 2024-03-01 02:50:52.000000000 +0100 ++++ shadow-4.15.0/lib/prototypes.h 2024-03-11 10:56:20.233991612 +0100 +@@ -198,12 +198,21 @@ extern int audit_fd; extern void audit_help_open (void); /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ #define AUDIT_NO_ID ((unsigned int) -1) @@ -200,16 +200,16 @@ diff -up shadow-4.14.0/lib/prototypes.h.audit-update shadow-4.14.0/lib/prototype extern void audit_logger (int type, const char *pgname, const char *op, const char *name, unsigned int id, shadow_audit_result result); -+void audit_logger_with_group (int type, unused const char *pgname, ++void audit_logger_with_group (int type, MAYBE_UNUSED const char *pgname, + const char *op, const char *name, unsigned int id, + const char *grp, shadow_audit_result result); void audit_logger_message (const char *message, shadow_audit_result result); #endif -diff -up shadow-4.14.0/src/chage.c.audit-update shadow-4.14.0/src/chage.c ---- shadow-4.14.0/src/chage.c.audit-update 2023-08-04 09:30:25.207963539 +0200 -+++ shadow-4.14.0/src/chage.c 2023-08-04 09:31:12.237080212 +0200 -@@ -106,8 +106,8 @@ fail_exit (int code) +diff -up shadow-4.15.0/src/chage.c.audit-update shadow-4.15.0/src/chage.c +--- shadow-4.15.0/src/chage.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/chage.c 2024-03-11 10:56:20.234991618 +0100 +@@ -110,8 +110,8 @@ fail_exit (int code) #ifdef WITH_AUDIT if (E_SUCCESS != code) { @@ -220,7 +220,7 @@ diff -up shadow-4.14.0/src/chage.c.audit-update shadow-4.14.0/src/chage.c } #endif -@@ -841,10 +841,7 @@ int main (int argc, char **argv) +@@ -846,10 +846,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Permission denied.\n"), Prog); fail_exit (E_NOPERM); } @@ -232,7 +232,7 @@ diff -up shadow-4.14.0/src/chage.c.audit-update shadow-4.14.0/src/chage.c list_fields (); fail_exit (E_SUCCESS); } -@@ -863,39 +860,39 @@ int main (int argc, char **argv) +@@ -868,39 +865,39 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT else { @@ -287,10 +287,10 @@ diff -up shadow-4.14.0/src/chage.c.audit-update shadow-4.14.0/src/chage.c user_name, user_uid, 1); } #endif -diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c ---- shadow-4.14.0/src/gpasswd.c.audit-update 2023-06-11 03:35:50.000000000 +0200 -+++ shadow-4.14.0/src/gpasswd.c 2023-08-04 09:30:25.207963539 +0200 -@@ -118,7 +118,7 @@ static void usage (int status) +diff -up shadow-4.15.0/src/gpasswd.c.audit-update shadow-4.15.0/src/gpasswd.c +--- shadow-4.15.0/src/gpasswd.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/gpasswd.c 2024-03-11 10:56:20.234991618 +0100 +@@ -125,7 +125,7 @@ static void usage (int status) (void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -Q, --root CHROOT_DIR directory to chroot into\n"), usageout); @@ -299,22 +299,21 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c (void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout); (void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout); #ifdef SHADOWGRP -@@ -377,21 +377,14 @@ static void open_files (void) +@@ -384,20 +384,14 @@ static void open_files (void) static void log_gpasswd_failure (const char *suffix) { -#ifdef WITH_AUDIT -- char buf[1024]; +- char buf[1024]; -#endif +- if (aflg) { SYSLOG ((LOG_ERR, "%s failed to add user %s to group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to add user %s to group %s%s", -- myname, user, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to add user %s to group %s%s", +- myname, user, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -324,14 +323,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (dflg) { -@@ -399,13 +392,9 @@ static void log_gpasswd_failure (const c +@@ -405,11 +399,9 @@ static void log_gpasswd_failure (const c "%s failed to remove user %s from group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to remove user %s from group %s%s", -- myname, user, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to remove user %s from group %s%s", +- myname, user, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -341,14 +338,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (rflg) { -@@ -413,13 +402,9 @@ static void log_gpasswd_failure (const c +@@ -417,11 +409,9 @@ static void log_gpasswd_failure (const c "%s failed to remove password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to remove password of group %s%s", -- myname, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to remove password of group %s%s", +- myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -358,14 +353,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Rflg) { -@@ -427,13 +412,9 @@ static void log_gpasswd_failure (const c +@@ -429,11 +419,9 @@ static void log_gpasswd_failure (const c "%s failed to restrict access to group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to restrict access to group %s%s", -- myname, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to restrict access to group %s%s", +- myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -375,14 +368,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Aflg || Mflg) { -@@ -443,13 +424,9 @@ static void log_gpasswd_failure (const c +@@ -443,11 +431,9 @@ static void log_gpasswd_failure (const c "%s failed to set the administrators of group %s to %s%s", myname, group, admins, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to set the administrators of group %s to %s%s", -- myname, group, admins, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to set the administrators of group %s to %s%s", +- myname, group, admins, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -392,14 +383,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -459,13 +436,9 @@ static void log_gpasswd_failure (const c +@@ -457,11 +443,9 @@ static void log_gpasswd_failure (const c "%s failed to set the members of group %s to %s%s", myname, group, members, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to set the members of group %s to %s%s", -- myname, group, members, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to set the members of group %s to %s%s", +- myname, group, members, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -409,14 +398,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -474,13 +447,9 @@ static void log_gpasswd_failure (const c +@@ -470,11 +454,9 @@ static void log_gpasswd_failure (const c "%s failed to change password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "%s failed to change password of group %s%s", -- myname, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "%s failed to change password of group %s%s", +- myname, group, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -426,22 +413,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -511,21 +480,14 @@ static void log_gpasswd_failure_gshadow - - static void log_gpasswd_success (const char *suffix) - { --#ifdef WITH_AUDIT -- char buf[1024]; --#endif - if (aflg) { - SYSLOG ((LOG_INFO, +@@ -514,11 +496,9 @@ static void log_gpasswd_success (const c "user %s added by %s to group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "user %s added by %s to group %s%s", -- user, myname, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "user %s added by %s to group %s%s", +- user, myname, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -451,14 +428,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (dflg) { -@@ -533,13 +495,9 @@ static void log_gpasswd_success (const c +@@ -526,11 +506,9 @@ static void log_gpasswd_success (const c "user %s removed by %s from group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "user %s removed by %s from group %s%s", -- user, myname, group, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "user %s removed by %s from group %s%s", +- user, myname, group, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -468,14 +443,10 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (rflg) { -@@ -547,13 +505,9 @@ static void log_gpasswd_success (const c - "password of group %s removed by %s%s", - group, myname, suffix)); +@@ -540,9 +518,9 @@ static void log_gpasswd_success (const c #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "password of group %s removed by %s%s", -- group, myname, suffix); -- buf[1023] = '\0'; + SNPRINTF(buf, "password of group %s removed by %s%s", + group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -485,14 +456,10 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Rflg) { -@@ -561,13 +515,9 @@ static void log_gpasswd_success (const c - "access to group %s restricted by %s%s", - group, myname, suffix)); +@@ -552,9 +530,9 @@ static void log_gpasswd_success (const c #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "access to group %s restricted by %s%s", -- group, myname, suffix); -- buf[1023] = '\0'; + SNPRINTF(buf, "access to group %s restricted by %s%s", + group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -502,14 +469,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Aflg || Mflg) { -@@ -577,13 +527,9 @@ static void log_gpasswd_success (const c +@@ -564,11 +542,9 @@ static void log_gpasswd_success (const c "administrators of group %s set by %s to %s%s", group, myname, admins, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "administrators of group %s set by %s to %s%s", -- group, myname, admins, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "administrators of group %s set by %s to %s%s", +- group, myname, admins, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -519,14 +484,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -593,13 +539,9 @@ static void log_gpasswd_success (const c +@@ -578,11 +554,9 @@ static void log_gpasswd_success (const c "members of group %s set by %s to %s%s", group, myname, members, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "members of group %s set by %s to %s%s", -- group, myname, members, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "members of group %s set by %s to %s%s", +- group, myname, members, suffix); - audit_logger (AUDIT_USER_ACCT, Prog, - buf, - group, AUDIT_NO_ID, @@ -536,14 +499,12 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -608,13 +550,9 @@ static void log_gpasswd_success (const c +@@ -591,11 +565,9 @@ static void log_gpasswd_success (const c "password of group %s changed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT -- snprintf (buf, 1023, -- "password of group %s changed by %s%s", -- group, myname, suffix); -- buf[1023] = '\0'; +- SNPRINTF(buf, "password of group %s changed by %s%s", +- group, myname, suffix); - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - buf, - group, AUDIT_NO_ID, @@ -553,10 +514,10 @@ diff -up shadow-4.14.0/src/gpasswd.c.audit-update shadow-4.14.0/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c ---- shadow-4.14.0/src/groupadd.c.audit-update 2023-05-26 04:56:11.000000000 +0200 -+++ shadow-4.14.0/src/groupadd.c 2023-08-04 09:34:34.125581046 +0200 -@@ -114,6 +114,15 @@ usage (int status) +diff -up shadow-4.15.0/src/groupadd.c.audit-update shadow-4.15.0/src/groupadd.c +--- shadow-4.15.0/src/groupadd.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/groupadd.c 2024-03-11 10:59:11.522108956 +0100 +@@ -115,6 +115,15 @@ usage (int status) exit (status); } @@ -572,7 +533,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c /* * new_grent - initialize the values in a group file entry * -@@ -210,7 +219,7 @@ static void grp_update (void) +@@ -211,7 +220,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grp.gr_name); @@ -581,7 +542,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } #ifdef SHADOWGRP /* -@@ -220,7 +229,7 @@ static void grp_update (void) +@@ -221,7 +230,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), sgrp.sg_name); @@ -590,7 +551,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } #endif /* SHADOWGRP */ } -@@ -244,7 +253,7 @@ static void check_new_name (void) +@@ -245,7 +254,7 @@ static void check_new_name (void) fprintf (stderr, _("%s: '%s' is not a valid group name\n"), Prog, group_name); @@ -599,7 +560,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } /* -@@ -260,11 +269,11 @@ static void close_files (void) +@@ -261,11 +270,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -613,7 +574,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c group_name, group_id, SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "group added to %s: name=%s, GID=%u", -@@ -281,11 +290,11 @@ static void close_files (void) +@@ -282,11 +291,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -628,7 +589,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c group_name, group_id, SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, "group added to %s: name=%s", -@@ -298,10 +307,6 @@ static void close_files (void) +@@ -299,10 +308,6 @@ static void close_files (void) #endif /* SHADOWGRP */ /* Report success at the system level */ @@ -639,7 +600,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", group_name, (unsigned int) group_id)); del_cleanup (cleanup_report_add_group); -@@ -319,7 +324,7 @@ static void open_files (void) +@@ -320,7 +325,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -648,7 +609,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } add_cleanup (cleanup_unlock_group, NULL); -@@ -329,7 +334,7 @@ static void open_files (void) +@@ -330,7 +335,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -657,25 +618,25 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -345,7 +350,7 @@ static void open_files (void) +@@ -346,7 +351,7 @@ static void open_files (void) if (gr_open (O_CREAT | O_RDWR) == 0) { - fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); - SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); + fprintf (stderr, _("%s: cannot open %s: %s\n"), Prog, gr_dbname (), strerror(errno)); + SYSLOG ((LOG_WARN, "cannot open %s: %s", gr_dbname (), strerror(errno))); - exit (E_GRP_UPDATE); + fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP -@@ -355,7 +360,7 @@ static void open_files (void) - _("%s: cannot open %s\n"), - Prog, sgr_dbname ()); - SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); +@@ -356,7 +361,7 @@ static void open_files (void) + _("%s: cannot open %s: %s\n"), + Prog, sgr_dbname (), strerror(errno)); + SYSLOG ((LOG_WARN, "cannot open %s: %s", sgr_dbname (), strerror(errno))); - exit (E_GRP_UPDATE); + fail_exit (E_GRP_UPDATE); } } #endif /* SHADOWGRP */ -@@ -492,7 +497,7 @@ static void check_flags (void) +@@ -493,7 +498,7 @@ static void check_flags (void) fprintf (stderr, _("%s: group '%s' already exists\n"), Prog, group_name); @@ -684,16 +645,16 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } if (gflg && (prefix_getgrgid (group_id) != NULL)) { -@@ -511,7 +516,7 @@ static void check_flags (void) +@@ -512,7 +517,7 @@ static void check_flags (void) fprintf (stderr, _("%s: GID '%lu' already exists\n"), - Prog, (unsigned long int) group_id); + Prog, (unsigned long) group_id); - exit (E_GID_IN_USE); + fail_exit (E_GID_IN_USE); } } } -@@ -539,7 +544,7 @@ static void check_perms (void) +@@ -540,7 +545,7 @@ static void check_perms (void) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -701,8 +662,8 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c + fail_exit (1); } - retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); -@@ -559,7 +564,7 @@ static void check_perms (void) + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); +@@ -560,7 +565,7 @@ static void check_perms (void) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -711,7 +672,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -594,7 +599,7 @@ int main (int argc, char **argv) +@@ -591,7 +596,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -720,7 +681,7 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } /* -@@ -621,7 +626,7 @@ int main (int argc, char **argv) +@@ -618,7 +623,7 @@ int main (int argc, char **argv) if (!gflg) { if (find_new_gid (rflg, &group_id, NULL) < 0) { @@ -729,9 +690,9 @@ diff -up shadow-4.14.0/src/groupadd.c.audit-update shadow-4.14.0/src/groupadd.c } } -diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c ---- shadow-4.14.0/src/groupdel.c.audit-update 2023-05-26 04:56:11.000000000 +0200 -+++ shadow-4.14.0/src/groupdel.c 2023-08-04 09:36:42.778900250 +0200 +diff -up shadow-4.15.0/src/groupdel.c.audit-update shadow-4.15.0/src/groupdel.c +--- shadow-4.15.0/src/groupdel.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/groupdel.c 2024-03-11 11:14:20.572151046 +0100 @@ -87,6 +87,15 @@ usage (int status) exit (status); } @@ -854,7 +815,7 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c } /* -@@ -372,7 +376,7 @@ int main (int argc, char **argv) +@@ -368,7 +372,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -863,7 +824,7 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c } process_flags (argc, argv); -@@ -386,7 +390,7 @@ int main (int argc, char **argv) +@@ -382,7 +386,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -871,8 +832,8 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c + fail_exit (1); } - retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); -@@ -407,7 +411,7 @@ int main (int argc, char **argv) + retval = pam_start (Prog, pampw->pw_name, &conv, &pamh); +@@ -403,7 +407,7 @@ int main (int argc, char **argv) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -881,7 +842,7 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -427,7 +431,7 @@ int main (int argc, char **argv) +@@ -423,7 +427,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); @@ -890,7 +851,7 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c } group_id = grp->gr_gid; -@@ -451,7 +455,7 @@ int main (int argc, char **argv) +@@ -447,7 +451,7 @@ int main (int argc, char **argv) _("%s: %s is the NIS master\n"), Prog, nis_master); } @@ -899,10 +860,10 @@ diff -up shadow-4.14.0/src/groupdel.c.audit-update shadow-4.14.0/src/groupdel.c } #endif -diff -up shadow-4.14.0/src/groupmod.c.audit-update shadow-4.14.0/src/groupmod.c ---- shadow-4.14.0/src/groupmod.c.audit-update 2023-06-10 02:02:29.000000000 +0200 -+++ shadow-4.14.0/src/groupmod.c 2023-08-04 09:30:25.208963541 +0200 -@@ -473,7 +473,7 @@ static void close_files (void) +diff -up shadow-4.15.0/src/groupmod.c.audit-update shadow-4.15.0/src/groupmod.c +--- shadow-4.15.0/src/groupmod.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/groupmod.c 2024-03-11 10:56:20.234991618 +0100 +@@ -474,7 +474,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -911,7 +872,7 @@ diff -up shadow-4.14.0/src/groupmod.c.audit-update shadow-4.14.0/src/groupmod.c info_group.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -496,7 +496,14 @@ static void close_files (void) +@@ -497,7 +497,14 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -927,7 +888,7 @@ diff -up shadow-4.14.0/src/groupmod.c.audit-update shadow-4.14.0/src/groupmod.c info_gshadow.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -519,7 +526,7 @@ static void close_files (void) +@@ -520,7 +527,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -936,7 +897,7 @@ diff -up shadow-4.14.0/src/groupmod.c.audit-update shadow-4.14.0/src/groupmod.c info_passwd.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -534,8 +541,8 @@ static void close_files (void) +@@ -535,8 +542,8 @@ static void close_files (void) } #ifdef WITH_AUDIT @@ -947,43 +908,42 @@ diff -up shadow-4.14.0/src/groupmod.c.audit-update shadow-4.14.0/src/groupmod.c group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c ---- shadow-4.14.0/src/newgrp.c.audit-update 2023-08-04 09:30:25.208963541 +0200 -+++ shadow-4.14.0/src/newgrp.c 2023-08-04 09:51:28.354208322 +0200 -@@ -186,10 +186,10 @@ static void check_perms (const struct gr +diff -up shadow-4.15.0/src/newgrp.c.audit-update shadow-4.15.0/src/newgrp.c +--- shadow-4.15.0/src/newgrp.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/newgrp.c 2024-03-11 10:56:20.234991618 +0100 +@@ -188,10 +188,10 @@ static void check_perms (const struct gr + if (grp->gr_passwd[0] == '\0' || strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -- "authentication new-gid=%lu", -+ "authentication new_gid=%lu", - (unsigned long) grp->gr_gid); +- SNPRINTF(audit_buf, "authentication new-gid=%lu", ++ SNPRINTF(audit_buf, "authentication new_gid=%lu", + (unsigned long) grp->gr_gid); audit_logger (AUDIT_GRP_AUTH, Prog, - audit_buf, NULL, getuid (), 0); + audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE); #endif SYSLOG ((LOG_INFO, "Invalid password for group '%s' from '%s'", -@@ -200,10 +200,10 @@ static void check_perms (const struct gr +@@ -201,10 +201,10 @@ static void check_perms (const struct gr + goto failure; } #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -- "authentication new-gid=%lu", -+ "authentication new_gid=%lu", - (unsigned long) grp->gr_gid); +- SNPRINTF(audit_buf, "authentication new-gid=%lu", ++ SNPRINTF(audit_buf, "authentication new_gid=%lu", + (unsigned long) grp->gr_gid); audit_logger (AUDIT_GRP_AUTH, Prog, - audit_buf, NULL, getuid (), 1); + audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS); #endif } -@@ -214,17 +214,6 @@ failure: +@@ -215,16 +215,6 @@ failure: * harm. -- JWP */ closelog (); -#ifdef WITH_AUDIT - if (groupname) { -- snprintf (audit_buf, sizeof(audit_buf), -- "changing new-group=%s", groupname); +- SNPRINTF(audit_buf, "changing new-group=%s", groupname); - audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); - } else { @@ -994,12 +954,12 @@ diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c exit (EXIT_FAILURE); } -@@ -298,13 +287,23 @@ static void syslog_sg (const char *name, +@@ -298,13 +288,23 @@ static void syslog_sg (const char *name, is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT if (group) { -- snprintf (audit_buf, sizeof(audit_buf), -- "changing new-group=%s", group); +- SNPRINTF(audit_buf, +- "changing new-group=%s", group); + char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1]; + int len = strnlen(group, sizeof(enc_group)/2); + if (audit_value_needs_encoding(group, len)) { @@ -1022,7 +982,7 @@ diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -440,7 +439,7 @@ int main (int argc, char **argv) +@@ -440,7 +440,7 @@ int main (int argc, char **argv) Prog); #ifdef WITH_AUDIT audit_logger (AUDIT_CHGRP_ID, Prog, @@ -1031,12 +991,11 @@ diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c #endif SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); -@@ -556,13 +555,22 @@ int main (int argc, char **argv) +@@ -556,12 +556,22 @@ int main (int argc, char **argv) perror ("getgroups"); #ifdef WITH_AUDIT if (group) { -- snprintf (audit_buf, sizeof(audit_buf), -- "changing new-group=%s", group); +- SNPRINTF(audit_buf, "changing new-group=%s", group); + char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1]; + int len = strnlen(group, sizeof(enc_group)/2); + if (audit_value_needs_encoding(group, len)) { @@ -1058,61 +1017,59 @@ diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -717,9 +725,9 @@ int main (int argc, char **argv) +@@ -715,9 +725,9 @@ int main (int argc, char **argv) + if (setgid (gid) != 0) { perror ("setgid"); #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -- "changing new-gid=%lu", (unsigned long) gid); -+ "changing new_gid=%lu", (unsigned long) gid); +- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid); ++ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid); audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); + audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE); #endif exit (EXIT_FAILURE); } -@@ -728,9 +736,9 @@ int main (int argc, char **argv) +@@ -725,9 +735,9 @@ int main (int argc, char **argv) + if (setuid (getuid ()) != 0) { perror ("setuid"); #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -- "changing new-gid=%lu", (unsigned long) gid); -+ "changing new_gid=%lu", (unsigned long) gid); +- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid); ++ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid); audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); + audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE); #endif exit (EXIT_FAILURE); } -@@ -744,9 +752,9 @@ int main (int argc, char **argv) +@@ -740,9 +750,9 @@ int main (int argc, char **argv) + closelog (); execl (SHELL, "sh", "-c", command, (char *) NULL); #ifdef WITH_AUDIT - snprintf (audit_buf, sizeof(audit_buf), -- "changing new-gid=%lu", (unsigned long) gid); -+ "changing new_gid=%lu", (unsigned long) gid); +- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid); ++ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid); audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 0); + audit_buf, NULL, getuid (), SHADOW_AUDIT_FAILURE); #endif perror (SHELL); exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); -@@ -810,10 +818,10 @@ int main (int argc, char **argv) +@@ -806,9 +816,9 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT -- snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%lu", -+ snprintf (audit_buf, sizeof(audit_buf), "changing new_gid=%lu", - (unsigned long) gid); +- SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid); ++ SNPRINTF(audit_buf, "changing new_gid=%lu", (unsigned long) gid); audit_logger (AUDIT_CHGRP_ID, Prog, - audit_buf, NULL, getuid (), 1); + audit_buf, NULL, getuid (), SHADOW_AUDIT_SUCCESS); #endif /* * Exec the login shell and go away. We are trying to get back to -@@ -837,13 +845,22 @@ int main (int argc, char **argv) +@@ -832,12 +842,22 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { -- snprintf (audit_buf, sizeof(audit_buf), -- "changing new-group=%s", group); +- SNPRINTF(audit_buf, "changing new-group=%s", group); + char enc_group[(GROUP_NAME_MAX_LENGTH*2)+1]; + int len = strnlen(group, sizeof(enc_group)/2); + if (audit_value_needs_encoding(group, len)) { @@ -1134,10 +1091,10 @@ diff -up shadow-4.14.0/src/newgrp.c.audit-update shadow-4.14.0/src/newgrp.c } #endif exit (EXIT_FAILURE); -diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c ---- shadow-4.14.0/src/useradd.c.audit-update 2023-07-30 12:38:39.000000000 +0200 -+++ shadow-4.14.0/src/useradd.c 2023-08-04 10:02:18.851935396 +0200 -@@ -240,6 +240,8 @@ static void check_uid_range(int rflg, ui +diff -up shadow-4.15.0/src/useradd.c.audit-update shadow-4.15.0/src/useradd.c +--- shadow-4.15.0/src/useradd.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/useradd.c 2024-03-11 10:56:20.235991625 +0100 +@@ -242,6 +242,8 @@ static void check_uid_range(int rflg, ui */ static void fail_exit (int code) { @@ -1146,7 +1103,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c if (home_added && rmdir(prefix_user_home) != 0) { fprintf(stderr, _("%s: %s was created, but could not be removed\n"), -@@ -250,38 +252,22 @@ static void fail_exit (int code) +@@ -252,38 +254,22 @@ static void fail_exit (int code) if (spw_locked && spw_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", spw_dbname())); @@ -1185,7 +1142,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c /* continue */ } #endif -@@ -289,27 +275,23 @@ static void fail_exit (int code) +@@ -291,27 +277,23 @@ static void fail_exit (int code) if (sub_uid_locked && sub_uid_unlock() == 0) { fprintf(stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname()); SYSLOG((LOG_ERR, "failed to unlock %s", sub_uid_dbname())); @@ -1220,7 +1177,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif SYSLOG((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code)); -@@ -759,7 +741,7 @@ static int set_defaults (void) +@@ -732,7 +714,7 @@ static int set_defaults (void) } #ifdef WITH_AUDIT audit_logger (AUDIT_USYS_CONFIG, Prog, @@ -1229,7 +1186,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c NULL, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -1096,12 +1078,6 @@ static void grp_update (void) +@@ -1060,12 +1042,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1242,7 +1199,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -1115,18 +1091,12 @@ static void grp_update (void) +@@ -1079,18 +1055,12 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), ngrp->gr_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1264,7 +1221,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1171,12 +1141,6 @@ static void grp_update (void) +@@ -1135,12 +1105,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1277,7 +1234,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -1190,18 +1154,13 @@ static void grp_update (void) +@@ -1154,18 +1118,13 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), nsgrp->sg_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1300,7 +1257,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1596,7 +1555,7 @@ static void process_flags (int argc, cha +@@ -1560,7 +1519,7 @@ static void process_flags (int argc, cha Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1309,7 +1266,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1705,7 +1664,7 @@ static void close_files (void) +@@ -1660,7 +1619,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1318,7 +1275,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1718,7 +1677,7 @@ static void close_files (void) +@@ -1673,7 +1632,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1327,7 +1284,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1735,7 +1694,7 @@ static void close_files (void) +@@ -1690,7 +1649,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1336,7 +1293,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1749,7 +1708,7 @@ static void close_files (void) +@@ -1704,7 +1663,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1345,7 +1302,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -2012,7 +1971,7 @@ static void grp_add (void) +@@ -1967,7 +1926,7 @@ static void grp_add (void) Prog, gr_dbname (), grp.gr_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1354,7 +1311,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -2028,7 +1987,7 @@ static void grp_add (void) +@@ -1983,7 +1942,7 @@ static void grp_add (void) Prog, sgr_dbname (), sgrp.sg_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1363,7 +1320,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -2038,7 +1997,7 @@ static void grp_add (void) +@@ -1993,7 +1952,7 @@ static void grp_add (void) SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1372,7 +1329,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -2240,11 +2199,6 @@ static void usr_update (unsigned long su +@@ -2195,11 +2154,6 @@ static void usr_update (unsigned long su fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, spw_dbname (), spent.sp_namp); @@ -1384,7 +1341,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_PW_UPDATE); } #ifdef ENABLE_SUBIDS -@@ -2271,7 +2225,7 @@ static void usr_update (unsigned long su +@@ -2226,7 +2180,7 @@ static void usr_update (unsigned long su * and we can use the real ID thereafter. */ audit_logger (AUDIT_ADD_USER, Prog, @@ -1393,7 +1350,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -2365,10 +2319,6 @@ static void create_home (void) +@@ -2321,10 +2275,6 @@ static void create_home (void) if (mkdir(path, 0) != 0) { fprintf(stderr, _("%s: cannot create directory %s\n"), Prog, path); @@ -1404,7 +1361,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit(E_HOMEDIR); } if (chown(path, 0, 0) < 0) { -@@ -2393,7 +2343,7 @@ static void create_home (void) +@@ -2349,7 +2299,7 @@ static void create_home (void) } home_added = true; #ifdef WITH_AUDIT @@ -1413,7 +1370,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c user_name, user_id, SHADOW_AUDIT_SUCCESS); #endif #ifdef WITH_SELINUX -@@ -2637,12 +2587,6 @@ int main (int argc, char **argv) +@@ -2590,12 +2540,6 @@ int main (int argc, char **argv) */ if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); @@ -1426,7 +1383,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_NAME_IN_USE); } -@@ -2658,12 +2602,6 @@ int main (int argc, char **argv) +@@ -2611,12 +2555,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); @@ -1439,7 +1396,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_NAME_IN_USE); } } -@@ -2693,12 +2631,6 @@ int main (int argc, char **argv) +@@ -2646,12 +2584,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); @@ -1452,7 +1409,7 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c fail_exit (E_UID_IN_USE); } } -@@ -2773,9 +2705,9 @@ int main (int argc, char **argv) +@@ -2726,9 +2658,9 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -1465,10 +1422,10 @@ diff -up shadow-4.14.0/src/useradd.c.audit-update shadow-4.14.0/src/useradd.c #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); } -diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c ---- shadow-4.14.0/src/userdel.c.audit-update 2023-06-10 02:02:29.000000000 +0200 -+++ shadow-4.14.0/src/userdel.c 2023-08-04 10:26:18.225695416 +0200 -@@ -204,9 +204,9 @@ static void update_groups (void) +diff -up shadow-4.15.0/src/userdel.c.audit-update shadow-4.15.0/src/userdel.c +--- shadow-4.15.0/src/userdel.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/userdel.c 2024-03-11 10:56:20.235991625 +0100 +@@ -206,9 +206,9 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ #ifdef WITH_AUDIT @@ -1481,7 +1438,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n", user_name, ngrp->gr_name)); -@@ -265,9 +265,9 @@ static void update_groups (void) +@@ -267,9 +267,9 @@ static void update_groups (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1494,7 +1451,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n", user_name, nsgrp->sg_name)); -@@ -343,9 +343,9 @@ static void remove_usergroup (void) +@@ -345,9 +345,9 @@ static void remove_usergroup (void) } #ifdef WITH_AUDIT @@ -1507,7 +1464,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -361,9 +361,9 @@ static void remove_usergroup (void) +@@ -363,9 +363,9 @@ static void remove_usergroup (void) fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1520,7 +1477,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -525,7 +525,7 @@ static void fail_exit (int code) +@@ -527,7 +527,7 @@ static void fail_exit (int code) #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1529,7 +1486,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -544,22 +544,12 @@ static void open_files (void) +@@ -546,22 +546,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); @@ -1552,7 +1509,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { -@@ -567,11 +557,6 @@ static void open_files (void) +@@ -569,11 +559,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); @@ -1564,7 +1521,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_PW_UPDATE); } spw_locked = true; -@@ -579,11 +564,6 @@ static void open_files (void) +@@ -581,11 +566,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -1576,7 +1533,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_PW_UPDATE); } } -@@ -591,21 +571,11 @@ static void open_files (void) +@@ -593,21 +573,11 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -1598,7 +1555,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP -@@ -614,22 +584,12 @@ static void open_files (void) +@@ -616,22 +586,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -1621,7 +1578,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_GRP_UPDATE); } } -@@ -640,22 +600,12 @@ static void open_files (void) +@@ -642,22 +602,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); @@ -1644,7 +1601,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_SUB_UID_UPDATE); } } -@@ -664,22 +614,12 @@ static void open_files (void) +@@ -666,22 +616,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); @@ -1667,7 +1624,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c fail_exit (E_SUB_GID_UPDATE); } } -@@ -724,7 +664,7 @@ static void update_user (void) +@@ -726,7 +666,7 @@ static void update_user (void) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1676,7 +1633,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete user '%s'\n", user_name)); -@@ -831,7 +771,7 @@ static int remove_mailbox (void) +@@ -824,7 +764,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1685,7 +1642,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ free(mailfile); -@@ -847,7 +787,7 @@ static int remove_mailbox (void) +@@ -840,7 +780,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1694,7 +1651,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ errors = 1; -@@ -856,8 +796,8 @@ static int remove_mailbox (void) +@@ -849,8 +789,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1705,7 +1662,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ -@@ -874,7 +814,7 @@ static int remove_mailbox (void) +@@ -867,7 +807,7 @@ static int remove_mailbox (void) mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1714,7 +1671,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ free(mailfile); -@@ -890,7 +830,7 @@ static int remove_mailbox (void) +@@ -883,7 +823,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1723,7 +1680,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ errors = 1; -@@ -899,8 +839,8 @@ static int remove_mailbox (void) +@@ -892,8 +832,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1734,7 +1691,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ -@@ -1118,7 +1058,7 @@ int main (int argc, char **argv) +@@ -1104,7 +1044,7 @@ int main (int argc, char **argv) Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1743,7 +1700,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1174,7 +1114,7 @@ int main (int argc, char **argv) +@@ -1154,7 +1094,7 @@ int main (int argc, char **argv) if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1752,7 +1709,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1268,8 +1208,8 @@ int main (int argc, char **argv) +@@ -1248,8 +1188,8 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT else { @@ -1763,7 +1720,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_SUCCESS); } #endif /* WITH_AUDIT */ -@@ -1277,7 +1217,7 @@ int main (int argc, char **argv) +@@ -1257,7 +1197,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, @@ -1772,7 +1729,7 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } -@@ -1290,8 +1230,8 @@ int main (int argc, char **argv) +@@ -1270,8 +1210,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -1783,10 +1740,10 @@ diff -up shadow-4.14.0/src/userdel.c.audit-update shadow-4.14.0/src/userdel.c user_name, user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); -diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c ---- shadow-4.14.0/src/usermod.c.audit-update 2023-07-30 12:38:39.000000000 +0200 -+++ shadow-4.14.0/src/usermod.c 2023-08-04 10:33:04.601749324 +0200 -@@ -427,7 +427,7 @@ static char *new_pw_passwd (char *pw_pas +diff -up shadow-4.15.0/src/usermod.c.audit-update shadow-4.15.0/src/usermod.c +--- shadow-4.15.0/src/usermod.c.audit-update 2024-03-08 22:27:04.000000000 +0100 ++++ shadow-4.15.0/src/usermod.c 2024-03-11 10:56:20.235991625 +0100 +@@ -438,7 +438,7 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -1795,7 +1752,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); strcpy (buf, "!"); -@@ -444,14 +444,14 @@ static char *new_pw_passwd (char *pw_pas +@@ -455,14 +455,14 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -1812,7 +1769,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change user '%s' password", user_newname)); pw_pass = xstrdup (user_pass); -@@ -479,8 +479,8 @@ static void new_pwent (struct passwd *pw +@@ -490,8 +490,8 @@ static void new_pwent (struct passwd *pw fail_exit (E_NAME_IN_USE); } #ifdef WITH_AUDIT @@ -1823,7 +1780,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change user name '%s' to '%s'", -@@ -499,8 +499,8 @@ static void new_pwent (struct passwd *pw +@@ -510,8 +510,8 @@ static void new_pwent (struct passwd *pw if (uflg) { #ifdef WITH_AUDIT @@ -1834,7 +1791,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change user '%s' UID from '%d' to '%d'", -@@ -509,8 +509,8 @@ static void new_pwent (struct passwd *pw +@@ -520,8 +520,8 @@ static void new_pwent (struct passwd *pw } if (gflg) { #ifdef WITH_AUDIT @@ -1845,7 +1802,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -520,16 +520,16 @@ static void new_pwent (struct passwd *pw +@@ -531,16 +531,16 @@ static void new_pwent (struct passwd *pw } if (cflg) { #ifdef WITH_AUDIT @@ -1866,7 +1823,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -545,8 +545,8 @@ static void new_pwent (struct passwd *pw +@@ -556,8 +556,8 @@ static void new_pwent (struct passwd *pw } if (sflg) { #ifdef WITH_AUDIT @@ -1877,7 +1834,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -576,8 +576,8 @@ static void new_spent (struct spwd *spen +@@ -587,8 +587,8 @@ static void new_spent (struct spwd *spen if (fflg) { #ifdef WITH_AUDIT @@ -1888,7 +1845,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -591,8 +591,8 @@ static void new_spent (struct spwd *spen +@@ -602,8 +602,8 @@ static void new_spent (struct spwd *spen date_to_str (sizeof(new_exp), new_exp, user_newexpire * DAY); date_to_str (sizeof(old_exp), old_exp, user_expire * DAY); #ifdef WITH_AUDIT @@ -1899,7 +1856,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -677,9 +677,9 @@ fail_exit (int code) +@@ -688,9 +688,9 @@ fail_exit (int code) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT @@ -1912,7 +1869,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif exit (code); } -@@ -741,9 +741,12 @@ static void update_group (void) +@@ -752,9 +752,12 @@ static void update_group (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -1928,7 +1885,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in group '%s'", -@@ -757,9 +760,11 @@ static void update_group (void) +@@ -768,9 +771,11 @@ static void update_group (void) ngrp->gr_mem = del_list (ngrp->gr_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -1943,7 +1900,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from group '%s'", -@@ -772,9 +777,11 @@ static void update_group (void) +@@ -783,9 +788,11 @@ static void update_group (void) ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -1958,7 +1915,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to group '%s'", user_newname, ngrp->gr_name)); -@@ -859,9 +866,10 @@ static void update_gshadow (void) +@@ -870,9 +877,10 @@ static void update_gshadow (void) nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = true; #ifdef WITH_AUDIT @@ -1972,7 +1929,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change admin '%s' to '%s' in shadow group '%s'", -@@ -881,9 +889,10 @@ static void update_gshadow (void) +@@ -892,9 +900,10 @@ static void update_gshadow (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -1986,7 +1943,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in shadow group '%s'", -@@ -897,9 +906,10 @@ static void update_gshadow (void) +@@ -908,9 +917,10 @@ static void update_gshadow (void) nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2000,7 +1957,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'", -@@ -912,9 +922,10 @@ static void update_gshadow (void) +@@ -923,9 +933,10 @@ static void update_gshadow (void) nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2014,7 +1971,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_name)); -@@ -1830,8 +1841,8 @@ static void move_home (void) +@@ -1836,8 +1847,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { @@ -2025,7 +1982,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); } #endif -@@ -1849,8 +1860,8 @@ static void move_home (void) +@@ -1855,8 +1866,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT @@ -2036,7 +1993,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); #endif return; -@@ -1877,9 +1888,9 @@ static void move_home (void) +@@ -1883,9 +1894,9 @@ static void move_home (void) Prog, prefix_user_home); } #ifdef WITH_AUDIT @@ -2048,7 +2005,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); -@@ -2100,8 +2111,8 @@ static void move_mailbox (void) +@@ -2109,8 +2120,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2059,7 +2016,7 @@ diff -up shadow-4.14.0/src/usermod.c.audit-update shadow-4.14.0/src/usermod.c user_newname, user_newid, 1); } #endif -@@ -2129,8 +2140,8 @@ static void move_mailbox (void) +@@ -2133,8 +2144,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { diff --git a/shadow-4.2.1-date-parsing.patch b/shadow-4.15.0-date-parsing.patch similarity index 93% rename from shadow-4.2.1-date-parsing.patch rename to shadow-4.15.0-date-parsing.patch index 2a798d0..272d2df 100644 --- a/shadow-4.2.1-date-parsing.patch +++ b/shadow-4.15.0-date-parsing.patch @@ -1,7 +1,7 @@ -Index: shadow-4.5/libmisc/getdate.y +Index: shadow-4.5/lib/getdate.y =================================================================== ---- shadow-4.5.orig/libmisc/getdate.y -+++ shadow-4.5/libmisc/getdate.y +--- shadow-4.5.orig/lib/getdate.y ++++ shadow-4.5/lib/getdate.y @@ -152,6 +152,7 @@ static int yyHaveDay; static int yyHaveRel; static int yyHaveTime; diff --git a/shadow-4.15.0-getdef-spurious-error.patch b/shadow-4.15.0-getdef-spurious-error.patch new file mode 100644 index 0000000..9cec295 --- /dev/null +++ b/shadow-4.15.0-getdef-spurious-error.patch @@ -0,0 +1,137 @@ +From ead55e9ba8958504e23e29545f90c4dd925c7462 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Wed, 20 Mar 2024 17:39:46 -0500 +Subject: [PATCH] getdef: avoid spurious error messages about unknown + configuration options + +def_find can return NULL for unset, not just unknown, config options. So +move the decision of whether to log an error message about an unknown config +option back into def_find, which knows the difference. Only putdef_str() +will pass a char* srcfile to def_find, so only calls from putdef_str will +cause the message, which was the original intent of fa68441bc4be8. + +closes #967 + +fixes: fa68441bc4be8 ("Improve the login.defs unknown item error message") +Signed-off-by: Serge Hallyn +--- + lib/getdef.c | 30 ++++++++++++++++-------------- + 1 file changed, 16 insertions(+), 14 deletions(-) + +diff --git a/lib/getdef.c b/lib/getdef.c +index 4d4d4e19..ef2ae1f0 100644 +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -176,7 +176,7 @@ static const char* def_fname = LOGINDEFS; /* login config defs file */ + static bool def_loaded = false; /* are defs already loaded? */ + + /* local function prototypes */ +-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *); ++static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *, const char *); + static void def_load (void); + + +@@ -195,7 +195,7 @@ static void def_load (void); + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + return (NULL == d) ? NULL : d->value; + } + +@@ -214,7 +214,7 @@ bool getdef_bool (const char *item) + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + if ((NULL == d) || (NULL == d->value)) { + return false; + } +@@ -240,7 +240,7 @@ int getdef_num (const char *item, int dflt) + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + if ((NULL == d) || (NULL == d->value)) { + return dflt; + } +@@ -275,7 +275,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt) + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + if ((NULL == d) || (NULL == d->value)) { + return dflt; + } +@@ -310,7 +310,7 @@ long getdef_long (const char *item, long dflt) + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + if ((NULL == d) || (NULL == d->value)) { + return dflt; + } +@@ -342,7 +342,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt) + def_load (); + } + +- d = def_find (item); ++ d = def_find (item, NULL); + if ((NULL == d) || (NULL == d->value)) { + return dflt; + } +@@ -375,12 +375,9 @@ int putdef_str (const char *name, const char *value, const char *srcfile) + * Locate the slot to save the value. If this parameter + * is unknown then "def_find" will print an err message. + */ +- d = def_find (name); +- if (NULL == d) { +- if (NULL != srcfile) +- SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile)); ++ d = def_find (name, srcfile); ++ if (NULL == d) + return -1; +- } + + /* + * Save off the value. +@@ -404,9 +401,12 @@ int putdef_str (const char *name, const char *value, const char *srcfile) + * + * Search through a table of configurable items to locate the + * specified configuration option. ++ * ++ * If srcfile is not NULL, and the item is not found, then report an error saying ++ * the unknown item was used in this file. + */ + +-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name) ++static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, const char *srcfile) + { + struct itemdef *ptr; + +@@ -432,6 +432,8 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name) + fprintf (shadow_logfd, + _("configuration error - unknown item '%s' (notify administrator)\n"), + name); ++ if (srcfile != NULL) ++ SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile)); + + out: + return NULL; +@@ -610,7 +612,7 @@ int main (int argc, char **argv) + def_load (); + + for (i = 0; i < NUMDEFS; ++i) { +- d = def_find (def_table[i].name); ++ d = def_find (def_table[i].name, NULL); + if (NULL == d) { + printf ("error - lookup '%s' failed\n", + def_table[i].name); +-- +2.44.0 + diff --git a/shadow-4.14.0-manfix.patch b/shadow-4.15.0-manfix.patch similarity index 76% rename from shadow-4.14.0-manfix.patch rename to shadow-4.15.0-manfix.patch index 70f030e..34e62f9 100644 --- a/shadow-4.14.0-manfix.patch +++ b/shadow-4.15.0-manfix.patch @@ -1,7 +1,7 @@ -diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml ---- shadow-4.8.1/man/groupmems.8.xml.manfix 2020-03-17 15:34:48.750414984 +0100 -+++ shadow-4.8.1/man/groupmems.8.xml 2020-03-17 15:41:13.383588722 +0100 -@@ -179,20 +179,10 @@ +diff -up shadow-4.15.0/man/groupmems.8.xml.manfix shadow-4.15.0/man/groupmems.8.xml +--- shadow-4.15.0/man/groupmems.8.xml.manfix 2023-05-26 04:56:11.000000000 +0200 ++++ shadow-4.15.0/man/groupmems.8.xml 2024-02-09 10:42:20.337036378 +0100 +@@ -156,20 +156,10 @@ SETUP @@ -25,10 +25,10 @@ diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xm -diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5 ---- shadow-4.8.1/man/ja/man5/login.defs.5.manfix 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/man/ja/man5/login.defs.5 2020-03-17 15:34:48.750414984 +0100 -@@ -147,10 +147,6 @@ 以下の参照表は、 +diff -up shadow-4.15.0/man/ja/man5/login.defs.5.manfix shadow-4.15.0/man/ja/man5/login.defs.5 +--- shadow-4.15.0/man/ja/man5/login.defs.5.manfix 2023-03-13 21:58:56.000000000 +0100 ++++ shadow-4.15.0/man/ja/man5/login.defs.5 2024-02-09 10:42:20.337036378 +0100 +@@ -123,10 +123,6 @@ 以下の参照表は、 shadow パスワード機能のどのプログラムが どのパラメータを使用するかを示したものである。 .na @@ -39,10 +39,10 @@ diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/l .IP groupadd 12 GID_MAX GID_MIN .IP newusers 12 -diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml ---- shadow-4.8.1/man/login.defs.5.xml.manfix 2020-01-17 16:47:56.000000000 +0100 -+++ shadow-4.8.1/man/login.defs.5.xml 2020-03-17 15:34:48.750414984 +0100 -@@ -164,6 +164,17 @@ +diff -up shadow-4.15.0/man/login.defs.5.xml.manfix shadow-4.15.0/man/login.defs.5.xml +--- shadow-4.15.0/man/login.defs.5.xml.manfix 2024-01-22 22:36:43.000000000 +0100 ++++ shadow-4.15.0/man/login.defs.5.xml 2024-02-09 10:45:49.014407259 +0100 +@@ -144,6 +144,17 @@ long numeric parameters is machine-dependent. @@ -60,7 +60,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5. The following configuration items are provided: -@@ -256,16 +267,6 @@ +@@ -240,16 +251,6 @@ @@ -77,7 +77,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5. chgpasswd -@@ -286,14 +287,6 @@ +@@ -276,14 +277,6 @@ @@ -92,7 +92,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5. -@@ -359,34 +352,6 @@ +@@ -352,34 +345,6 @@ LASTLOG_UID_MAX @@ -127,25 +127,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5. newgrp / sg -@@ -415,17 +380,6 @@ - - - -- -- passwd -- -- -- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB -- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN -- SHA_CRYPT_MAX_ROUNDS -- SHA_CRYPT_MIN_ROUNDS -- -- -- - - pwck - -@@ -452,32 +406,6 @@ +@@ -451,32 +416,6 @@ @@ -166,12 +148,12 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5. - - - -- +- - sulogin - - - ENV_HZ -- ENV_TZ +- ENV_TZ - - - diff --git a/shadow-utils.spec b/shadow-utils.spec index 6b705cd..3fbb35b 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.14.0 -Release: 6%{?dist} +Version: 4.15.0 +Release: 1%{?dist} Epoch: 2 License: BSD-3-Clause AND GPL-2.0-or-later URL: https://github.com/shadow-maint/shadow @@ -19,20 +19,15 @@ Source7: passwd.pamd ### Patches ### # Misc manual page changes - non-upstreamable -Patch0: shadow-4.14.0-manfix.patch +Patch0: shadow-4.15.0-manfix.patch # Date parsing improvement - could be upstreamed -Patch1: shadow-4.2.1-date-parsing.patch +Patch1: shadow-4.15.0-date-parsing.patch # Audit message changes - partially upstreamed -Patch2: shadow-4.14.0-audit-update.patch -# https://github.com/shadow-maint/shadow/pull/812 -Patch3: shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch +Patch2: shadow-4.15.0-audit-update.patch # Probably non-upstreamable -Patch4: shadow-4.14.0-account-tools-setuid.patch -# https://github.com/shadow-maint/shadow/commit/43b4e5a6c41f5c43cad18810f9229e40e8c4a57e -# https://github.com/shadow-maint/shadow/commit/45f34ee8c196a98397504cb7ed8576b6f1825cf9 -Patch5: shadow-4.14.0-remove-libcrack.patch -# https://github.com/shadow-maint/shadow/pull/927 -Patch6: shadow-4.14.0-passwd-stdin.patch +Patch3: shadow-4.15.0-account-tools-setuid.patch +# https://github.com/shadow-maint/shadow/commit/ead55e9ba8958504e23e29545f90c4dd925c7462 +Patch4: shadow-4.15.0-getdef-spurious-error.patch ### Dependencies ### Requires: audit-libs >= 1.6.5 @@ -107,7 +102,7 @@ cp -a %{SOURCE4} %{SOURCE5} . cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml # Force regeneration of getdate.c -rm libmisc/getdate.c +rm lib/getdate.c %build %ifarch sparc64 @@ -193,9 +188,11 @@ rm $RPM_BUILD_ROOT%{_mandir}/*/man8/faillog.* # Remove PAM service files we don't use. rm $RPM_BUILD_ROOT%{_pam_confdir}/chfn +rm $RPM_BUILD_ROOT%{_pam_confdir}/chpasswd rm $RPM_BUILD_ROOT%{_pam_confdir}/chsh rm $RPM_BUILD_ROOT%{_pam_confdir}/groupmems rm $RPM_BUILD_ROOT%{_pam_confdir}/login +rm $RPM_BUILD_ROOT%{_pam_confdir}/newusers rm $RPM_BUILD_ROOT%{_pam_confdir}/su find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete @@ -278,6 +275,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a %{_libdir}/libsubid.so %changelog +* Wed Apr 3 2024 Iker Pedrosa - 2:4.15.0-1 +- Rebase to version 4.15.0 +- getdef: avoid spurious error messages about unknown configuration options + * Mon Feb 12 2024 Iker Pedrosa - 2:4.14.0-6 - Build linking `libpam` diff --git a/sources b/sources index 1ec1caa..c3c37d6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (shadow-4.14.0.tar.xz) = ff960481d576f9db5a9f10becc4e1a74c03de484ecfdcd7f1ea735fded683d7ba0f9cd895dc6a431b77e5a633752273178b1bcda4cefaa5adbf0f143c9a0c86f -SHA512 (shadow-4.14.0.tar.xz.asc) = d011a732d73b4b066ca8d204c0420303f925c87efc7655feb5c5f60b619d67da450e220ee44f6c86929ae79cbd4343136fe9c20d25b39fa0a228a48e57636309 +SHA512 (shadow-4.15.0.tar.xz) = 88d72fb706f6792b460c14a9b1b42fe0b5962834ec3793f296cbc138807736b5ad73d3f802cda74db740a71545eb1c8ec47447c2250299eb730ed2b2674e2249 +SHA512 (shadow-4.15.0.tar.xz.asc) = 0a39d6a45b7d8df12aade89ed9fc9d481c91297dbd34e85fe831426c1d0051cbcf8478759306b8871cd6b1835604c5836decf398d0165c50ac52fee365561446