packages/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!15 update to 4.8.1

Browse Source 
Merge pull request !15 from guoxiaoqi/master
This commit is contained in:
openeuler-ci-bot 2020-06-19 15:24:07 +08:00 committed by Gitee
commit 994107aae7
15 changed files with 548 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
add-home_mode-xml-file.patch Normal file
View File

@ -0,0 +1,62 @@
From 56073640403f65193689d94a5024547181c8c4d8 Mon Sep 17 00:00:00 2001
From: guiyao <guiyao@huawei.com>
Date: Wed, 15 Apr 2020 19:15:53 -0400
Subject: [PATCH] add home_mode xml file
---
man/login.defs.d/HOME_MODE.xml | 43 ++++++++++++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
create mode 100644 man/login.defs.d/HOME_MODE.xml
diff --git a/man/login.defs.d/HOME_MODE.xml b/man/login.defs.d/HOME_MODE.xml
new file mode 100644
index 0000000..21aa55f
--- /dev/null
+++ b/man/login.defs.d/HOME_MODE.xml
@@ -0,0 +1,43 @@
+<!--
+ Copyright (c) 1991 - 1993, Julianne Frances Haugh
+ Copyright (c) 1991 - 1993, Chip Rosenthal
+ Copyright (c) 2007 - 2009, Nicolas François
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ 3. The name of the copyright holders or contributors may not be used to
+ endorse or promote products derived from this software without
+ specific prior written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry>
+ <term><option>HOME_MODE</option> (number)</term>
+ <listitem>
+ <para>
+ The mode for new home directories. If not specified,
+ the <option>UMASK</option> is used to create the mode.
+ </para>
+ <para>
+ <command>useradd</command> and <command>newusers</command> use this
+ to set the mode of the home directory they create.
+ </para>
+ </listitem>
+</varlistentry>
--
1.8.3.1

5
chpasswd Normal file
View File

@ -0,0 +1,5 @@
#%PAM-1.0
# This tool only uses the password stack.
password substack system-auth
-password optional pam_gnome_keyring.so use_authtok
password substack postlogin

13
fix-logmsg.patch Normal file
View File

@ -0,0 +1,13 @@
Index: shadow-4.5/src/useradd.c
===================================================================
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -329,7 +329,7 @@ static void fail_exit (int code)
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
+ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
exit (code);
}

84
long-password-entry.patch Normal file
View File

@ -0,0 +1,84 @@
diff --git a/lib/defines.h b/lib/defines.h
--- a/lib/defines.h
+++ b/lib/defines.h
@@ -388,4 +388,7 @@ extern char *strerror ();
# define shadow_getenv(name) getenv(name)
#endif
+/* Maximum length of passwd entry */
+#define PASSWD_ENTRY_MAX_LENGTH 32768
+
#endif /* _DEFINES_H_ */
diff --git a/lib/pwio.c b/lib/pwio.c
--- a/lib/pwio.c
+++ b/lib/pwio.c
@@ -79,7 +79,10 @@ static int passwd_put (const void *ent, FILE * file)
|| (pw->pw_gid == (gid_t)-1)
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|| (valid_field (pw->pw_dir, ":\n") == -1)
- || (valid_field (pw->pw_shell, ":\n") == -1)) {
+ || (valid_field (pw->pw_shell, ":\n") == -1)
+ || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
+ strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
+ strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}
diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c
--- a/lib/sgetpwent.c
+++ b/lib/sgetpwent.c
@@ -57,7 +57,7 @@
struct passwd *sgetpwent (const char *buf)
{
static struct passwd pwent;
- static char pwdbuf[1024];
+ static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
register int i;
register char *cp;
char *fields[NFIELDS];
@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *buf)
* the password structure remain valid.
*/
- if (strlen (buf) >= sizeof pwdbuf)
+ if (strlen (buf) >= sizeof pwdbuf) {
+ fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
return 0; /* fail if too long */
+ }
strcpy (pwdbuf, buf);
/*
diff --git a/lib/sgetspent.c b/lib/sgetspent.c
--- a/lib/sgetspent.c
+++ b/lib/sgetspent.c
@@ -48,7 +48,7 @@
*/
struct spwd *sgetspent (const char *string)
{
- static char spwbuf[1024];
+ static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
static struct spwd spwd;
char *fields[FIELDS];
char *cp;
@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *string)
*/
if (strlen (string) >= sizeof spwbuf) {
+ fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
return 0; /* fail if too long */
}
strcpy (spwbuf, string);
diff --git a/lib/shadowio.c b/lib/shadowio.c
--- a/lib/shadowio.c
+++ b/lib/shadowio.c
@@ -79,7 +79,9 @@ static int shadow_put (const void *ent, FILE * file)
if ( (NULL == sp)
|| (valid_field (sp->sp_namp, ":\n") == -1)
- || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
+ || (valid_field (sp->sp_pwdp, ":\n") == -1)
+ || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
+ 1000 > PASSWD_ENTRY_MAX_LENGTH)) {
return -1;
}

5
newusers Normal file
View File

@ -0,0 +1,5 @@
#%PAM-1.0
# This tool only uses the password stack.
password substack system-auth
-password optional pam_gnome_keyring.so use_authtok
password substack postlogin

94
null-time.patch Normal file
View File

@ -0,0 +1,94 @@
Index: shadow-4.5/src/chage.c
===================================================================
--- a/src/chage.c
+++ b/src/chage.c
@@ -167,6 +167,10 @@ static void date_to_str (char *buf, size_t maxsize, time_t date)
struct tm *tp;
tp = gmtime (&date);
+ if (tp == NULL) {
+ (void) snprintf (buf, maxsize, "(unknown)");
+ return;
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
#else
Index: shadow-4.5/src/faillog.c
===================================================================
--- a/src/faillog.c
+++ b/src/faillog.c
@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force)
}
tm = localtime (&fl.fail_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
+ cp = ptime;
#endif
+ }
printf ("%-9s %5d %5d ",
pw->pw_name, fl.fail_cnt, fl.fail_max);
/* FIXME: cp is not defined ifndef HAVE_STRFTIME */
Index: shadow-4.5/src/lastlog.c
===================================================================
--- a/src/lastlog.c
+++ b/src/lastlog.c
@@ -159,13 +159,17 @@ static void print_one (/*@null@*/const struct passwd *pw)
ll_time = ll.ll_time;
tm = localtime (&ll_time);
+ if (tm == NULL) {
+ cp = "(unknown)";
+ } else {
#ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+ cp = ptime;
#else
- cp = asctime (tm);
- cp[24] = '\0';
+ cp = asctime (tm);
+ cp[24] = '\0';
#endif
+ }
if (ll.ll_time == (time_t) 0) {
cp = _("**Never logged in**\0");
Index: shadow-4.5/src/passwd.c
===================================================================
--- a/src/passwd.c
+++ b/src/passwd.c
@@ -456,6 +456,9 @@ static /*@observer@*/const char *date_to_str (time_t t)
struct tm *tm;
tm = gmtime (&t);
+ if (tm == NULL) {
+ return "(unknown)";
+ }
#ifdef HAVE_STRFTIME
(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
#else /* !HAVE_STRFTIME */
Index: shadow-4.5/src/usermod.c
===================================================================
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -216,6 +216,10 @@ static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
} else {
time_t t = (time_t) date;
tp = gmtime (&t);
+ if (tp == NULL) {
+ strncpy (buf, "unknown", maxsize);
+ return;
+ }
#ifdef HAVE_STRFTIME
strftime (buf, maxsize, "%Y-%m-%d", tp);
#else
--
2.19.1

140
selinux-flag.patch Normal file
View File

@ -0,0 +1,140 @@
From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001
From: "guiyao" <guiyao@huawei.com>
Date: Wed, 15 Apr 2020 15:41:18 -0400
Subject: [PATCH] selinux-flag
backport selinux flag patch and modified for new code
---
lib/semanage.c | 7 ++++++
src/useradd.c | 69 ++++++++++++++++++++++++++++++----------------------------
2 files changed, 43 insertions(+), 33 deletions(-)
diff --git a/lib/semanage.c b/lib/semanage.c
index e983f5f..7ec8969 100644
--- a/lib/semanage.c
+++ b/lib/semanage.c
@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, const char *seuser_name)
ret = 0;
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_seuser_key_free (key);
semanage_handle_destroy (handle);
@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
}
ret = 0;
+
+ /* drop obsolete matchpathcon cache */
+ matchpathcon_fini();
+
done:
semanage_handle_destroy (handle);
return ret;
diff --git a/src/useradd.c b/src/useradd.c
index b294439..47394a3 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2242,6 +2242,7 @@ static void create_mail (void)
*/
int main (int argc, char **argv)
{
+ int rv = E_SUCCESS;
#ifdef ACCT_TOOLS_SETUID
#ifdef USE_PAM
pam_handle_t *pamh = NULL;
@@ -2464,27 +2465,11 @@ int main (int argc, char **argv)
usr_update ();
- if (mflg) {
- create_home ();
- if (home_added) {
- copy_tree (def_template, prefix_user_home, false, false,
- (uid_t)-1, user_id, (gid_t)-1, user_gid);
- } else {
- fprintf (stderr,
- _("%s: warning: the home directory %s already exists.\n"
- "%s: Not copying any file from skel directory into it.\n"),
- Prog, user_home, Prog);
- }
-
- }
-
- /* Do not create mail directory for system accounts */
- if (!rflg) {
- create_mail ();
- }
-
close_files ();
+ nscd_flush_cache ("passwd");
+ nscd_flush_cache ("group");
+
/*
* tallylog_reset needs to be able to lookup
* a valid existing user name,
@@ -2495,25 +2480,43 @@ int main (int argc, char **argv)
}
#ifdef WITH_SELINUX
- if (Zflg) {
- if (set_seuser (user_name, user_selinux) != 0) {
- fprintf (stderr,
- _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
- Prog, user_name, user_selinux);
+ if (Zflg && *user_selinux) {
+ if (is_selinux_enabled () > 0) {
+ if (set_seuser (user_name, user_selinux) != 0) {
+ fprintf (stderr,
+ _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+ Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
- "adding SELinux user mapping",
- user_name, (unsigned int) user_id, 0);
-#endif /* WITH_AUDIT */
- fail_exit (E_SE_UPDATE);
+ audit_logger (AUDIT_ADD_USER, Prog,
+ "adding SELinux user mapping",
+ user_name, (unsigned int) user_id, 0);
+#endif /* WITH_AUDIT */
+ rv = E_SE_UPDATE;
+ }
}
}
-#endif /* WITH_SELINUX */
+#endif
+
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+ copy_tree (def_template, prefix_user_home, false, true,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
+ _("%s: warning: the home directory already exists.\n"
+ "Not copying any file from skel directory into it.\n"),
+ Prog);
+ }
+ }
+
+ /* Do not create mail directory for system accounts */
+ if (!rflg) {
+ create_mail ();
+ }
- nscd_flush_cache ("passwd");
- nscd_flush_cache ("group");
sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
- return E_SUCCESS;
+ return rv;
}
--
1.8.3.1

85
shadow-4.5-goodname.patch
View File

@ -1,18 +1,25 @@
Index: shadow-4.5/libmisc/chkname.c From a386a250712771e44e2020060e6a3ca690f72129 Mon Sep 17 00:00:00 2001
=================================================================== From: "guiyao" <guiyao@huawei.com>
--- shadow-4.5.orig/libmisc/chkname.c Date: Wed, 15 Apr 2020 15:18:25 -0400
+++ shadow-4.5/libmisc/chkname.c Subject: [PATCH] shadow: shadow-4.5-goodname
@@ -47,27 +47,46 @@
#include "chkname.h" backport patch and do some modify for new code
---
libmisc/chkname.c | 40 +++++++++++++++++++++++++++++-----------
man/groupadd.8.xml | 10 ++++++----
man/useradd.8.xml | 12 ++++++++----
3 files changed, 43 insertions(+), 19 deletions(-)
diff --git a/libmisc/chkname.c b/libmisc/chkname.c
index bdd1e72..957c966 100644
--- a/libmisc/chkname.c
+++ b/libmisc/chkname.c
@@ -55,26 +55,44 @@ static bool is_valid_name (const char *name)
}
static bool is_valid_name (const char *name)
-{
+{
/* /*
- * User/group names must match [a-z_][a-z0-9_-]*[$] - * User/group names must match [a-z_][a-z0-9_-]*[$]
- */ - */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ * User/group names must match gnu e-regex: + * User/group names must match gnu e-regex:
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]? + * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+ * + *
@ -22,15 +29,17 @@ Index: shadow-4.5/libmisc/chkname.c
+ * Also do not allow fully numeric names or just "." or "..". + * Also do not allow fully numeric names or just "." or "..".
+ */ + */
+ int numeric; + int numeric;
+
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ if ('\0' == *name || + if ('\0' == *name ||
+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) || + ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
+ '\0' == name[1])) || + '\0' == name[1])) ||
+ !((*name >= 'a' && *name <= 'z') || + !((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') || + (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') || + (*name >= '0' && *name <= '9') ||
+ *name == '_' || + *name == '_' ||
+ *name == '.')) { + *name == '.')) {
return false; return false;
} }
@ -42,14 +51,15 @@ Index: shadow-4.5/libmisc/chkname.c
- ('_' == *name) || - ('_' == *name) ||
- ('-' == *name) || - ('-' == *name) ||
- ( ('$' == *name) && ('\0' == *(name + 1)) ) - ( ('$' == *name) && ('\0' == *(name + 1)) )
- )) {
+ if (!((*name >= 'a' && *name <= 'z') || + if (!((*name >= 'a' && *name <= 'z') ||
+ (*name >= 'A' && *name <= 'Z') || + (*name >= 'A' && *name <= 'Z') ||
+ (*name >= '0' && *name <= '9') || + (*name >= '0' && *name <= '9') ||
+ *name == '_' || + *name == '_' ||
+ *name == '.' || + *name == '.' ||
+ *name == '-' || + *name == '-' ||
+ (*name == '$' && name[1] == '\0') + (*name == '$' && name[1] == '\0')
)) { + )) {
return false; return false;
} }
+ numeric &= isdigit(*name); + numeric &= isdigit(*name);
@ -60,11 +70,11 @@ Index: shadow-4.5/libmisc/chkname.c
} }
bool is_valid_user_name (const char *name) bool is_valid_user_name (const char *name)
Index: shadow-4.5/man/groupadd.8.xml diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
=================================================================== index 1e58f09..47a4c95 100644
--- shadow-4.5.orig/man/groupadd.8.xml --- a/man/groupadd.8.xml
+++ shadow-4.5/man/groupadd.8.xml +++ b/man/groupadd.8.xml
@@ -256,10 +256,12 @@ @@ -273,10 +273,12 @@
<refsect1 id='caveats'> <refsect1 id='caveats'>
<title>CAVEATS</title> <title>CAVEATS</title>
<para> <para>
@ -81,11 +91,11 @@ Index: shadow-4.5/man/groupadd.8.xml
</para> </para>
<para> <para>
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
Index: shadow-4.5/man/useradd.8.xml diff --git a/man/useradd.8.xml b/man/useradd.8.xml
=================================================================== index 03612ce..4e9e0dc 100644
--- shadow-4.5.orig/man/useradd.8.xml --- a/man/useradd.8.xml
+++ shadow-4.5/man/useradd.8.xml +++ b/man/useradd.8.xml
@@ -633,10 +633,14 @@ @@ -662,10 +662,14 @@
</para> </para>
<para> <para>
@ -104,3 +114,6 @@ Index: shadow-4.5/man/useradd.8.xml
</para> </para>
<para> <para>
Usernames may only be up to 32 characters long. Usernames may only be up to 32 characters long.
--
1.8.3.1

11
shadow-4.6.tar.xz.asc
View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
=fk/F
-----END PGP SIGNATURE-----

BIN
shadow-4.7.tar.xz
View File

Binary file not shown.

BIN
shadow-4.8.1.tar.xz Normal file
View File

Binary file not shown.

39
shadow-utils-fix-invalid-path.patch
View File

@ -1,39 +0,0 @@
From d268644440170ea52e124061e2d848278c693c90 Mon Sep 17 00:00:00 2001
From: guoxiaoqi <guoxiaoqi2@huawei.com>
Date: Mon, 16 Dec 2019 10:31:44 -0500
Subject: [PATCH] fix invalid path
Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
---
src/useradd.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/useradd.c b/src/useradd.c
index cafbe90..930b4ea 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -1276,6 +1276,21 @@ static void process_flags (int argc, char **argv)
exit (E_BAD_ARG);
}
user_shell = optarg;
+ struct stat st;
+ if (stat (optarg, &st) != 0) {
+ if ((ENOENT == errno) || (ENOTDIR == errno)) {
+ /* The file or directory does not exist */
+ fprintf (stderr,
+ _("%s: warning :The file %s is not exist\n"),
+ Prog, optarg);
+ exit (E_BAD_ARG);
+ }
+ } else if ((st.st_mode & S_IXUSR) == 0) {
+ fprintf (stderr,
+ _("%s: warning :The file %s is not executable\n"),
+ Prog, optarg);
+ exit (E_BAD_ARG);
+ }
def_shell = optarg;
sflg = true;
break;
--
1.8.3.1

49
shadow.spec
View File

@ -1,6 +1,6 @@
Name: shadow Name: shadow
Version: 4.7 Version: 4.8.1
Release: 10 Release: 2
Epoch: 2 Epoch: 2
License: BSD and GPLv2+ License: BSD and GPLv2+
Summary: Tools for managing accounts and shadow password files Summary: Tools for managing accounts and shadow password files
@ -10,17 +10,23 @@ Source2: shadow-utils.useradd
Source3: shadow-utils.login.defs Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt Source4: shadow-bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Source6: chpasswd
Source7: newusers
# fix unknown item 'LASTLOG_MAX_UID' # fix unknown item 'LASTLOG_MAX_UID'
Patch1: usermod.c-Fix-invalid-variable-name.patch Patch0: shadow-4.5-goodname.patch
Patch2: shadow-4.5-goodname.patch Patch1: fix-logmsg.patch
Patch3: shadow-4.1.5.1-var-lock.patch Patch2: null-time.patch
Patch4: shadow-utils-fix-lock-file-residue.patch Patch3: long-password-entry.patch
Patch5: shadow-utils-fix-invalid-path.patch Patch4: usermod-unlock.patch
Patch5: selinux-flag.patch
Patch6: add-home_mode-xml-file.patch
Patch7: shadow-4.1.5.1-var-lock.patch
Patch8: shadow-utils-fix-lock-file-residue.patch
BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
BuildRequires: libacl-devel, libattr-devel gdb BuildRequires: libacl-devel, libattr-devel gdb
BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds
BuildRequires: autoconf, automake, libtool, gettext-devel BuildRequires: autoconf, automake, libtool, gettext-devel, itstool, pam-devel
Requires: libselinux Requires: libselinux
Requires: audit Requires: audit
Requires: setup Requires: setup
@ -58,7 +64,7 @@ autoreconf -fiv
--with-sha-crypt \ --with-sha-crypt \
--with-selinux \ --with-selinux \
--without-libcrack \ --without-libcrack \
--without-libpam \ --with-libpam \
--disable-shared \ --disable-shared \
--with-group-name-max-length=32 --with-group-name-max-length=32
%make_build %make_build
@ -69,7 +75,8 @@ rm -rf $RPM_BUILD_ROOT
install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
install -p -c -m 0644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chpasswd
install -p -c -m 0644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/newusers
ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8 ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
@ -86,8 +93,6 @@ rm $RPM_BUILD_ROOT/%{_bindir}/login
rm $RPM_BUILD_ROOT/%{_bindir}/passwd rm $RPM_BUILD_ROOT/%{_bindir}/passwd
rm $RPM_BUILD_ROOT/%{_bindir}/su rm $RPM_BUILD_ROOT/%{_bindir}/su
rm $RPM_BUILD_ROOT/%{_bindir}/faillog rm $RPM_BUILD_ROOT/%{_bindir}/faillog
rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.* rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
@ -104,14 +109,8 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man1/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.* rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/limits.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/limits.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.access.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.access.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.* rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/porttime.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/porttime.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.* rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.* rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
@ -124,6 +123,11 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.* rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.* rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.*
rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chfn
rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chsh
rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/login
rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/passwd
rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/su
find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
%find_lang shadow %find_lang shadow
@ -156,11 +160,20 @@ done
%{_sbindir}/newusers %{_sbindir}/newusers
%{_sbindir}/vipw %{_sbindir}/vipw
%{_sbindir}/vigr %{_sbindir}/vigr
%{_sysconfdir}/pam.d/chpasswd
%{_sysconfdir}/pam.d/groupmems
%{_sysconfdir}/pam.d/newusers
%files help %files help
%{_mandir}/*/* %{_mandir}/*/*
%changelog %changelog
* Tue May 12 2020 steven<steven_ygui@163.com> - 2:4.8.1-2
- Enable --with-libpam config during compiling
* Fri Apr 24 2020 steven<steven_ygui@163.com> - 2:4.8.1-1
- Upgrade version to 4.8.1
* Sat Mar 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2:4.7-10 * Sat Mar 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2:4.7-10
- Only package man file into shadow-help; add buildrequires of gdb - Only package man file into shadow-help; add buildrequires of gdb

65
usermod-unlock.patch Normal file
View File

@ -0,0 +1,65 @@
Index: shadow-4.5/src/usermod.c
===================================================================
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -466,14 +466,17 @@ static char *new_pw_passwd (char *pw_pass)
strcat (buf, pw_pass);
pw_pass = buf;
} else if (Uflg && pw_pass[0] == '!') {
- char *s;
+ char *s = pw_pass;
- if (pw_pass[1] == '\0') {
+ while ('!' == *s)
+ ++s;
+
+ if (*s == '\0') {
fprintf (stderr,
_("%s: unlocking the user's password would result in a passwordless account.\n"
"You should set a password with usermod -p to unlock this user's password.\n"),
Prog);
- return pw_pass;
+ return NULL;
}
#ifdef WITH_AUDIT
@@ -482,12 +485,15 @@ static char *new_pw_passwd (char *pw_pass)
user_newname, (unsigned int) user_newid, 0);
#endif
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
- s = pw_pass;
- while ('\0' != *s) {
- *s = *(s + 1);
- s++;
- }
+ memmove (pw_pass, s, strlen (s) + 1);
} else if (pflg) {
+ if (strchr (user_pass, ':') != NULL) {
+ fprintf (stderr,
+ _("%s: The password field cannot contain a colon character.\n"),
+ Prog);
+ return NULL;
+
+ }
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
"changing password",
@@ -536,6 +542,8 @@ static void new_pwent (struct passwd *pwent)
if ( (!is_shadow_pwd)
|| (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
+ if (pwent->pw_passwd == NULL)
+ fail_exit (E_PW_UPDATE);
}
if (uflg) {
@@ -650,6 +658,8 @@ static void new_spent (struct spwd *spent)
* + aging has been requested
*/
spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
+ if (spent->sp_pwdp == NULL)
+ fail_exit(E_PW_UPDATE);
if (pflg) {
spent->sp_lstchg = (long) gettime () / SCALE;

28
usermod.c-Fix-invalid-variable-name.patch
View File

@ -1,28 +0,0 @@
From fc0ed79e5d700b4a730235fe88e60951717edc6e Mon Sep 17 00:00:00 2001
From: Stanislav Brabec <sbrabec@suse.cz>
Date: Fri, 26 Jul 2019 21:39:42 +0200
Subject: [PATCH] usermod.c: Fix invalid variable name
Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
---
src/usermod.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/usermod.c b/src/usermod.c
index c371886..0ae50e3 100644
--- a/src/usermod.c
+++ b/src/usermod.c
@@ -1879,7 +1879,7 @@ static void update_lastlog (void)
return;
}
- max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
+ max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
if (user_newid > max_uid) {
/* do not touch lastlog for large uids */
return;
--
1.8.3.1