[shadow-utils] new upstream release with support for subordinate uids and gids
Tomáš Mráz
tmraz at fedoraproject.org
Wed Nov 26 14:58:32 UTC 2014
commit 8b4e03b99440f35550118f0d102b3ffc1622586f
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Wed Nov 26 15:58:28 2014 +0100
new upstream release with support for subordinate uids and gids
.gitignore | 2 +
shadow-4.1.5.1-crypt-null.patch | 195 -------
shadow-4.1.5.1-date-parsing.patch | 138 -----
shadow-4.1.5.1-goodname.patch | 35 --
shadow-4.1.5.1-info-parent-dir.patch | 12 -
shadow-4.1.5.1-manfix.patch | 272 ----------
shadow-4.1.5.1-merge-group.patch | 27 -
...update.patch => shadow-4.2.1-audit-update.patch | 563 ++++++++++++--------
shadow-4.2.1-date-parsing.patch | 68 +++
shadow-4.2.1-manfix.patch | 78 +++
shadow-4.2.1-merge-group.patch | 13 +
shadow-utils.spec | 31 +-
sources | 4 +-
13 files changed, 514 insertions(+), 924 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index f5997c1..e78a553 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ shadow-4.1.4.2.tar.bz2
/shadow-4.1.5.tar.bz2
/shadow-4.1.5.1.tar.bz2
/shadow-4.1.5.1.tar.bz2.sig
+/shadow-4.2.1.tar.xz
+/shadow-4.2.1.tar.xz.sig
diff --git a/shadow-4.1.5.1-goodname.patch b/shadow-4.1.5.1-goodname.patch
index 06c0de6..15c98a7 100644
--- a/shadow-4.1.5.1-goodname.patch
+++ b/shadow-4.1.5.1-goodname.patch
@@ -72,41 +72,6 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
</para>
<para>
-diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8
---- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200
-+++ shadow-4.1.5.1/man/man8/groupadd.8 2014-09-09 17:28:46.330300342 +0200
-@@ -190,9 +190,7 @@ Shadow password suite configuration\&.
- .RE
- .SH "CAVEATS"
- .PP
--Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
--.PP
--Groupnames may only be up to 16 characters long\&.
-+Groupnames may only be up to 32 characters long\&.
- .PP
- You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
- .PP
-diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8
---- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200
-+++ shadow-4.1.5.1/man/man8/useradd.8 2014-09-09 17:28:46.330300342 +0200
-@@ -224,7 +224,7 @@ is not enabled, no home directories are
- .PP
- \fB\-M\fR
- .RS 4
--Do no create the user\*(Aqs home directory, even if the system wide setting from
-+Do not create the user\*(Aqs home directory, even if the system wide setting from
- /etc/login\&.defs
- (\fBCREATE_HOME\fR) is set to
- \fIyes\fR\&.
-@@ -430,8 +430,6 @@ Similarly, if the username already exist
- \fBuseradd\fR
- will deny the user account creation request\&.
- .PP
--Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
--.PP
- Usernames may only be up to 32 characters long\&.
- .SH "CONFIGURATION"
- .PP
diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200
+++ shadow-4.1.5.1/man/useradd.8.xml 2014-09-09 17:28:46.330300342 +0200
diff --git a/shadow-4.1.5.1-info-parent-dir.patch b/shadow-4.1.5.1-info-parent-dir.patch
index d2bc009..b05e5bb 100644
--- a/shadow-4.1.5.1-info-parent-dir.patch
+++ b/shadow-4.1.5.1-info-parent-dir.patch
@@ -1,15 +1,3 @@
-diff -up shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir shadow-4.1.5.1/man/man8/newusers.8
---- shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir 2012-05-25 13:59:09.000000000 +0200
-+++ shadow-4.1.5.1/man/man8/newusers.8 2012-09-19 18:47:17.203525237 +0200
-@@ -99,7 +99,7 @@ This field is copied in the GECOS field
- .RS 4
- This field is used to define the home directory of the user\&.
- .sp
--If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
-+If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
- .sp
- If the home directory of an existing user is changed,
- \fBnewusers\fR
diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200
+++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200
diff --git a/shadow-4.1.5.1-audit-update.patch b/shadow-4.2.1-audit-update.patch
similarity index 86%
rename from shadow-4.1.5.1-audit-update.patch
rename to shadow-4.2.1-audit-update.patch
index 17930bf..8f2edf8 100644
--- a/shadow-4.1.5.1-audit-update.patch
+++ b/shadow-4.2.1-audit-update.patch
@@ -1,31 +1,6 @@
-diff -urp shadow-4.1.5.1.orig/lib/prototypes.h shadow-4.1.5.1/lib/prototypes.h
---- shadow-4.1.5.1.orig/lib/prototypes.h 2014-09-13 15:45:54.953829562 -0400
-+++ shadow-4.1.5.1/lib/prototypes.h 2014-10-14 08:39:23.785884075 -0400
-@@ -195,12 +195,21 @@ extern int audit_fd;
- extern void audit_help_open (void);
- /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
- #define AUDIT_NO_ID ((unsigned int) -1)
-+#ifndef AUDIT_GRP_MGMT
-+#define AUDIT_GRP_MGMT 1132 /* Group account was modified */
-+#endif
-+#ifndef AUDIT_GRP_CHAUTHTOK
-+#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */
-+#endif
- typedef enum {
- SHADOW_AUDIT_FAILURE = 0,
- SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
- extern void audit_logger (int type, const char *pgname, const char *op,
- const char *name, unsigned int id,
- shadow_audit_result result);
-+void audit_logger_with_group (int type, unused const char *pgname,
-+ const char *op, const char *name, unsigned int id,
-+ const char *grp, shadow_audit_result result);
- void audit_logger_message (const char *message, shadow_audit_result result);
- #endif
-
-diff -urp shadow-4.1.5.1.orig/libmisc/audit_help.c shadow-4.1.5.1/libmisc/audit_help.c
---- shadow-4.1.5.1.orig/libmisc/audit_help.c 2010-08-21 07:41:28.000000000 -0400
-+++ shadow-4.1.5.1/libmisc/audit_help.c 2014-10-14 08:39:23.785884075 -0400
+diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/audit_help.c
+--- shadow-4.2.1/libmisc/audit_help.c.audit-update 2014-03-01 18:50:05.000000000 +0100
++++ shadow-4.2.1/libmisc/audit_help.c 2014-11-26 15:06:24.663660558 +0100
@@ -68,7 +68,7 @@ void audit_help_open (void)
* This function will log a message to the audit system using a predefined
* message format. Parameter usage is as follows:
@@ -75,9 +50,9 @@ diff -urp shadow-4.1.5.1.orig/libmisc/audit_help.c shadow-4.1.5.1/libmisc/audit_
void audit_logger_message (const char *message, shadow_audit_result result)
{
if (audit_fd < 0) {
-diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_group.c shadow-4.1.5.1/libmisc/cleanup_group.c
---- shadow-4.1.5.1.orig/libmisc/cleanup_group.c 2008-12-23 17:45:18.000000000 -0500
-+++ shadow-4.1.5.1/libmisc/cleanup_group.c 2014-10-14 09:00:33.594753105 -0400
+diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/cleanup_group.c
+--- shadow-4.2.1/libmisc/cleanup_group.c.audit-update 2014-03-01 18:50:05.000000000 +0100
++++ shadow-4.2.1/libmisc/cleanup_group.c 2014-11-26 15:06:24.663660558 +0100
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
gr_dbname (),
info->action));
@@ -156,9 +131,9 @@ diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_group.c shadow-4.1.5.1/libmisc/cle
SHADOW_AUDIT_FAILURE);
#endif
}
-diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_user.c shadow-4.1.5.1/libmisc/cleanup_user.c
---- shadow-4.1.5.1.orig/libmisc/cleanup_user.c 2008-12-23 17:45:18.000000000 -0500
-+++ shadow-4.1.5.1/libmisc/cleanup_user.c 2014-10-14 09:01:51.878745031 -0400
+diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/cleanup_user.c
+--- shadow-4.2.1/libmisc/cleanup_user.c.audit-update 2014-03-01 18:50:05.000000000 +0100
++++ shadow-4.2.1/libmisc/cleanup_user.c 2014-11-26 15:06:24.663660558 +0100
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
pw_dbname (),
info->action));
@@ -206,99 +181,34 @@ diff -urp shadow-4.1.5.1.orig/libmisc/cleanup_user.c shadow-4.1.5.1/libmisc/clea
SHADOW_AUDIT_FAILURE);
#endif
}
-diff -urp shadow-4.1.5.1.orig/src/chage.c shadow-4.1.5.1/src/chage.c
---- shadow-4.1.5.1.orig/src/chage.c 2011-11-19 17:54:47.000000000 -0500
-+++ shadow-4.1.5.1/src/chage.c 2014-10-14 08:39:23.787884075 -0400
-@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int
-
- #ifdef WITH_AUDIT
- if (E_SUCCESS != code) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change age",
-- user_name, (unsigned int) user_uid, 0);
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-age",
-+ user_name, (unsigned int) user_uid,
-+ SHADOW_AUDIT_FAILURE);
- }
+diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.h
+--- shadow-4.2.1/lib/prototypes.h.audit-update 2014-11-26 15:06:24.644660498 +0100
++++ shadow-4.2.1/lib/prototypes.h 2014-11-26 15:06:24.663660558 +0100
+@@ -208,12 +208,21 @@ extern int audit_fd;
+ extern void audit_help_open (void);
+ /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
+ #define AUDIT_NO_ID ((unsigned int) -1)
++#ifndef AUDIT_GRP_MGMT
++#define AUDIT_GRP_MGMT 1132 /* Group account was modified */
++#endif
++#ifndef AUDIT_GRP_CHAUTHTOK
++#define AUDIT_GRP_CHAUTHTOK 1133 /* Group account password was changed */
++#endif
+ typedef enum {
+ SHADOW_AUDIT_FAILURE = 0,
+ SHADOW_AUDIT_SUCCESS = 1} shadow_audit_result;
+ extern void audit_logger (int type, const char *pgname, const char *op,
+ const char *name, unsigned int id,
+ shadow_audit_result result);
++void audit_logger_with_group (int type, unused const char *pgname,
++ const char *op, const char *name, unsigned int id,
++ const char *grp, shadow_audit_result result);
+ void audit_logger_message (const char *message, shadow_audit_result result);
#endif
-@@ -873,11 +874,7 @@ int main (int argc, char **argv)
- fprintf (stderr, _("%s: Permission denied.\n"), Prog);
- fail_exit (E_NOPERM);
- }
--#ifdef WITH_AUDIT
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "display aging info",
-- user_name, (unsigned int) user_uid, 1);
--#endif
-+ /* Displaying fields is not of interest to audit */
- list_fields ();
- fail_exit (E_SUCCESS);
- }
-@@ -896,41 +893,43 @@ int main (int argc, char **argv)
- }
- #ifdef WITH_AUDIT
- else {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change all aging information",
-- user_name, (unsigned int) user_uid, 1);
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-all-aging-information",
-+ user_name, (unsigned int) user_uid,
-+ SHADOW_AUDIT_SUCCESS);
- }
- #endif
- } else {
- #ifdef WITH_AUDIT
- if (Mflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change max age",
-- user_name, (unsigned int) user_uid, 1);
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-max-age",
-+ user_name, (unsigned int) user_uid,
-+ SHADOW_AUDIT_SUCCESS);
- }
- if (mflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change min age",
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-min-age",
- user_name, (unsigned int) user_uid, 1);
- }
- if (dflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change last change date",
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-last-change-date",
- user_name, (unsigned int) user_uid, 1);
- }
- if (Wflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change passwd warning",
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-passwd-warning",
- user_name, (unsigned int) user_uid, 1);
- }
- if (Iflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change inactive days",
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-inactive-days",
- user_name, (unsigned int) user_uid, 1);
- }
- if (Eflg) {
-- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-- "change passwd expiration",
-+ audit_logger (AUDIT_USER_MGMT, Prog,
-+ "change-passwd-expiration",
- user_name, (unsigned int) user_uid, 1);
- }
- #endif
-diff -urp shadow-4.1.5.1.orig/src/gpasswd.c shadow-4.1.5.1/src/gpasswd.c
---- shadow-4.1.5.1.orig/src/gpasswd.c 2014-09-13 15:45:54.989829559 -0400
-+++ shadow-4.1.5.1/src/gpasswd.c 2014-10-14 08:43:07.393861012 -0400
+diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
+--- shadow-4.2.1/src/gpasswd.c.audit-update 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/gpasswd.c 2014-11-26 15:06:24.664660561 +0100
@@ -137,7 +137,7 @@ static void usage (int status)
(void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout);
(void) fputs (_(" -h, --help display this help message and exit\n"), usageout);
@@ -562,9 +472,9 @@ diff -urp shadow-4.1.5.1.orig/src/gpasswd.c shadow-4.1.5.1/src/gpasswd.c
SHADOW_AUDIT_SUCCESS);
#endif
}
-diff -urp shadow-4.1.5.1.orig/src/groupadd.c shadow-4.1.5.1/src/groupadd.c
---- shadow-4.1.5.1.orig/src/groupadd.c 2011-11-18 16:23:30.000000000 -0500
-+++ shadow-4.1.5.1/src/groupadd.c 2014-10-14 08:39:23.800884073 -0400
+diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
+--- shadow-4.2.1/src/groupadd.c.audit-update 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/groupadd.c 2014-11-26 15:06:24.664660561 +0100
@@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@@ -740,9 +650,9 @@ diff -urp shadow-4.1.5.1.orig/src/groupadd.c shadow-4.1.5.1/src/groupadd.c
}
}
-diff -urp shadow-4.1.5.1.orig/src/groupdel.c shadow-4.1.5.1/src/groupdel.c
---- shadow-4.1.5.1.orig/src/groupdel.c 2011-11-18 16:23:30.000000000 -0500
-+++ shadow-4.1.5.1/src/groupdel.c 2014-10-14 08:39:23.801884073 -0400
+diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
+--- shadow-4.2.1/src/groupdel.c.audit-update 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/groupdel.c 2014-11-26 15:06:24.665660564 +0100
@@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta
exit (status);
}
@@ -912,9 +822,9 @@ diff -urp shadow-4.1.5.1.orig/src/groupdel.c shadow-4.1.5.1/src/groupdel.c
}
#endif
-diff -urp shadow-4.1.5.1.orig/src/groupmod.c shadow-4.1.5.1/src/groupmod.c
---- shadow-4.1.5.1.orig/src/groupmod.c 2011-11-18 16:23:30.000000000 -0500
-+++ shadow-4.1.5.1/src/groupmod.c 2014-10-14 08:49:28.517821702 -0400
+diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c
+--- shadow-4.2.1/src/groupmod.c.audit-update 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/groupmod.c 2014-11-26 15:06:24.665660564 +0100
@@ -438,7 +438,7 @@ static void close_files (void)
exit (E_GRP_UPDATE);
}
@@ -1108,10 +1018,100 @@ diff -urp shadow-4.1.5.1.orig/src/groupmod.c shadow-4.1.5.1/src/groupmod.c
// FIXME: add a system cleanup
add_cleanup (cleanup_report_mod_group, &info_group);
-diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
---- shadow-4.1.5.1.orig/src/newgrp.c 2014-09-13 15:45:55.010829557 -0400
-+++ shadow-4.1.5.1/src/newgrp.c 2014-10-14 08:39:23.802884073 -0400
-@@ -197,11 +197,12 @@ static void check_perms (const struct gr
+diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c
+--- shadow-4.2.1/src/chage.c.audit-update 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/src/chage.c 2014-11-26 15:06:24.663660558 +0100
+@@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int
+
+ #ifdef WITH_AUDIT
+ if (E_SUCCESS != code) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change age",
+- user_name, (unsigned int) user_uid, 0);
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-age",
++ user_name, (unsigned int) user_uid,
++ SHADOW_AUDIT_FAILURE);
+ }
+ #endif
+
+@@ -873,11 +874,7 @@ int main (int argc, char **argv)
+ fprintf (stderr, _("%s: Permission denied.\n"), Prog);
+ fail_exit (E_NOPERM);
+ }
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "display aging info",
+- user_name, (unsigned int) user_uid, 1);
+-#endif
++ /* Displaying fields is not of interest to audit */
+ list_fields ();
+ fail_exit (E_SUCCESS);
+ }
+@@ -896,41 +893,43 @@ int main (int argc, char **argv)
+ }
+ #ifdef WITH_AUDIT
+ else {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change all aging information",
+- user_name, (unsigned int) user_uid, 1);
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-all-aging-information",
++ user_name, (unsigned int) user_uid,
++ SHADOW_AUDIT_SUCCESS);
+ }
+ #endif
+ } else {
+ #ifdef WITH_AUDIT
+ if (Mflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change max age",
+- user_name, (unsigned int) user_uid, 1);
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-max-age",
++ user_name, (unsigned int) user_uid,
++ SHADOW_AUDIT_SUCCESS);
+ }
+ if (mflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change min age",
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-min-age",
+ user_name, (unsigned int) user_uid, 1);
+ }
+ if (dflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change last change date",
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-last-change-date",
+ user_name, (unsigned int) user_uid, 1);
+ }
+ if (Wflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change passwd warning",
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-passwd-warning",
+ user_name, (unsigned int) user_uid, 1);
+ }
+ if (Iflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change inactive days",
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-inactive-days",
+ user_name, (unsigned int) user_uid, 1);
+ }
+ if (Eflg) {
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+- "change passwd expiration",
++ audit_logger (AUDIT_USER_MGMT, Prog,
++ "change-passwd-expiration",
+ user_name, (unsigned int) user_uid, 1);
+ }
+ #endif
+diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
+--- shadow-4.2.1/src/newgrp.c.audit-update 2014-11-26 15:06:24.660660548 +0100
++++ shadow-4.2.1/src/newgrp.c 2014-11-26 15:06:24.666660567 +0100
+@@ -206,11 +206,12 @@ static void check_perms (const struct gr
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@@ -1126,7 +1126,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
SYSLOG ((LOG_INFO,
"Invalid password for group '%s' from '%s'",
-@@ -212,11 +213,12 @@ static void check_perms (const struct gr
+@@ -221,11 +222,12 @@ static void check_perms (const struct gr
}
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@@ -1141,7 +1141,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
}
-@@ -227,19 +229,6 @@ failure:
+@@ -236,19 +238,6 @@ failure:
* harm. -- JWP
*/
closelog ();
@@ -1161,7 +1161,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
exit (EXIT_FAILURE);
}
-@@ -308,15 +297,27 @@ static void syslog_sg (const char *name,
+@@ -317,15 +306,27 @@ static void syslog_sg (const char *name,
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
if (group) {
@@ -1193,7 +1193,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
-@@ -442,7 +443,7 @@ int main (int argc, char **argv)
+@@ -451,7 +452,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
"changing", NULL,
@@ -1202,7 +1202,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
-@@ -558,15 +559,26 @@ int main (int argc, char **argv)
+@@ -567,15 +568,26 @@ int main (int argc, char **argv)
perror ("getgroups");
#ifdef WITH_AUDIT
if (group) {
@@ -1233,7 +1233,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
-@@ -707,10 +719,10 @@ int main (int argc, char **argv)
+@@ -716,10 +728,10 @@ int main (int argc, char **argv)
perror ("setgid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@@ -1246,7 +1246,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
-@@ -719,10 +731,10 @@ int main (int argc, char **argv)
+@@ -728,10 +740,10 @@ int main (int argc, char **argv)
perror ("setuid");
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@@ -1259,7 +1259,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
exit (EXIT_FAILURE);
}
-@@ -736,10 +748,10 @@ int main (int argc, char **argv)
+@@ -745,10 +757,10 @@ int main (int argc, char **argv)
execl (SHELL, "sh", "-c", command, (char *) 0);
#ifdef WITH_AUDIT
snprintf (audit_buf, sizeof(audit_buf),
@@ -1272,7 +1272,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
-@@ -803,11 +815,11 @@ int main (int argc, char **argv)
+@@ -812,11 +824,11 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
@@ -1286,7 +1286,7 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
#endif
/*
* Exec the login shell and go away. We are trying to get back to
-@@ -831,15 +843,24 @@ int main (int argc, char **argv)
+@@ -840,15 +852,24 @@ int main (int argc, char **argv)
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
@@ -1315,10 +1315,10 @@ diff -urp shadow-4.1.5.1.orig/src/newgrp.c shadow-4.1.5.1/src/newgrp.c
}
#endif
exit (EXIT_FAILURE);
-diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
---- shadow-4.1.5.1.orig/src/useradd.c 2014-09-13 15:45:54.957829561 -0400
-+++ shadow-4.1.5.1/src/useradd.c 2014-10-14 08:52:53.066800605 -0400
-@@ -205,6 +205,8 @@ static void create_mail (void);
+diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
+--- shadow-4.2.1/src/useradd.c.audit-update 2014-11-26 15:06:24.648660511 +0100
++++ shadow-4.2.1/src/useradd.c 2014-11-26 15:14:02.446087183 +0100
+@@ -222,6 +222,8 @@ static void create_mail (void);
*/
static void fail_exit (int code)
{
@@ -1327,7 +1327,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
if (home_added) {
if (rmdir (user_home) != 0) {
fprintf (stderr,
-@@ -218,12 +220,6 @@ static void fail_exit (int code)
+@@ -235,12 +237,6 @@ static void fail_exit (int code)
if (spw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
@@ -1340,7 +1340,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
/* continue */
}
}
-@@ -231,12 +227,6 @@ static void fail_exit (int code)
+@@ -248,12 +244,6 @@ static void fail_exit (int code)
if (pw_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
@@ -1353,7 +1353,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
/* continue */
}
}
-@@ -244,12 +234,6 @@ static void fail_exit (int code)
+@@ -261,12 +251,6 @@ static void fail_exit (int code)
if (gr_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
@@ -1366,7 +1366,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
/* continue */
}
}
-@@ -258,20 +242,19 @@ static void fail_exit (int code)
+@@ -275,12 +259,6 @@ static void fail_exit (int code)
if (sgr_unlock () == 0) {
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
@@ -1379,7 +1379,33 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
/* continue */
}
}
- #endif
+@@ -290,12 +268,6 @@ static void fail_exit (int code)
+ if (sub_uid_unlock () == 0) {
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_ADD_USER, Prog,
+- "unlocking subordinate user file",
+- user_name, AUDIT_NO_ID,
+- SHADOW_AUDIT_FAILURE);
+-#endif
+ /* continue */
+ }
+ }
+@@ -303,20 +275,19 @@ static void fail_exit (int code)
+ if (sub_gid_unlock () == 0) {
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_ADD_USER, Prog,
+- "unlocking subordinate group file",
+- user_name, AUDIT_NO_ID,
+- SHADOW_AUDIT_FAILURE);
+-#endif
+ /* continue */
+ }
+ }
+ #endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
- audit_logger (AUDIT_ADD_USER, Prog,
@@ -1394,7 +1420,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -578,7 +561,7 @@ static int set_defaults (void)
+@@ -623,7 +594,7 @@ static int set_defaults (void)
}
#ifdef WITH_AUDIT
audit_logger (AUDIT_USYS_CONFIG, Prog,
@@ -1403,7 +1429,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
NULL, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
-@@ -848,12 +831,6 @@ static void grp_update (void)
+@@ -893,12 +864,6 @@ static void grp_update (void)
_("%s: Out of memory. Cannot update %s.\n"),
Prog, gr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
@@ -1416,7 +1442,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_GRP_UPDATE); /* XXX */
}
-@@ -867,18 +844,12 @@ static void grp_update (void)
+@@ -912,18 +877,12 @@ static void grp_update (void)
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, gr_dbname (), ngrp->gr_name);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name));
@@ -1438,7 +1464,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
-@@ -923,12 +894,6 @@ static void grp_update (void)
+@@ -968,12 +927,6 @@ static void grp_update (void)
_("%s: Out of memory. Cannot update %s.\n"),
Prog, sgr_dbname ());
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
@@ -1451,7 +1477,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_GRP_UPDATE); /* XXX */
}
-@@ -942,18 +907,13 @@ static void grp_update (void)
+@@ -987,18 +940,13 @@ static void grp_update (void)
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, sgr_dbname (), nsgrp->sg_name);
SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name));
@@ -1474,7 +1500,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
SHADOW_AUDIT_SUCCESS);
#endif
SYSLOG ((LOG_INFO,
-@@ -1296,7 +1256,7 @@ static void process_flags (int argc, cha
+@@ -1341,7 +1289,7 @@ static void process_flags (int argc, cha
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1483,7 +1509,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1385,7 +1345,7 @@ static void close_files (void)
+@@ -1444,7 +1392,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1492,7 +1518,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1398,7 +1358,7 @@ static void close_files (void)
+@@ -1457,7 +1405,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1501,7 +1527,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1410,7 +1370,7 @@ static void close_files (void)
+@@ -1469,7 +1417,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1510,7 +1536,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1424,7 +1384,7 @@ static void close_files (void)
+@@ -1483,7 +1431,7 @@ static void close_files (void)
SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
@@ -1519,7 +1545,25 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1584,7 +1544,7 @@ static void grp_add (void)
+@@ -1499,7 +1447,7 @@ static void close_files (void)
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
+ #ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+- "unlocking subordinate user file",
++ "unlocking-subordinate-user-file",
+ user_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_FAILURE);
+ #endif
+@@ -1513,7 +1461,7 @@ static void close_files (void)
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
+ #ifdef WITH_AUDIT
+ audit_logger (AUDIT_ADD_USER, Prog,
+- "unlocking subordinate group file",
++ "unlocking-subordinate-group-file",
+ user_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_FAILURE);
+ #endif
+@@ -1705,7 +1653,7 @@ static void grp_add (void)
Prog, gr_dbname (), grp.gr_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@@ -1528,7 +1572,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1600,7 +1560,7 @@ static void grp_add (void)
+@@ -1721,7 +1669,7 @@ static void grp_add (void)
Prog, sgr_dbname (), sgrp.sg_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@@ -1537,7 +1581,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif
-@@ -1610,7 +1570,7 @@ static void grp_add (void)
+@@ -1731,7 +1679,7 @@ static void grp_add (void)
SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_GROUP, Prog,
@@ -1546,7 +1590,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
grp.gr_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
-@@ -1725,17 +1685,11 @@ static void usr_update (void)
+@@ -1846,12 +1794,6 @@ static void usr_update (void)
fprintf (stderr,
_("%s: failed to prepare the new %s entry '%s'\n"),
Prog, spw_dbname (), spent.sp_namp);
@@ -1558,6 +1602,9 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
-#endif
fail_exit (E_PW_UPDATE);
}
+ #ifdef ENABLE_SUBIDS
+@@ -1873,7 +1815,7 @@ static void usr_update (void)
+
#ifdef WITH_AUDIT
audit_logger (AUDIT_ADD_USER, Prog,
- "adding user",
@@ -1565,7 +1612,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif
-@@ -1771,12 +1725,6 @@ static void create_home (void)
+@@ -1908,12 +1850,6 @@ static void create_home (void)
fprintf (stderr,
_("%s: cannot create directory %s\n"),
Prog, user_home);
@@ -1578,7 +1625,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_HOMEDIR);
}
chown (user_home, user_id, user_gid);
-@@ -1784,8 +1732,8 @@ static void create_home (void)
+@@ -1921,8 +1857,8 @@ static void create_home (void)
0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
home_added = true;
#ifdef WITH_AUDIT
@@ -1589,7 +1636,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif
-@@ -1951,12 +1899,6 @@ int main (int argc, char **argv)
+@@ -2098,12 +2034,6 @@ int main (int argc, char **argv)
*/
if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
@@ -1602,7 +1649,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
-@@ -1972,12 +1914,6 @@ int main (int argc, char **argv)
+@@ -2119,12 +2049,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
Prog, user_name);
@@ -1615,7 +1662,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_NAME_IN_USE);
}
}
-@@ -2007,12 +1943,6 @@ int main (int argc, char **argv)
+@@ -2154,12 +2078,6 @@ int main (int argc, char **argv)
fprintf (stderr,
_("%s: UID %lu is not unique\n"),
Prog, (unsigned long) user_id);
@@ -1628,7 +1675,7 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
fail_exit (E_UID_IN_USE);
}
}
-@@ -2057,9 +1987,10 @@ int main (int argc, char **argv)
+@@ -2223,9 +2141,10 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
@@ -1642,10 +1689,10 @@ diff -urp shadow-4.1.5.1.orig/src/useradd.c shadow-4.1.5.1/src/useradd.c
#endif /* WITH_AUDIT */
rv = E_SE_UPDATE;
}
-diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
---- shadow-4.1.5.1.orig/src/userdel.c 2014-09-13 15:45:55.001829558 -0400
-+++ shadow-4.1.5.1/src/userdel.c 2014-10-14 08:44:52.714850149 -0400
-@@ -201,9 +201,9 @@ static void update_groups (void)
+diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
+--- shadow-4.2.1/src/userdel.c.audit-update 2014-11-26 15:06:24.655660533 +0100
++++ shadow-4.2.1/src/userdel.c 2014-11-26 15:16:01.892459425 +0100
+@@ -214,9 +214,9 @@ static void update_groups (void)
* Update the DBM group file with the new entry as well.
*/
#ifdef WITH_AUDIT
@@ -1658,7 +1705,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n",
-@@ -263,9 +263,9 @@ static void update_groups (void)
+@@ -276,9 +276,9 @@ static void update_groups (void)
exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
@@ -1671,7 +1718,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n",
-@@ -342,9 +342,9 @@ static void remove_usergroup (void)
+@@ -355,9 +355,9 @@ static void remove_usergroup (void)
}
#ifdef WITH_AUDIT
@@ -1684,7 +1731,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
-@@ -360,9 +360,9 @@ static void remove_usergroup (void)
+@@ -373,9 +373,9 @@ static void remove_usergroup (void)
fail_exit (E_GRP_UPDATE);
}
#ifdef WITH_AUDIT
@@ -1697,7 +1744,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
SYSLOG ((LOG_INFO,
-@@ -478,7 +478,7 @@ static void fail_exit (int code)
+@@ -537,7 +537,7 @@ static void fail_exit (int code)
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1706,7 +1753,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -498,24 +498,12 @@ static void open_files (void)
+@@ -557,24 +557,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, pw_dbname ());
@@ -1731,7 +1778,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
fail_exit (E_PW_UPDATE);
}
if (is_shadow_pwd) {
-@@ -523,12 +511,6 @@ static void open_files (void)
+@@ -582,12 +570,6 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, spw_dbname ());
@@ -1744,7 +1791,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
fail_exit (E_PW_UPDATE);
}
spw_locked = true;
-@@ -536,12 +518,6 @@ static void open_files (void)
+@@ -595,12 +577,6 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot open %s\n"),
Prog, spw_dbname ());
@@ -1757,7 +1804,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
fail_exit (E_PW_UPDATE);
}
}
-@@ -549,23 +525,11 @@ static void open_files (void)
+@@ -608,23 +584,11 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, gr_dbname ());
@@ -1781,7 +1828,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
fail_exit (E_GRP_UPDATE);
}
#ifdef SHADOWGRP
-@@ -574,24 +538,12 @@ static void open_files (void)
+@@ -633,24 +597,12 @@ static void open_files (void)
fprintf (stderr,
_("%s: cannot lock %s; try again later.\n"),
Prog, sgr_dbname ());
@@ -1806,8 +1853,58 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
fail_exit (E_GRP_UPDATE);
}
}
-@@ -622,7 +574,7 @@ static void update_user (void)
+@@ -661,24 +613,12 @@ static void open_files (void)
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, sub_uid_dbname ());
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_DEL_USER, Prog,
+- "locking subordinate user file",
+- user_name, (unsigned int) user_id,
+- SHADOW_AUDIT_FAILURE);
+-#endif /* WITH_AUDIT */
+ fail_exit (E_SUB_UID_UPDATE);
+ }
+ sub_uid_locked = true;
+ if (sub_uid_open (O_RDWR) == 0) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_DEL_USER, Prog,
+- "opening subordinate user file",
+- user_name, (unsigned int) user_id,
+- SHADOW_AUDIT_FAILURE);
+-#endif /* WITH_AUDIT */
+ fail_exit (E_SUB_UID_UPDATE);
+ }
+ }
+@@ -687,24 +627,12 @@ static void open_files (void)
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, sub_gid_dbname ());
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_DEL_USER, Prog,
+- "locking subordinate group file",
+- user_name, (unsigned int) user_id,
+- SHADOW_AUDIT_FAILURE);
+-#endif /* WITH_AUDIT */
+ fail_exit (E_SUB_GID_UPDATE);
+ }
+ sub_gid_locked = true;
+ if (sub_gid_open (O_RDWR) == 0) {
+ fprintf (stderr,
+ _("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
+-#ifdef WITH_AUDIT
+- audit_logger (AUDIT_DEL_USER, Prog,
+- "opening subordinate group file",
+- user_name, (unsigned int) user_id,
+- SHADOW_AUDIT_FAILURE);
+-#endif /* WITH_AUDIT */
+ fail_exit (E_SUB_GID_UPDATE);
+ }
}
+@@ -749,7 +677,7 @@ static void update_user (void)
+ #endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
- "deleting user entries",
@@ -1815,7 +1912,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
#endif /* WITH_AUDIT */
-@@ -716,7 +668,7 @@ static int remove_mailbox (void)
+@@ -843,7 +771,7 @@ static int remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1824,7 +1921,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -732,7 +684,7 @@ static int remove_mailbox (void)
+@@ -859,7 +787,7 @@ static int remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1833,7 +1930,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -742,8 +694,8 @@ static int remove_mailbox (void)
+@@ -869,8 +797,8 @@ static int remove_mailbox (void)
#ifdef WITH_AUDIT
else
{
@@ -1844,7 +1941,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
}
-@@ -760,7 +712,7 @@ static int remove_mailbox (void)
+@@ -887,7 +815,7 @@ static int remove_mailbox (void)
mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1853,7 +1950,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -775,7 +727,7 @@ static int remove_mailbox (void)
+@@ -902,7 +830,7 @@ static int remove_mailbox (void)
SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno)));
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1862,7 +1959,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -785,8 +737,8 @@ static int remove_mailbox (void)
+@@ -912,8 +840,8 @@ static int remove_mailbox (void)
#ifdef WITH_AUDIT
else
{
@@ -1873,7 +1970,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
}
-@@ -980,7 +932,7 @@ int main (int argc, char **argv)
+@@ -1111,7 +1039,7 @@ int main (int argc, char **argv)
Prog, user_name);
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1882,7 +1979,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -1024,7 +976,7 @@ int main (int argc, char **argv)
+@@ -1155,7 +1083,7 @@ int main (int argc, char **argv)
if (!fflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1891,7 +1988,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -1101,8 +1053,8 @@ int main (int argc, char **argv)
+@@ -1232,8 +1160,8 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
else
{
@@ -1902,7 +1999,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_SUCCESS);
}
-@@ -1111,7 +1063,7 @@ int main (int argc, char **argv)
+@@ -1242,7 +1170,7 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
if (0 != errors) {
audit_logger (AUDIT_DEL_USER, Prog,
@@ -1911,7 +2008,7 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, AUDIT_NO_ID,
SHADOW_AUDIT_FAILURE);
}
-@@ -1124,8 +1076,8 @@ int main (int argc, char **argv)
+@@ -1255,8 +1183,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
@@ -1922,10 +2019,10 @@ diff -urp shadow-4.1.5.1.orig/src/userdel.c shadow-4.1.5.1/src/userdel.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
---- shadow-4.1.5.1.orig/src/usermod.c 2014-09-13 15:45:55.013829557 -0400
-+++ shadow-4.1.5.1/src/usermod.c 2014-10-14 08:50:05.817817855 -0400
-@@ -352,8 +352,8 @@ static char *new_pw_passwd (char *pw_pas
+diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
+--- shadow-4.2.1/src/usermod.c.audit-update 2014-11-26 15:06:24.661660551 +0100
++++ shadow-4.2.1/src/usermod.c 2014-11-26 15:17:38.580760741 +0100
+@@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -1936,7 +2033,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname));
strcpy (buf, "!");
-@@ -372,8 +372,8 @@ static char *new_pw_passwd (char *pw_pas
+@@ -467,8 +467,8 @@ static char *new_pw_passwd (char *pw_pas
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -1947,7 +2044,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
s = pw_pass;
-@@ -384,7 +384,7 @@ static char *new_pw_passwd (char *pw_pas
+@@ -479,7 +479,7 @@ static char *new_pw_passwd (char *pw_pas
} else if (pflg) {
#ifdef WITH_AUDIT
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -1956,7 +2053,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO, "change user '%s' password", user_newname));
-@@ -413,8 +413,8 @@ static void new_pwent (struct passwd *pw
+@@ -508,8 +508,8 @@ static void new_pwent (struct passwd *pw
fail_exit (E_NAME_IN_USE);
}
#ifdef WITH_AUDIT
@@ -1967,7 +2064,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -434,8 +434,8 @@ static void new_pwent (struct passwd *pw
+@@ -529,8 +529,8 @@ static void new_pwent (struct passwd *pw
if (uflg) {
#ifdef WITH_AUDIT
@@ -1978,7 +2075,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -445,8 +445,8 @@ static void new_pwent (struct passwd *pw
+@@ -540,8 +540,8 @@ static void new_pwent (struct passwd *pw
}
if (gflg) {
#ifdef WITH_AUDIT
@@ -1989,7 +2086,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -456,8 +456,8 @@ static void new_pwent (struct passwd *pw
+@@ -551,8 +551,8 @@ static void new_pwent (struct passwd *pw
}
if (cflg) {
#ifdef WITH_AUDIT
@@ -2000,7 +2097,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
pwent->pw_gecos = user_newcomment;
-@@ -465,8 +465,8 @@ static void new_pwent (struct passwd *pw
+@@ -560,8 +560,8 @@ static void new_pwent (struct passwd *pw
if (dflg) {
#ifdef WITH_AUDIT
@@ -2011,7 +2108,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -476,8 +476,8 @@ static void new_pwent (struct passwd *pw
+@@ -571,8 +571,8 @@ static void new_pwent (struct passwd *pw
}
if (sflg) {
#ifdef WITH_AUDIT
@@ -2022,7 +2119,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -507,8 +507,8 @@ static void new_spent (struct spwd *spen
+@@ -602,8 +602,8 @@ static void new_spent (struct spwd *spen
if (fflg) {
#ifdef WITH_AUDIT
@@ -2033,7 +2130,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -524,8 +524,8 @@ static void new_spent (struct spwd *spen
+@@ -619,8 +619,8 @@ static void new_spent (struct spwd *spen
date_to_str (old_exp, sizeof(old_exp),
user_expire * DAY);
#ifdef WITH_AUDIT
@@ -2044,8 +2141,8 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
#endif
SYSLOG ((LOG_INFO,
-@@ -592,9 +592,9 @@ static /*@noreturn@*/void fail_exit (int
- }
+@@ -703,9 +703,9 @@ static /*@noreturn@*/void fail_exit (int
+ #endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
@@ -2057,7 +2154,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
exit (code);
}
-@@ -648,9 +648,12 @@ static void update_group (void)
+@@ -759,9 +759,12 @@ static void update_group (void)
user_newname);
changed = true;
#ifdef WITH_AUDIT
@@ -2073,7 +2170,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in group '%s'",
-@@ -664,9 +667,11 @@ static void update_group (void)
+@@ -775,9 +778,11 @@ static void update_group (void)
ngrp->gr_mem = del_list (ngrp->gr_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
@@ -2088,7 +2185,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from group '%s'",
-@@ -679,9 +684,11 @@ static void update_group (void)
+@@ -790,9 +795,11 @@ static void update_group (void)
ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
@@ -2103,7 +2200,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO, "add '%s' to group '%s'",
user_newname, ngrp->gr_name));
-@@ -756,9 +763,10 @@ static void update_gshadow (void)
+@@ -867,9 +874,10 @@ static void update_gshadow (void)
nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname);
changed = true;
#ifdef WITH_AUDIT
@@ -2117,7 +2214,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO,
"change admin '%s' to '%s' in shadow group '%s'",
-@@ -778,9 +786,10 @@ static void update_gshadow (void)
+@@ -889,9 +897,10 @@ static void update_gshadow (void)
user_newname);
changed = true;
#ifdef WITH_AUDIT
@@ -2131,7 +2228,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO,
"change '%s' to '%s' in shadow group '%s'",
-@@ -794,9 +803,10 @@ static void update_gshadow (void)
+@@ -905,9 +914,10 @@ static void update_gshadow (void)
nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name);
changed = true;
#ifdef WITH_AUDIT
@@ -2145,7 +2242,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO,
"delete '%s' from shadow group '%s'",
-@@ -809,9 +819,10 @@ static void update_gshadow (void)
+@@ -920,9 +930,10 @@ static void update_gshadow (void)
nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname);
changed = true;
#ifdef WITH_AUDIT
@@ -2159,7 +2256,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
#endif
SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
user_newname, nsgrp->sg_name));
-@@ -1515,8 +1526,8 @@ static void move_home (void)
+@@ -1810,8 +1821,8 @@ static void move_home (void)
#ifdef WITH_AUDIT
if (uflg || gflg) {
@@ -2170,7 +2267,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
-@@ -1534,8 +1545,8 @@ static void move_home (void)
+@@ -1829,8 +1840,8 @@ static void move_home (void)
fail_exit (E_HOMEDIR);
}
#ifdef WITH_AUDIT
@@ -2181,7 +2278,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid,
1);
#endif
-@@ -1554,9 +1565,9 @@ static void move_home (void)
+@@ -1849,9 +1860,9 @@ static void move_home (void)
Prog, user_home);
}
#ifdef WITH_AUDIT
@@ -2193,7 +2290,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname,
(unsigned int) user_newid,
1);
-@@ -1760,8 +1771,8 @@ static void move_mailbox (void)
+@@ -2055,8 +2066,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
@@ -2204,7 +2301,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
-@@ -1779,8 +1790,8 @@ static void move_mailbox (void)
+@@ -2074,8 +2085,8 @@ static void move_mailbox (void)
}
#ifdef WITH_AUDIT
else {
@@ -2215,7 +2312,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_newname, (unsigned int) user_newid, 1);
}
#endif
-@@ -1910,8 +1921,8 @@ int main (int argc, char **argv)
+@@ -2217,8 +2228,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
Prog, user_name, user_selinux);
#ifdef WITH_AUDIT
@@ -2226,7 +2323,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -1923,8 +1934,8 @@ int main (int argc, char **argv)
+@@ -2230,8 +2241,8 @@ int main (int argc, char **argv)
_("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
Prog, user_name);
#ifdef WITH_AUDIT
@@ -2237,7 +2334,7 @@ diff -urp shadow-4.1.5.1.orig/src/usermod.c shadow-4.1.5.1/src/usermod.c
user_name, (unsigned int) user_id,
SHADOW_AUDIT_FAILURE);
#endif /* WITH_AUDIT */
-@@ -1962,8 +1973,8 @@ int main (int argc, char **argv)
+@@ -2269,8 +2280,8 @@ int main (int argc, char **argv)
*/
#ifdef WITH_AUDIT
if (uflg || gflg) {
diff --git a/shadow-4.2.1-date-parsing.patch b/shadow-4.2.1-date-parsing.patch
new file mode 100644
index 0000000..91a85ac
--- /dev/null
+++ b/shadow-4.2.1-date-parsing.patch
@@ -0,0 +1,68 @@
+diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y
+--- shadow-4.2.1/libmisc/getdate.y.date-parsing 2014-03-01 18:50:05.000000000 +0100
++++ shadow-4.2.1/libmisc/getdate.y 2014-11-26 14:58:21.208153924 +0100
+@@ -152,6 +152,7 @@ static int yyHaveDay;
+ static int yyHaveRel;
+ static int yyHaveTime;
+ static int yyHaveZone;
++static int yyHaveYear;
+ static int yyTimezone;
+ static int yyDay;
+ static int yyHour;
+@@ -293,18 +294,21 @@ date : tUNUMBER '/' tUNUMBER {
+ yyDay = $3;
+ yyYear = $5;
+ }
++ yyHaveYear++;
+ }
+ | tUNUMBER tSNUMBER tSNUMBER {
+ /* ISO 8601 format. yyyy-mm-dd. */
+ yyYear = $1;
+ yyMonth = -$2;
+ yyDay = -$3;
++ yyHaveYear++;
+ }
+ | tUNUMBER tMONTH tSNUMBER {
+ /* e.g. 17-JUN-1992. */
+ yyDay = $1;
+ yyMonth = $2;
+ yyYear = -$3;
++ yyHaveYear++;
+ }
+ | tMONTH tUNUMBER {
+ yyMonth = $1;
+@@ -314,6 +318,7 @@ date : tUNUMBER '/' tUNUMBER {
+ yyMonth = $1;
+ yyDay = $2;
+ yyYear = $4;
++ yyHaveYear++;
+ }
+ | tUNUMBER tMONTH {
+ yyMonth = $2;
+@@ -323,6 +328,7 @@ date : tUNUMBER '/' tUNUMBER {
+ yyMonth = $2;
+ yyDay = $1;
+ yyYear = $3;
++ yyHaveYear++;
+ }
+ ;
+
+@@ -395,7 +401,8 @@ relunit : tUNUMBER tYEAR_UNIT {
+
+ number : tUNUMBER
+ {
+- if ((yyHaveTime != 0) && (yyHaveDate != 0) && (yyHaveRel == 0))
++ if ((yyHaveTime != 0 || $1 >= 100) && !yyHaveYear
++ && (yyHaveDate != 0) && (yyHaveRel == 0))
+ yyYear = $1;
+ else
+ {
+@@ -802,7 +809,7 @@ yylex (void)
+ return LookupWord (buff);
+ }
+ if (c != '(')
+- return *yyInput++;
++ return (unsigned char)*yyInput++;
+ Count = 0;
+ do
+ {
diff --git a/shadow-4.2.1-manfix.patch b/shadow-4.2.1-manfix.patch
new file mode 100644
index 0000000..4c6520e
--- /dev/null
+++ b/shadow-4.2.1-manfix.patch
@@ -0,0 +1,78 @@
+diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
+--- shadow-4.2.1/man/chage.1.xml.manfix 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/man/chage.1.xml 2014-11-26 15:34:51.256978960 +0100
+@@ -102,6 +102,9 @@
+ Set the number of days since January 1st, 1970 when the password
+ was last changed. The date may also be expressed in the format
+ YYYY-MM-DD (or the format more commonly used in your area).
++ If the <replaceable>LAST_DAY</replaceable> is set to
++ <emphasis>0</emphasis> the user is forced to change his password
++ on the next log on.
+ </para>
+ </listitem>
+ </varlistentry>
+diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
+--- shadow-4.2.1/man/login.defs.5.xml.manfix 2014-03-13 06:52:55.000000000 +0100
++++ shadow-4.2.1/man/login.defs.5.xml 2014-11-26 15:34:51.257978963 +0100
+@@ -162,6 +162,17 @@
+ long numeric parameters is machine-dependent.
+ </para>
+
++ <para>
++ Please note that the parameters in this configuration file control the
++ behavior of the tools from the shadow-utils component. None of these
++ tools uses the PAM mechanism, and the utilities that use PAM (such as the
++ passwd command) should be configured elsewhere. The only values that
++ affect PAM modules are <emphasis>ENCRYPT_METHOD</emphasis> and <emphasis>SHA_CRYPT_MAX_ROUNDS</emphasis>
++ for pam_unix module, <emphasis>FAIL_DELAY</emphasis> for pam_faildelay module,
++ and <emphasis>UMASK</emphasis> for pam_umask module. Refer to
++ pam(8) for more information.
++ </para>
++
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
+--- shadow-4.2.1/man/useradd.8.xml.manfix 2014-11-26 15:34:51.234978891 +0100
++++ shadow-4.2.1/man/useradd.8.xml 2014-11-26 15:34:51.257978963 +0100
+@@ -347,11 +347,16 @@
+ <option>CREATE_HOME</option> is not enabled, no home
+ directories are created.
+ </para>
++ <para>
++ The directory where the user's home directory is created must
++ exist and have proper SELinux context and permissions. Otherwise
++ the user's home directory cannot be created or accessed.
++ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+- <option>-M</option>
++ <option>-M</option>, <option>--no-create-home</option>
+ </term>
+ <listitem>
+ <para>
+diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
+--- shadow-4.2.1/man/usermod.8.xml.manfix 2014-03-01 19:59:51.000000000 +0100
++++ shadow-4.2.1/man/usermod.8.xml 2014-11-26 15:34:51.257978963 +0100
+@@ -132,7 +132,8 @@
+ If the <option>-m</option>
+ option is given, the contents of the current home directory will
+ be moved to the new home directory, which is created if it does
+- not already exist.
++ not already exist. If the current home directory does not exist
++ the new home directory will not be created.
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -256,7 +257,8 @@
+ <listitem>
+ <para>
+ Move the content of the user's home directory to the new
+- location.
++ location. If the current home directory does not exist
++ the new home directory will not be created.
+ </para>
+ <para>
+ This option is only valid in combination with the
diff --git a/shadow-4.2.1-merge-group.patch b/shadow-4.2.1-merge-group.patch
new file mode 100644
index 0000000..1adcabd
--- /dev/null
+++ b/shadow-4.2.1-merge-group.patch
@@ -0,0 +1,13 @@
+diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c
+--- shadow-4.2.1/lib/groupio.c.merge-group 2014-11-26 14:33:54.039581662 +0100
++++ shadow-4.2.1/lib/groupio.c 2014-11-26 14:46:02.841852886 +0100
+@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *
+ errno = ENOMEM;
+ return NULL;
+ }
+- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
+- new_line[new_line_len] = '\0';
++ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
+
+ /* Concatenate the 2 list of members */
+ for (i=0; NULL != gptr1->gr_mem[i]; i++);
diff --git a/shadow-utils.spec b/shadow-utils.spec
index faf9749..0e04237 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,11 +1,11 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
-Version: 4.1.5.1
-Release: 22%{?dist}
+Version: 4.2.1
+Release: 1%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
-Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
-Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2.sig
+Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
+Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
Source1: shadow-utils.login.defs
Source2: shadow-utils.useradd
Source4: shadow-bsd.txt
@@ -17,20 +17,19 @@ Patch3: shadow-4.1.5-uflg.patch
Patch6: shadow-4.1.5.1-selinux.patch
Patch7: shadow-4.1.5-2ndskip.patch
Patch8: shadow-4.1.5.1-backup-mode.patch
-Patch9: shadow-4.1.5.1-merge-group.patch
+Patch9: shadow-4.2.1-merge-group.patch
Patch10: shadow-4.1.5.1-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch
Patch12: shadow-4.1.5.1-errmsg.patch
Patch13: shadow-4.1.5.1-audit-owner.patch
Patch14: shadow-4.1.5.1-default-range.patch
-Patch15: shadow-4.1.5.1-manfix.patch
-Patch16: shadow-4.1.5.1-crypt-null.patch
+Patch15: shadow-4.2.1-manfix.patch
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
Patch18: shadow-4.1.5.1-id-alloc.patch
-Patch19: shadow-4.1.5.1-date-parsing.patch
+Patch19: shadow-4.2.1-date-parsing.patch
Patch20: shadow-4.1.5.1-ingroup.patch
Patch21: shadow-4.1.5.1-move-home.patch
-Patch22: shadow-4.1.5.1-audit-update.patch
+Patch22: shadow-4.2.1-audit-update.patch
License: BSD and GPLv2+
Group: System Environment/Base
@@ -38,6 +37,7 @@ BuildRequires: libselinux-devel >= 1.25.2-1
BuildRequires: audit-libs-devel >= 1.6.5
BuildRequires: libsemanage-devel
BuildRequires: libacl-devel libattr-devel
+BuildRequires: bison flex gnome-doc-utils
#BuildRequires: autoconf, automake, libtool, gettext-devel
Requires: libselinux >= 1.25.2-1
Requires: audit-libs >= 1.6.5
@@ -74,7 +74,6 @@ are used for managing group accounts.
%patch13 -p1 -b .audit-owner
%patch14 -p1 -b .default-range
%patch15 -p1 -b .manfix
-%patch16 -p1 -b .crypt-null
%patch17 -p1 -b .userdel
%patch18 -p1 -b .id-alloc
%patch19 -p1 -b .date-parsing
@@ -87,6 +86,8 @@ cp -f doc/HOWTO.utf8 doc/HOWTO
cp -a %{SOURCE4} %{SOURCE5} .
+rm libmisc/getdate.c
+
#rm po/*.gmo
#rm po/stamp-po
#aclocal
@@ -107,6 +108,7 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
%configure \
--enable-shadowgrp \
+ --enable-man \
--with-audit \
--with-sha-crypt \
--with-selinux \
@@ -207,6 +209,8 @@ rm -rf $RPM_BUILD_ROOT
%attr(4755,root,root) %{_bindir}/gpasswd
%{_bindir}/lastlog
%attr(4755,root,root) %{_bindir}/newgrp
+%attr(4755,root,root) %{_bindir}/newgidmap
+%attr(4755,root,root) %{_bindir}/newuidmap
%{_sbindir}/adduser
%attr(0750,root,root) %{_sbindir}/user*
%attr(0750,root,root) %{_sbindir}/group*
@@ -221,10 +225,14 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man1/gpasswd.1*
%{_mandir}/man1/sg.1*
%{_mandir}/man1/newgrp.1*
+%{_mandir}/man1/newgidmap.1*
+%{_mandir}/man1/newuidmap.1*
%{_mandir}/man3/shadow.3*
%{_mandir}/man5/shadow.5*
%{_mandir}/man5/login.defs.5*
%{_mandir}/man5/gshadow.5*
+%{_mandir}/man5/subuid.5*
+%{_mandir}/man5/subgid.5*
%{_mandir}/man8/adduser.8*
%{_mandir}/man8/group*.8*
%{_mandir}/man8/user*.8*
@@ -238,6 +246,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
+* Wed Nov 26 2014 Tomáš Mráz <tmraz at redhat.com> - 2:4.2.1-1
+- new upstream release with support for subordinate uids and gids
+
* Tue Nov 25 2014 Tomáš Mráz <tmraz at redhat.com> - 2:4.1.5.1-22
- small adjustments to the audit patch
diff --git a/sources b/sources
index 888eac7..9a96021 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-a00449aa439c69287b6d472191dc2247 shadow-4.1.5.1.tar.bz2
-f16f31f6f5a607b1ffb1aa1aac4c37f2 shadow-4.1.5.1.tar.bz2.sig
+2bfafe7d4962682d31b5eba65dba4fc8 shadow-4.2.1.tar.xz
+6752051fb07fc4be58c3d7b929bf2341 shadow-4.2.1.tar.xz.sig
More information about the scm-commits
mailing list