rpms/shadow-utils/devel shadow-4.0.13-goodname.patch, NONE, 1.1 shadow-4.0.13-newgrpPwd.patch, NONE, 1.1 shadow-4.0.13-redhat.patch, NONE, 1.1 .cvsignore, 1.8, 1.9 shadow-utils.spec, 1.59, 1.60 sources, 1.8, 1.9 shadow-4.0.11.1-isSelinuxEnabled.patch, 1.1, NONE shadow-4.0.11.1-newgrpPwd.patch, 1.1, NONE shadow-4.0.11.1-selinux.patch, 1.1, NONE shadow-4.0.12-audit.patch, 1.2, NONE shadow-4.0.12-redhat.patch, 1.1, NONE shadow-4.0.3-goodname.patch, 1.4, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Sat Oct 22 12:38:25 UTC 2005
- Previous message (by thread): rpms/kernel/devel patch-2.6.14-rc5-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.253, 1.254 kernel-2.6.spec, 1.1621, 1.1622 sources, 1.195, 1.196 upstream, 1.182, 1.183 patch-2.6.14-rc4-git6.bz2.sign, 1.1, NONE
- Next message (by thread): rpms/eclipse/FC-4 eclipse.spec,1.157,1.158
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: pvrabec
Update of /cvs/dist/rpms/shadow-utils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv31445
Modified Files:
.cvsignore shadow-utils.spec sources
Added Files:
shadow-4.0.13-goodname.patch shadow-4.0.13-newgrpPwd.patch
shadow-4.0.13-redhat.patch
Removed Files:
shadow-4.0.11.1-isSelinuxEnabled.patch
shadow-4.0.11.1-newgrpPwd.patch shadow-4.0.11.1-selinux.patch
shadow-4.0.12-audit.patch shadow-4.0.12-redhat.patch
shadow-4.0.3-goodname.patch
Log Message:
upgrade
shadow-4.0.13-goodname.patch:
libmisc/chkname.c | 39 ++++++++++++++++++++++++---------------
man/useradd.8 | 2 --
2 files changed, 24 insertions(+), 17 deletions(-)
--- NEW FILE shadow-4.0.13-goodname.patch ---
--- shadow-4.0.13/man/useradd.8.goodname 2005-10-21 15:46:22.000000000 +0200
+++ shadow-4.0.13/man/useradd.8 2005-10-21 15:47:51.000000000 +0200
@@ -162,8 +162,6 @@ This version of useradd was modified by
.SH "CAVEATS"
.PP
You may not add a user to a NIS group. This must be performed on the NIS server.
-.PP
-Usernames must begin with a lower case letter or an underscore, and only lower case letters, underscores, dashes, and dollar signs may follow. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]
.SH "FILES"
.TP
\fI/etc/passwd\fR
--- shadow-4.0.13/libmisc/chkname.c.goodname 2005-08-31 19:24:57.000000000 +0200
+++ shadow-4.0.13/libmisc/chkname.c 2005-10-21 15:45:57.000000000 +0200
@@ -18,16 +18,24 @@
static int good_name (const char *name)
{
/*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (!*name || !((*name >= 'a' && *name <= 'z') || *name == '_'))
+ * User/group names must match gnu e-regex:
+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
+ *
+ * as a non-POSIX, extension, allow "$" as the last char for
+ * sake of Samba 3.x "add machine script"
+ */
+ if (!*name || !((*name >= 'a' && *name <= 'z')
+ || (*name >= 'A' && *name <= 'Z')
+ || (*name >= '0' && *name <= '9')
+ || *name == '_' || *name == '.'))
return 0;
while (*++name) {
- if (!((*name >= 'a' && *name <= 'z') ||
- (*name >= '0' && *name <= '9') ||
- *name == '_' || *name == '-' ||
- (*name == '$' && *(name + 1) == '\0')))
+ if (!( (*name >= 'a' && *name <= 'z')
+ || (*name >= 'A' && *name <= 'Z')
+ || (*name >= '0' && *name <= '9')
+ || *name == '_' || *name == '.' || *name == '-'
+ || (*name == '$' && *(name + 1) == '\0')))
return 0;
}
@@ -43,10 +51,9 @@ int check_user_name (const char *name)
#endif
/*
- * User names are limited by whatever utmp can
- * handle (usually max 8 characters).
+ * User names are limited by whatever utmp can handle.
*/
- if (strlen (name) > sizeof (ut.ut_user))
+ if (strlen(name) + 1 > sizeof(ut.ut_user))
return 0;
return good_name (name);
@@ -54,11 +61,13 @@ int check_user_name (const char *name)
int check_group_name (const char *name)
{
- /*
- * Arbitrary limit for group names - max 16
- * characters (same as on HP-UX 10).
- */
- if (strlen (name) > 16)
+#if HAVE_UTMPX_H
+ struct utmpx ut;
+#else
+ struct utmp ut;
+#endif
+
+ if (strlen(name) + 1 > sizeof(ut.ut_user))
return 0;
return good_name (name);
shadow-4.0.13-newgrpPwd.patch:
newgrp.c | 63 ++++++++++++++++++++++++++++++++++++++++-----------------------
1 files changed, 40 insertions(+), 23 deletions(-)
--- NEW FILE shadow-4.0.13-newgrpPwd.patch ---
--- shadow-4.0.13/src/newgrp.c.newgrpPwd 2005-09-15 18:44:12.000000000 +0200
+++ shadow-4.0.13/src/newgrp.c 2005-10-21 16:02:16.000000000 +0200
@@ -333,25 +333,37 @@ int main (int argc, char **argv)
}
#endif
- /*
- * see if she is a member of this group. If she isn't a member, she
- * needs to provide the group password. If there is no group
- * password, she will be denied access anyway.
- *
- */
- if (!is_on_list (grp->gr_mem, name))
- needspasswd = 1;
+ /* Needn't password:
+ * - default user's GID = group ID
+ * - members of group
+ * - root
+ * Need password:
+ * - all others users
+ *
+ * -- Karel Zak <kzak at redhat.com> 2004/03/29
+ */
+ if (getuid ()!=0)
+ {
+ if (grp->gr_gid==pwd->pw_gid)
+ needspasswd = 0;
+ else if (is_on_list (grp->gr_mem, name))
+ needspasswd = 0;
+ else
+ needspasswd = 1;
/*
* If she does not have either a shadowed password, or a regular
* password, and the group has a password, she needs to give the
* group password.
*/
- if ((spwd = getspnam (name)))
- pwd->pw_passwd = spwd->sp_pwdp;
-
- if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
- needspasswd = 1;
+ if (!needspasswd)
+ {
+ if ((spwd = getspnam (name)))
+ pwd->pw_passwd = spwd->sp_pwdp;
+ if (pwd->pw_passwd[0] == '\0' && grp->gr_passwd[0])
+ needspasswd = 1;
+ }
+ }
/*
* Now i see about letting her into the group she requested. If she
@@ -362,7 +374,21 @@ int main (int argc, char **argv)
* Note that she now has to provide the password to her own group,
* unless she is listed as a member. -- JWP
*/
- if (getuid () != 0 && needspasswd) {
+ if (needspasswd) {
+
+ /* note: the original util-linux newgrp didn't ask for pasword if
+ * there is no password. It's better directly give up.
+ * -- kzak at redhat.com
+ */
+ if (grp->gr_passwd==NULL || grp->gr_passwd[0] == '\0') {
+ /*
+ * there is no password, print out "Sorry" and give up
+ */
+ sleep (1);
+ fputs (_("Sorry.\n"), stderr);
+ goto failure;
+ }
+
/*
* get the password from her, and set the salt for
* the decryption from the group file.
@@ -378,15 +404,6 @@ int main (int argc, char **argv)
cpasswd = pw_encrypt (cp, grp->gr_passwd);
strzero (cp);
- if (grp->gr_passwd[0] == '\0') {
- /*
- * there is no password, print out "Sorry" and give up
- */
- sleep (1);
- fputs (_("Sorry.\n"), stderr);
- goto failure;
- }
-
if (strcmp (cpasswd, grp->gr_passwd) != 0) {
SYSLOG ((LOG_INFO,
"Invalid password for group `%s' from `%s'",
shadow-4.0.13-redhat.patch:
man/groupadd.8 | 7 -
man/useradd.8 | 22 +++
src/groupadd.c | 19 ++-
src/useradd.c | 333 +++++++++++++++++++++++++++++++++++++++++++++++----------
src/userdel.c | 71 ++++++++++++
5 files changed, 390 insertions(+), 62 deletions(-)
--- NEW FILE shadow-4.0.13-redhat.patch ---
--- shadow-4.0.13/man/groupadd.8.redhat 2005-10-10 17:08:18.000000000 +0200
+++ shadow-4.0.13/man/groupadd.8 2005-10-21 14:56:57.000000000 +0200
@@ -11,7 +11,7 @@
groupadd \- Create a new group
.SH "SYNOPSIS"
.HP 9
-\fBgroupadd\fR [\-g\ \fIgid\fR\ [\-o]] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
+\fBgroupadd\fR [\-g\ \fIgid\fR\ [\-o]] [\-r] [\-f] [\-K\ \fIKEY\fR=\fIVALUE\fR] \fIgroup\fR
.SH "DESCRIPTION"
.PP
The
@@ -29,10 +29,13 @@ This option causes to just exit with suc
\fB\-g\fR
is turned off).
.TP
+\fB-r\fR
+This flag instructs \fBgroupadd\fR to add a system account. The first available \fIgid\fR lower than 499 will be automatically selected unless the \fB-g\fR option is also given on the command line. This is an option added by Red Hat.
+.TP
\fB\-g\fR \fIGID\fR
The numerical value of the group's ID. This value must be unique, unless the
\fB\-o\fR
-option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 999 and greater than every other group. Values between 0 and 999 are typically reserved for system accounts.
+option is used. The value must be non\-negative. The default is to use the smallest ID value greater than 500 and greater than every other group. Values between 0 and 499 are typically reserved for system accounts.
.TP
\fB\-h\fR, \fB\-\-help\fR
Display help message and exit.
--- shadow-4.0.13/man/useradd.8.redhat 2005-10-10 17:08:19.000000000 +0200
+++ shadow-4.0.13/man/useradd.8 2005-10-21 15:05:53.000000000 +0200
@@ -22,7 +22,7 @@ When invoked without the
\fB\-D\fR
option, the
\fBuseradd\fR
-command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files.
+command creates a new user account using the values specified on the command line and the default values from the system. Depending on command line options, the useradd command will update system files and may also create the new user's home directory and copy initial files. The version provided with Red Hat Linux will create a group for each user added to the system by default.
.SH "OPTIONS"
.PP
The options which apply to the
@@ -58,8 +58,7 @@ The date on which the user account will
The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of \-1 disables the feature. The default value is \-1.
.TP
\fB\-g\fR, \fB\-\-gid\fR \fIGROUP\fR
-The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is 1 or whatever is specified in
-\fI/etc/default/useradd\fR.
+The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group.
.TP
\fB\-G\fR, \fB\-\-groups\fR \fIGROUP1\fR[\fI,GROUP2,...\fR[\fI,GROUPN\fR]]]
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the
@@ -68,6 +67,9 @@ option. The default is for the user to b
.TP
\fB\-h\fR, \fB\-\-help\fR
Display help message and exit.
+.TP
+\fB-M\fR
+The user's home directory will not be created, even if the system wide settings from \fI/etc/login.defs\fR is to create home dirs.
.TP
\fB\-m\fR, \fB\-\-create\-home\fR
The user's home directory will be created if it does not exist. The files contained in
@@ -85,6 +87,9 @@ will be created in the user's home direc
option is only valid in conjunction with the
\fB\-m\fR
option. The default is to not create the directory and to not copy any files.
+.TP
+\fB-n\fR
+A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
.TP
\fB\-K\fR, \fB\-\-key\fR \fIKEY\fR=\fIVALUE\fR
Overrides /etc/login.defs defaults (UID_MIN, UID_MAX, UMASK, PASS_MAX_DAYS and others).
@@ -106,6 +111,9 @@ Allow create user account with duplicate
\fB\-p\fR, \fB\-\-password\fR \fIPASSWORD\fR
The encrypted password, as returned by
\fBcrypt\fR(3). The default is to disable the account.
+.TP
+\fB-r\fR
+This flag is used to create a system account. That is, a user with a UID lower than the value of UID_MIN defined in \fI/etc/login.defs\fR and whose password does not expire. Note that \fBuseradd\fR will not create a home directory for such an user, regardless of the default setting in \fI/etc/login.defs\fR. You have to specify \fB-m\fR option if you want a home directory for a system account to be created. This is an option added by Red Hat
.TP
\fB\-s\fR, \fB\-\-shell\fR \fISHELL\fR
The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
@@ -149,6 +157,8 @@ displays the current default values.
The system administrator is responsible for placing the default user files in the
\fI/etc/skel/\fR
directory.
+.br
+This version of useradd was modified by Red Hat to suit Red Hat user/group conventions.
.SH "CAVEATS"
.PP
You may not add a user to a NIS group. This must be performed on the NIS server.
@@ -165,9 +175,15 @@ secure user account information
\fI/etc/group\fR
group account information
.TP
+\fI/etc/gshadow\fR
+secure group information
+.TP
\fI/etc/default/useradd\fR
default information
.TP
+\fI/etc/login.defs\fR
+system-wide settings
+.TP
\fI/etc/skel/\fR
directory containing default files
.TP
--- shadow-4.0.13/src/groupadd.c.redhat 2005-10-05 13:35:53.000000000 +0200
+++ shadow-4.0.13/src/groupadd.c 2005-10-21 15:29:47.000000000 +0200
@@ -75,6 +75,7 @@ static char *Prog;
static int oflg = 0; /* permit non-unique group ID to be specified with -g */
static int gflg = 0; /* ID value for the new group */
static int fflg = 0; /* if group already exists, do nothing and exit(0) */
+static int rflg = 0; /* for adding system accounts (Red Hat) */
/* local function prototypes */
static void usage (void);
@@ -101,6 +102,7 @@ static void usage (void)
"Options:\n"
" -f, --force force exit with success status if the specified\n"
" group already exists\n"
+ " -r, create system account\n"
" -g, --gid GID use GID for the new group\n"
" -h, --help display this help message and exit\n"
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
@@ -198,8 +200,13 @@ static void find_new_gid (void)
const struct group *grp;
gid_t gid_min, gid_max;
- gid_min = getdef_unum ("GID_MIN", 1000);
- gid_max = getdef_unum ("GID_MAX", 60000);
+ if (!rflg) {
+ gid_min = getdef_unum ("GID_MIN", 500);
+ gid_max = getdef_unum ("GID_MAX", 60000);
+ } else {
+ gid_min = 1;
+ gid_max = getdef_unum ("GID_MIN", 500) - 1;
+ }
/*
* Start with some GID value if the user didn't provide us with
@@ -420,7 +427,7 @@ int main (int argc, char **argv)
};
while ((c =
- getopt_long (argc, argv, "fg:hK:o", long_options,
+ getopt_long (argc, argv, "frg:hK:o", long_options,
&option_index)) != -1) {
switch (c) {
case 'f':
@@ -433,6 +440,12 @@ int main (int argc, char **argv)
*/
fflg++;
break;
+ case 'r':
+ /*
+ * create a system group
+ */
+ rflg++;
+ break;
case 'g':
gflg++;
if (!isdigit (optarg[0]))
--- shadow-4.0.13/src/useradd.c.redhat 2005-10-05 13:35:53.000000000 +0200
+++ shadow-4.0.13/src/useradd.c 2005-10-21 15:20:51.000000000 +0200
@@ -82,7 +82,7 @@
static gid_t def_group = 100;
static const char *def_gname = "other";
static const char *def_home = "/home";
-static const char *def_shell = "";
+static const char *def_shell = "/sbin/nologin";
static const char *def_template = SKEL_DIR;
static const char *def_create_mail_spool = "no";
@@ -94,7 +94,7 @@ static char def_file[] = USER_DEFAULTS_F
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
static const char *user_name = "";
-static const char *user_pass = "!";
+static const char *user_pass = "!!";
static uid_t user_id;
static gid_t user_gid;
static const char *user_comment = "";
@@ -125,8 +125,10 @@ static int
Gflg = 0, /* secondary group set for new account */
kflg = 0, /* specify a directory to fill new user directory */
mflg = 0, /* create user's home directory if it doesn't exist */
- nflg = 0, /* create a group having the same name as the user */
+ Mflg = 0, /* do NOT create user's home directory no matter what */
+ nflg = 0, /* do NOT create a group having the same name as the user */
oflg = 0, /* permit non-unique user ID to be specified with -u */
+ rflg = 0, /* create a system account */
sflg = 0, /* shell program for new account */
uflg = 0; /* specify user ID for new account */
@@ -635,6 +637,8 @@ static void usage (void)
" -K, --key KEY=VALUE overrides /etc/login.defs defaults\n"
" -m, --create-home create home directory for the new user\n"
" account\n"
+ " -M, do not create user's home directory(overrides /etc/login.defs)\n"
+ " -r, create system account\n"
" -o, --non-unique allow create user with duplicate\n"
" (non-unique) UID\n"
" -p, --password PASSWORD use encrypted password for the new user\n"
@@ -686,11 +690,20 @@ static void new_spent (struct spwd *spen
spent->sp_namp = (char *) user_name;
spent->sp_pwdp = (char *) user_pass;
spent->sp_lstchg = time ((time_t *) 0) / SCALE;
- spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
- spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
- spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
- spent->sp_inact = scale_age (def_inactive);
- spent->sp_expire = scale_age (user_expire);
+ if (!rflg) {
+ spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
+ spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
+ spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
+ spent->sp_inact = scale_age (def_inactive);
+ spent->sp_expire = scale_age (user_expire);
+ }
+ else {
+ spent->sp_min = scale_age(-1);
+ spent->sp_max = scale_age(-1);
+ spent->sp_warn = scale_age(-1);
+ spent->sp_inact = scale_age(-1);
+ spent->sp_expire = scale_age(-1);
+ }
spent->sp_flag = -1;
}
@@ -710,30 +723,28 @@ static void grp_update (void)
struct sgrp *nsgrp;
#endif
- /*
- * Lock and open the group file. This will load all of the group
- * entries.
- */
- if (!gr_lock ()) {
- fprintf (stderr, _("%s: error locking group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
- }
- if (!gr_open (O_RDWR)) {
- fprintf (stderr, _("%s: error opening group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
- }
-#ifdef SHADOWGRP
- if (is_shadow_grp && !sgr_lock ()) {
- fprintf (stderr,
- _("%s: error locking shadow group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
- }
- if (is_shadow_grp && !sgr_open (O_RDWR)) {
- fprintf (stderr,
- _("%s: error opening shadow group file\n"), Prog);
- fail_exit (E_GRP_UPDATE);
+ /*
+ * Test for unique entries of user_groups in /etc/group
+ * pvrabec at redhat.com
+ */
+ char **user_groups_tmp = user_groups;
+ while (*user_groups_tmp) {
+ int count = 0;
+ for(gr_rewind (), grp = gr_next (); grp && count<2; grp = gr_next ()) {
+ if( strcmp(*user_groups_tmp, grp->gr_name) == 0) {
+ count++;
+ }
+ }
+ if(count>1) {
+ fprintf (stderr,
+ "%s: error not unique group names in group file\n",
+ Prog);
+ fail_exit(E_GRP_UPDATE);
+ }
+ user_groups_tmp++;
}
-#endif
+
+ /* Locking and opening of the group files moved to open_files() --gafton */
/*
* Scan through the entire group file looking for the groups that
@@ -837,8 +848,14 @@ static void find_new_uid (void)
const struct passwd *pwd;
uid_t uid_min, uid_max;
- uid_min = getdef_unum ("UID_MIN", 1000);
- uid_max = getdef_unum ("UID_MAX", 60000);
+ if (!rflg) {
+ uid_min = getdef_unum ("UID_MIN", 500);
+ uid_max = getdef_unum ("UID_MAX", 60000);
+ }
+ else {
+ uid_min = 1;
+ uid_max = getdef_unum ("UID_MIN", 500) - 1;
+ }
/*
* Start with some UID value if the user didn't provide us with
@@ -868,7 +885,7 @@ static void find_new_uid (void)
#endif
exit (E_NAME_IN_USE);
}
- if (uflg && user_id == pwd->pw_uid) {
+ if (!oflg && uflg && user_id == pwd->pw_uid) {
fprintf (stderr, _("%s: UID %u is not unique\n"),
Prog, (unsigned int) user_id);
#ifdef WITH_AUDIT
@@ -910,6 +927,86 @@ static void find_new_uid (void)
}
}
+ /*
+ * find_new_gid - find the next available GID
+ *
+ * find_new_gid() locates the next highest unused GID in the group
+ * file, or checks the given group ID against the existing ones for
+ * uniqueness.
+ */
+
+static void
+find_new_gid()
+{
+ const struct group *grp;
+ gid_t gid_min, gid_max;
+
+ if (!rflg) {
+ gid_min = getdef_num("GID_MIN", 500);
+ gid_max = getdef_num("GID_MAX", 60000);
+ } else {
+ gid_min = 1;
+ gid_max = getdef_num("GID_MIN", 500) - 1;
+ }
+
+ /*
+ * Start with some GID value if the user didn't provide us with
+ * one already.
+ */
+ user_gid = gid_min;
+
+ /*
+ * Search the entire group file, either looking for this
+ * GID (if the user specified one with -g) or looking for the
+ * largest unused value.
+ */
+#ifdef NO_GETGRENT
+ gr_rewind();
+ while ((grp = gr_next()))
+#else
+ setgrent();
+ while ((grp = getgrent()))
+#endif
+ {
+ if (strcmp(user_name, grp->gr_name) == 0) {
+ user_gid = grp->gr_gid;
+ return;
+ }
+ if (grp->gr_gid >= user_gid) {
+ if (grp->gr_gid > gid_max)
+ continue;
+ user_gid = grp->gr_gid + 1;
+ }
+ }
+#ifndef NO_GETGRENT /* glibc does have this, so ... */
+ /* A quick test gets here: if the UID is available
+ * as a GID, go ahead and use it */
+ if (!getgrgid(user_id)) {
+ user_gid = user_id;
+ return;
+ }
+#endif
+ if (user_gid == gid_max + 1) {
+ for (user_gid = gid_min; user_gid < gid_max; user_gid++) {
+#ifdef NO_GETGRENT
+ gr_rewind();
+ while ((grp = gr_next()) && grp->gr_gid != user_gid)
+ ;
+ if (!grp)
+ break;
+#else
+ if (!getgrgid(user_gid))
+ break;
+#endif
+ }
+ if (user_gid == gid_max) {
+ fprintf(stderr, "%s: can't get unique gid (run out of GIDs)\n",
+ Prog);
+ fail_exit(4);
+ }
+ }
+}
+
/*
* process_flags - perform command line argument setting
*
@@ -948,7 +1045,7 @@ static void process_flags (int argc, cha
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:",
+ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnrop:s:u:",
long_options, NULL)) != -1) {
switch (c) {
case 'b':
@@ -1120,6 +1217,15 @@ static void process_flags (int argc, cha
user_id = get_uid (optarg);
uflg++;
break;
+ case 'n':
+ nflg++;
+ break;
+ case 'r':
+ rflg++;
+ break;
+ case 'M':
+ Mflg++;
+ break;
default:
usage ();
}
@@ -1127,6 +1233,9 @@ static void process_flags (int argc, cha
}
}
+ if (mflg && Mflg) /* the admin is not decided .. create or not ? */
+ usage();
+
/*
* Certain options are only valid in combination with others.
* Check it here so that they can be specified in any order.
@@ -1268,8 +1377,111 @@ static void open_files (void)
pw_unlock ();
exit (E_PW_UPDATE);
}
+ /*
+ * Lock and open the group file.
+ */
+
+ if (!gr_lock ()) {
+ fprintf (stderr, _("%s: error locking group file\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ if (!gr_open (O_RDWR)) {
+ fprintf (stderr, _("%s: error opening group file\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ if (is_shadow_grp && !sgr_lock ()) {
+ fprintf (stderr,
+ _("%s: error locking shadow group file\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+ if (is_shadow_grp && !sgr_open (O_RDWR)) {
+ fprintf (stderr,
+ _("%s: error opening shadow group file\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#endif
}
+static char *empty_list = NULL;
+
+/*
+ * new_grent - initialize the values in a group file entry
+ *
+ * new_grent() takes all of the values that have been entered and fills
+ * in a (struct group) with them.
+ */
+
+static void new_grent (struct group *grent)
+{
+ memzero (grent, sizeof *grent);
+ grent->gr_name = (char *) user_name;
+ grent->gr_passwd = SHADOW_PASSWD_STRING; /* XXX warning: const */
+ grent->gr_gid = user_gid;
+ grent->gr_mem = &empty_list;
+}
+
+#ifdef SHADOWGRP
+/*
+ * new_sgent - initialize the values in a shadow group file entry
+ *
+ * new_sgent() takes all of the values that have been entered and fills
+ * in a (struct sgrp) with them.
+ */
+
+static void new_sgent (struct sgrp *sgent)
+{
+ memzero (sgent, sizeof *sgent);
+ sgent->sg_name = (char *) user_name;
+ sgent->sg_passwd = "!"; /* XXX warning: const */
+ sgent->sg_adm = &empty_list;
+ sgent->sg_mem = &empty_list;
+}
+#endif /* SHADOWGRP */
+
+
+/*
+ * grp_update - add new group file entries
+ *
+ * grp_update() writes the new records to the group files.
+ */
+
+static void grp_add (void)
+{
+ struct group grp;
+
+#ifdef SHADOWGRP
+ struct sgrp sgrp;
+#endif /* SHADOWGRP */
+
+ /*
+ * Create the initial entries for this new group.
+ */
+ new_grent (&grp);
+#ifdef SHADOWGRP
+ new_sgent (&sgrp);
+#endif /* SHADOWGRP */
+
+ /*
+ * Write out the new group file entry.
+ */
+ if (!gr_update (&grp)) {
+ fprintf (stderr, _("%s: error adding new group entry\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#ifdef SHADOWGRP
+ /*
+ * Write out the new shadow group entries as well.
+ */
+ if (is_shadow_grp && !sgr_update (&sgrp)) {
+ fprintf (stderr, _("%s: error adding new group entry\n"), Prog);
+ fail_exit (E_GRP_UPDATE);
+ }
+#endif /* SHADOWGRP */
+ SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u",
+ user_name, user_gid));
+ do_grp_update++;
+}
static void faillog_reset (uid_t uid)
{
@@ -1532,6 +1744,14 @@ int main (int argc, char **argv)
}
#endif /* USE_PAM */
+ if (!rflg) /* for system accounts defaults are ignored and we
+ * do not create a home dir -- gafton */
+ if (getdef_bool("CREATE_HOME"))
+ mflg = 1;
+
+ if (Mflg) /* absolutely sure that we do not create home dirs */
+ mflg = 0;
+
/*
* See if we are messing with the defaults file, or creating
* a new user.
@@ -1562,7 +1782,7 @@ int main (int argc, char **argv)
* to that group, use useradd -g username username.
* --bero
*/
- if (!gflg) {
+ if ( !(nflg || gflg) ) {
if (getgrnam (user_name)) {
fprintf (stderr,
_
@@ -1587,6 +1807,18 @@ int main (int argc, char **argv)
*/
open_files ();
+ /* first, seek for a valid uid to use for this user.
+ * We do this because later we can use the uid we found as
+ * gid too ... --gafton */
+ find_new_uid ();
+
+ /* do we have to add a group for that user? This is why we need to
+ * open the group files in the open_files() function --gafton */
+ if (! (nflg || gflg)) {
+ find_new_gid();
+ grp_add();
+ }
+
usr_update ();
if (mflg) {
@@ -1599,25 +1831,18 @@ int main (int argc, char **argv)
("%s: warning: the home directory already exists.\n"
"Not copying any file from skel directory into it.\n"),
Prog);
-
- } else if (getdef_str ("CREATE_HOME")) {
- /*
- * RedHat added the CREATE_HOME option in login.defs in their
- * version of shadow-utils (which makes -m the default, with
- * new -M option to turn it off). Unfortunately, this
- * changes the way useradd works (it can be run by scripts
- * expecting some standard behaviour), compared to other
- * Unices and other Linux distributions, and also adds a lot
- * of confusion :-(.
- * So we now recognize CREATE_HOME and give a warning here
- * (better than "configuration error ... notify administrator"
- * errors in every program that reads /etc/login.defs). -MM
- */
- fprintf (stderr,
- _
- ("%s: warning: CREATE_HOME not supported, please use -m instead.\n"),
- Prog);
}
+ /* Warning removed to protect the innocent. */
+ /*
+ * The whole idea about breaking some stupid scripts by creating a new
+ * variable is crap - I could care less about the scripts. Historically
+ * adduser type programs have always created the home directories and
+ * I don't like the idea of providing a script when we can fix the
+ * binary itself. And if the scripts are using the right options to the
+ * useradd then they will not break. If not, they depend on unspecified
+ * behavior and they will break, but they were broken anyway to begin
+ * with --gafton
+ */
create_mail ();
--- shadow-4.0.13/src/userdel.c.redhat 2005-10-05 13:35:53.000000000 +0200
+++ shadow-4.0.13/src/userdel.c 2005-10-21 12:21:13.000000000 +0200
@@ -66,7 +66,9 @@
#define E_HOMEDIR 12 /* can't remove home directory */
static char *user_name;
static uid_t user_id;
+static gid_t user_gid;
static char *user_home;
+static char *user_group;
static char *Prog;
static int fflg = 0, rflg = 0;
@@ -259,6 +261,67 @@ static void update_groups (void)
#endif /* SHADOWGRP */
}
+/* remove_group()
+ * remove the user's group unless it is not really a user-private group
+ */
+static void
+remove_group ()
+{
+ char *glist_name;
+ struct group *gr;
+ struct passwd *pwd;
+
+ if (user_group == NULL || user_name == NULL)
+ return;
+
+ if (strcmp(user_name, user_group)) {
+ return;
+ }
+
+ glist_name = NULL;
+ gr = getgrnam(user_group);
+ if (gr)
+ glist_name = *(gr->gr_mem);
+ while (glist_name) {
+ while (glist_name && *glist_name) {
+ if (strncmp(glist_name, user_name, 16)) {
+ return;
+ }
+ glist_name++;
+ }
+ }
+
+ setpwent();
+ while ((pwd = getpwent())) {
+ if (strcmp(pwd->pw_name, user_name) == 0)
+ continue;
+
+ if (pwd->pw_gid == user_gid) {
+ return;
+ }
+ }
+
+ /* now actually do the removal if we haven't already returned */
+
+ if (! gr_remove (user_group)) {
+ fprintf (stderr, "%s: error removing group entry\n", Prog);
+ }
+
+#ifdef SHADOWGRP
+
+ /*
+ * Delete the shadow group entries as well.
+ */
+
+ if (is_shadow_grp && ! sgr_remove (user_group)) {
+ fprintf (stderr, "%s: error removing shadow group entry\n",
+ Prog);
+ }
+#endif /* SHADOWGRP */
+ SYSLOG((LOG_INFO, "remove group `%s'\n", user_group));
+ return;
+}
+
/*
* close_files - close all of the files that were opened
*
@@ -600,6 +663,7 @@ static struct pam_conv conv = {
int main (int argc, char **argv)
{
struct passwd *pwd;
+ struct group *grp;
int arg;
int errors = 0;
@@ -707,6 +771,10 @@ int main (int argc, char **argv)
#endif
user_id = pwd->pw_uid;
user_home = xstrdup (pwd->pw_dir);
+ user_gid = pwd->pw_gid;
+ grp = getgrgid(user_gid);
+ if (grp)
+ user_group = xstrdup(grp->gr_name);
/*
* Check to make certain the user isn't logged in.
*/
@@ -760,6 +828,9 @@ int main (int argc, char **argv)
}
#endif
+ /* Remove the user's group if appropriate. */
+ remove_group();
+
if (rflg) {
if (remove_tree (user_home)
|| rmdir (user_home)) {
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/.cvsignore,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- .cvsignore 27 Aug 2005 15:35:09 -0000 1.8
+++ .cvsignore 22 Oct 2005 12:38:17 -0000 1.9
@@ -1 +1 @@
-shadow-4.0.12.tar.bz2
+shadow-4.0.13.tar.bz2
Index: shadow-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/shadow-utils.spec,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -r1.59 -r1.60
--- shadow-utils.spec 23 Sep 2005 08:33:48 -0000 1.59
+++ shadow-utils.spec 22 Oct 2005 12:38:17 -0000 1.60
@@ -6,22 +6,19 @@
Summary: Utilities for managing accounts and shadow password files.
Name: shadow-utils
-Version: 4.0.12
-Release: 4
+Version: 4.0.13
+Release: 1
Epoch: 2
URL: http://shadow.pld.org.pl/
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
Source1: shadow-970616.login.defs
Source2: shadow-970616.useradd
-Patch0: shadow-4.0.12-redhat.patch
+Patch0: shadow-4.0.13-redhat.patch
Patch1: shadow-4.0.3-noinst.patch
Patch2: shadow-4.0.11.1-vipw.patch
-Patch3: shadow-4.0.3-goodname.patch
-Patch4: shadow-4.0.11.1-newgrpPwd.patch
-Patch5: shadow-4.0.11.1-isSelinuxEnabled.patch
-Patch6: shadow-4.0.11.1-selinux.patch
-Patch7: shadow-4.0.12-audit.patch
-Patch8: shadow-4.0.12-lOption.patch
+Patch3: shadow-4.0.13-goodname.patch
+Patch4: shadow-4.0.13-newgrpPwd.patch
+Patch5: shadow-4.0.12-lOption.patch
License: BSD
Group: System Environment/Base
BuildRequires: autoconf, automake, libtool, gettext-devel
@@ -51,10 +48,7 @@
%patch2 -p1 -b .vipw
%patch3 -p1 -b .goodname
%patch4 -p1 -b .newgrpPwd
-%patch5 -p1 -b .isSelinuxEnabled
-%patch6 -p1 -b .selinux
-%patch7 -p1 -b .audit
-%patch8 -p1 -b .lOption
+%patch5 -p1 -b .lOption
rm po/*.gmo
rm po/stamp-po
@@ -108,7 +102,8 @@
--with-selinux \
%endif
--without-libpam \
- --disable-shared
+ --disable-shared \
+ --with-libaudit
make
%install
@@ -235,6 +230,9 @@
%{_mandir}/*/man8/faillog.8*
%changelog
+* Fri Oct 21 2005 Peter Vrabec <pvrabec at redhat.com> 2:4.0.13-1
+- upgrade
+
* Fri Sep 23 2005 Peter Vrabec <pvrabec at redhat.com> 2:4.0.12-4
- add useradd -l option back, it was removed by mistake
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/sources,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- sources 27 Aug 2005 15:35:09 -0000 1.8
+++ sources 22 Oct 2005 12:38:17 -0000 1.9
@@ -1 +1 @@
-609a417a45827c36ba6e33f9dc785371 shadow-4.0.12.tar.bz2
+5c6a105d89afb0900922260e9c5650cc shadow-4.0.13.tar.bz2
--- shadow-4.0.11.1-isSelinuxEnabled.patch DELETED ---
--- shadow-4.0.11.1-newgrpPwd.patch DELETED ---
--- shadow-4.0.11.1-selinux.patch DELETED ---
--- shadow-4.0.12-audit.patch DELETED ---
--- shadow-4.0.12-redhat.patch DELETED ---
--- shadow-4.0.3-goodname.patch DELETED ---
- Previous message (by thread): rpms/kernel/devel patch-2.6.14-rc5-git1.bz2.sign, NONE, 1.1 .cvsignore, 1.253, 1.254 kernel-2.6.spec, 1.1621, 1.1622 sources, 1.195, 1.196 upstream, 1.182, 1.183 patch-2.6.14-rc4-git6.bz2.sign, 1.1, NONE
- Next message (by thread): rpms/eclipse/FC-4 eclipse.spec,1.157,1.158
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list