rpms/shadow-utils/devel shadow-4.0.12-audit.patch, 1.1, 1.2 shadow-utils.spec, 1.57, 1.58
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Tue Sep 20 12:49:01 UTC 2005
Author: pvrabec
Update of /cvs/dist/rpms/shadow-utils/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv22248
Modified Files:
shadow-4.0.12-audit.patch shadow-utils.spec
Log Message:
- provide login.defs man page
- adjust audit patch
shadow-4.0.12-audit.patch:
config.h.in | 3
configure.in | 13 +++
lib/defines.h | 5 +
lib/prototypes.h | 12 +++
libmisc/Makefile.am | 1
libmisc/audit_help.c | 77 +++++++++++++++++++++++
src/Makefile.am | 17 ++---
src/chage.c | 44 +++++++++++++
src/gpasswd.c | 57 +++++++++++++++--
src/groupadd.c | 8 ++
src/groupdel.c | 11 +++
src/groupmod.c | 22 ++++++
src/useradd.c | 19 +++++
src/userdel.c | 33 +++++++++-
src/usermod.c | 166 +++++++++++++++++++++++++++++++++++++++++++++++++--
15 files changed, 464 insertions(+), 24 deletions(-)
View full diff with command:
/usr/bin/cvs -f diff -kk -u -N -r 1.1 -r 1.2 shadow-4.0.12-audit.patch
Index: shadow-4.0.12-audit.patch
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/shadow-4.0.12-audit.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- shadow-4.0.12-audit.patch 1 Sep 2005 11:46:33 -0000 1.1
+++ shadow-4.0.12-audit.patch 20 Sep 2005 12:48:57 -0000 1.2
@@ -1,30 +1,17 @@
---- shadow-4.0.12/configure.in.audit 2005-08-10 17:47:31.000000000 +0000
-+++ shadow-4.0.12/configure.in 2005-09-01 13:04:03.000000000 +0000
-@@ -211,6 +211,7 @@
- [enable_shadowgrp="yes"]
- )
-
-+AC_ARG_WITH(libaudit, [ --with-audit try to use audit (default if found)])
- AC_ARG_WITH(libcrack, [ --with-libcrack try to use libcrack (default if found)])
- AC_ARG_WITH(libpam, [ --with-libpam use libpam for PAM support])
- AC_ARG_WITH(selinux, [ --with-selinux use SELinux support])
-@@ -232,6 +233,14 @@
- AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
- [AC_MSG_ERROR([crypt() not found])])
+--- shadow-4.0.12/lib/defines.h.audit 2005-08-09 18:40:05.000000000 +0200
++++ shadow-4.0.12/lib/defines.h 2005-09-20 14:07:07.000000000 +0200
+@@ -331,4 +331,9 @@
+ #define SHADOW_PASSWD_STRING "x"
+ #endif
-+AC_SUBST(AUDIT)
-+if test "$with_audit" != "no"; then
-+ AC_CHECK_HEADER(libaudit.h, [ audit_header="yes" ], [ audit_header="no" ])
-+ if test "$audit_header" = "yes"; then
-+ AC_CHECK_LIB(audit, audit_send_message_if_enabled, AC_DEFINE(WITH_AUDIT,1,[Define if you want to enable Audit messages]) [LIBS="-Wl,-Bstatic -laudit -Wl,-dy $LIBS"])
-+ fi
-+fi
++#ifdef WITH_AUDIT
++#include <libaudit.h>
++#endif
+
- AC_SUBST(LIBCRACK)
- if test "$with_libcrack" = "yes"; then
- echo "checking cracklib flavour, don't be surprised by the results"
---- shadow-4.0.12/lib/prototypes.h.audit 2005-08-02 10:50:51.000000000 +0000
-+++ shadow-4.0.12/lib/prototypes.h 2005-09-01 13:04:03.000000000 +0000
+ #endif /* _DEFINES_H_ */
++
+--- shadow-4.0.12/lib/prototypes.h.audit 2005-08-02 12:50:51.000000000 +0200
++++ shadow-4.0.12/lib/prototypes.h 2005-09-20 14:07:07.000000000 +0200
@@ -87,6 +87,18 @@
/* hushed.c */
extern int hushed (const struct passwd *);
@@ -44,520 +31,525 @@
/* limits.c */
extern void setup_limits (const struct passwd *);
---- shadow-4.0.12/lib/defines.h.audit 2005-08-09 16:40:05.000000000 +0000
-+++ shadow-4.0.12/lib/defines.h 2005-09-01 13:04:03.000000000 +0000
-@@ -331,4 +331,9 @@
- #define SHADOW_PASSWD_STRING "x"
- #endif
+--- shadow-4.0.12/config.h.in.audit 2005-08-11 18:31:43.000000000 +0200
++++ shadow-4.0.12/config.h.in 2005-09-20 14:21:01.000000000 +0200
+@@ -347,6 +347,9 @@
+ /* Version number of package */
+ #undef VERSION
-+#ifdef WITH_AUDIT
-+#include <libaudit.h>
-+#endif
-+
- #endif /* _DEFINES_H_ */
-+
---- shadow-4.0.12/libmisc/Makefile.am.audit 2005-07-07 08:42:13.000000000 +0000
-+++ shadow-4.0.12/libmisc/Makefile.am 2005-09-01 13:04:03.000000000 +0000
-@@ -24,6 +24,7 @@
- getdate.h \
- hushed.c \
- isexpired.c \
-+ audit_help.c \
- limits.c \
- list.c log.c \
- loginprompt.c \
---- /dev/null 2005-08-17 17:31:20.904387280 +0000
-+++ shadow-4.0.12/libmisc/audit_help.c 2005-09-01 13:04:03.000000000 +0000
-@@ -0,0 +1,77 @@
-+/*
-+ * Audit helper functions used throughout shadow-utils
-+ *
-+ * Copyright (C) 2005, Red Hat, Inc.
-+ *
-+ * Redistributable under the same terms as the other elements of
-+ * shadow-utils v4.0.3.
-+ */
++/* Define if you want to enable Audit messages */
++#undef WITH_AUDIT
+
-+#include <config.h>
+ /* Build shadow with SELinux support */
+ #undef WITH_SELINUX
+
+--- shadow-4.0.12/configure.in.audit 2005-08-10 19:47:31.000000000 +0200
++++ shadow-4.0.12/configure.in 2005-09-20 14:20:40.000000000 +0200
+@@ -211,6 +211,7 @@
+ [enable_shadowgrp="yes"]
+ )
+
++AC_ARG_WITH(libaudit, [ --with-audit try to use audit (default if found)])
+ AC_ARG_WITH(libcrack, [ --with-libcrack try to use libcrack (default if found)])
+ AC_ARG_WITH(libpam, [ --with-libpam use libpam for PAM support])
+ AC_ARG_WITH(selinux, [ --with-selinux use SELinux support])
+@@ -232,6 +233,18 @@
+ AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
+ [AC_MSG_ERROR([crypt() not found])])
+
++AC_SUBST(AUDIT)
++if test "$with_audit" != "no"; then
++ AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
++ if test "$audit_header" = "yes"; then
++ AC_CHECK_LIB(audit, audit_send_message_if_enabled,
++ [AC_DEFINE(WITH_AUDIT, 1, [Define if you want to enable Audit messages])
++ LIBAUDIT="-laudit"
++ AC_SUBST(LIBAUDIT)]
++ )
++ fi
++fi
+
+ AC_SUBST(LIBCRACK)
+ if test "$with_libcrack" = "yes"; then
+ echo "checking cracklib flavour, don't be surprised by the results"
+--- shadow-4.0.12/src/usermod.c.audit 2005-09-20 14:07:07.000000000 +0200
++++ shadow-4.0.12/src/usermod.c 2005-09-20 14:07:07.000000000 +0200
+@@ -84,12 +84,16 @@
+ static gid_t user_gid;
+ static gid_t user_newgid;
+ static char *user_comment;
++static char *user_newcomment; /* Audit */
+ static char *user_home;
+ static char *user_newhome;
+ static char *user_shell;
++static char *user_newshell; /* Audit */
+
+ static long user_expire;
++static long user_newexpire; /* Audit */
+ static long user_inactive;
++static long user_newinactive; /* Audit */
+ static long sys_ngroups;
+ static char **user_groups; /* NULL-terminated list */
+
+@@ -295,6 +299,7 @@
+ if (Lflg && pw_pass[0] != '!') {
+ char *buf = xmalloc (strlen (pw_pass) + 2);
+
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"updating passwd", user_newname,user_newid,0);
+ SYSLOG ((LOG_INFO, "lock user `%s' password", pw_name));
+ strcpy (buf, "!");
+ strcat (buf, pw_pass);
+@@ -302,6 +307,7 @@
+ } else if (Uflg && pw_pass[0] == '!') {
+ char *s;
+
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"updating password", user_newname,user_newid,0);
+ SYSLOG ((LOG_INFO, "unlock user `%s' password", pw_name));
+ s = pw_pass;
+ while (*s) {
+@@ -309,6 +315,7 @@
+ s++;
+ }
+ } else if (pflg) {
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"changing password", user_newname,user_newid,1);
+ SYSLOG ((LOG_INFO, "change user `%s' password", pw_name));
+ pw_pass = xstrdup (user_pass);
+ }
+@@ -325,6 +332,7 @@
+ static void new_pwent (struct passwd *pwent)
+ {
+ if (lflg) {
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"changing name", user_newname,user_newid,1);
+ SYSLOG ((LOG_INFO, "change user name `%s' to `%s'",
+ pwent->pw_name, user_newname));
+ pwent->pw_name = xstrdup (user_newname);
+@@ -334,31 +342,48 @@
+ new_pw_passwd (pwent->pw_passwd, pwent->pw_name);
+
+ if (uflg) {
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"changing uid", user_newname,user_newid,1);
+ SYSLOG ((LOG_INFO,
+ "change user `%s' UID from `%d' to `%d'",
+ pwent->pw_name, pwent->pw_uid, user_newid));
+ pwent->pw_uid = user_newid;
+ }
+ if (gflg) {
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"changing primary group", user_newname,user_newid,1);
+ SYSLOG ((LOG_INFO,
+ "change user `%s' GID from `%d' to `%d'",
+ pwent->pw_name, pwent->pw_gid, user_newgid));
+ pwent->pw_gid = user_newgid;
+ }
+- if (cflg)
++ if (cflg) {
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"changing comment", user_newname,user_newid,1);
[...2350 lines suppressed...]
+ }
+ if (!dflg) {
+@@ -1351,22 +1358,26 @@
+ {
+ if (!pw_lock ()) {
+ fprintf (stderr, _("%s: unable to lock password file\n"), Prog);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"locking password file", user_name,user_id, 0);
+ exit (E_PW_UPDATE);
}
- #ifdef SHADOWGRP
- if (is_shadowgrp && !sgr_update (&sgent)) {
- fprintf (stderr, _("%s: can't update shadow entry\n"), Prog);
- SYSLOG ((LOG_WARN, "cannot update /etc/gshadow"));
-+ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"updating /etc/gshadow", group,-1, 0);
- exit (1);
+ if (!pw_open (O_RDWR)) {
+ fprintf (stderr, _("%s: unable to open password file\n"), Prog);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"opening password file", user_name,user_id, 0);
+ pw_unlock ();
+ exit (E_PW_UPDATE);
}
- #endif
- if (!gr_close ()) {
- fprintf (stderr, _("%s: can't re-write file\n"), Prog);
- SYSLOG ((LOG_WARN, "cannot re-write /etc/group"));
-+ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"rewriting /etc/group", group,-1, 0);
- exit (1);
+ if (is_shadow_pwd && !spw_lock ()) {
+ fprintf (stderr,
+ _("%s: cannot lock shadow password file\n"), Prog);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"locking shadow password file", user_name,user_id, 0);
+ pw_unlock ();
+ exit (E_PW_UPDATE);
}
- #ifdef SHADOWGRP
- if (is_shadowgrp && !sgr_close ()) {
- fprintf (stderr, _("%s: can't re-write shadow file\n"), Prog);
- SYSLOG ((LOG_WARN, "cannot re-write /etc/gshadow"));
-+ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"rewriting /etc/gshadow", group,-1, 0);
- exit (1);
+ if (is_shadow_pwd && !spw_open (O_RDWR)) {
+ fprintf (stderr,
+ _("%s: cannot open shadow password file\n"), Prog);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"opening shadow password file", user_name,user_id, 0);
+ spw_unlock ();
+ pw_unlock ();
+ exit (E_PW_UPDATE);
+@@ -1569,9 +1580,12 @@
+ _
+ ("%s: error adding new shadow password entry\n"),
+ Prog);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"adding shadow password", user_name,user_id, 0);
+ exit (E_PW_UPDATE);
}
- if (is_shadowgrp)
-@@ -612,6 +654,7 @@
- #endif
- if (!gr_unlock ()) {
- fprintf (stderr, _("%s: can't unlock file\n"), Prog);
-+ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"unlocking group file", group,-1, 0);
- exit (1);
+
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"adding user", user_name, user_id, 1);
++
+ /*
+ * Do any group file updates for this user.
+ */
+@@ -1602,6 +1616,7 @@
+ chown (user_home, user_id, user_gid);
+ chmod (user_home, 0777 & ~getdef_num ("UMASK", 022));
+ home_added++;
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"adding home directory", user_name, user_id, 1);
}
+ }
---- shadow-4.0.12/config.h.in.audit 2005-08-11 16:31:43.000000000 +0000
-+++ shadow-4.0.12/config.h.in 2005-09-01 13:04:03.000000000 +0000
-@@ -93,6 +93,9 @@
- /* Defined if you have libcrack. */
- #undef HAVE_LIBCRACK
+@@ -1676,6 +1691,8 @@
+ struct passwd *pampw;
+ int retval;
+ #endif
++
++ audit_help_open();
-+/* Defined if you have libaudit */
-+#undef WITH_AUDIT
-+
- /* Defined if you have the ts&szs cracklib. */
- #undef HAVE_LIBCRACK_HIST
+ /*
+ * Get my name so that I can use it to report errors.
+@@ -1765,6 +1782,7 @@
+
+ if (getpwnam (user_name)) {
+ fprintf (stderr, _("%s: user %s exists\n"), Prog, user_name);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"adding user", user_name,-1, 0);
+ exit (E_NAME_IN_USE);
+ }
+@@ -1780,6 +1798,7 @@
+ _
+ ("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
+ Prog, user_name);
++ audit_logger(AUDIT_USER_CHAUTHTOK,Prog,"adding group", user_name,-1, 0);
+ exit (E_NAME_IN_USE);
+ }
+ }
+--- shadow-4.0.12/libmisc/Makefile.am.audit 2005-07-07 10:42:13.000000000 +0200
++++ shadow-4.0.12/libmisc/Makefile.am 2005-09-20 14:07:07.000000000 +0200
+@@ -24,6 +24,7 @@
+ getdate.h \
+ hushed.c \
+ isexpired.c \
++ audit_help.c \
+ limits.c \
+ list.c log.c \
+ loginprompt.c \
+--- shadow-4.0.12/libmisc/audit_help.c.audit 2005-09-20 14:07:07.000000000 +0200
++++ shadow-4.0.12/libmisc/audit_help.c 2005-09-20 14:07:07.000000000 +0200
+@@ -0,0 +1,77 @@
++/*
++ * Audit helper functions used throughout shadow-utils
++ *
++ * Copyright (C) 2005, Red Hat, Inc.
++ *
++ * Redistributable under the same terms as the other elements of
++ * shadow-utils v4.0.3.
++ */
++
++#include <config.h>
++
++#ifdef WITH_AUDIT
++#include <stdlib.h>
++#include <syslog.h>
++#include <stdarg.h>
++#include <libaudit.h>
++#include <errno.h>
++#include <stdio.h>
++int audit_fd;
++#endif
++
++void audit_help_open(void)
++{
++#ifdef WITH_AUDIT
++ audit_fd = audit_open();
++ if (audit_fd < 0) {
++ /* You get these only when the kernel doesn't have
++ * audit compiled in. */
++ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
++ errno == EAFNOSUPPORT)
++ return;
++ fprintf(stderr, "Cannot open audit interface - aborting.\n");
++ exit(1);
++ }
++#endif
++}
++
++/*
++ * This function will log a message to the audit system using a predefined
++ * message format. Parameter usage is as follows:
++ *
++ * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account
++ * attributes.
++ * pgname - program's name
++ * op - operation. "adding user", "changing finger info", "deleting group"
++ * name - user's account or group name. If not available use NULL.
++ * id - uid or gid that the operation is being performed on. This is used
++ * only when user is NULL.
++ * result - 1 is "success" and 0 is "failed"
++ */
++void audit_logger(int type, const char *pgname, const char *op,
++ const char *name, unsigned int id, int result)
++{
++#ifdef WITH_AUDIT
++ if (audit_fd < 0)
++ return;
++ else {
++ char buf[PATH_MAX];
++ const char *success;
++
++ if (result)
++ success = "success";
++ else
++ success = "failed";
++
++ if (name)
++ snprintf(buf, sizeof(buf), "%s: op=%s acct=%s res=%s",
++ pgname, op, name, success);
++ else
++ snprintf(buf, sizeof(buf), "%s: op=%s id=%u res=%s",
++ pgname, op, id, success);
++
++ audit_send_user_message(audit_fd, type, buf);
++ }
++#endif
++}
++
Index: shadow-utils.spec
===================================================================
RCS file: /cvs/dist/rpms/shadow-utils/devel/shadow-utils.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- shadow-utils.spec 1 Sep 2005 11:46:33 -0000 1.57
+++ shadow-utils.spec 20 Sep 2005 12:48:57 -0000 1.58
@@ -7,7 +7,7 @@
Summary: Utilities for managing accounts and shadow password files.
Name: shadow-utils
Version: 4.0.12
-Release: 2
+Release: 3
Epoch: 2
URL: http://shadow.pld.org.pl/
Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@@ -154,8 +154,6 @@
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/limits.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.access.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.access.*
-rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.defs.*
-rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.defs.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.*
rm $RPM_BUILD_ROOT/%{_mandir}/man5/porttime.*
@@ -208,6 +206,8 @@
%{_mandir}/*/man3/getspnam.3*
%{_mandir}/man5/shadow.5*
%{_mandir}/*/man5/shadow.5*
+%{_mandir}/man5/login.defs.5*
+%{_mandir}/*/man5/login.defs.5*
%{_mandir}/man5/gshadow.5*
%{_mandir}/man5/faillog.5*
%{_mandir}/*/man5/faillog.5*
@@ -233,6 +233,10 @@
%{_mandir}/*/man8/faillog.8*
%changelog
+* Tue Sep 20 2005 Peter Vrabec <pvrabec at redhat.com> 2:4.0.12-3
+- provide login.defs man page
+- adjust audit patch
+
* Tue Aug 30 2005 Peter Vrabec <pvrabec at redhat.com> 2:4.0.12-2
- audit support
More information about the fedora-cvs-commits
mailing list