diff --git a/shadow-4.9-audit-update.patch b/shadow-4.11.1-audit-update.patch similarity index 84% rename from shadow-4.9-audit-update.patch rename to shadow-4.11.1-audit-update.patch index 99513ef..65acae0 100644 --- a/shadow-4.9-audit-update.patch +++ b/shadow-4.11.1-audit-update.patch @@ -1,16 +1,16 @@ -diff -up shadow-4.8.1/libmisc/audit_help.c.audit-update shadow-4.8.1/libmisc/audit_help.c ---- shadow-4.8.1/libmisc/audit_help.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/libmisc/audit_help.c 2020-03-17 16:53:44.371943299 +0100 -@@ -68,7 +68,7 @@ void audit_help_open (void) +diff -up shadow-4.11.1/libmisc/audit_help.c.audit-update shadow-4.11.1/libmisc/audit_help.c +--- shadow-4.11.1/libmisc/audit_help.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/libmisc/audit_help.c 2022-01-03 15:15:38.946046192 +0100 +@@ -46,7 +46,7 @@ void audit_help_open (void) * This function will log a message to the audit system using a predefined * message format. Parameter usage is as follows: * -- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account -+ * type - type of message: AUDIT_USER_MGMT for changing any account +- * type - type of message: AUDIT_USER_CHAUTHTOK for changing any account ++ * type - type of message: AUDIT_USER_MGMT for changing any account * attributes. * pgname - program's name * op - operation. "adding user", "changing finger info", "deleting group" -@@ -88,6 +88,39 @@ void audit_logger (int type, unused cons +@@ -66,6 +66,39 @@ void audit_logger (int type, unused cons } } @@ -50,71 +50,71 @@ diff -up shadow-4.8.1/libmisc/audit_help.c.audit-update shadow-4.8.1/libmisc/aud void audit_logger_message (const char *message, shadow_audit_result result) { if (audit_fd < 0) { -diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/cleanup_group.c ---- shadow-4.8.1/libmisc/cleanup_group.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/libmisc/cleanup_group.c 2020-03-17 16:53:44.371943299 +0100 -@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle +diff -up shadow-4.11.1/libmisc/cleanup_group.c.audit-update shadow-4.11.1/libmisc/cleanup_group.c +--- shadow-4.11.1/libmisc/cleanup_group.c.audit-update 2022-01-03 14:57:01.777006776 +0100 ++++ shadow-4.11.1/libmisc/cleanup_group.c 2022-01-03 15:22:27.438770608 +0100 +@@ -61,7 +61,7 @@ void cleanup_report_mod_group (void *cle gr_dbname (), info->action)); #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_ACCT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, Prog, +- audit_logger (AUDIT_USER_ACCT, log_get_progname(), ++ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -101,7 +101,7 @@ void cleanup_report_mod_gshadow (void *c +@@ -79,7 +79,7 @@ void cleanup_report_mod_gshadow (void *c sgr_dbname (), info->action)); #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_ACCT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, Prog, +- audit_logger (AUDIT_USER_ACCT, log_get_progname(), ++ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -122,7 +122,7 @@ void cleanup_report_add_group_group (voi +@@ -100,7 +100,7 @@ void cleanup_report_add_group_group (voi SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ())); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_GROUP, Prog, + audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "adding group to /etc/group", + "adding-group", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -141,8 +141,8 @@ void cleanup_report_add_group_gshadow (v +@@ -119,8 +119,8 @@ void cleanup_report_add_group_gshadow (v SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ())); #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_GROUP, Prog, +- audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "adding group to /etc/gshadow", -+ audit_logger (AUDIT_GRP_MGMT, Prog, ++ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), + "adding-shadow-group", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -164,8 +164,8 @@ void cleanup_report_del_group_group (voi +@@ -142,8 +142,8 @@ void cleanup_report_del_group_group (voi "failed to remove group %s from %s", name, gr_dbname ())); #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_GROUP, Prog, +- audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "removing group from /etc/group", -+ audit_logger (AUDIT_DEL_GROUP, Prog, ++ audit_logger (AUDIT_DEL_GROUP, log_get_progname(), + "removing-group", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -187,8 +187,8 @@ void cleanup_report_del_group_gshadow (v +@@ -165,8 +165,8 @@ void cleanup_report_del_group_gshadow (v "failed to remove group %s from %s", name, sgr_dbname ())); #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_GROUP, Prog, +- audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "removing group from /etc/gshadow", -+ audit_logger (AUDIT_GRP_MGMT, Prog, ++ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), + "removing-shadow-group", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -208,7 +208,7 @@ void cleanup_unlock_group (unused void * - Prog, gr_dbname ()); +@@ -186,7 +186,7 @@ void cleanup_unlock_group (unused void * + log_get_progname(), gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); #ifdef WITH_AUDIT - audit_logger_message ("unlocking group file", @@ -122,8 +122,8 @@ diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/ SHADOW_AUDIT_FAILURE); #endif } -@@ -228,7 +228,7 @@ void cleanup_unlock_gshadow (unused void - Prog, sgr_dbname ()); +@@ -206,7 +206,7 @@ void cleanup_unlock_gshadow (unused void + log_get_progname(), sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); #ifdef WITH_AUDIT - audit_logger_message ("unlocking gshadow file", @@ -131,40 +131,40 @@ diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/ SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/cleanup_user.c ---- shadow-4.8.1/libmisc/cleanup_user.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/libmisc/cleanup_user.c 2020-03-17 16:53:44.371943299 +0100 -@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl +diff -up shadow-4.11.1/libmisc/cleanup_user.c.audit-update shadow-4.11.1/libmisc/cleanup_user.c +--- shadow-4.11.1/libmisc/cleanup_user.c.audit-update 2022-01-03 14:57:01.777006776 +0100 ++++ shadow-4.11.1/libmisc/cleanup_user.c 2022-01-03 15:21:22.593338130 +0100 +@@ -43,7 +43,7 @@ void cleanup_report_mod_passwd (void *cl pw_dbname (), info->action)); #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_ACCT, Prog, -+ audit_logger (AUDIT_USER_MGMT, Prog, +- audit_logger (AUDIT_USER_ACCT, log_get_progname(), ++ audit_logger (AUDIT_USER_MGMT, log_get_progname(), info->audit_msg, info->name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); -@@ -86,7 +86,7 @@ void cleanup_report_add_user_passwd (voi +@@ -64,7 +64,7 @@ void cleanup_report_add_user_passwd (voi SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ())); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, + audit_logger (AUDIT_ADD_USER, log_get_progname(), - "adding user to /etc/passwd", + "adding-user", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -105,8 +105,8 @@ void cleanup_report_add_user_shadow (voi +@@ -83,8 +83,8 @@ void cleanup_report_add_user_shadow (voi SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ())); #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, +- audit_logger (AUDIT_ADD_USER, log_get_progname(), - "adding user to /etc/shadow", -+ audit_logger (AUDIT_USER_MGMT, Prog, ++ audit_logger (AUDIT_USER_MGMT, log_get_progname(), + "adding-shadow-user", name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -125,7 +125,7 @@ void cleanup_unlock_passwd (unused void - Prog, pw_dbname ()); +@@ -103,7 +103,7 @@ void cleanup_unlock_passwd (unused void + log_get_progname(), pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT - audit_logger_message ("unlocking passwd file", @@ -172,8 +172,8 @@ diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/c SHADOW_AUDIT_FAILURE); #endif } -@@ -144,7 +144,7 @@ void cleanup_unlock_shadow (unused void - Prog, spw_dbname ()); +@@ -122,7 +122,7 @@ void cleanup_unlock_shadow (unused void + log_get_progname(), spw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT - audit_logger_message ("unlocking shadow file", @@ -181,10 +181,10 @@ diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/c SHADOW_AUDIT_FAILURE); #endif } -diff -up shadow-4.8.1/lib/prototypes.h.audit-update shadow-4.8.1/lib/prototypes.h ---- shadow-4.8.1/lib/prototypes.h.audit-update 2020-03-17 16:53:44.364943206 +0100 -+++ shadow-4.8.1/lib/prototypes.h 2020-03-17 16:53:44.371943299 +0100 -@@ -219,12 +219,21 @@ extern int audit_fd; +diff -up shadow-4.11.1/lib/prototypes.h.audit-update shadow-4.11.1/lib/prototypes.h +--- shadow-4.11.1/lib/prototypes.h.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/lib/prototypes.h 2022-01-03 14:57:01.777006776 +0100 +@@ -197,12 +197,21 @@ extern int audit_fd; extern void audit_help_open (void); /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */ #define AUDIT_NO_ID ((unsigned int) -1) @@ -206,10 +206,10 @@ diff -up shadow-4.8.1/lib/prototypes.h.audit-update shadow-4.8.1/lib/prototypes. void audit_logger_message (const char *message, shadow_audit_result result); #endif -diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c ---- shadow-4.8.1/src/chage.c.audit-update 2019-11-12 01:18:25.000000000 +0100 -+++ shadow-4.8.1/src/chage.c 2020-03-17 16:53:44.371943299 +0100 -@@ -123,9 +123,10 @@ static /*@noreturn@*/void fail_exit (int +diff -up shadow-4.11.1/src/chage.c.audit-update shadow-4.11.1/src/chage.c +--- shadow-4.11.1/src/chage.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/chage.c 2022-01-03 14:57:01.777006776 +0100 +@@ -100,9 +100,10 @@ static /*@noreturn@*/void fail_exit (int #ifdef WITH_AUDIT if (E_SUCCESS != code) { @@ -223,7 +223,7 @@ diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c } #endif -@@ -883,11 +884,7 @@ int main (int argc, char **argv) +@@ -837,11 +838,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Permission denied.\n"), Prog); fail_exit (E_NOPERM); } @@ -236,7 +236,7 @@ diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c list_fields (); fail_exit (E_SUCCESS); } -@@ -906,41 +903,43 @@ int main (int argc, char **argv) +@@ -860,41 +857,43 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT else { @@ -296,10 +296,10 @@ diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c user_name, (unsigned int) user_uid, 1); } #endif -diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c ---- shadow-4.8.1/src/gpasswd.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/src/gpasswd.c 2020-03-17 16:53:44.371943299 +0100 -@@ -138,7 +138,7 @@ static void usage (int status) +diff -up shadow-4.11.1/src/gpasswd.c.audit-update shadow-4.11.1/src/gpasswd.c +--- shadow-4.11.1/src/gpasswd.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/gpasswd.c 2022-01-03 14:57:01.778006782 +0100 +@@ -116,7 +116,7 @@ static void usage (int status) (void) fputs (_(" -d, --delete USER remove USER from GROUP\n"), usageout); (void) fputs (_(" -h, --help display this help message and exit\n"), usageout); (void) fputs (_(" -Q, --root CHROOT_DIR directory to chroot into\n"), usageout); @@ -308,7 +308,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c (void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout); (void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout); #ifdef SHADOWGRP -@@ -397,21 +397,14 @@ static void open_files (void) +@@ -375,21 +375,14 @@ static void open_files (void) static void log_gpasswd_failure (const char *suffix) { @@ -333,7 +333,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (dflg) { -@@ -419,13 +412,9 @@ static void log_gpasswd_failure (const c +@@ -397,13 +390,9 @@ static void log_gpasswd_failure (const c "%s failed to remove user %s from group %s%s", myname, user, group, suffix)); #ifdef WITH_AUDIT @@ -350,7 +350,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (rflg) { -@@ -433,13 +422,9 @@ static void log_gpasswd_failure (const c +@@ -411,13 +400,9 @@ static void log_gpasswd_failure (const c "%s failed to remove password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -367,7 +367,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Rflg) { -@@ -447,13 +432,9 @@ static void log_gpasswd_failure (const c +@@ -425,13 +410,9 @@ static void log_gpasswd_failure (const c "%s failed to restrict access to group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -384,7 +384,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } else if (Aflg || Mflg) { -@@ -463,13 +444,9 @@ static void log_gpasswd_failure (const c +@@ -441,13 +422,9 @@ static void log_gpasswd_failure (const c "%s failed to set the administrators of group %s to %s%s", myname, group, admins, suffix)); #ifdef WITH_AUDIT @@ -401,7 +401,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -479,13 +456,9 @@ static void log_gpasswd_failure (const c +@@ -457,13 +434,9 @@ static void log_gpasswd_failure (const c "%s failed to set the members of group %s to %s%s", myname, group, members, suffix)); #ifdef WITH_AUDIT @@ -418,7 +418,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -494,13 +467,9 @@ static void log_gpasswd_failure (const c +@@ -472,13 +445,9 @@ static void log_gpasswd_failure (const c "%s failed to change password of group %s%s", myname, group, suffix)); #ifdef WITH_AUDIT @@ -435,7 +435,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_FAILURE); #endif } -@@ -531,21 +500,14 @@ static void log_gpasswd_failure_gshadow +@@ -509,21 +478,14 @@ static void log_gpasswd_failure_gshadow static void log_gpasswd_success (const char *suffix) { @@ -460,7 +460,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (dflg) { -@@ -553,13 +515,9 @@ static void log_gpasswd_success (const c +@@ -531,13 +493,9 @@ static void log_gpasswd_success (const c "user %s removed by %s from group %s%s", user, myname, group, suffix)); #ifdef WITH_AUDIT @@ -477,7 +477,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (rflg) { -@@ -567,13 +525,9 @@ static void log_gpasswd_success (const c +@@ -545,13 +503,9 @@ static void log_gpasswd_success (const c "password of group %s removed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -494,7 +494,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Rflg) { -@@ -581,13 +535,9 @@ static void log_gpasswd_success (const c +@@ -559,13 +513,9 @@ static void log_gpasswd_success (const c "access to group %s restricted by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -511,7 +511,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } else if (Aflg || Mflg) { -@@ -597,13 +547,9 @@ static void log_gpasswd_success (const c +@@ -575,13 +525,9 @@ static void log_gpasswd_success (const c "administrators of group %s set by %s to %s%s", group, myname, admins, suffix)); #ifdef WITH_AUDIT @@ -528,7 +528,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -613,13 +559,9 @@ static void log_gpasswd_success (const c +@@ -591,13 +537,9 @@ static void log_gpasswd_success (const c "members of group %s set by %s to %s%s", group, myname, members, suffix)); #ifdef WITH_AUDIT @@ -545,7 +545,7 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -@@ -628,13 +570,9 @@ static void log_gpasswd_success (const c +@@ -606,13 +548,9 @@ static void log_gpasswd_success (const c "password of group %s changed by %s%s", group, myname, suffix)); #ifdef WITH_AUDIT @@ -562,10 +562,10 @@ diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c SHADOW_AUDIT_SUCCESS); #endif } -diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c ---- shadow-4.8.1/src/groupadd.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/src/groupadd.c 2020-03-17 16:53:44.372943312 +0100 -@@ -131,6 +131,15 @@ static /*@noreturn@*/void usage (int sta +diff -up shadow-4.11.1/src/groupadd.c.audit-update shadow-4.11.1/src/groupadd.c +--- shadow-4.11.1/src/groupadd.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/groupadd.c 2022-01-03 14:57:01.778006782 +0100 +@@ -111,6 +111,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -581,7 +581,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c /* * new_grent - initialize the values in a group file entry * -@@ -214,7 +223,7 @@ static void grp_update (void) +@@ -207,7 +216,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), grp.gr_name); @@ -590,7 +590,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } #ifdef SHADOWGRP /* -@@ -224,7 +233,7 @@ static void grp_update (void) +@@ -217,7 +226,7 @@ static void grp_update (void) fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), sgrp.sg_name); @@ -599,7 +599,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } #endif /* SHADOWGRP */ } -@@ -248,7 +257,7 @@ static void check_new_name (void) +@@ -241,7 +250,7 @@ static void check_new_name (void) fprintf (stderr, _("%s: '%s' is not a valid group name\n"), Prog, group_name); @@ -608,7 +608,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } /* -@@ -264,11 +273,11 @@ static void close_files (void) +@@ -257,11 +266,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -622,7 +622,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -286,11 +295,11 @@ static void close_files (void) +@@ -279,11 +288,11 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -637,7 +637,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -304,12 +313,6 @@ static void close_files (void) +@@ -297,12 +306,6 @@ static void close_files (void) #endif /* SHADOWGRP */ /* Report success at the system level */ @@ -650,7 +650,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", group_name, (unsigned int) group_id)); del_cleanup (cleanup_report_add_group); -@@ -327,7 +330,7 @@ static void open_files (void) +@@ -320,7 +323,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -659,7 +659,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } add_cleanup (cleanup_unlock_group, NULL); -@@ -337,7 +340,7 @@ static void open_files (void) +@@ -330,7 +333,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -668,7 +668,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -353,7 +356,7 @@ static void open_files (void) +@@ -346,7 +349,7 @@ static void open_files (void) if (gr_open (O_CREAT | O_RDWR) == 0) { fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); @@ -677,7 +677,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } #ifdef SHADOWGRP -@@ -363,7 +366,7 @@ static void open_files (void) +@@ -356,7 +359,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); @@ -686,7 +686,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } } #endif /* SHADOWGRP */ -@@ -496,7 +499,7 @@ static void check_flags (void) +@@ -493,7 +496,7 @@ static void check_flags (void) fprintf (stderr, _("%s: group '%s' already exists\n"), Prog, group_name); @@ -695,7 +695,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } if (gflg && (prefix_getgrgid (group_id) != NULL)) { -@@ -515,7 +518,7 @@ static void check_flags (void) +@@ -512,7 +515,7 @@ static void check_flags (void) fprintf (stderr, _("%s: GID '%lu' already exists\n"), Prog, (unsigned long int) group_id); @@ -704,7 +704,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } } } -@@ -543,7 +546,7 @@ static void check_perms (void) +@@ -540,7 +543,7 @@ static void check_perms (void) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -713,7 +713,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } retval = pam_start ("groupadd", pampw->pw_name, &conv, &pamh); -@@ -563,7 +566,7 @@ static void check_perms (void) +@@ -560,7 +563,7 @@ static void check_perms (void) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -722,7 +722,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -596,7 +599,7 @@ int main (int argc, char **argv) +@@ -595,7 +598,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -731,7 +731,7 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } /* -@@ -618,7 +621,7 @@ int main (int argc, char **argv) +@@ -617,7 +620,7 @@ int main (int argc, char **argv) if (!gflg) { if (find_new_gid (rflg, &group_id, NULL) < 0) { @@ -740,10 +740,10 @@ diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c } } -diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c ---- shadow-4.8.1/src/groupdel.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/src/groupdel.c 2020-03-17 16:53:44.372943312 +0100 -@@ -106,6 +106,15 @@ static /*@noreturn@*/void usage (int sta +diff -up shadow-4.11.1/src/groupdel.c.audit-update shadow-4.11.1/src/groupdel.c +--- shadow-4.11.1/src/groupdel.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/groupdel.c 2022-01-03 14:57:01.778006782 +0100 +@@ -84,6 +84,15 @@ static /*@noreturn@*/void usage (int sta exit (status); } @@ -759,7 +759,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c /* * grp_update - update group file entries * -@@ -132,7 +141,7 @@ static void grp_update (void) +@@ -110,7 +119,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, gr_dbname ()); @@ -768,7 +768,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } #ifdef SHADOWGRP -@@ -144,7 +153,7 @@ static void grp_update (void) +@@ -122,7 +131,7 @@ static void grp_update (void) fprintf (stderr, _("%s: cannot remove entry '%s' from %s\n"), Prog, group_name, sgr_dbname ()); @@ -777,7 +777,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -163,12 +172,12 @@ static void close_files (void) +@@ -141,12 +150,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, gr_dbname ()); @@ -792,7 +792,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -188,12 +197,12 @@ static void close_files (void) +@@ -166,12 +175,12 @@ static void close_files (void) fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sgr_dbname ()); @@ -808,7 +808,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c group_name, (unsigned int) group_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -207,13 +216,6 @@ static void close_files (void) +@@ -185,13 +194,6 @@ static void close_files (void) } #endif /* SHADOWGRP */ @@ -822,7 +822,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name)); del_cleanup (cleanup_report_del_group); } -@@ -230,7 +232,7 @@ static void open_files (void) +@@ -208,7 +210,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -831,7 +831,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } add_cleanup (cleanup_unlock_group, NULL); #ifdef SHADOWGRP -@@ -239,7 +241,7 @@ static void open_files (void) +@@ -217,7 +219,7 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -840,7 +840,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } add_cleanup (cleanup_unlock_gshadow, NULL); } -@@ -257,7 +259,7 @@ static void open_files (void) +@@ -235,7 +237,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ())); @@ -849,7 +849,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } #ifdef SHADOWGRP if (is_shadow_grp) { -@@ -266,7 +268,7 @@ static void open_files (void) +@@ -244,7 +246,7 @@ static void open_files (void) _("%s: cannot open %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ())); @@ -858,7 +858,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } } #endif /* SHADOWGRP */ -@@ -307,7 +309,7 @@ static void group_busy (gid_t gid) +@@ -285,7 +287,7 @@ static void group_busy (gid_t gid) fprintf (stderr, _("%s: cannot remove the primary group of user '%s'\n"), Prog, pwd->pw_name); @@ -867,7 +867,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } /* -@@ -392,7 +394,7 @@ int main (int argc, char **argv) +@@ -373,7 +375,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot setup cleanup service.\n"), Prog); @@ -876,7 +876,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } process_flags (argc, argv); -@@ -406,7 +408,7 @@ int main (int argc, char **argv) +@@ -387,7 +389,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: Cannot determine your user name.\n"), Prog); @@ -885,7 +885,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh); -@@ -427,7 +429,7 @@ int main (int argc, char **argv) +@@ -408,7 +410,7 @@ int main (int argc, char **argv) if (NULL != pamh) { (void) pam_end (pamh, retval); } @@ -894,7 +894,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } (void) pam_end (pamh, retval); #endif /* USE_PAM */ -@@ -447,7 +449,7 @@ int main (int argc, char **argv) +@@ -428,7 +430,7 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group '%s' does not exist\n"), Prog, group_name); @@ -903,7 +903,7 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } group_id = grp->gr_gid; -@@ -471,7 +473,7 @@ int main (int argc, char **argv) +@@ -452,7 +454,7 @@ int main (int argc, char **argv) _("%s: %s is the NIS master\n"), Prog, nis_master); } @@ -912,10 +912,10 @@ diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c } #endif -diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c ---- shadow-4.8.1/src/groupmod.c.audit-update 2019-07-23 17:26:08.000000000 +0200 -+++ shadow-4.8.1/src/groupmod.c 2020-03-17 16:53:44.372943312 +0100 -@@ -450,7 +450,7 @@ static void close_files (void) +diff -up shadow-4.11.1/src/groupmod.c.audit-update shadow-4.11.1/src/groupmod.c +--- shadow-4.11.1/src/groupmod.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/groupmod.c 2022-01-03 14:57:01.778006782 +0100 +@@ -468,7 +468,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -924,7 +924,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c info_group.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -473,7 +473,14 @@ static void close_files (void) +@@ -491,7 +491,14 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -940,7 +940,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c info_gshadow.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -496,7 +503,7 @@ static void close_files (void) +@@ -514,7 +521,7 @@ static void close_files (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -949,7 +949,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c info_passwd.audit_msg, group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); -@@ -511,8 +518,8 @@ static void close_files (void) +@@ -529,8 +536,8 @@ static void close_files (void) } #ifdef WITH_AUDIT @@ -960,7 +960,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c group_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -524,6 +531,8 @@ static void close_files (void) +@@ -542,6 +549,8 @@ static void close_files (void) */ static void prepare_failure_reports (void) { @@ -969,7 +969,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c info_group.name = group_name; #ifdef SHADOWGRP info_gshadow.name = group_name; -@@ -536,76 +545,109 @@ static void prepare_failure_reports (voi +@@ -554,76 +563,109 @@ static void prepare_failure_reports (voi #endif info_passwd.audit_msg = xmalloc (512); @@ -1106,7 +1106,7 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c "%lu", (unsigned long int) group_newid); } info_group.audit_msg[511] = '\0'; -@@ -613,6 +655,11 @@ static void prepare_failure_reports (voi +@@ -631,6 +673,11 @@ static void prepare_failure_reports (voi info_gshadow.audit_msg[511] = '\0'; #endif info_passwd.audit_msg[511] = '\0'; @@ -1118,10 +1118,10 @@ diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c // FIXME: add a system cleanup add_cleanup (cleanup_report_mod_group, &info_group); -diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c ---- shadow-4.8.1/src/newgrp.c.audit-update 2020-01-12 15:19:28.000000000 +0100 -+++ shadow-4.8.1/src/newgrp.c 2020-03-17 16:53:44.372943312 +0100 -@@ -206,11 +206,12 @@ static void check_perms (const struct gr +diff -up shadow-4.11.1/src/newgrp.c.audit-update shadow-4.11.1/src/newgrp.c +--- shadow-4.11.1/src/newgrp.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/newgrp.c 2022-01-03 15:25:39.407050922 +0100 +@@ -185,11 +185,12 @@ static void check_perms (const struct gr strcmp (cpasswd, grp->gr_passwd) != 0) { #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1136,7 +1136,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif SYSLOG ((LOG_INFO, "Invalid password for group '%s' from '%s'", -@@ -221,11 +222,12 @@ static void check_perms (const struct gr +@@ -200,11 +201,12 @@ static void check_perms (const struct gr } #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1151,7 +1151,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif } -@@ -236,19 +238,6 @@ failure: +@@ -215,19 +217,6 @@ failure: * harm. -- JWP */ closelog (); @@ -1171,7 +1171,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c exit (EXIT_FAILURE); } -@@ -320,15 +309,27 @@ static void syslog_sg (const char *name, +@@ -299,15 +288,27 @@ static void syslog_sg (const char *name, is_newgrp ? "newgrp" : "sg", strerror (errno)); #ifdef WITH_AUDIT if (group) { @@ -1203,7 +1203,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -458,7 +459,7 @@ int main (int argc, char **argv) +@@ -438,7 +439,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT audit_logger (AUDIT_CHGRP_ID, Prog, "changing", NULL, @@ -1212,7 +1212,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", (unsigned long) getuid ())); -@@ -574,15 +575,26 @@ int main (int argc, char **argv) +@@ -554,15 +555,26 @@ int main (int argc, char **argv) perror ("getgroups"); #ifdef WITH_AUDIT if (group) { @@ -1243,7 +1243,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -@@ -739,10 +751,10 @@ int main (int argc, char **argv) +@@ -719,10 +731,10 @@ int main (int argc, char **argv) perror ("setgid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1256,7 +1256,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -751,10 +763,10 @@ int main (int argc, char **argv) +@@ -731,10 +743,10 @@ int main (int argc, char **argv) perror ("setuid"); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1269,7 +1269,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif exit (EXIT_FAILURE); } -@@ -768,10 +780,10 @@ int main (int argc, char **argv) +@@ -748,10 +760,10 @@ int main (int argc, char **argv) execl (SHELL, "sh", "-c", command, (char *) 0); #ifdef WITH_AUDIT snprintf (audit_buf, sizeof(audit_buf), @@ -1282,7 +1282,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif perror (SHELL); exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC); -@@ -835,11 +847,11 @@ int main (int argc, char **argv) +@@ -815,11 +827,11 @@ int main (int argc, char **argv) } #ifdef WITH_AUDIT @@ -1296,7 +1296,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c #endif /* * Exec the login shell and go away. We are trying to get back to -@@ -863,15 +875,24 @@ int main (int argc, char **argv) +@@ -843,15 +855,24 @@ int main (int argc, char **argv) closelog (); #ifdef WITH_AUDIT if (NULL != group) { @@ -1313,7 +1313,7 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c + snprintf (audit_buf, sizeof(audit_buf), + "changing new_group=\"%s\"", group); + } - audit_logger (AUDIT_CHGRP_ID, Prog, + audit_logger (AUDIT_CHGRP_ID, Prog, audit_buf, NULL, - (unsigned int) getuid (), 0); + (unsigned int) getuid (), SHADOW_AUDIT_FAILURE); @@ -1325,10 +1325,10 @@ diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c } #endif exit (EXIT_FAILURE); -diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c ---- shadow-4.8.1/src/useradd.c.audit-update 2020-03-17 16:53:44.365943219 +0100 -+++ shadow-4.8.1/src/useradd.c 2020-03-17 17:03:11.614503929 +0100 -@@ -233,6 +233,8 @@ static void create_mail (void); +diff -up shadow-4.11.1/src/useradd.c.audit-update shadow-4.11.1/src/useradd.c +--- shadow-4.11.1/src/useradd.c.audit-update 2022-01-03 14:57:01.772006744 +0100 ++++ shadow-4.11.1/src/useradd.c 2022-01-03 14:57:01.787006838 +0100 +@@ -222,6 +222,8 @@ static void check_uid_range(int rflg, ui */ static void fail_exit (int code) { @@ -1337,7 +1337,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c if (home_added) { if (rmdir (prefix_user_home) != 0) { fprintf (stderr, -@@ -246,12 +248,6 @@ static void fail_exit (int code) +@@ -235,12 +237,6 @@ static void fail_exit (int code) if (spw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); @@ -1350,7 +1350,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c /* continue */ } } -@@ -259,12 +255,6 @@ static void fail_exit (int code) +@@ -248,12 +244,6 @@ static void fail_exit (int code) if (pw_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, pw_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); @@ -1363,7 +1363,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c /* continue */ } } -@@ -272,12 +262,6 @@ static void fail_exit (int code) +@@ -261,12 +251,6 @@ static void fail_exit (int code) if (gr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); @@ -1376,7 +1376,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c /* continue */ } } -@@ -286,12 +270,6 @@ static void fail_exit (int code) +@@ -275,12 +259,6 @@ static void fail_exit (int code) if (sgr_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); @@ -1389,7 +1389,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c /* continue */ } } -@@ -301,12 +279,6 @@ static void fail_exit (int code) +@@ -290,12 +268,6 @@ static void fail_exit (int code) if (sub_uid_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); @@ -1402,7 +1402,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c /* continue */ } } -@@ -314,20 +286,19 @@ static void fail_exit (int code) +@@ -303,20 +275,19 @@ static void fail_exit (int code) if (sub_gid_unlock () == 0) { fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); @@ -1430,7 +1430,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -692,7 +663,7 @@ static int set_defaults (void) +@@ -719,7 +690,7 @@ static int set_defaults (void) } #ifdef WITH_AUDIT audit_logger (AUDIT_USYS_CONFIG, Prog, @@ -1439,7 +1439,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c NULL, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -974,12 +945,6 @@ static void grp_update (void) +@@ -1050,12 +1021,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, gr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1452,7 +1452,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -993,18 +958,12 @@ static void grp_update (void) +@@ -1069,18 +1034,12 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, gr_dbname (), ngrp->gr_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", gr_dbname (), user_name)); @@ -1474,7 +1474,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1049,12 +1008,6 @@ static void grp_update (void) +@@ -1125,12 +1084,6 @@ static void grp_update (void) _("%s: Out of memory. Cannot update %s.\n"), Prog, sgr_dbname ()); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1487,7 +1487,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_GRP_UPDATE); /* XXX */ } -@@ -1068,18 +1021,13 @@ static void grp_update (void) +@@ -1144,18 +1097,13 @@ static void grp_update (void) _("%s: failed to prepare the new %s entry '%s'\n"), Prog, sgr_dbname (), nsgrp->sg_name); SYSLOG ((LOG_ERR, "failed to prepare the new %s entry '%s'", sgr_dbname (), user_name)); @@ -1510,7 +1510,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif SYSLOG ((LOG_INFO, -@@ -1452,7 +1400,7 @@ static void process_flags (int argc, cha +@@ -1528,7 +1476,7 @@ static void process_flags (int argc, cha Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1519,7 +1519,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1567,7 +1515,7 @@ static void close_files (void) +@@ -1637,7 +1585,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1528,7 +1528,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1580,7 +1528,7 @@ static void close_files (void) +@@ -1650,7 +1598,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1537,7 +1537,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1622,7 +1570,7 @@ static void close_files (void) +@@ -1667,7 +1615,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1546,7 +1546,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1636,7 +1584,7 @@ static void close_files (void) +@@ -1681,7 +1629,7 @@ static void close_files (void) SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_USER, Prog, @@ -1555,7 +1555,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1828,7 +1776,7 @@ static void grp_add (void) +@@ -1942,7 +1890,7 @@ static void grp_add (void) Prog, gr_dbname (), grp.gr_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1564,7 +1564,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1844,7 +1792,7 @@ static void grp_add (void) +@@ -1958,7 +1906,7 @@ static void grp_add (void) Prog, sgr_dbname (), sgrp.sg_name); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1573,7 +1573,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif -@@ -1854,7 +1802,7 @@ static void grp_add (void) +@@ -1968,7 +1916,7 @@ static void grp_add (void) SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid)); #ifdef WITH_AUDIT audit_logger (AUDIT_ADD_GROUP, Prog, @@ -1582,7 +1582,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c grp.gr_name, AUDIT_NO_ID, SHADOW_AUDIT_SUCCESS); #endif -@@ -2025,12 +1973,6 @@ static void usr_update (void) +@@ -2161,12 +2109,6 @@ static void usr_update (unsigned long su fprintf (stderr, _("%s: failed to prepare the new %s entry '%s'\n"), Prog, spw_dbname (), spent.sp_namp); @@ -1595,7 +1595,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_PW_UPDATE); } #ifdef ENABLE_SUBIDS -@@ -2051,9 +1993,14 @@ static void usr_update (void) +@@ -2187,9 +2129,14 @@ static void usr_update (unsigned long su #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT @@ -1612,7 +1612,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c SHADOW_AUDIT_SUCCESS); #endif /* -@@ -2140,12 +2087,6 @@ static void create_home (void) +@@ -2279,12 +2226,6 @@ static void create_home (void) fprintf (stderr, _("%s: cannot create directory %s\n"), Prog, path); @@ -1625,7 +1625,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_HOMEDIR); } if (chown (path, 0, 0) < 0) { -@@ -2168,8 +2109,8 @@ static void create_home (void) +@@ -2311,8 +2252,8 @@ static void create_home (void) } home_added = true; #ifdef WITH_AUDIT @@ -1636,7 +1636,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif -@@ -2354,12 +2295,6 @@ int main (int argc, char **argv) +@@ -2552,12 +2493,6 @@ int main (int argc, char **argv) */ if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */ fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name); @@ -1649,7 +1649,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_NAME_IN_USE); } -@@ -2375,12 +2310,6 @@ int main (int argc, char **argv) +@@ -2573,12 +2508,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: group %s exists - if you want to add this user to that group, use -g.\n"), Prog, user_name); @@ -1662,7 +1662,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_NAME_IN_USE); } } -@@ -2410,12 +2339,6 @@ int main (int argc, char **argv) +@@ -2608,12 +2537,6 @@ int main (int argc, char **argv) fprintf (stderr, _("%s: UID %lu is not unique\n"), Prog, (unsigned long) user_id); @@ -1675,7 +1675,7 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c fail_exit (E_UID_IN_USE); } } -@@ -2489,9 +2412,10 @@ int main (int argc, char **argv) +@@ -2688,9 +2611,10 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -1689,10 +1689,10 @@ diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c #endif /* WITH_AUDIT */ fail_exit (E_SE_UPDATE); } -diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c ---- shadow-4.8.1/src/userdel.c.audit-update 2020-03-17 16:53:44.368943259 +0100 -+++ shadow-4.8.1/src/userdel.c 2020-03-17 16:53:44.373943325 +0100 -@@ -222,9 +222,9 @@ static void update_groups (void) +diff -up shadow-4.11.1/src/userdel.c.audit-update shadow-4.11.1/src/userdel.c +--- shadow-4.11.1/src/userdel.c.audit-update 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/userdel.c 2022-01-03 14:57:01.787006838 +0100 +@@ -202,9 +202,9 @@ static void update_groups (void) * Update the DBM group file with the new entry as well. */ #ifdef WITH_AUDIT @@ -1705,7 +1705,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from group '%s'\n", -@@ -284,9 +284,9 @@ static void update_groups (void) +@@ -264,9 +264,9 @@ static void update_groups (void) exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1718,7 +1718,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'\n", -@@ -363,9 +363,9 @@ static void remove_usergroup (void) +@@ -343,9 +343,9 @@ static void remove_usergroup (void) } #ifdef WITH_AUDIT @@ -1731,7 +1731,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -381,9 +381,9 @@ static void remove_usergroup (void) +@@ -361,9 +361,9 @@ static void remove_usergroup (void) fail_exit (E_GRP_UPDATE); } #ifdef WITH_AUDIT @@ -1744,7 +1744,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ SYSLOG ((LOG_INFO, -@@ -545,7 +545,7 @@ static void fail_exit (int code) +@@ -525,7 +525,7 @@ static void fail_exit (int code) #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1753,7 +1753,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -565,24 +565,12 @@ static void open_files (void) +@@ -545,24 +545,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, pw_dbname ()); @@ -1778,7 +1778,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_PW_UPDATE); } if (is_shadow_pwd) { -@@ -590,12 +578,6 @@ static void open_files (void) +@@ -570,12 +558,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, spw_dbname ()); @@ -1791,7 +1791,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_PW_UPDATE); } spw_locked = true; -@@ -603,12 +585,6 @@ static void open_files (void) +@@ -583,12 +565,6 @@ static void open_files (void) fprintf (stderr, _("%s: cannot open %s\n"), Prog, spw_dbname ()); @@ -1804,7 +1804,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_PW_UPDATE); } } -@@ -616,23 +592,11 @@ static void open_files (void) +@@ -596,23 +572,11 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, gr_dbname ()); @@ -1828,7 +1828,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_GRP_UPDATE); } #ifdef SHADOWGRP -@@ -641,24 +605,12 @@ static void open_files (void) +@@ -621,24 +585,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sgr_dbname ()); @@ -1853,7 +1853,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_GRP_UPDATE); } } -@@ -669,24 +621,12 @@ static void open_files (void) +@@ -649,24 +601,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_uid_dbname ()); @@ -1878,7 +1878,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_SUB_UID_UPDATE); } } -@@ -695,24 +635,12 @@ static void open_files (void) +@@ -675,24 +615,12 @@ static void open_files (void) fprintf (stderr, _("%s: cannot lock %s; try again later.\n"), Prog, sub_gid_dbname ()); @@ -1903,7 +1903,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c fail_exit (E_SUB_GID_UPDATE); } } -@@ -757,7 +685,7 @@ static void update_user (void) +@@ -737,7 +665,7 @@ static void update_user (void) #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1912,7 +1912,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); #endif /* WITH_AUDIT */ -@@ -865,7 +793,7 @@ static int remove_mailbox (void) +@@ -845,7 +773,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1921,7 +1921,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -882,7 +810,7 @@ static int remove_mailbox (void) +@@ -862,7 +790,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1930,7 +1930,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -892,8 +820,8 @@ static int remove_mailbox (void) +@@ -872,8 +800,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1941,7 +1941,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -911,7 +839,7 @@ static int remove_mailbox (void) +@@ -891,7 +819,7 @@ static int remove_mailbox (void) mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1950,7 +1950,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -928,7 +856,7 @@ static int remove_mailbox (void) +@@ -908,7 +836,7 @@ static int remove_mailbox (void) SYSLOG ((LOG_ERR, "Cannot remove %s: %s", mailfile, strerror (errno))); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1959,7 +1959,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -938,8 +866,8 @@ static int remove_mailbox (void) +@@ -918,8 +846,8 @@ static int remove_mailbox (void) #ifdef WITH_AUDIT else { @@ -1970,7 +1970,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -1152,7 +1080,7 @@ int main (int argc, char **argv) +@@ -1138,7 +1066,7 @@ int main (int argc, char **argv) Prog, user_name); #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1979,7 +1979,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1208,7 +1136,7 @@ int main (int argc, char **argv) +@@ -1194,7 +1122,7 @@ int main (int argc, char **argv) if (!fflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_DEL_USER, Prog, @@ -1988,7 +1988,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -1302,8 +1230,8 @@ int main (int argc, char **argv) +@@ -1288,8 +1216,8 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT else { @@ -1999,7 +1999,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_SUCCESS); } -@@ -1312,7 +1240,7 @@ int main (int argc, char **argv) +@@ -1298,7 +1226,7 @@ int main (int argc, char **argv) #ifdef WITH_AUDIT if (0 != errors) { audit_logger (AUDIT_DEL_USER, Prog, @@ -2008,7 +2008,7 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); } -@@ -1325,8 +1253,8 @@ int main (int argc, char **argv) +@@ -1311,8 +1239,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2019,10 +2019,10 @@ diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c ---- shadow-4.8.1/src/usermod.c.audit-update 2020-03-17 16:53:44.370943285 +0100 -+++ shadow-4.8.1/src/usermod.c 2020-03-17 16:53:44.373943325 +0100 -@@ -457,8 +457,8 @@ static char *new_pw_passwd (char *pw_pas +diff -up shadow-4.11.1/src/usermod.c.audit-update shadow-4.11.1/src/usermod.c +--- shadow-4.11.1/src/usermod.c.audit-update 2022-01-03 14:57:01.776006769 +0100 ++++ shadow-4.11.1/src/usermod.c 2022-01-03 15:28:16.959101706 +0100 +@@ -417,8 +417,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2033,7 +2033,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "lock user '%s' password", user_newname)); strcpy (buf, "!"); -@@ -477,8 +477,8 @@ static char *new_pw_passwd (char *pw_pas +@@ -437,8 +437,8 @@ static char *new_pw_passwd (char *pw_pas #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2044,7 +2044,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname)); s = pw_pass; -@@ -489,7 +489,7 @@ static char *new_pw_passwd (char *pw_pas +@@ -449,7 +449,7 @@ static char *new_pw_passwd (char *pw_pas } else if (pflg) { #ifdef WITH_AUDIT audit_logger (AUDIT_USER_CHAUTHTOK, Prog, @@ -2053,7 +2053,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, "change user '%s' password", user_newname)); -@@ -518,8 +518,8 @@ static void new_pwent (struct passwd *pw +@@ -478,8 +478,8 @@ static void new_pwent (struct passwd *pw fail_exit (E_NAME_IN_USE); } #ifdef WITH_AUDIT @@ -2064,7 +2064,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -539,8 +539,8 @@ static void new_pwent (struct passwd *pw +@@ -499,8 +499,8 @@ static void new_pwent (struct passwd *pw if (uflg) { #ifdef WITH_AUDIT @@ -2075,7 +2075,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -550,8 +550,8 @@ static void new_pwent (struct passwd *pw +@@ -510,8 +510,8 @@ static void new_pwent (struct passwd *pw } if (gflg) { #ifdef WITH_AUDIT @@ -2086,7 +2086,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -561,8 +561,8 @@ static void new_pwent (struct passwd *pw +@@ -521,8 +521,8 @@ static void new_pwent (struct passwd *pw } if (cflg) { #ifdef WITH_AUDIT @@ -2097,7 +2097,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif pwent->pw_gecos = user_newcomment; -@@ -570,8 +570,8 @@ static void new_pwent (struct passwd *pw +@@ -530,8 +530,8 @@ static void new_pwent (struct passwd *pw if (dflg) { #ifdef WITH_AUDIT @@ -2108,7 +2108,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -581,8 +581,8 @@ static void new_pwent (struct passwd *pw +@@ -547,8 +547,8 @@ static void new_pwent (struct passwd *pw } if (sflg) { #ifdef WITH_AUDIT @@ -2119,7 +2119,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -612,8 +612,8 @@ static void new_spent (struct spwd *spen +@@ -578,8 +578,8 @@ static void new_spent (struct spwd *spen if (fflg) { #ifdef WITH_AUDIT @@ -2130,9 +2130,9 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -629,8 +629,8 @@ static void new_spent (struct spwd *spen - date_to_str (old_exp, sizeof(old_exp), - user_expire * DAY); +@@ -593,8 +593,8 @@ static void new_spent (struct spwd *spen + date_to_str (sizeof(new_exp), new_exp, user_newexpire * DAY); + date_to_str (sizeof(old_exp), old_exp, user_expire * DAY); #ifdef WITH_AUDIT - audit_logger (AUDIT_USER_CHAUTHTOK, Prog, - "changing expiration date", @@ -2141,7 +2141,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif SYSLOG ((LOG_INFO, -@@ -713,9 +713,9 @@ static /*@noreturn@*/void fail_exit (int +@@ -677,9 +677,9 @@ static /*@noreturn@*/void fail_exit (int #endif /* ENABLE_SUBIDS */ #ifdef WITH_AUDIT @@ -2154,7 +2154,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif exit (code); } -@@ -769,9 +769,12 @@ static void update_group (void) +@@ -741,9 +741,12 @@ static void update_group (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2170,7 +2170,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in group '%s'", -@@ -785,9 +788,11 @@ static void update_group (void) +@@ -757,9 +760,11 @@ static void update_group (void) ngrp->gr_mem = del_list (ngrp->gr_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2185,7 +2185,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from group '%s'", -@@ -800,9 +805,11 @@ static void update_group (void) +@@ -772,9 +777,11 @@ static void update_group (void) ngrp->gr_mem = add_list (ngrp->gr_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2200,7 +2200,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to group '%s'", user_newname, ngrp->gr_name)); -@@ -877,9 +884,10 @@ static void update_gshadow (void) +@@ -859,9 +866,10 @@ static void update_gshadow (void) nsgrp->sg_adm = add_list (nsgrp->sg_adm, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2214,7 +2214,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change admin '%s' to '%s' in shadow group '%s'", -@@ -899,9 +907,10 @@ static void update_gshadow (void) +@@ -881,9 +889,10 @@ static void update_gshadow (void) user_newname); changed = true; #ifdef WITH_AUDIT @@ -2228,7 +2228,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "change '%s' to '%s' in shadow group '%s'", -@@ -915,9 +924,10 @@ static void update_gshadow (void) +@@ -897,9 +906,10 @@ static void update_gshadow (void) nsgrp->sg_mem = del_list (nsgrp->sg_mem, user_name); changed = true; #ifdef WITH_AUDIT @@ -2242,7 +2242,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "delete '%s' from shadow group '%s'", -@@ -930,9 +940,10 @@ static void update_gshadow (void) +@@ -912,9 +922,10 @@ static void update_gshadow (void) nsgrp->sg_mem = add_list (nsgrp->sg_mem, user_newname); changed = true; #ifdef WITH_AUDIT @@ -2256,7 +2256,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c #endif SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'", user_newname, nsgrp->sg_name)); -@@ -1799,8 +1810,8 @@ static void move_home (void) +@@ -1817,8 +1828,8 @@ static void move_home (void) #ifdef WITH_AUDIT if (uflg || gflg) { @@ -2267,7 +2267,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -1818,8 +1829,8 @@ static void move_home (void) +@@ -1836,8 +1847,8 @@ static void move_home (void) fail_exit (E_HOMEDIR); } #ifdef WITH_AUDIT @@ -2278,7 +2278,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); #endif -@@ -1847,9 +1858,9 @@ static void move_home (void) +@@ -1865,9 +1876,9 @@ static void move_home (void) Prog, prefix_user_home); } #ifdef WITH_AUDIT @@ -2290,7 +2290,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); -@@ -2071,8 +2082,8 @@ static void move_mailbox (void) +@@ -2085,8 +2096,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2301,7 +2301,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2098,8 +2109,8 @@ static void move_mailbox (void) +@@ -2112,8 +2123,8 @@ static void move_mailbox (void) } #ifdef WITH_AUDIT else { @@ -2312,7 +2312,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_newname, (unsigned int) user_newid, 1); } #endif -@@ -2294,8 +2305,8 @@ int main (int argc, char **argv) +@@ -2310,8 +2321,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"), Prog, user_name, user_selinux); #ifdef WITH_AUDIT @@ -2323,7 +2323,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2307,8 +2318,8 @@ int main (int argc, char **argv) +@@ -2323,8 +2334,8 @@ int main (int argc, char **argv) _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"), Prog, user_name); #ifdef WITH_AUDIT @@ -2334,7 +2334,7 @@ diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c user_name, (unsigned int) user_id, SHADOW_AUDIT_FAILURE); #endif /* WITH_AUDIT */ -@@ -2349,8 +2360,8 @@ int main (int argc, char **argv) +@@ -2365,8 +2376,8 @@ int main (int argc, char **argv) */ #ifdef WITH_AUDIT if (uflg || gflg) { diff --git a/shadow-4.11.1-null-tm.patch b/shadow-4.11.1-null-tm.patch new file mode 100644 index 0000000..b8d5fc8 --- /dev/null +++ b/shadow-4.11.1-null-tm.patch @@ -0,0 +1,22 @@ +diff -up shadow-4.11.1/src/chage.c.null-tm shadow-4.11.1/src/chage.c +diff -up shadow-4.11.1/src/lastlog.c.null-tm shadow-4.11.1/src/lastlog.c +--- shadow-4.11.1/src/lastlog.c.null-tm 2022-01-03 15:31:56.348555620 +0100 ++++ shadow-4.11.1/src/lastlog.c 2022-01-03 15:38:41.262229024 +0100 +@@ -151,9 +151,12 @@ static void print_one (/*@null@*/const s + + ll_time = ll.ll_time; + tm = localtime (&ll_time); +- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); +- cp = ptime; +- ++ if (tm == NULL) { ++ cp = "(unknown)"; ++ } else { ++ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); ++ cp = ptime; ++ } + if (ll.ll_time == (time_t) 0) { + cp = _("**Never logged in**\0"); + } +diff -up shadow-4.11.1/src/passwd.c.null-tm shadow-4.11.1/src/passwd.c +diff -up shadow-4.11.1/src/usermod.c.null-tm shadow-4.11.1/src/usermod.c diff --git a/shadow-4.9-redhat.patch b/shadow-4.11.1-redhat.patch similarity index 70% rename from shadow-4.9-redhat.patch rename to shadow-4.11.1-redhat.patch index 9dfb3e8..e5e6c60 100644 --- a/shadow-4.9-redhat.patch +++ b/shadow-4.11.1-redhat.patch @@ -1,7 +1,7 @@ -diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c ---- shadow-4.9/src/useradd.c.redhat 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/useradd.c 2021-08-02 11:45:11.942867250 +0200 -@@ -104,7 +104,7 @@ FILE *shadow_logfd = NULL; +diff -up shadow-4.11.1/src/useradd.c.redhat shadow-4.11.1/src/useradd.c +--- shadow-4.11.1/src/useradd.c.redhat 2022-01-03 01:46:53.000000000 +0100 ++++ shadow-4.11.1/src/useradd.c 2022-01-03 14:53:12.988484829 +0100 +@@ -82,7 +82,7 @@ const char *Prog; static gid_t def_group = 1000; static const char *def_gname = "other"; static const char *def_home = "/home"; @@ -9,8 +9,8 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c +static const char *def_shell = "/sbin/nologin"; static const char *def_template = SKEL_DIR; static const char *def_create_mail_spool = "yes"; - -@@ -114,7 +114,7 @@ static const char *def_expire = ""; + static const char *def_log_init = "yes"; +@@ -93,7 +93,7 @@ static const char *def_expire = ""; #define VALID(s) (strcspn (s, ":\n") == strlen (s)) static const char *user_name = ""; @@ -19,7 +19,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c static uid_t user_id; static gid_t user_gid; static const char *user_comment = ""; -@@ -1204,9 +1204,9 @@ static void process_flags (int argc, cha +@@ -1219,9 +1219,9 @@ static void process_flags (int argc, cha }; while ((c = getopt_long (argc, argv, #ifdef WITH_SELINUX @@ -31,7 +31,7 @@ diff -up shadow-4.9/src/useradd.c.redhat shadow-4.9/src/useradd.c #endif /* !WITH_SELINUX */ long_options, NULL)) != -1) { switch (c) { -@@ -1363,6 +1363,7 @@ static void process_flags (int argc, cha +@@ -1378,6 +1378,7 @@ static void process_flags (int argc, cha case 'M': Mflg = true; break; diff --git a/shadow-4.9-getsubids.patch b/shadow-4.9-getsubids.patch deleted file mode 100644 index b9f2449..0000000 --- a/shadow-4.9-getsubids.patch +++ /dev/null @@ -1,245 +0,0 @@ -diff -up shadow-4.9/man/getsubids.1.xml.getsubids shadow-4.9/man/getsubids.1.xml ---- shadow-4.9/man/getsubids.1.xml.getsubids 2021-11-18 16:27:33.951053120 +0100 -+++ shadow-4.9/man/getsubids.1.xml 2021-11-18 16:27:33.951053120 +0100 -@@ -0,0 +1,141 @@ -+ -+ -+ -+]> -+ -+ -+ -+ -+ Iker -+ Pedrosa -+ Creation, 2021 -+ -+ -+ -+ getsubids -+ 1 -+ User Commands -+ shadow-utils -+ &SHADOW_UTILS_VERSION; -+ -+ -+ getsubids -+ get the subordinate id ranges for a user -+ -+ -+ -+ -+ getsubids -+ -+ options -+ -+ -+ USER -+ -+ -+ -+ -+ -+ DESCRIPTION -+ -+ The getsubids command lists the subordinate user ID -+ ranges for a given user. The subordinate group IDs can be listed using -+ the option. -+ -+ -+ -+ -+ OPTIONS -+ -+ The options which apply to the getsubids command are: -+ -+ -+ -+ -+ -+ -+ -+ -+ List the subordinate group ID ranges. -+ -+ -+ -+ -+ -+ -+ -+ EXAMPLE -+ -+ For example, to obtain the subordinate UIDs of the testuser: -+ -+ -+ -+$ getsubids testuser -+0: testuser 100000 65536 -+ -+ -+ -+ This command output provides (in order from left to right) the list -+ index, username, UID range start, and number of UIDs in range. -+ -+ -+ -+ -+ SEE ALSO -+ -+ -+ login.defs5 -+ , -+ -+ newgidmap1 -+ , -+ -+ newuidmap1 -+ , -+ -+ subgid5 -+ , -+ -+ subuid5 -+ , -+ -+ useradd8 -+ , -+ -+ userdel8 -+ . -+ -+ usermod8 -+ , -+ -+ -+ -diff -up shadow-4.9/man/Makefile.am.getsubids shadow-4.9/man/Makefile.am ---- shadow-4.9/man/Makefile.am.getsubids 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/man/Makefile.am 2021-11-18 16:27:33.951053120 +0100 -@@ -62,6 +62,7 @@ man_MANS += $(man_nopam) - endif - - man_subids = \ -+ man1/getsubids.1 \ - man1/newgidmap.1 \ - man1/newuidmap.1 \ - man5/subgid.5 \ -@@ -80,6 +81,7 @@ man_XMANS = \ - expiry.1.xml \ - faillog.5.xml \ - faillog.8.xml \ -+ getsubids.1.xml \ - gpasswd.1.xml \ - groupadd.8.xml \ - groupdel.8.xml \ -diff -up shadow-4.9/src/getsubids.c.getsubids shadow-4.9/src/getsubids.c ---- shadow-4.9/src/getsubids.c.getsubids 2021-11-18 16:27:33.951053120 +0100 -+++ shadow-4.9/src/getsubids.c 2021-11-18 16:27:33.951053120 +0100 -@@ -0,0 +1,46 @@ -+#include -+#include -+#include -+#include "subid.h" -+#include "prototypes.h" -+ -+const char *Prog; -+FILE *shadow_logfd = NULL; -+ -+void usage(void) -+{ -+ fprintf(stderr, "Usage: %s [-g] user\n", Prog); -+ fprintf(stderr, " list subuid ranges for user\n"); -+ fprintf(stderr, " pass -g to list subgid ranges\n"); -+ exit(EXIT_FAILURE); -+} -+ -+int main(int argc, char *argv[]) -+{ -+ int i, count=0; -+ struct subid_range *ranges; -+ const char *owner; -+ -+ Prog = Basename (argv[0]); -+ shadow_logfd = stderr; -+ if (argc < 2) -+ usage(); -+ owner = argv[1]; -+ if (argc == 3 && strcmp(argv[1], "-g") == 0) { -+ owner = argv[2]; -+ count = get_subgid_ranges(owner, &ranges); -+ } else if (argc == 2 && strcmp(argv[1], "-h") == 0) { -+ usage(); -+ } else { -+ count = get_subuid_ranges(owner, &ranges); -+ } -+ if (!ranges) { -+ fprintf(stderr, "Error fetching ranges\n"); -+ exit(1); -+ } -+ for (i = 0; i < count; i++) { -+ printf("%d: %s %lu %lu\n", i, owner, -+ ranges[i].start, ranges[i].count); -+ } -+ return 0; -+} -diff -up shadow-4.9/src/list_subid_ranges.c.getsubids shadow-4.9/src/list_subid_ranges.c -diff -up shadow-4.9/src/Makefile.am.getsubids shadow-4.9/src/Makefile.am ---- shadow-4.9/src/Makefile.am.getsubids 2021-11-18 16:27:33.943053061 +0100 -+++ shadow-4.9/src/Makefile.am 2021-11-18 16:28:03.647272392 +0100 -@@ -157,8 +157,8 @@ if FCAPS - setcap cap_setgid+ep $(DESTDIR)$(ubindir)/newgidmap - endif - --noinst_PROGRAMS += list_subid_ranges \ -- get_subid_owners \ -+bin_PROGRAMS += getsubids -+noinst_PROGRAMS += get_subid_owners \ - new_subid_range \ - free_subid_range \ - check_subid_range -@@ -174,13 +174,13 @@ MISCLIBS = \ - $(LIBCRYPT) \ - $(LIBTCB) - --list_subid_ranges_LDADD = \ -+getsubids_LDADD = \ - $(top_builddir)/lib/libshadow.la \ - $(top_builddir)/libmisc/libmisc.la \ - $(top_builddir)/libsubid/libsubid.la \ - $(MISCLIBS) -ldl - --list_subid_ranges_CPPFLAGS = \ -+getsubids_CPPFLAGS = \ - -I$(top_srcdir)/lib \ - -I$(top_srcdir)/libmisc \ - -I$(top_srcdir)/libsubid diff --git a/shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch b/shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch deleted file mode 100644 index 658156a..0000000 --- a/shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist shadow-4.9/libmisc/prefix_flag.c ---- shadow-4.9/libmisc/prefix_flag.c.groupdel-fix-sigsegv-when-passwd-does-not-exist 2021-11-19 09:21:36.997091941 +0100 -+++ shadow-4.9/libmisc/prefix_flag.c 2021-11-19 09:22:19.001341010 +0100 -@@ -288,6 +288,9 @@ extern struct passwd* prefix_getpwent() - if(!passwd_db_file) { - return getpwent(); - } -+ if (!fp_pwent) { -+ return NULL; -+ } - return fgetpwent(fp_pwent); - } - extern void prefix_endpwent() diff --git a/shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch b/shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch deleted file mode 100644 index 5eaaec9..0000000 --- a/shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 234e8fa7b134d1ebabfdad980a3ae5b63c046c62 Mon Sep 17 00:00:00 2001 -From: Mike Gilbert -Date: Sat, 14 Aug 2021 13:24:34 -0400 -Subject: [PATCH] libmisc: fix default value in SHA_get_salt_rounds() - -If SHA_CRYPT_MIN_ROUNDS and SHA_CRYPT_MAX_ROUNDS are both unspecified, -use SHA_ROUNDS_DEFAULT. - -Previously, the code fell through, calling shadow_random(-1, -1). This -ultimately set rounds = (unsigned long) -1, which ends up being a very -large number! This then got capped to SHA_ROUNDS_MAX later in the -function. - -The new behavior matches BCRYPT_get_salt_rounds(). - -Bug: https://bugs.gentoo.org/808195 -Fixes: https://github.com/shadow-maint/shadow/issues/393 ---- - libmisc/salt.c | 21 +++++++++++---------- - 1 file changed, 11 insertions(+), 10 deletions(-) - -diff --git a/libmisc/salt.c b/libmisc/salt.c -index 91d528fd..30eefb9c 100644 ---- a/libmisc/salt.c -+++ b/libmisc/salt.c -@@ -223,20 +223,21 @@ static /*@observer@*/const unsigned long SHA_get_salt_rounds (/*@null@*/int *pre - if ((-1 == min_rounds) && (-1 == max_rounds)) { - rounds = SHA_ROUNDS_DEFAULT; - } -+ else { -+ if (-1 == min_rounds) { -+ min_rounds = max_rounds; -+ } - -- if (-1 == min_rounds) { -- min_rounds = max_rounds; -- } -+ if (-1 == max_rounds) { -+ max_rounds = min_rounds; -+ } - -- if (-1 == max_rounds) { -- max_rounds = min_rounds; -- } -+ if (min_rounds > max_rounds) { -+ max_rounds = min_rounds; -+ } - -- if (min_rounds > max_rounds) { -- max_rounds = min_rounds; -+ rounds = (unsigned long) shadow_random (min_rounds, max_rounds); - } -- -- rounds = (unsigned long) shadow_random (min_rounds, max_rounds); - } else if (0 == *prefered_rounds) { - rounds = SHA_ROUNDS_DEFAULT; - } else { --- -2.31.1 - diff --git a/shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch b/shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch deleted file mode 100644 index d0b7059..0000000 --- a/shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch +++ /dev/null @@ -1,2497 +0,0 @@ -diff -up shadow-4.9/lib/commonio.c.debug1 shadow-4.9/lib/commonio.c ---- shadow-4.9/lib/commonio.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/commonio.c 2022-01-10 10:45:52.202132937 +0100 -@@ -51,6 +51,7 @@ - #endif /* WITH_TCB */ - #include "prototypes.h" - #include "commonio.h" -+#include "shadowlog_internal.h" - - /* local function prototypes */ - static int lrename (const char *, const char *); -diff -up shadow-4.9/lib/encrypt.c.debug1 shadow-4.9/lib/encrypt.c ---- shadow-4.9/lib/encrypt.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/encrypt.c 2022-01-10 10:45:52.202132937 +0100 -@@ -39,6 +39,7 @@ - - #include "prototypes.h" - #include "defines.h" -+#include "shadowlog_internal.h" - - /*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt) - { -diff -up shadow-4.9/lib/getdef.c.debug1 shadow-4.9/lib/getdef.c ---- shadow-4.9/lib/getdef.c.debug1 2022-01-10 10:45:52.191132858 +0100 -+++ shadow-4.9/lib/getdef.c 2022-01-10 10:45:52.202132937 +0100 -@@ -44,6 +44,7 @@ - #include - #endif - #include "getdef.h" -+#include "shadowlog_internal.h" - /* - * A configuration item definition. - */ -diff -up shadow-4.9/lib/Makefile.am.debug1 shadow-4.9/lib/Makefile.am ---- shadow-4.9/lib/Makefile.am.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/Makefile.am 2022-01-10 10:45:52.202132937 +0100 -@@ -34,6 +34,8 @@ libshadow_la_SOURCES = \ - nss.c \ - nscd.c \ - nscd.h \ -+ shadowlog.c \ -+ shadowlog.h \ - sssd.c \ - sssd.h \ - pam_defs.h \ -diff -up shadow-4.9/libmisc/addgrps.c.debug1 shadow-4.9/libmisc/addgrps.c ---- shadow-4.9/libmisc/addgrps.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/addgrps.c 2022-01-10 10:45:52.203132944 +0100 -@@ -40,6 +40,7 @@ - #include - #include - #include -+#include "shadowlog.h" - - #ident "$Id$" - -@@ -58,6 +59,7 @@ int add_groups (const char *list) - char *token; - char buf[1024]; - int ret; -+ FILE *shadow_logfd = log_get_logfd(); - - if (strlen (list) >= sizeof (buf)) { - errno = EINVAL; -diff -up shadow-4.9/libmisc/audit_help.c.debug1 shadow-4.9/libmisc/audit_help.c ---- shadow-4.9/libmisc/audit_help.c.debug1 2022-01-10 10:45:52.184132808 +0100 -+++ shadow-4.9/libmisc/audit_help.c 2022-01-10 10:45:52.203132944 +0100 -@@ -45,6 +45,7 @@ - #include - #include - #include "prototypes.h" -+#include "shadowlog.h" - int audit_fd; - - void audit_help_open (void) -@@ -59,7 +60,7 @@ void audit_help_open (void) - return; - } - (void) fputs (_("Cannot open audit interface - aborting.\n"), -- shadow_logfd); -+ log_get_logfd()); - exit (EXIT_FAILURE); - } - } -diff -up shadow-4.9/libmisc/chowntty.c.debug1 shadow-4.9/libmisc/chowntty.c ---- shadow-4.9/libmisc/chowntty.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/chowntty.c 2022-01-10 10:45:52.203132944 +0100 -@@ -43,6 +43,7 @@ - #include "defines.h" - #include - #include "getdef.h" -+#include "shadowlog.h" - - /* - * chown_tty() sets the login tty to be owned by the new user ID -@@ -75,6 +76,7 @@ void chown_tty (const struct passwd *inf - if ( (fchown (STDIN_FILENO, info->pw_uid, gid) != 0) - || (fchmod (STDIN_FILENO, (mode_t)getdef_num ("TTYPERM", 0600)) != 0)) { - int err = errno; -+ FILE *shadow_logfd = log_get_logfd(); - - fprintf (shadow_logfd, - _("Unable to change owner or mode of tty stdin: %s"), -diff -up shadow-4.9/libmisc/cleanup_group.c.debug1 shadow-4.9/libmisc/cleanup_group.c ---- shadow-4.9/libmisc/cleanup_group.c.debug1 2022-01-10 10:45:52.184132808 +0100 -+++ shadow-4.9/libmisc/cleanup_group.c 2022-01-10 10:47:02.241632844 +0100 -@@ -36,6 +36,7 @@ - #include "groupio.h" - #include "sgroupio.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /* - * cleanup_report_add_group - Report failure to add a group to the system -@@ -48,7 +49,7 @@ void cleanup_report_add_group (void *gro - - SYSLOG ((LOG_ERR, "failed to add group %s", name)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_GROUP, Prog, -+ audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -66,7 +67,7 @@ void cleanup_report_del_group (void *gro - - SYSLOG ((LOG_ERR, "failed to remove group %s", name)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_DEL_GROUP, Prog, -+ audit_logger (AUDIT_DEL_GROUP, log_get_progname(), - "", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -83,7 +84,7 @@ void cleanup_report_mod_group (void *cle - gr_dbname (), - info->action)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_GRP_MGMT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), - info->audit_msg, - info->name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -101,7 +102,7 @@ void cleanup_report_mod_gshadow (void *c - sgr_dbname (), - info->action)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_GRP_MGMT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), - info->audit_msg, - info->name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -121,7 +122,7 @@ void cleanup_report_add_group_group (voi - - SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, gr_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_GROUP, Prog, -+ audit_logger (AUDIT_ADD_GROUP, log_get_progname(), - "adding-group", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -141,7 +142,7 @@ void cleanup_report_add_group_gshadow (v - - SYSLOG ((LOG_ERR, "failed to add group %s to %s", name, sgr_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_GRP_MGMT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), - "adding-shadow-group", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -164,7 +165,7 @@ void cleanup_report_del_group_group (voi - "failed to remove group %s from %s", - name, gr_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_DEL_GROUP, Prog, -+ audit_logger (AUDIT_DEL_GROUP, log_get_progname(), - "removing-group", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -187,7 +188,7 @@ void cleanup_report_del_group_gshadow (v - "failed to remove group %s from %s", - name, sgr_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_GRP_MGMT, Prog, -+ audit_logger (AUDIT_GRP_MGMT, log_get_progname(), - "removing-shadow-group", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -203,9 +204,9 @@ void cleanup_report_del_group_gshadow (v - void cleanup_unlock_group (unused void *arg) - { - if (gr_unlock () == 0) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to unlock %s\n"), -- Prog, gr_dbname ()); -+ log_get_progname(), gr_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ())); - #ifdef WITH_AUDIT - audit_logger_message ("unlocking-group", -@@ -223,9 +224,9 @@ void cleanup_unlock_group (unused void * - void cleanup_unlock_gshadow (unused void *arg) - { - if (sgr_unlock () == 0) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to unlock %s\n"), -- Prog, sgr_dbname ()); -+ log_get_progname(), sgr_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ())); - #ifdef WITH_AUDIT - audit_logger_message ("unlocking-gshadow", -diff -up shadow-4.9/libmisc/cleanup_user.c.debug1 shadow-4.9/libmisc/cleanup_user.c ---- shadow-4.9/libmisc/cleanup_user.c.debug1 2022-01-10 10:45:52.184132808 +0100 -+++ shadow-4.9/libmisc/cleanup_user.c 2022-01-10 10:47:49.539970421 +0100 -@@ -36,6 +36,7 @@ - #include "pwio.h" - #include "shadowio.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /* - * cleanup_report_add_user - Report failure to add an user to the system -@@ -48,7 +49,7 @@ void cleanup_report_add_user (void *user - - SYSLOG ((LOG_ERR, "failed to add user %s", name)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -+ audit_logger (AUDIT_ADD_USER, log_get_progname(), - "", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -65,7 +66,7 @@ void cleanup_report_mod_passwd (void *cl - pw_dbname (), - info->action)); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_MGMT, Prog, -+ audit_logger (AUDIT_USER_MGMT, log_get_progname(), - info->audit_msg, - info->name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -85,7 +86,7 @@ void cleanup_report_add_user_passwd (voi - - SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, pw_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -+ audit_logger (AUDIT_ADD_USER, log_get_progname(), - "adding-user", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -105,7 +106,7 @@ void cleanup_report_add_user_shadow (voi - - SYSLOG ((LOG_ERR, "failed to add user %s to %s", name, spw_dbname ())); - #ifdef WITH_AUDIT -- audit_logger (AUDIT_USER_MGMT, Prog, -+ audit_logger (AUDIT_USER_MGMT, log_get_progname(), - "adding-shadow-user", - name, AUDIT_NO_ID, - SHADOW_AUDIT_FAILURE); -@@ -120,9 +121,9 @@ void cleanup_report_add_user_shadow (voi - void cleanup_unlock_passwd (unused void *arg) - { - if (pw_unlock () == 0) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to unlock %s\n"), -- Prog, pw_dbname ()); -+ log_get_progname(), pw_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); - #ifdef WITH_AUDIT - audit_logger_message ("unlocking-passwd", -@@ -139,9 +140,9 @@ void cleanup_unlock_passwd (unused void - void cleanup_unlock_shadow (unused void *arg) - { - if (spw_unlock () == 0) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to unlock %s\n"), -- Prog, spw_dbname ()); -+ log_get_progname(), spw_dbname ()); - SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); - #ifdef WITH_AUDIT - audit_logger_message ("unlocking-shadow", -diff -up shadow-4.9/libmisc/copydir.c.debug1 shadow-4.9/libmisc/copydir.c ---- shadow-4.9/libmisc/copydir.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/copydir.c 2022-01-10 10:48:02.158060482 +0100 -@@ -55,6 +55,7 @@ - #ifdef WITH_ATTR - #include - #endif /* WITH_ATTR */ -+#include "shadowlog.h" - - - static /*@null@*/const char *src_orig; -@@ -116,6 +117,7 @@ static int fchown_if_needed (int fdst, c - static void error_acl (struct error_context *ctx, const char *fmt, ...) - { - va_list ap; -+ FILE *shadow_logfd = log_get_logfd(); - - /* ignore the case when destination does not support ACLs - * or extended attributes */ -@@ -125,7 +127,7 @@ static void error_acl (struct error_cont - } - - va_start (ap, fmt); -- (void) fprintf (shadow_logfd, _("%s: "), Prog); -+ (void) fprintf (shadow_logfd, _("%s: "), log_get_progname()); - if (vfprintf (shadow_logfd, fmt, ap) != 0) { - (void) fputs (_(": "), shadow_logfd); - } -@@ -248,9 +250,9 @@ int copy_tree (const char *src_root, con - } - - if (!S_ISDIR (sb.st_mode)) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - "%s: %s is not a directory", -- Prog, src_root); -+ log_get_progname(), src_root); - return -1; - } - -diff -up shadow-4.9/libmisc/env.c.debug1 shadow-4.9/libmisc/env.c ---- shadow-4.9/libmisc/env.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/env.c 2022-01-10 10:45:52.203132944 +0100 -@@ -40,6 +40,7 @@ - #include - #include "prototypes.h" - #include "defines.h" -+#include "shadowlog.h" - /* - * NEWENVP_STEP must be a power of two. This is the number - * of (char *) pointers to allocate at a time, to avoid using -@@ -171,7 +172,7 @@ void addenv (const char *string, /*@null - } - newenvp = __newenvp; - } else { -- (void) fputs (_("Environment overflow\n"), shadow_logfd); -+ (void) fputs (_("Environment overflow\n"), log_get_logfd()); - newenvc--; - free (newenvp[newenvc]); - } -diff -up shadow-4.9/libmisc/find_new_gid.c.debug1 shadow-4.9/libmisc/find_new_gid.c ---- shadow-4.9/libmisc/find_new_gid.c.debug1 2022-01-10 10:45:52.191132858 +0100 -+++ shadow-4.9/libmisc/find_new_gid.c 2022-01-10 10:45:52.203132944 +0100 -@@ -38,6 +38,7 @@ - #include "prototypes.h" - #include "groupio.h" - #include "getdef.h" -+#include "shadowlog.h" - - /* - * get_ranges - Get the minimum and maximum ID ranges for the search -@@ -74,10 +75,10 @@ static int get_ranges (bool sys_group, g - - /* Check that the ranges make sense */ - if (*max_id < *min_id) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: SYS_GID_MIN (%lu), " - "GID_MIN (%lu), SYS_GID_MAX (%lu)\n"), -- Prog, (unsigned long) *min_id, -+ log_get_progname(), (unsigned long) *min_id, - getdef_ulong ("GID_MIN", 1000UL), - (unsigned long) *max_id); - return EINVAL; -@@ -104,10 +105,10 @@ static int get_ranges (bool sys_group, g - - /* Check that the ranges make sense */ - if (*max_id < *min_id) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: GID_MIN (%lu), " - "GID_MAX (%lu)\n"), -- Prog, (unsigned long) *min_id, -+ log_get_progname(), (unsigned long) *min_id, - (unsigned long) *max_id); - return EINVAL; - } -@@ -220,10 +221,10 @@ int find_new_gid (bool sys_group, - * more likely to want to stop and address the - * issue. - */ -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Encountered error attempting to use " - "preferred GID: %s\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - return -1; - } - } -@@ -250,9 +251,9 @@ int find_new_gid (bool sys_group, - /* Create an array to hold all of the discovered GIDs */ - used_gids = malloc (sizeof (bool) * (gid_max +1)); - if (NULL == used_gids) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to allocate memory: %s\n"), -- Prog, strerror (errno)); -+ log_get_progname(), strerror (errno)); - return -1; - } - memset (used_gids, false, sizeof (bool) * (gid_max + 1)); -@@ -330,10 +331,10 @@ int find_new_gid (bool sys_group, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique system GID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available GIDs: %s", - strerror (result))); -@@ -373,10 +374,10 @@ int find_new_gid (bool sys_group, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique system GID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available GIDs: %s", - strerror (result))); -@@ -433,10 +434,10 @@ int find_new_gid (bool sys_group, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique GID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available GIDs: %s", - strerror (result))); -@@ -476,10 +477,10 @@ int find_new_gid (bool sys_group, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique GID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available GIDs: %s", - strerror (result))); -@@ -495,9 +496,9 @@ int find_new_gid (bool sys_group, - } - - /* The code reached here and found no available IDs in the range */ -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique GID (no more available GIDs)\n"), -- Prog); -+ log_get_progname()); - SYSLOG ((LOG_WARN, "no more available GIDs on the system")); - free (used_gids); - return -1; -diff -up shadow-4.9/libmisc/find_new_sub_gids.c.debug1 shadow-4.9/libmisc/find_new_sub_gids.c ---- shadow-4.9/libmisc/find_new_sub_gids.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/find_new_sub_gids.c 2022-01-10 10:45:52.203132944 +0100 -@@ -37,6 +37,7 @@ - #include "prototypes.h" - #include "subordinateio.h" - #include "getdef.h" -+#include "shadowlog.h" - - /* - * find_new_sub_gids - Find a new unused range of GIDs. -@@ -60,18 +61,18 @@ int find_new_sub_gids (gid_t *range_star - count = getdef_ulong ("SUB_GID_COUNT", 65536); - - if (min > max || count >= max || (min + count - 1) > max) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: SUB_GID_MIN (%lu)," - " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"), -- Prog, min, max, count); -+ log_get_progname(), min, max, count); - return -1; - } - - start = sub_gid_find_free_range(min, max, count); - if (start == (gid_t)-1) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique subordinate GID range\n"), -- Prog); -+ log_get_progname()); - SYSLOG ((LOG_WARN, "no more available subordinate GIDs on the system")); - return -1; - } -diff -up shadow-4.9/libmisc/find_new_sub_uids.c.debug1 shadow-4.9/libmisc/find_new_sub_uids.c ---- shadow-4.9/libmisc/find_new_sub_uids.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/find_new_sub_uids.c 2022-01-10 10:45:52.203132944 +0100 -@@ -37,6 +37,7 @@ - #include "prototypes.h" - #include "subordinateio.h" - #include "getdef.h" -+#include "shadowlog.h" - - /* - * find_new_sub_uids - Find a new unused range of UIDs. -@@ -60,18 +61,18 @@ int find_new_sub_uids (uid_t *range_star - count = getdef_ulong ("SUB_UID_COUNT", 65536); - - if (min > max || count >= max || (min + count - 1) > max) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: SUB_UID_MIN (%lu)," - " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"), -- Prog, min, max, count); -+ log_get_progname(), min, max, count); - return -1; - } - - start = sub_uid_find_free_range(min, max, count); - if (start == (uid_t)-1) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique subordinate UID range\n"), -- Prog); -+ log_get_progname()); - SYSLOG ((LOG_WARN, "no more available subordinate UIDs on the system")); - return -1; - } -diff -up shadow-4.9/libmisc/find_new_uid.c.debug1 shadow-4.9/libmisc/find_new_uid.c ---- shadow-4.9/libmisc/find_new_uid.c.debug1 2022-01-10 10:45:52.191132858 +0100 -+++ shadow-4.9/libmisc/find_new_uid.c 2022-01-10 10:45:52.204132951 +0100 -@@ -38,6 +38,7 @@ - #include "prototypes.h" - #include "pwio.h" - #include "getdef.h" -+#include "shadowlog.h" - - /* - * get_ranges - Get the minimum and maximum ID ranges for the search -@@ -74,10 +75,10 @@ static int get_ranges (bool sys_user, ui - - /* Check that the ranges make sense */ - if (*max_id < *min_id) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: SYS_UID_MIN (%lu), " - "UID_MIN (%lu), SYS_UID_MAX (%lu)\n"), -- Prog, (unsigned long) *min_id, -+ log_get_progname(), (unsigned long) *min_id, - getdef_ulong ("UID_MIN", 1000UL), - (unsigned long) *max_id); - return EINVAL; -@@ -104,10 +105,10 @@ static int get_ranges (bool sys_user, ui - - /* Check that the ranges make sense */ - if (*max_id < *min_id) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: Invalid configuration: UID_MIN (%lu), " - "UID_MAX (%lu)\n"), -- Prog, (unsigned long) *min_id, -+ log_get_progname(), (unsigned long) *min_id, - (unsigned long) *max_id); - return EINVAL; - } -@@ -220,10 +221,10 @@ int find_new_uid(bool sys_user, - * more likely to want to stop and address the - * issue. - */ -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Encountered error attempting to use " - "preferred UID: %s\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - return -1; - } - } -@@ -250,9 +251,9 @@ int find_new_uid(bool sys_user, - /* Create an array to hold all of the discovered UIDs */ - used_uids = malloc (sizeof (bool) * (uid_max +1)); - if (NULL == used_uids) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: failed to allocate memory: %s\n"), -- Prog, strerror (errno)); -+ log_get_progname(), strerror (errno)); - return -1; - } - memset (used_uids, false, sizeof (bool) * (uid_max + 1)); -@@ -330,10 +331,10 @@ int find_new_uid(bool sys_user, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique system UID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available UIDs: %s", - strerror (result))); -@@ -373,10 +374,10 @@ int find_new_uid(bool sys_user, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique system UID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG((LOG_ERR, - "Error checking available UIDs: %s", - strerror (result))); -@@ -433,10 +434,10 @@ int find_new_uid(bool sys_user, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique UID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available UIDs: %s", - strerror (result))); -@@ -476,10 +477,10 @@ int find_new_uid(bool sys_user, - * - */ - if (!nospam) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique UID (%s). " - "Suppressing additional messages.\n"), -- Prog, strerror (result)); -+ log_get_progname(), strerror (result)); - SYSLOG ((LOG_ERR, - "Error checking available UIDs: %s", - strerror (result))); -@@ -495,9 +496,9 @@ int find_new_uid(bool sys_user, - } - - /* The code reached here and found no available IDs in the range */ -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: Can't get unique UID (no more available UIDs)\n"), -- Prog); -+ log_get_progname()); - SYSLOG ((LOG_WARN, "no more available UIDs on the system")); - free (used_uids); - return -1; -diff -up shadow-4.9/libmisc/gettime.c.debug1 shadow-4.9/libmisc/gettime.c ---- shadow-4.9/libmisc/gettime.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/gettime.c 2022-01-10 10:45:52.204132951 +0100 -@@ -36,6 +36,7 @@ - #include - #include "defines.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /* - * gettime() returns the time as the number of seconds since the Epoch -@@ -50,6 +51,7 @@ - char *source_date_epoch; - time_t fallback; - unsigned long long epoch; -+ FILE *shadow_logfd = log_get_logfd(); - - fallback = time (NULL); - source_date_epoch = shadow_getenv ("SOURCE_DATE_EPOCH"); -diff -up shadow-4.9/libmisc/idmapping.c.debug1 shadow-4.9/libmisc/idmapping.c ---- shadow-4.9/libmisc/idmapping.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/idmapping.c 2022-01-10 10:45:52.204132951 +0100 -@@ -40,6 +40,7 @@ - #include - #include - #endif -+#include "shadowlog.h" - - struct map_range *get_map_ranges(int ranges, int argc, char **argv) - { -@@ -47,28 +48,28 @@ struct map_range *get_map_ranges(int ran - int idx, argidx; - - if (ranges < 0 || argc < 0) { -- fprintf(shadow_logfd, "%s: error calculating number of arguments\n", Prog); -+ fprintf(log_get_logfd(), "%s: error calculating number of arguments\n", log_get_progname()); - return NULL; - } - - if (ranges != ((argc + 2) / 3)) { -- fprintf(shadow_logfd, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc); -+ fprintf(log_get_logfd(), "%s: ranges: %u is wrong for argc: %d\n", log_get_progname(), ranges, argc); - return NULL; - } - - if ((ranges * 3) > argc) { -- fprintf(shadow_logfd, "ranges: %u argc: %d\n", -+ fprintf(log_get_logfd(), "ranges: %u argc: %d\n", - ranges, argc); -- fprintf(shadow_logfd, -+ fprintf(log_get_logfd(), - _( "%s: Not enough arguments to form %u mappings\n"), -- Prog, ranges); -+ log_get_progname(), ranges); - return NULL; - } - - mappings = calloc(ranges, sizeof(*mappings)); - if (!mappings) { -- fprintf(shadow_logfd, _( "%s: Memory allocation failure\n"), -- Prog); -+ fprintf(log_get_logfd(), _( "%s: Memory allocation failure\n"), -+ log_get_progname()); - exit(EXIT_FAILURE); - } - -@@ -88,24 +89,24 @@ struct map_range *get_map_ranges(int ran - return NULL; - } - if (ULONG_MAX - mapping->upper <= mapping->count || ULONG_MAX - mapping->lower <= mapping->count) { -- fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog); -+ fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - if (mapping->upper > UINT_MAX || - mapping->lower > UINT_MAX || - mapping->count > UINT_MAX) { -- fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog); -+ fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - if (mapping->lower + mapping->count > UINT_MAX || - mapping->upper + mapping->count > UINT_MAX) { -- fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog); -+ fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - if (mapping->lower + mapping->count < mapping->lower || - mapping->upper + mapping->count < mapping->upper) { - /* this one really shouldn't be possible given previous checks */ -- fprintf(shadow_logfd, _( "%s: subuid overflow detected.\n"), Prog); -+ fprintf(log_get_logfd(), _( "%s: subuid overflow detected.\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - } -@@ -176,19 +177,19 @@ void write_mapping(int proc_dir_fd, int - } else if (strcmp(map_file, "gid_map") == 0) { - cap = CAP_SETGID; - } else { -- fprintf(shadow_logfd, _("%s: Invalid map file %s specified\n"), Prog, map_file); -+ fprintf(log_get_logfd(), _("%s: Invalid map file %s specified\n"), log_get_progname(), map_file); - exit(EXIT_FAILURE); - } - - /* Align setuid- and fscaps-based new{g,u}idmap behavior. */ - if (geteuid() == 0 && geteuid() != ruid) { - if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) < 0) { -- fprintf(shadow_logfd, _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), Prog); -+ fprintf(log_get_logfd(), _("%s: Could not prctl(PR_SET_KEEPCAPS)\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - - if (seteuid(ruid) < 0) { -- fprintf(shadow_logfd, _("%s: Could not seteuid to %d\n"), Prog, ruid); -+ fprintf(log_get_logfd(), _("%s: Could not seteuid to %d\n"), log_get_progname(), ruid); - exit(EXIT_FAILURE); - } - } -@@ -204,7 +205,7 @@ void write_mapping(int proc_dir_fd, int - data[0].effective |= CAP_TO_MASK(CAP_SETFCAP); - data[0].permitted = data[0].effective; - if (capset(&hdr, data) < 0) { -- fprintf(shadow_logfd, _("%s: Could not set caps\n"), Prog); -+ fprintf(log_get_logfd(), _("%s: Could not set caps\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - #endif -@@ -222,7 +223,7 @@ void write_mapping(int proc_dir_fd, int - mapping->lower, - mapping->count); - if ((written <= 0) || (written >= (bufsize - (pos - buf)))) { -- fprintf(shadow_logfd, _("%s: snprintf failed!\n"), Prog); -+ fprintf(log_get_logfd(), _("%s: snprintf failed!\n"), log_get_progname()); - exit(EXIT_FAILURE); - } - pos += written; -@@ -231,13 +232,13 @@ void write_mapping(int proc_dir_fd, int - /* Write the mapping to the mapping file */ - fd = openat(proc_dir_fd, map_file, O_WRONLY); - if (fd < 0) { -- fprintf(shadow_logfd, _("%s: open of %s failed: %s\n"), -- Prog, map_file, strerror(errno)); -+ fprintf(log_get_logfd(), _("%s: open of %s failed: %s\n"), -+ log_get_progname(), map_file, strerror(errno)); - exit(EXIT_FAILURE); - } - if (write(fd, buf, pos - buf) != (pos - buf)) { -- fprintf(shadow_logfd, _("%s: write to %s failed: %s\n"), -- Prog, map_file, strerror(errno)); -+ fprintf(log_get_logfd(), _("%s: write to %s failed: %s\n"), -+ log_get_progname(), map_file, strerror(errno)); - exit(EXIT_FAILURE); - } - close(fd); -diff -up shadow-4.9/libmisc/limits.c.debug1 shadow-4.9/libmisc/limits.c ---- shadow-4.9/libmisc/limits.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/limits.c 2022-01-10 10:45:52.204132951 +0100 -@@ -50,6 +50,7 @@ - #include "defines.h" - #include - #include "getdef.h" -+#include "shadowlog.h" - #ifdef HAVE_SYS_RESOURCE_H - #include - #define LIMITS -@@ -548,7 +549,7 @@ void setup_limits (const struct passwd * - #ifdef LIMITS - if (info->pw_uid != 0) { - if ((setup_user_limits (info->pw_name) & LOGIN_ERROR_LOGIN) != 0) { -- (void) fputs (_("Too many logins.\n"), shadow_logfd); -+ (void) fputs (_("Too many logins.\n"), log_get_logfd()); - (void) sleep (2); /* XXX: Should be FAIL_DELAY */ - exit (EXIT_FAILURE); - } -diff -up shadow-4.9/libmisc/pam_pass.c.debug1 shadow-4.9/libmisc/pam_pass.c ---- shadow-4.9/libmisc/pam_pass.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/pam_pass.c 2022-01-10 10:45:52.204132951 +0100 -@@ -46,11 +46,13 @@ - #include "defines.h" - #include "pam_defs.h" - #include "prototypes.h" -+#include "shadowlog.h" - - void do_pam_passwd (const char *user, bool silent, bool change_expired) - { - pam_handle_t *pamh = NULL; - int flags = 0, ret; -+ FILE *shadow_logfd = log_get_logfd(); - - if (silent) - flags |= PAM_SILENT; -diff -up shadow-4.9/libmisc/pam_pass_non_interactive.c.debug1 shadow-4.9/libmisc/pam_pass_non_interactive.c ---- shadow-4.9/libmisc/pam_pass_non_interactive.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/pam_pass_non_interactive.c 2022-01-10 10:45:52.204132951 +0100 -@@ -38,6 +38,7 @@ - #include - #include - #include "prototypes.h" -+#include "shadowlog.h" - - /*@null@*/ /*@only@*/static const char *non_interactive_password = NULL; - static int ni_conv (int num_msg, -@@ -76,9 +77,9 @@ static int ni_conv (int num_msg, - - switch (msg[count]->msg_style) { - case PAM_PROMPT_ECHO_ON: -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: PAM modules requesting echoing are not supported.\n"), -- Prog); -+ log_get_progname()); - goto failed_conversation; - case PAM_PROMPT_ECHO_OFF: - responses[count].resp = strdup (non_interactive_password); -@@ -88,7 +89,7 @@ static int ni_conv (int num_msg, - break; - case PAM_ERROR_MSG: - if ( (NULL == msg[count]->msg) -- || (fprintf (shadow_logfd, "%s\n", msg[count]->msg) <0)) { -+ || (fprintf (log_get_logfd(), "%s\n", msg[count]->msg) <0)) { - goto failed_conversation; - } - responses[count].resp = NULL; -@@ -101,9 +102,9 @@ static int ni_conv (int num_msg, - responses[count].resp = NULL; - break; - default: -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: conversation type %d not supported.\n"), -- Prog, msg[count]->msg_style); -+ log_get_progname(), msg[count]->msg_style); - goto failed_conversation; - } - } -@@ -143,19 +144,19 @@ int do_pam_passwd_non_interactive (const - - ret = pam_start (pam_service, username, &non_interactive_pam_conv, &pamh); - if (ret != PAM_SUCCESS) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: (user %s) pam_start failure %d\n"), -- Prog, username, ret); -+ log_get_progname(), username, ret); - return 1; - } - - non_interactive_password = password; - ret = pam_chauthtok (pamh, 0); - if (ret != PAM_SUCCESS) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: (user %s) pam_chauthtok() failed, error:\n" - "%s\n"), -- Prog, username, pam_strerror (pamh, ret)); -+ log_get_progname(), username, pam_strerror (pamh, ret)); - } - - (void) pam_end (pamh, PAM_SUCCESS); -diff -up shadow-4.9/libmisc/prefix_flag.c.debug1 shadow-4.9/libmisc/prefix_flag.c ---- shadow-4.9/libmisc/prefix_flag.c.debug1 2022-01-10 10:45:52.201132929 +0100 -+++ shadow-4.9/libmisc/prefix_flag.c 2022-01-10 10:45:52.204132951 +0100 -@@ -48,6 +48,7 @@ - #include "subordinateio.h" - #endif /* ENABLE_SUBIDS */ - #include "getdef.h" -+#include "shadowlog.h" - - static char *passwd_db_file = NULL; - static char *spw_db_file = NULL; -@@ -83,18 +84,18 @@ extern const char* process_prefix_flag ( - && (val = argv[i] + 9)) - || (strcmp (argv[i], short_opt) == 0)) { - if (NULL != prefix) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: multiple --prefix options\n"), -- Prog); -+ log_get_progname()); - exit (E_BAD_ARG); - } - - if (val) { - prefix = val; - } else if (i + 1 == argc) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: option '%s' requires an argument\n"), -- Prog, argv[i]); -+ log_get_progname(), argv[i]); - exit (E_BAD_ARG); - } else { - prefix = argv[++ i]; -@@ -110,9 +111,9 @@ extern const char* process_prefix_flag ( - /* should we prevent symbolic link from being used as a prefix? */ - - if ( prefix[0] != '/') { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: prefix must be an absolute path\n"), -- Prog); -+ log_get_progname()); - exit (E_BAD_ARG); - } - size_t len; -diff -up shadow-4.9/libmisc/pwdcheck.c.debug1 shadow-4.9/libmisc/pwdcheck.c ---- shadow-4.9/libmisc/pwdcheck.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/pwdcheck.c 2022-01-10 10:45:52.204132951 +0100 -@@ -39,6 +39,7 @@ - #include "prototypes.h" - #include "defines.h" - #include "pwauth.h" -+#include "shadowlog.h" - - void passwd_check (const char *user, const char *passwd, unused const char *progname) - { -@@ -51,7 +52,7 @@ void passwd_check (const char *user, con - if (pw_auth (passwd, user, PW_LOGIN, (char *) 0) != 0) { - SYSLOG ((LOG_WARN, "incorrect password for `%s'", user)); - (void) sleep (1); -- fprintf (shadow_logfd, _("Incorrect password for %s.\n"), user); -+ fprintf (log_get_logfd(), _("Incorrect password for %s.\n"), user); - exit (EXIT_FAILURE); - } - } -diff -up shadow-4.9/libmisc/root_flag.c.debug1 shadow-4.9/libmisc/root_flag.c ---- shadow-4.9/libmisc/root_flag.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/root_flag.c 2022-01-10 10:45:52.204132951 +0100 -@@ -38,6 +38,7 @@ - #include "prototypes.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - static void change_root (const char* newroot); - -@@ -65,18 +66,18 @@ extern void process_root_flag (const cha - && (val = argv[i] + 7)) - || (strcmp (argv[i], short_opt) == 0)) { - if (NULL != newroot) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: multiple --root options\n"), -- Prog); -+ log_get_progname()); - exit (E_BAD_ARG); - } - - if (val) { - newroot = val; - } else if (i + 1 == argc) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: option '%s' requires an argument\n"), -- Prog, argv[i]); -+ log_get_progname(), argv[i]); - exit (E_BAD_ARG); - } else { - newroot = argv[++ i]; -@@ -94,36 +95,36 @@ static void change_root (const char* new - /* Drop privileges */ - if ( (setregid (getgid (), getgid ()) != 0) - || (setreuid (getuid (), getuid ()) != 0)) { -- fprintf (shadow_logfd, _("%s: failed to drop privileges (%s)\n"), -- Prog, strerror (errno)); -+ fprintf (log_get_logfd(), _("%s: failed to drop privileges (%s)\n"), -+ log_get_progname(), strerror (errno)); - exit (EXIT_FAILURE); - } - - if ('/' != newroot[0]) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: invalid chroot path '%s'\n"), -- Prog, newroot); -+ log_get_progname(), newroot); - exit (E_BAD_ARG); - } - - if (access (newroot, F_OK) != 0) { -- fprintf(shadow_logfd, -+ fprintf(log_get_logfd(), - _("%s: cannot access chroot directory %s: %s\n"), -- Prog, newroot, strerror (errno)); -+ log_get_progname(), newroot, strerror (errno)); - exit (E_BAD_ARG); - } - - if (chdir (newroot) != 0) { -- fprintf(shadow_logfd, -+ fprintf(log_get_logfd(), - _("%s: cannot chdir to chroot directory %s: %s\n"), -- Prog, newroot, strerror (errno)); -+ log_get_progname(), newroot, strerror (errno)); - exit (E_BAD_ARG); - } - - if (chroot (newroot) != 0) { -- fprintf(shadow_logfd, -+ fprintf(log_get_logfd(), - _("%s: unable to chroot to directory %s: %s\n"), -- Prog, newroot, strerror (errno)); -+ log_get_progname(), newroot, strerror (errno)); - exit (E_BAD_ARG); - } - } -diff -up shadow-4.9/libmisc/salt.c.debug1 shadow-4.9/libmisc/salt.c ---- shadow-4.9/libmisc/salt.c.debug1 2022-01-10 10:45:52.195132887 +0100 -+++ shadow-4.9/libmisc/salt.c 2022-01-10 10:45:52.204132951 +0100 -@@ -21,6 +21,7 @@ - #include "prototypes.h" - #include "defines.h" - #include "getdef.h" -+#include "shadowlog.h" - - #if (defined CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY && \ - CRYPT_GENSALT_IMPLEMENTS_AUTO_ENTROPY) -@@ -178,7 +179,7 @@ static long read_random_bytes (void) - #endif - - fail: -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("Unable to obtain random bytes.\n")); - exit (1); - -@@ -506,7 +507,7 @@ static /*@observer@*/const char *gensalt - SHA_salt_rounds_to_buf (result, rounds); - #endif /* USE_SHA_CRYPT */ - } else if (0 != strcmp (method, "DES")) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("Invalid ENCRYPT_METHOD value: '%s'.\n" - "Defaulting to DES.\n"), - method); -@@ -532,7 +533,7 @@ static /*@observer@*/const char *gensalt - - /* Should not happen, but... */ - if (NULL == retval) { -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("Unable to generate a salt from setting " - "\"%s\", check your settings in " - "ENCRYPT_METHOD and the corresponding " -diff -up shadow-4.9/libmisc/setupenv.c.debug1 shadow-4.9/libmisc/setupenv.c ---- shadow-4.9/libmisc/setupenv.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/setupenv.c 2022-01-10 10:45:52.204132951 +0100 -@@ -47,6 +47,7 @@ - #include "defines.h" - #include - #include "getdef.h" -+#include "shadowlog.h" - - #ifndef USE_PAM - static void -@@ -219,7 +220,7 @@ void setup_env (struct passwd *info) - static char temp_pw_dir[] = "/"; - - if (!getdef_bool ("DEFAULT_HOME") || chdir ("/") == -1) { -- fprintf (shadow_logfd, _("Unable to cd to '%s'\n"), -+ fprintf (log_get_logfd(), _("Unable to cd to '%s'\n"), - info->pw_dir); - SYSLOG ((LOG_WARN, - "unable to cd to `%s' for user `%s'\n", -diff -up shadow-4.9/libmisc/user_busy.c.debug1 shadow-4.9/libmisc/user_busy.c ---- shadow-4.9/libmisc/user_busy.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/user_busy.c 2022-01-10 10:45:52.204132951 +0100 -@@ -45,6 +45,7 @@ - #ifdef ENABLE_SUBIDS - #include "subordinateio.h" - #endif /* ENABLE_SUBIDS */ -+#include "shadowlog.h" - - #ifdef __linux__ - static int check_status (const char *name, const char *sname, uid_t uid); -@@ -96,9 +97,9 @@ static int user_busy_utmp (const char *n - continue; - } - -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: user %s is currently logged in\n"), -- Prog, name); -+ log_get_progname(), name); - return 1; - } - -@@ -249,9 +250,9 @@ static int user_busy_processes (const ch - #ifdef ENABLE_SUBIDS - sub_uid_close(); - #endif -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: user %s is currently used by process %d\n"), -- Prog, name, pid); -+ log_get_progname(), name, pid); - return 1; - } - -@@ -273,9 +274,9 @@ static int user_busy_processes (const ch - #ifdef ENABLE_SUBIDS - sub_uid_close(); - #endif -- fprintf (shadow_logfd, -+ fprintf (log_get_logfd(), - _("%s: user %s is currently used by process %d\n"), -- Prog, name, pid); -+ log_get_progname(), name, pid); - return 1; - } - } -diff -up shadow-4.9/libmisc/xgetXXbyYY.c.debug1 shadow-4.9/libmisc/xgetXXbyYY.c ---- shadow-4.9/libmisc/xgetXXbyYY.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/xgetXXbyYY.c 2022-01-10 10:45:52.204132951 +0100 -@@ -54,6 +54,7 @@ - #include - #include - #include "prototypes.h" -+#include "shadowlog.h" - - #define XFUNCTION_NAME XPREFIX (FUNCTION_NAME) - #define XPREFIX(name) XPREFIX1 (name) -@@ -74,7 +75,7 @@ - - result = malloc(sizeof(LOOKUP_TYPE)); - if (NULL == result) { -- fprintf (shadow_logfd, _("%s: out of memory\n"), -+ fprintf (log_get_logfd(), _("%s: out of memory\n"), - "x" STRINGIZE(FUNCTION_NAME)); - exit (13); - } -@@ -84,7 +85,7 @@ - LOOKUP_TYPE *resbuf = NULL; - buffer = (char *)realloc (buffer, length); - if (NULL == buffer) { -- fprintf (shadow_logfd, _("%s: out of memory\n"), -+ fprintf (log_get_logfd(), _("%s: out of memory\n"), - "x" STRINGIZE(FUNCTION_NAME)); - exit (13); - } -@@ -132,7 +133,7 @@ - if (result) { - result = DUP_FUNCTION(result); - if (NULL == result) { -- fprintf (shadow_logfd, _("%s: out of memory\n"), -+ fprintf (log_get_logfd(), _("%s: out of memory\n"), - "x" STRINGIZE(FUNCTION_NAME)); - exit (13); - } -diff -up shadow-4.9/libmisc/xmalloc.c.debug1 shadow-4.9/libmisc/xmalloc.c ---- shadow-4.9/libmisc/xmalloc.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libmisc/xmalloc.c 2022-01-10 10:45:52.204132951 +0100 -@@ -47,6 +47,7 @@ - #include - #include "defines.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/char *xmalloc (size_t size) - { -@@ -54,9 +55,9 @@ - - ptr = (char *) malloc (size); - if (NULL == ptr) { -- (void) fprintf (shadow_logfd, -+ (void) fprintf (log_get_logfd(), - _("%s: failed to allocate memory: %s\n"), -- Prog, strerror (errno)); -+ log_get_progname(), strerror (errno)); - exit (13); - } - return ptr; -diff -up shadow-4.9/lib/nscd.c.debug1 shadow-4.9/lib/nscd.c ---- shadow-4.9/lib/nscd.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/nscd.c 2022-01-10 10:45:52.202132937 +0100 -@@ -10,6 +10,7 @@ - #include "defines.h" - #include "prototypes.h" - #include "nscd.h" -+#include "shadowlog_internal.h" - - #define MSG_NSCD_FLUSH_CACHE_FAILED "%s: Failed to flush the nscd cache.\n" - -diff -up shadow-4.9/lib/nss.c.debug1 shadow-4.9/lib/nss.c ---- shadow-4.9/lib/nss.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/nss.c 2022-01-10 10:45:52.202132937 +0100 -@@ -8,6 +8,7 @@ - #include - #include "prototypes.h" - #include "../libsubid/subid.h" -+#include "shadowlog_internal.h" - - #define NSSWITCH "/etc/nsswitch.conf" - -diff -up shadow-4.9/lib/prototypes.h.debug1 shadow-4.9/lib/prototypes.h ---- shadow-4.9/lib/prototypes.h.debug1 2022-01-10 10:45:52.195132887 +0100 -+++ shadow-4.9/lib/prototypes.h 2022-01-10 10:45:52.202132937 +0100 -@@ -59,9 +59,6 @@ - #include "defines.h" - #include "commonio.h" - --extern /*@observer@*/ const char *Prog; /* Program name showed in error messages */ --extern FILE *shadow_logfd; /* file descripter to which error messages are printed */ -- - /* addgrps.c */ - #if defined (HAVE_SETGROUPS) && ! defined (USE_PAM) - extern int add_groups (const char *); -diff -up shadow-4.9/lib/run_part.c.debug1 shadow-4.9/lib/run_part.c ---- shadow-4.9/lib/run_part.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/run_part.c 2022-01-10 10:45:52.202132937 +0100 -@@ -8,6 +8,7 @@ - #include - #include - #include -+#include "shadowlog_internal.h" - - int run_part (char *script_path, char *name, char *action) - { -diff -up shadow-4.9/lib/selinux.c.debug1 shadow-4.9/lib/selinux.c ---- shadow-4.9/lib/selinux.c.debug1 2022-01-10 10:45:52.196132894 +0100 -+++ shadow-4.9/lib/selinux.c 2022-01-10 10:45:52.202132937 +0100 -@@ -38,6 +38,8 @@ - #include - #include "prototypes.h" - -+#include "shadowlog_internal.h" -+ - static bool selinux_checked = false; - static bool selinux_enabled; - static /*@null@*/struct selabel_handle *selabel_hnd = NULL; -diff -up shadow-4.9/lib/semanage.c.debug1 shadow-4.9/lib/semanage.c ---- shadow-4.9/lib/semanage.c.debug1 2022-01-10 10:45:52.196132894 +0100 -+++ shadow-4.9/lib/semanage.c 2022-01-10 10:45:52.202132937 +0100 -@@ -43,6 +43,7 @@ - #include - #include "prototypes.h" - -+#include "shadowlog_internal.h" - - #ifndef DEFAULT_SERANGE - #define DEFAULT_SERANGE "s0" -diff -up shadow-4.9/lib/shadowlog.c.debug1 shadow-4.9/lib/shadowlog.c ---- shadow-4.9/lib/shadowlog.c.debug1 2022-01-10 10:45:52.202132937 +0100 -+++ shadow-4.9/lib/shadowlog.c 2022-01-10 10:45:52.202132937 +0100 -@@ -0,0 +1,28 @@ -+#include "shadowlog.h" -+ -+#include "lib/shadowlog_internal.h" -+ -+void log_set_progname(const char *progname) -+{ -+ Prog = progname; -+} -+ -+const char *log_get_progname(void) -+{ -+ return Prog; -+} -+ -+void log_set_logfd(FILE *fd) -+{ -+ if (NULL != fd) -+ shadow_logfd = fd; -+ else -+ shadow_logfd = stderr; -+} -+ -+FILE *log_get_logfd(void) -+{ -+ if (shadow_logfd != NULL) -+ return shadow_logfd; -+ return stderr; -+} -diff -up shadow-4.9/lib/shadowlog.h.debug1 shadow-4.9/lib/shadowlog.h ---- shadow-4.9/lib/shadowlog.h.debug1 2022-01-10 10:45:52.202132937 +0100 -+++ shadow-4.9/lib/shadowlog.h 2022-01-10 10:45:52.202132937 +0100 -@@ -0,0 +1,41 @@ -+/* -+ * Copyright (c) 2021 , Serge Hallyn -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * 3. The name of the copyright holders or contributors may not be used to -+ * endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+ -+/* $Id$ */ -+#ifndef _LOG_H -+#define _LOG_H -+#include -+ -+extern void log_set_progname(const char *); -+extern const char *log_get_progname(void); -+extern void log_set_logfd(FILE *fd); -+extern FILE *log_get_logfd(void); -+extern void log_dolog(char *, ...); -+ -+#endif -diff -up shadow-4.9/lib/shadowlog_internal.h.debug1 shadow-4.9/lib/shadowlog_internal.h ---- shadow-4.9/lib/shadowlog_internal.h.debug1 2022-01-10 10:45:52.202132937 +0100 -+++ shadow-4.9/lib/shadowlog_internal.h 2022-01-10 10:45:52.202132937 +0100 -@@ -0,0 +1,2 @@ -+const char *Prog; /* Program name showed in error messages */ -+FILE *shadow_logfd; /* file descripter to which error messages are printed */ -diff -up shadow-4.9/lib/spawn.c.debug1 shadow-4.9/lib/spawn.c ---- shadow-4.9/lib/spawn.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/spawn.c 2022-01-10 10:45:52.202132937 +0100 -@@ -38,6 +38,8 @@ - #include "exitcodes.h" - #include "prototypes.h" - -+#include "shadowlog_internal.h" -+ - int run_command (const char *cmd, const char *argv[], - /*@null@*/const char *envp[], /*@out@*/int *status) - { -diff -up shadow-4.9/lib/sssd.c.debug1 shadow-4.9/lib/sssd.c ---- shadow-4.9/lib/sssd.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/sssd.c 2022-01-10 10:45:52.203132944 +0100 -@@ -11,6 +11,8 @@ - #include "prototypes.h" - #include "sssd.h" - -+#include "shadowlog_internal.h" -+ - #define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache." - - int sssd_flush_cache (int dbflags) -diff -up shadow-4.9/libsubid/api.c.debug1 shadow-4.9/libsubid/api.c ---- shadow-4.9/libsubid/api.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/libsubid/api.c 2022-01-10 10:48:14.913151522 +0100 -@@ -38,12 +38,13 @@ - #include "subordinateio.h" - #include "idmapping.h" - #include "subid.h" -+#include "shadowlog.h" - - const char *Prog = "(libsubid)"; --FILE *shadow_logfd; - - bool libsubid_init(const char *progname, FILE * logfd) - { -+ FILE *shadow_logfd; - if (progname) { - progname = strdup(progname); - if (progname) -@@ -53,14 +54,15 @@ bool libsubid_init(const char *progname, - } - - if (logfd) { -- shadow_logfd = logfd; -+ log_set_logfd(logfd); - return true; - } - shadow_logfd = fopen("/dev/null", "w"); - if (!shadow_logfd) { -- shadow_logfd = stderr; -+ log_set_logfd(stderr); - return false; - } -+ log_set_logfd(shadow_logfd); - return true; - } - -diff -up shadow-4.9/lib/tcbfuncs.c.debug1 shadow-4.9/lib/tcbfuncs.c ---- shadow-4.9/lib/tcbfuncs.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/lib/tcbfuncs.c 2022-01-10 10:45:52.203132944 +0100 -@@ -38,6 +38,8 @@ - #include "shadowio.h" - #include "tcbfuncs.h" - -+#include "shadowlog_internal.h" -+ - #define SHADOWTCB_HASH_BY 1000 - #define SHADOWTCB_LOCK_SUFFIX ".lock" - -diff -up shadow-4.9/src/chage.c.debug1 shadow-4.9/src/chage.c ---- shadow-4.9/src/chage.c.debug1 2022-01-10 10:45:52.188132837 +0100 -+++ shadow-4.9/src/chage.c 2022-01-10 10:45:52.205132958 +0100 -@@ -52,6 +52,7 @@ - #include "defines.h" - #include "pwio.h" - #include "shadowio.h" -+#include "shadowlog.h" - #ifdef WITH_TCB - #include "tcbfuncs.h" - #endif -@@ -62,7 +63,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool - dflg = false, /* set last password change date */ -@@ -820,7 +820,8 @@ int main (int argc, char **argv) - * Get the program name so that error messages can use it. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - sanitize_env (); - (void) setlocale (LC_ALL, ""); -diff -up shadow-4.9/src/check_subid_range.c.debug1 shadow-4.9/src/check_subid_range.c ---- shadow-4.9/src/check_subid_range.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/check_subid_range.c 2022-01-10 10:45:52.205132958 +0100 -@@ -16,9 +16,9 @@ - #include "prototypes.h" - #include "subordinateio.h" - #include "idmapping.h" -+#include "shadowlog.h" - - const char *Prog; --FILE *shadow_logfd = NULL; - - int main(int argc, char **argv) - { -@@ -26,7 +26,8 @@ int main(int argc, char **argv) - unsigned long start, count; - bool check_uids; - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - if (argc != 5) - exit(1); -diff -up shadow-4.9/src/chfn.c.debug1 shadow-4.9/src/chfn.c ---- shadow-4.9/src/chfn.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/chfn.c 2022-01-10 10:45:52.205132958 +0100 -@@ -52,12 +52,12 @@ - #include "pwio.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables. - */ - const char *Prog; --FILE *shadow_logfd = NULL; - static char fullnm[BUFSIZ]; - static char roomno[BUFSIZ]; - static char workph[BUFSIZ]; -@@ -640,7 +640,8 @@ int main (int argc, char **argv) - * prefix to most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - sanitize_env (); - (void) setlocale (LC_ALL, ""); -diff -up shadow-4.9/src/chgpasswd.c.debug1 shadow-4.9/src/chgpasswd.c ---- shadow-4.9/src/chgpasswd.c.debug1 2022-01-10 10:45:52.188132837 +0100 -+++ shadow-4.9/src/chgpasswd.c 2022-01-10 10:45:52.205132958 +0100 -@@ -61,12 +61,12 @@ - #endif - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - static bool eflg = false; - static bool md5flg = false; - #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) -@@ -506,7 +506,8 @@ int main (int argc, char **argv) - int line = 0; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/chpasswd.c.debug1 shadow-4.9/src/chpasswd.c ---- shadow-4.9/src/chpasswd.c.debug1 2022-01-10 10:45:52.188132837 +0100 -+++ shadow-4.9/src/chpasswd.c 2022-01-10 10:45:52.205132958 +0100 -@@ -58,12 +58,12 @@ - #include "shadowio.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - static bool eflg = false; - static bool md5flg = false; - #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT) -@@ -494,7 +494,8 @@ int main (int argc, char **argv) - int line = 0; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/chsh.c.debug1 shadow-4.9/src/chsh.c ---- shadow-4.9/src/chsh.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/chsh.c 2022-01-10 10:45:52.205132958 +0100 -@@ -51,6 +51,7 @@ - #endif - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - #ifndef SHELLS_FILE - #define SHELLS_FILE "/etc/shells" -@@ -59,7 +60,6 @@ - * Global variables - */ - const char *Prog; /* Program name */ --FILE *shadow_logfd = NULL; - static bool amroot; /* Real UID is root */ - static char loginsh[BUFSIZ]; /* Name of new login shell */ - /* command line options */ -@@ -442,7 +442,8 @@ int main (int argc, char **argv) - * most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/expiry.c.debug1 shadow-4.9/src/expiry.c ---- shadow-4.9/src/expiry.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/expiry.c 2022-01-10 10:45:52.205132958 +0100 -@@ -43,10 +43,10 @@ - #include "prototypes.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* Global variables */ - const char *Prog; --FILE *shadow_logfd = NULL; - static bool cflg = false; - - /* local function prototypes */ -@@ -145,7 +145,8 @@ int main (int argc, char **argv) - struct spwd *spwd; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - sanitize_env (); - -diff -up shadow-4.9/src/faillog.c.debug1 shadow-4.9/src/faillog.c ---- shadow-4.9/src/faillog.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/faillog.c 2022-01-10 10:45:52.205132958 +0100 -@@ -46,6 +46,7 @@ - #include "prototypes.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* local function prototypes */ - static /*@noreturn@*/void usage (int status); -@@ -62,7 +63,6 @@ static void reset (void); - * Global variables - */ - const char *Prog; /* Program name */ --FILE *shadow_logfd = NULL; - static FILE *fail; /* failure file stream */ - static time_t seconds; /* that number of days in seconds */ - static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ -@@ -574,7 +574,8 @@ int main (int argc, char **argv) - * most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/free_subid_range.c.debug1 shadow-4.9/src/free_subid_range.c ---- shadow-4.9/src/free_subid_range.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/free_subid_range.c 2022-01-10 10:45:52.205132958 +0100 -@@ -3,11 +3,11 @@ - #include "subid.h" - #include "stdlib.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /* Test program for the subid freeing routine */ - - const char *Prog; --FILE *shadow_logfd = NULL; - - void usage(void) - { -@@ -24,7 +24,8 @@ int main(int argc, char *argv[]) - bool group = false; // get subuids by default - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - while ((c = getopt(argc, argv, "g")) != EOF) { - switch(c) { - case 'g': group = true; break; -diff -up shadow-4.9/src/get_subid_owners.c.debug1 shadow-4.9/src/get_subid_owners.c ---- shadow-4.9/src/get_subid_owners.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/get_subid_owners.c 2022-01-10 10:45:52.205132958 +0100 -@@ -2,9 +2,9 @@ - #include "subid.h" - #include "stdlib.h" - #include "prototypes.h" -+#include "shadowlog.h" - - const char *Prog; --FILE *shadow_logfd = NULL; - - void usage(void) - { -@@ -20,7 +20,8 @@ int main(int argc, char *argv[]) - uid_t *uids; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - if (argc < 2) { - usage(); - } -diff -up shadow-4.9/src/getsubids.c.debug1 shadow-4.9/src/getsubids.c ---- shadow-4.9/src/getsubids.c.debug1 2022-01-10 10:45:52.200132922 +0100 -+++ shadow-4.9/src/getsubids.c 2022-01-10 10:45:52.205132958 +0100 -@@ -3,9 +3,9 @@ - #include - #include "subid.h" - #include "prototypes.h" -+#include "shadowlog.h" - - const char *Prog; --FILE *shadow_logfd = NULL; - - void usage(void) - { -@@ -22,7 +22,8 @@ int main(int argc, char *argv[]) - const char *owner; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - if (argc < 2) - usage(); - owner = argv[1]; -diff -up shadow-4.9/src/gpasswd.c.debug1 shadow-4.9/src/gpasswd.c ---- shadow-4.9/src/gpasswd.c.debug1 2022-01-10 10:45:52.184132808 +0100 -+++ shadow-4.9/src/gpasswd.c 2022-01-10 10:45:52.205132958 +0100 -@@ -53,12 +53,12 @@ - /*@-exitarg@*/ - #include "exitcodes.h" - -+#include "shadowlog.h" - /* - * Global variables - */ - /* The name of this command, as it is invoked */ - const char *Prog; --FILE *shadow_logfd = NULL; - - #ifdef SHADOWGRP - /* Indicate if shadow groups are enabled on the system -@@ -927,7 +927,8 @@ int main (int argc, char **argv) - */ - bywho = getuid (); - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - OPENLOG ("gpasswd"); - setbuf (stdout, NULL); -diff -up shadow-4.9/src/groupadd.c.debug1 shadow-4.9/src/groupadd.c ---- shadow-4.9/src/groupadd.c.debug1 2022-01-10 10:45:52.184132808 +0100 -+++ shadow-4.9/src/groupadd.c 2022-01-10 10:45:52.205132958 +0100 -@@ -56,6 +56,7 @@ - #ifdef SHADOWGRP - #include "sgroupio.h" - #endif -+#include "shadowlog.h" - - /* - * exit status values -@@ -72,7 +73,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static /*@null@*/char *group_name; - static gid_t group_id; -@@ -602,7 +602,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/groupdel.c.debug1 shadow-4.9/src/groupdel.c ---- shadow-4.9/src/groupdel.c.debug1 2022-01-10 10:45:52.185132815 +0100 -+++ shadow-4.9/src/groupdel.c 2022-01-10 10:45:52.205132958 +0100 -@@ -54,11 +54,11 @@ - #ifdef SHADOWGRP - #include "sgroupio.h" - #endif -+#include "shadowlog.h" - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static char *group_name; - static gid_t group_id = -1; -@@ -379,7 +379,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/groupmems.c.debug1 shadow-4.9/src/groupmems.c ---- shadow-4.9/src/groupmems.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/groupmems.c 2022-01-10 10:45:52.206132965 +0100 -@@ -47,6 +47,7 @@ - #ifdef SHADOWGRP - #include "sgroupio.h" - #endif -+#include "shadowlog.h" - - /* Exit Status Values */ - /*@-exitarg@*/ -@@ -65,7 +66,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static char *adduser = NULL; - static char *deluser = NULL; -@@ -596,7 +596,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/groupmod.c.debug1 shadow-4.9/src/groupmod.c ---- shadow-4.9/src/groupmod.c.debug1 2022-01-10 10:45:52.185132815 +0100 -+++ shadow-4.9/src/groupmod.c 2022-01-10 10:45:52.206132965 +0100 -@@ -56,6 +56,7 @@ - #ifdef SHADOWGRP - #include "sgroupio.h" - #endif -+#include "shadowlog.h" - /* - * exit status values - */ -@@ -76,7 +77,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - #ifdef SHADOWGRP - static bool is_shadow_grp; -@@ -840,7 +840,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/groups.c.debug1 shadow-4.9/src/groups.c ---- shadow-4.9/src/groups.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/groups.c 2022-01-10 10:45:52.206132965 +0100 -@@ -39,11 +39,11 @@ - #include - #include "defines.h" - #include "prototypes.h" -+#include "shadowlog.h" - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - /* local function prototypes */ - static void print_groups (const char *member); -@@ -127,7 +127,8 @@ int main (int argc, char **argv) - * Get the program name so that error messages can use it. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - if (argc == 1) { - -diff -up shadow-4.9/src/grpck.c.debug1 shadow-4.9/src/grpck.c ---- shadow-4.9/src/grpck.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/grpck.c 2022-01-10 10:45:52.206132965 +0100 -@@ -45,6 +45,7 @@ - #include "nscd.h" - #include "sssd.h" - #include "prototypes.h" -+#include "shadowlog.h" - - #ifdef SHADOWGRP - #include "sgroupio.h" -@@ -66,7 +67,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static const char *grp_file = GROUP_FILE; - static bool use_system_grp_file = true; -@@ -841,7 +841,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/grpconv.c.debug1 shadow-4.9/src/grpconv.c ---- shadow-4.9/src/grpconv.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/grpconv.c 2022-01-10 10:45:52.206132965 +0100 -@@ -55,11 +55,11 @@ - #ifdef SHADOWGRP - #include "groupio.h" - #include "sgroupio.h" -+#include "shadowlog.h" - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool gr_locked = false; - static bool sgr_locked = false; -@@ -147,7 +147,8 @@ int main (int argc, char **argv) - struct sgrp sgent; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/grpunconv.c.debug1 shadow-4.9/src/grpunconv.c ---- shadow-4.9/src/grpunconv.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/grpunconv.c 2022-01-10 10:45:52.206132965 +0100 -@@ -55,11 +55,11 @@ - #ifdef SHADOWGRP - #include "groupio.h" - #include "sgroupio.h" -+#include "shadowlog.h" - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool gr_locked = false; - static bool sgr_locked = false; -@@ -146,7 +146,8 @@ int main (int argc, char **argv) - const struct sgrp *sg; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/lastlog.c.debug1 shadow-4.9/src/lastlog.c ---- shadow-4.9/src/lastlog.c.debug1 2022-01-10 10:45:52.189132844 +0100 -+++ shadow-4.9/src/lastlog.c 2022-01-10 10:45:52.206132965 +0100 -@@ -50,6 +50,7 @@ - #include "getdef.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Needed for MkLinux DR1/2/2.1 - J. -@@ -62,7 +63,6 @@ - * Global variables - */ - const char *Prog; /* Program name */ --FILE *shadow_logfd = NULL; - static FILE *lastlogfile; /* lastlog file stream */ - static unsigned long umin; /* if uflg and has_umin, only display users with uid >= umin */ - static bool has_umin = false; -@@ -322,7 +322,8 @@ int main (int argc, char **argv) - * most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/login.c.debug1 shadow-4.9/src/login.c ---- shadow-4.9/src/login.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/login.c 2022-01-10 10:45:52.206132965 +0100 -@@ -53,6 +53,7 @@ - #include "pwauth.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - #ifdef USE_PAM - #include "pam_defs.h" -@@ -83,7 +84,6 @@ static pam_handle_t *pamh = NULL; - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static const char *hostname = ""; - static /*@null@*/ /*@only@*/char *username = NULL; -@@ -578,7 +578,8 @@ int main (int argc, char **argv) - - amroot = (getuid () == 0); - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - if (geteuid() != 0) { - fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog); -diff -up shadow-4.9/src/logoutd.c.debug1 shadow-4.9/src/logoutd.c ---- shadow-4.9/src/logoutd.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/logoutd.c 2022-01-10 10:45:52.206132965 +0100 -@@ -40,11 +40,11 @@ - #include - #include "defines.h" - #include "prototypes.h" -+#include "shadowlog.h" - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - #ifndef DEFAULT_HUP_MESG - #define DEFAULT_HUP_MESG _("login time exceeded\n\n") -@@ -188,7 +188,8 @@ int main (int argc, char **argv) - * Start syslogging everything - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - OPENLOG ("logoutd"); - -diff -up shadow-4.9/src/newgidmap.c.debug1 shadow-4.9/src/newgidmap.c ---- shadow-4.9/src/newgidmap.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/newgidmap.c 2022-01-10 10:45:52.206132965 +0100 -@@ -41,12 +41,12 @@ - #include "subordinateio.h" - #include "getdef.h" - #include "idmapping.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - - static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) -@@ -177,7 +177,8 @@ int main(int argc, char **argv) - bool allow_setgroups = false; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - /* - * The valid syntax are -diff -up shadow-4.9/src/newgrp.c.debug1 shadow-4.9/src/newgrp.c ---- shadow-4.9/src/newgrp.c.debug1 2022-01-10 10:45:52.199132915 +0100 -+++ shadow-4.9/src/newgrp.c 2022-01-10 10:45:52.206132965 +0100 -@@ -44,12 +44,12 @@ - #include "prototypes.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - extern char **newenvp; - extern char **environ; -@@ -446,7 +446,8 @@ int main (int argc, char **argv) - * don't need to re-exec anything. -- JWP - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - is_newgrp = (strcmp (Prog, "newgrp") == 0); - OPENLOG (is_newgrp ? "newgrp" : "sg"); - argc--; -diff -up shadow-4.9/src/new_subid_range.c.debug1 shadow-4.9/src/new_subid_range.c ---- shadow-4.9/src/new_subid_range.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/new_subid_range.c 2022-01-10 10:45:52.206132965 +0100 -@@ -3,11 +3,11 @@ - #include "subid.h" - #include "stdlib.h" - #include "prototypes.h" -+#include "shadowlog.h" - - /* Test program for the subid creation routine */ - - const char *Prog; --FILE *shadow_logfd = NULL; - - void usage(void) - { -@@ -27,7 +27,8 @@ int main(int argc, char *argv[]) - bool ok; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - while ((c = getopt(argc, argv, "gn")) != EOF) { - switch(c) { - case 'n': makenew = true; break; -diff -up shadow-4.9/src/newuidmap.c.debug1 shadow-4.9/src/newuidmap.c ---- shadow-4.9/src/newuidmap.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/newuidmap.c 2022-01-10 10:45:52.206132965 +0100 -@@ -41,12 +41,12 @@ - #include "subordinateio.h" - #include "getdef.h" - #include "idmapping.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool verify_range(struct passwd *pw, struct map_range *range) - { -@@ -107,7 +107,8 @@ int main(int argc, char **argv) - int written; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - /* - * The valid syntax are -diff -up shadow-4.9/src/newusers.c.debug1 shadow-4.9/src/newusers.c ---- shadow-4.9/src/newusers.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/newusers.c 2022-01-10 10:45:52.207132972 +0100 -@@ -70,12 +70,12 @@ - #include "subordinateio.h" - #endif /* ENABLE_SUBIDS */ - #include "chkname.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool rflg = false; /* create a system account */ - #ifndef USE_PAM -@@ -1071,7 +1071,8 @@ int main (int argc, char **argv) - #endif /* USE_PAM */ - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/passwd.c.debug1 shadow-4.9/src/passwd.c ---- shadow-4.9/src/passwd.c.debug1 2022-01-10 10:45:52.189132844 +0100 -+++ shadow-4.9/src/passwd.c 2022-01-10 10:45:52.207132972 +0100 -@@ -50,6 +50,7 @@ - #include "pwauth.h" - #include "pwio.h" - #include "shadowio.h" -+#include "shadowlog.h" - - /* - * exit status values -@@ -66,7 +67,6 @@ - * Global variables - */ - const char *Prog; /* Program name */ --FILE *shadow_logfd = NULL; - - static char *name; /* The name of user whose password is being changed */ - static char *myname; /* The current user's name */ -@@ -761,7 +761,8 @@ int main (int argc, char **argv) - * most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/pwck.c.debug1 shadow-4.9/src/pwck.c ---- shadow-4.9/src/pwck.c.debug1 2022-01-10 10:45:52.198132908 +0100 -+++ shadow-4.9/src/pwck.c 2022-01-10 10:45:52.207132972 +0100 -@@ -52,6 +52,7 @@ - #ifdef WITH_TCB - #include "tcbfuncs.h" - #endif /* WITH_TCB */ -+#include "shadowlog.h" - - /* - * Exit codes -@@ -70,7 +71,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool use_system_pw_file = true; - static bool use_system_spw_file = true; -@@ -857,7 +857,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/pwconv.c.debug1 shadow-4.9/src/pwconv.c ---- shadow-4.9/src/pwconv.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/pwconv.c 2022-01-10 10:45:52.207132972 +0100 -@@ -73,6 +73,7 @@ - #include "shadowio.h" - #include "nscd.h" - #include "sssd.h" -+#include "shadowlog.h" - - /* - * exit status values -@@ -89,7 +90,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool spw_locked = false; - static bool pw_locked = false; -@@ -177,7 +177,8 @@ int main (int argc, char **argv) - struct spwd spent; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/pwunconv.c.debug1 shadow-4.9/src/pwunconv.c ---- shadow-4.9/src/pwunconv.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/pwunconv.c 2022-01-10 10:45:52.207132972 +0100 -@@ -48,12 +48,12 @@ - #include "shadowio.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static bool spw_locked = false; - static bool pw_locked = false; -@@ -138,7 +138,8 @@ int main (int argc, char **argv) - const struct spwd *spwd; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/su.c.debug1 shadow-4.9/src/su.c ---- shadow-4.9/src/su.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/su.c 2022-01-10 10:45:52.207132972 +0100 -@@ -77,12 +77,12 @@ - #endif /* USE_PAM */ - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */ - static bool caller_is_root = false; - static uid_t caller_uid; -@@ -717,7 +717,8 @@ static void save_caller_context (char ** - * most error messages. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - caller_uid = getuid (); - caller_is_root = (caller_uid == 0); -diff -up shadow-4.9/src/sulogin.c.debug1 shadow-4.9/src/sulogin.c ---- shadow-4.9/src/sulogin.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/sulogin.c 2022-01-10 10:45:52.207132972 +0100 -@@ -45,12 +45,12 @@ - #include "pwauth.h" - /*@-exitarg@*/ - #include "exitcodes.h" -+#include "shadowlog.h" - - /* - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static char name[BUFSIZ]; - static char pass[BUFSIZ]; -@@ -107,7 +107,8 @@ static RETSIGTYPE catch_signals (unused - #endif - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); - (void) textdomain (PACKAGE); -diff -up shadow-4.9/src/useradd.c.debug1 shadow-4.9/src/useradd.c ---- shadow-4.9/src/useradd.c.debug1 2022-01-10 10:45:52.197132901 +0100 -+++ shadow-4.9/src/useradd.c 2022-01-10 10:45:52.207132972 +0100 -@@ -78,6 +78,7 @@ - #ifdef WITH_TCB - #include "tcbfuncs.h" - #endif -+#include "shadowlog.h" - - #ifndef SKEL_DIR - #define SKEL_DIR "/etc/skel" -@@ -96,7 +97,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - /* - * These defaults are used if there is no defaults file. -@@ -2359,7 +2359,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/userdel.c.debug1 shadow-4.9/src/userdel.c ---- shadow-4.9/src/userdel.c.debug1 2022-01-10 10:45:52.186132823 +0100 -+++ shadow-4.9/src/userdel.c 2022-01-10 10:45:52.208132979 +0100 -@@ -72,6 +72,7 @@ - #ifdef ENABLE_SUBIDS - #include "subordinateio.h" - #endif /* ENABLE_SUBIDS */ -+#include "shadowlog.h" - - /* - * exit status values -@@ -91,7 +92,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static char *user_name; - static uid_t user_id; -@@ -944,7 +944,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); - (void) textdomain (PACKAGE); -diff -up shadow-4.9/src/usermod.c.debug1 shadow-4.9/src/usermod.c ---- shadow-4.9/src/usermod.c.debug1 2022-01-10 10:45:52.193132872 +0100 -+++ shadow-4.9/src/usermod.c 2022-01-10 10:45:52.208132979 +0100 -@@ -74,6 +74,7 @@ - #ifdef WITH_TCB - #include "tcbfuncs.h" - #endif -+#include "shadowlog.h" - - /* - * exit status values -@@ -105,7 +106,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static char *user_name; - static char *user_newname; -@@ -2172,7 +2172,8 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); -diff -up shadow-4.9/src/vipw.c.debug1 shadow-4.9/src/vipw.c ---- shadow-4.9/src/vipw.c.debug1 2021-07-22 23:55:35.000000000 +0200 -+++ shadow-4.9/src/vipw.c 2022-01-10 10:45:52.208132979 +0100 -@@ -53,6 +53,7 @@ - #include - #include "tcbfuncs.h" - #endif /* WITH_TCB */ -+#include "shadowlog.h" - - #define MSG_WARN_EDIT_OTHER_FILE _( \ - "You have modified %s.\n"\ -@@ -63,7 +64,6 @@ - * Global variables - */ - const char *Prog; --FILE *shadow_logfd = NULL; - - static const char *filename, *fileeditname; - static bool filelocked = false; -@@ -482,7 +482,8 @@ int main (int argc, char **argv) - bool do_vipw; - - Prog = Basename (argv[0]); -- shadow_logfd = stderr; -+ log_set_progname(Prog); -+ log_set_logfd(stderr); - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); diff --git a/shadow-4.9-move-create-home.patch b/shadow-4.9-move-create-home.patch deleted file mode 100644 index 0ed6ea7..0000000 --- a/shadow-4.9-move-create-home.patch +++ /dev/null @@ -1,88 +0,0 @@ -From 09c752f00f9dfc610f66d68be38c9e5be8ca7f15 Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Fri, 8 Oct 2021 13:09:59 +0200 -Subject: [PATCH] useradd: create directories after the SELinux user - -Create the home and mail folders after the SELinux user has been set for -the added user. This will allow the folders to be created with the -SELinux user label. - -Signed-off-by: Iker Pedrosa ---- - src/useradd.c | 46 +++++++++++++++++++++++----------------------- - 1 file changed, 23 insertions(+), 23 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 6269c01c..b463a170 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -2670,27 +2670,12 @@ int main (int argc, char **argv) - - usr_update (); - -- if (mflg) { -- create_home (); -- if (home_added) { -- copy_tree (def_template, prefix_user_home, false, false, -- (uid_t)-1, user_id, (gid_t)-1, user_gid); -- } else { -- fprintf (stderr, -- _("%s: warning: the home directory %s already exists.\n" -- "%s: Not copying any file from skel directory into it.\n"), -- Prog, user_home, Prog); -- } -- -- } -- -- /* Do not create mail directory for system accounts */ -- if (!rflg) { -- create_mail (); -- } -- - close_files (); - -+ nscd_flush_cache ("passwd"); -+ nscd_flush_cache ("group"); -+ sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); -+ - /* - * tallylog_reset needs to be able to lookup - * a valid existing user name, -@@ -2716,15 +2701,30 @@ int main (int argc, char **argv) - } - #endif /* WITH_SELINUX */ - -+ if (mflg) { -+ create_home (); -+ if (home_added) { -+ copy_tree (def_template, prefix_user_home, false, false, -+ (uid_t)-1, user_id, (gid_t)-1, user_gid); -+ } else { -+ fprintf (stderr, -+ _("%s: warning: the home directory %s already exists.\n" -+ "%s: Not copying any file from skel directory into it.\n"), -+ Prog, user_home, Prog); -+ } -+ -+ } -+ -+ /* Do not create mail directory for system accounts */ -+ if (!rflg) { -+ create_mail (); -+ } -+ - if (run_parts ("/etc/shadow-maint/useradd-post.d", (char*)user_name, - "useradd")) { - exit(1); - } - -- nscd_flush_cache ("passwd"); -- nscd_flush_cache ("group"); -- sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); -- - return E_SUCCESS; - } - --- -2.31.1 - diff --git a/shadow-4.9-newgrp-fix-segmentation-fault.patch b/shadow-4.9-newgrp-fix-segmentation-fault.patch deleted file mode 100644 index 49332a1..0000000 --- a/shadow-4.9-newgrp-fix-segmentation-fault.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 497e90751bc0d95cc998b0f06305040563903948 Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Wed, 10 Nov 2021 12:02:04 +0100 -Subject: [PATCH] newgrp: fix segmentation fault - -Fix segmentation fault in newgrp when xgetspnam() returns a NULL value -that is immediately freed. - -The error was committed in -https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57 - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2019553 - -Signed-off-by: Iker Pedrosa ---- - src/newgrp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/newgrp.c b/src/newgrp.c -index 730f47e8..566f1c89 100644 ---- a/src/newgrp.c -+++ b/src/newgrp.c -@@ -163,8 +163,8 @@ static void check_perms (const struct group *grp, - spwd = xgetspnam (pwd->pw_name); - if (NULL != spwd) { - pwd->pw_passwd = xstrdup (spwd->sp_pwdp); -+ spw_free (spwd); - } -- spw_free (spwd); - - if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) { - needspasswd = true; --- -2.31.1 - diff --git a/shadow-4.9-newuidmap-libeconf-dependency.patch b/shadow-4.9-newuidmap-libeconf-dependency.patch deleted file mode 100644 index a1907a6..0000000 --- a/shadow-4.9-newuidmap-libeconf-dependency.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/Makefile.am b/src/Makefile.am -index 7c1a3491..6cc873be 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT) - endif - - chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) --newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl --newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl -+newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl -+newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl - chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) - chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) diff --git a/shadow-4.9-null-tm.patch b/shadow-4.9-null-tm.patch deleted file mode 100644 index 249b27b..0000000 --- a/shadow-4.9-null-tm.patch +++ /dev/null @@ -1,70 +0,0 @@ -Index: shadow-4.5/src/chage.c -=================================================================== ---- shadow-4.5.orig/src/chage.c -+++ shadow-4.5/src/chage.c -@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size - struct tm *tp; - - tp = gmtime (&date); -+ if (tp == NULL) { -+ (void) snprintf (buf, maxsize, "(unknown)"); -+ return; -+ } - #ifdef HAVE_STRFTIME - (void) strftime (buf, maxsize, "%Y-%m-%d", tp); - #else -Index: shadow-4.5/src/lastlog.c -=================================================================== ---- shadow-4.5.orig/src/lastlog.c -+++ shadow-4.5/src/lastlog.c -@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s - - ll_time = ll.ll_time; - tm = localtime (&ll_time); -+ if (tm == NULL) { -+ cp = "(unknown)"; -+ } else { - #ifdef HAVE_STRFTIME -- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); -- cp = ptime; -+ strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); -+ cp = ptime; - #else -- cp = asctime (tm); -- cp[24] = '\0'; -+ cp = asctime (tm); -+ cp[24] = '\0'; - #endif -+ } - - if (ll.ll_time == (time_t) 0) { - cp = _("**Never logged in**\0"); -Index: shadow-4.5/src/passwd.c -=================================================================== ---- shadow-4.5.orig/src/passwd.c -+++ shadow-4.5/src/passwd.c -@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to - struct tm *tm; - - tm = gmtime (&t); -+ if (tm == NULL) { -+ return "(unknown)"; -+ } - #ifdef HAVE_STRFTIME - (void) strftime (buf, sizeof buf, "%m/%d/%Y", tm); - #else /* !HAVE_STRFTIME */ -Index: shadow-4.5/src/usermod.c -=================================================================== ---- shadow-4.5.orig/src/usermod.c -+++ shadow-4.5/src/usermod.c -@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@ - } else { - time_t t = (time_t) date; - tp = gmtime (&t); -+ if (tp == NULL) { -+ strncpy (buf, "unknown", maxsize); -+ return; -+ } - #ifdef HAVE_STRFTIME - strftime (buf, maxsize, "%Y-%m-%d", tp); - #else diff --git a/shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch b/shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch deleted file mode 100644 index e7761b7..0000000 --- a/shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch +++ /dev/null @@ -1,30 +0,0 @@ -From d8e54618feea201987c1f3cb402ed50d1d8b604f Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Mon, 15 Nov 2021 12:40:15 +0100 -Subject: [PATCH] pwck: fix segfault when calling fprintf() - -As shadow_logfd variable is not set at the beginning of the program if -something fails and fprintf() is called a segmentation fault happens. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2021339 - -Signed-off-by: Iker Pedrosa ---- - src/pwck.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/pwck.c b/src/pwck.c -index 4248944a..4ce86af2 100644 ---- a/src/pwck.c -+++ b/src/pwck.c -@@ -857,6 +857,7 @@ int main (int argc, char **argv) - * Get my name so that I can use it to report errors. - */ - Prog = Basename (argv[0]); -+ shadow_logfd = stderr; - - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); --- -2.31.1 - diff --git a/shadow-4.9-rename-prog-to-shadow-progname.patch b/shadow-4.9-rename-prog-to-shadow-progname.patch deleted file mode 100644 index d3a73a3..0000000 --- a/shadow-4.9-rename-prog-to-shadow-progname.patch +++ /dev/null @@ -1,507 +0,0 @@ -diff -up shadow-4.9/lib/commonio.c.debug2 shadow-4.9/lib/commonio.c ---- shadow-4.9/lib/commonio.c.debug2 2022-01-10 10:57:47.535238522 +0100 -+++ shadow-4.9/lib/commonio.c 2022-01-10 10:57:47.544238586 +0100 -@@ -147,7 +147,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: %s: %s\n", -- Prog, file, strerror (errno)); -+ shadow_progname, file, strerror (errno)); - } - return 0; - } -@@ -159,7 +159,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: %s file write error: %s\n", -- Prog, file, strerror (errno)); -+ shadow_progname, file, strerror (errno)); - } - (void) close (fd); - unlink (file); -@@ -169,7 +169,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: %s file sync error: %s\n", -- Prog, file, strerror (errno)); -+ shadow_progname, file, strerror (errno)); - } - (void) close (fd); - unlink (file); -@@ -182,7 +182,7 @@ static int do_lock_file (const char *fil - if ((0==retval) && log) { - (void) fprintf (shadow_logfd, - "%s: %s: lock file already used\n", -- Prog, file); -+ shadow_progname, file); - } - unlink (file); - return retval; -@@ -193,7 +193,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: %s: %s\n", -- Prog, lock, strerror (errno)); -+ shadow_progname, lock, strerror (errno)); - } - unlink (file); - errno = EINVAL; -@@ -205,7 +205,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: existing lock file %s without a PID\n", -- Prog, lock); -+ shadow_progname, lock); - } - unlink (file); - errno = EINVAL; -@@ -216,7 +216,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: existing lock file %s with an invalid PID '%s'\n", -- Prog, lock, buf); -+ shadow_progname, lock, buf); - } - unlink (file); - errno = EINVAL; -@@ -226,7 +226,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: lock %s already used by PID %lu\n", -- Prog, lock, (unsigned long) pid); -+ shadow_progname, lock, (unsigned long) pid); - } - unlink (file); - errno = EEXIST; -@@ -236,7 +236,7 @@ static int do_lock_file (const char *fil - if (log) { - (void) fprintf (shadow_logfd, - "%s: cannot get lock %s: %s\n", -- Prog, lock, strerror (errno)); -+ shadow_progname, lock, strerror (errno)); - } - unlink (file); - return 0; -@@ -248,13 +248,13 @@ static int do_lock_file (const char *fil - if ((0==retval) && log) { - (void) fprintf (shadow_logfd, - "%s: %s: lock file already used\n", -- Prog, file); -+ shadow_progname, file); - } - } else { - if (log) { - (void) fprintf (shadow_logfd, - "%s: cannot get lock %s: %s\n", -- Prog, lock, strerror (errno)); -+ shadow_progname, lock, strerror (errno)); - } - } - -@@ -449,7 +449,7 @@ int commonio_lock (struct commonio_db *d - if (geteuid () != 0) { - (void) fprintf (shadow_logfd, - "%s: Permission denied.\n", -- Prog); -+ shadow_progname); - } - return 0; /* failure */ - } -@@ -484,7 +484,7 @@ int commonio_lock (struct commonio_db *d - /* no unnecessary retries on "permission denied" errors */ - if (geteuid () != 0) { - (void) fprintf (shadow_logfd, "%s: Permission denied.\n", -- Prog); -+ shadow_progname); - return 0; - } - } -diff -up shadow-4.9/lib/nscd.c.debug2 shadow-4.9/lib/nscd.c ---- shadow-4.9/lib/nscd.c.debug2 2022-01-10 10:57:47.537238536 +0100 -+++ shadow-4.9/lib/nscd.c 2022-01-10 10:57:47.544238586 +0100 -@@ -26,7 +26,7 @@ int nscd_flush_cache (const char *servic - - if (run_command (cmd, spawnedArgs, spawnedEnv, &status) != 0) { - /* run_command writes its own more detailed message. */ -- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog); -+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); - return -1; - } - -@@ -34,7 +34,7 @@ int nscd_flush_cache (const char *servic - if (!WIFEXITED (status)) { - (void) fprintf (shadow_logfd, - _("%s: nscd did not terminate normally (signal %d)\n"), -- Prog, WTERMSIG (status)); -+ shadow_progname, WTERMSIG (status)); - return -1; - } else if (code == E_CMD_NOTFOUND) { - /* nscd is not installed, or it is installed but uses an -@@ -45,8 +45,8 @@ int nscd_flush_cache (const char *servic - return 0; - } else if (code != 0) { - (void) fprintf (shadow_logfd, _("%s: nscd exited with status %d\n"), -- Prog, code); -- (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog); -+ shadow_progname, code); -+ (void) fprintf (shadow_logfd, _(MSG_NSCD_FLUSH_CACHE_FAILED), shadow_progname); - return -1; - } - -diff -up shadow-4.9/lib/selinux.c.debug2 shadow-4.9/lib/selinux.c ---- shadow-4.9/lib/selinux.c.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/selinux.c 2022-01-10 10:57:47.544238586 +0100 -@@ -216,7 +216,7 @@ int check_selinux_permit (const char *pe - if (getprevcon_raw (&user_context_raw) != 0) { - fprintf (shadow_logfd, - _("%s: can not get previous SELinux process context: %s\n"), -- Prog, strerror (errno)); -+ shadow_progname, strerror (errno)); - SYSLOG ((LOG_WARN, - "can not get previous SELinux process context: %s", - strerror (errno))); -diff -up shadow-4.9/lib/shadowlog.c.debug2 shadow-4.9/lib/shadowlog.c ---- shadow-4.9/lib/shadowlog.c.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/shadowlog.c 2022-01-10 10:57:47.544238586 +0100 -@@ -2,14 +2,17 @@ - - #include "lib/shadowlog_internal.h" - -+const char *shadow_progname; -+FILE *shadow_logfd; -+ - void log_set_progname(const char *progname) - { -- Prog = progname; -+ shadow_progname = progname; - } - - const char *log_get_progname(void) - { -- return Prog; -+ return shadow_progname; - } - - void log_set_logfd(FILE *fd) -diff -up shadow-4.9/lib/shadowlog_internal.h.debug2 shadow-4.9/lib/shadowlog_internal.h ---- shadow-4.9/lib/shadowlog_internal.h.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/shadowlog_internal.h 2022-01-10 10:57:47.544238586 +0100 -@@ -1,2 +1,2 @@ --const char *Prog; /* Program name showed in error messages */ --FILE *shadow_logfd; /* file descripter to which error messages are printed */ -+extern const char *shadow_progname; /* Program name showed in error messages */ -+extern FILE *shadow_logfd; /* file descripter to which error messages are printed */ -diff -up shadow-4.9/lib/spawn.c.debug2 shadow-4.9/lib/spawn.c ---- shadow-4.9/lib/spawn.c.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/spawn.c 2022-01-10 10:57:47.544238586 +0100 -@@ -60,11 +60,11 @@ int run_command (const char *cmd, const - exit (E_CMD_NOTFOUND); - } - fprintf (shadow_logfd, "%s: cannot execute %s: %s\n", -- Prog, cmd, strerror (errno)); -+ shadow_progname, cmd, strerror (errno)); - exit (E_CMD_NOEXEC); - } else if ((pid_t)-1 == pid) { - fprintf (shadow_logfd, "%s: cannot execute %s: %s\n", -- Prog, cmd, strerror (errno)); -+ shadow_progname, cmd, strerror (errno)); - return -1; - } - -@@ -77,7 +77,7 @@ int run_command (const char *cmd, const - - if ((pid_t)-1 == wpid) { - fprintf (shadow_logfd, "%s: waitpid (status: %d): %s\n", -- Prog, *status, strerror (errno)); -+ shadow_progname, *status, strerror (errno)); - return -1; - } - -diff -up shadow-4.9/lib/sssd.c.debug2 shadow-4.9/lib/sssd.c ---- shadow-4.9/lib/sssd.c.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/sssd.c 2022-01-10 10:57:47.544238586 +0100 -@@ -48,22 +48,22 @@ int sssd_flush_cache (int dbflags) - free(sss_cache_args); - if (rv != 0) { - /* run_command writes its own more detailed message. */ -- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog)); -+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname)); - return -1; - } - - code = WEXITSTATUS (status); - if (!WIFEXITED (status)) { - SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)", -- Prog, WTERMSIG (status))); -+ shadow_progname, WTERMSIG (status))); - return -1; - } else if (code == E_CMD_NOTFOUND) { - /* sss_cache is not installed, or it is installed but uses an - interpreter that is missing. Probably the former. */ - return 0; - } else if (code != 0) { -- SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code)); -- SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog)); -+ SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", shadow_progname, code)); -+ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, shadow_progname)); - return -1; - } - -diff -up shadow-4.9/lib/tcbfuncs.c.debug2 shadow-4.9/lib/tcbfuncs.c ---- shadow-4.9/lib/tcbfuncs.c.debug2 2022-01-10 10:57:47.538238543 +0100 -+++ shadow-4.9/lib/tcbfuncs.c 2022-01-10 10:59:01.228764507 +0100 -@@ -74,7 +74,7 @@ shadowtcb_status shadowtcb_gain_priv (vo - * to exit soon. - */ - #define OUT_OF_MEMORY do { \ -- fprintf (shadow_logfd, _("%s: out of memory\n"), Prog); \ -+ fprintf (shadow_logfd, _("%s: out of memory\n"), shadow_progname); \ - (void) fflush (shadow_logfd); \ - } while (false) - -@@ -120,7 +120,7 @@ static /*@null@*/ char *shadowtcb_path_r - if (lstat (path, &st) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot stat %s: %s\n"), -- Prog, path, strerror (errno)); -+ shadow_progname, path, strerror (errno)); - free (path); - return NULL; - } -@@ -136,7 +136,7 @@ static /*@null@*/ char *shadowtcb_path_r - if (!S_ISLNK (st.st_mode)) { - fprintf (shadow_logfd, - _("%s: %s is neither a directory, nor a symlink.\n"), -- Prog, path); -+ shadow_progname, path); - free (path); - return NULL; - } -@@ -144,7 +144,7 @@ static /*@null@*/ char *shadowtcb_path_r - if (-1 == ret) { - fprintf (shadow_logfd, - _("%s: Cannot read symbolic link %s: %s\n"), -- Prog, path, strerror (errno)); -+ shadow_progname, path, strerror (errno)); - free (path); - return NULL; - } -@@ -153,7 +153,7 @@ static /*@null@*/ char *shadowtcb_path_r - link[sizeof(link) - 1] = '\0'; - fprintf (shadow_logfd, - _("%s: Suspiciously long symlink: %s\n"), -- Prog, link); -+ shadow_progname, link); - return NULL; - } - link[(size_t)ret] = '\0'; -@@ -211,7 +211,7 @@ static shadowtcb_status mkdir_leading (c - if (stat (TCB_DIR, &st) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot stat %s: %s\n"), -- Prog, TCB_DIR, strerror (errno)); -+ shadow_progname, TCB_DIR, strerror (errno)); - goto out_free_path; - } - while ((ind = strchr (ptr, '/'))) { -@@ -223,19 +223,19 @@ static shadowtcb_status mkdir_leading (c - if ((mkdir (dir, 0700) != 0) && (errno != EEXIST)) { - fprintf (shadow_logfd, - _("%s: Cannot create directory %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free_dir; - } - if (chown (dir, 0, st.st_gid) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owner of %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free_dir; - } - if (chmod (dir, 0711) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change mode of %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free_dir; - } - free (dir); -@@ -265,7 +265,7 @@ static shadowtcb_status unlink_suffs (co - if ((unlink (tmp) != 0) && (errno != ENOENT)) { - fprintf (shadow_logfd, - _("%s: unlink: %s: %s\n"), -- Prog, tmp, strerror (errno)); -+ shadow_progname, tmp, strerror (errno)); - free (tmp); - return SHADOWTCB_FAILURE; - } -@@ -290,7 +290,7 @@ static shadowtcb_status rmdir_leading (c - if (errno != ENOTEMPTY) { - fprintf (shadow_logfd, - _("%s: Cannot remove directory %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - ret = SHADOWTCB_FAILURE; - } - free (dir); -@@ -319,7 +319,7 @@ static shadowtcb_status move_dir (const - if (stat (olddir, &oldmode) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot stat %s: %s\n"), -- Prog, olddir, strerror (errno)); -+ shadow_progname, olddir, strerror (errno)); - goto out_free; - } - old_uid = oldmode.st_uid; -@@ -346,7 +346,7 @@ static shadowtcb_status move_dir (const - if (rename (real_old_dir, real_new_dir) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot rename %s to %s: %s\n"), -- Prog, real_old_dir, real_new_dir, strerror (errno)); -+ shadow_progname, real_old_dir, real_new_dir, strerror (errno)); - goto out_free; - } - if (rmdir_leading (real_old_dir_rel) == SHADOWTCB_FAILURE) { -@@ -355,7 +355,7 @@ static shadowtcb_status move_dir (const - if ((unlink (olddir) != 0) && (errno != ENOENT)) { - fprintf (shadow_logfd, - _("%s: Cannot remove %s: %s\n"), -- Prog, olddir, strerror (errno)); -+ shadow_progname, olddir, strerror (errno)); - goto out_free; - } - if (asprintf (&newdir, TCB_DIR "/%s", user_newname) == -1) { -@@ -369,7 +369,7 @@ static shadowtcb_status move_dir (const - && (symlink (real_new_dir_rel, newdir) != 0)) { - fprintf (shadow_logfd, - _("%s: Cannot create symbolic link %s: %s\n"), -- Prog, real_new_dir_rel, strerror (errno)); -+ shadow_progname, real_new_dir_rel, strerror (errno)); - goto out_free; - } - ret = SHADOWTCB_SUCCESS; -@@ -468,31 +468,31 @@ shadowtcb_status shadowtcb_move (/*@NULL - if (stat (tcbdir, &dirmode) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot stat %s: %s\n"), -- Prog, tcbdir, strerror (errno)); -+ shadow_progname, tcbdir, strerror (errno)); - goto out_free; - } - if (chown (tcbdir, 0, 0) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owners of %s: %s\n"), -- Prog, tcbdir, strerror (errno)); -+ shadow_progname, tcbdir, strerror (errno)); - goto out_free; - } - if (chmod (tcbdir, 0700) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change mode of %s: %s\n"), -- Prog, tcbdir, strerror (errno)); -+ shadow_progname, tcbdir, strerror (errno)); - goto out_free; - } - if (lstat (shadow, &filemode) != 0) { - if (errno != ENOENT) { - fprintf (shadow_logfd, - _("%s: Cannot lstat %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - fprintf (shadow_logfd, - _("%s: Warning, user %s has no tcb shadow file.\n"), -- Prog, user_newname); -+ shadow_progname, user_newname); - } else { - if (!S_ISREG (filemode.st_mode) || - filemode.st_nlink != 1) { -@@ -500,19 +500,19 @@ shadowtcb_status shadowtcb_move (/*@NULL - _("%s: Emergency: %s's tcb shadow is not a " - "regular file with st_nlink=1.\n" - "The account is left locked.\n"), -- Prog, user_newname); -+ shadow_progname, user_newname); - goto out_free; - } - if (chown (shadow, user_newid, filemode.st_gid) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owner of %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - if (chmod (shadow, filemode.st_mode & 07777) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change mode of %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - } -@@ -522,7 +522,7 @@ shadowtcb_status shadowtcb_move (/*@NULL - if (chown (tcbdir, user_newid, dirmode.st_gid) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owner of %s: %s\n"), -- Prog, tcbdir, strerror (errno)); -+ shadow_progname, tcbdir, strerror (errno)); - goto out_free; - } - ret = SHADOWTCB_SUCCESS; -@@ -547,7 +547,7 @@ shadowtcb_status shadowtcb_create (const - if (stat (TCB_DIR, &tcbdir_stat) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot stat %s: %s\n"), -- Prog, TCB_DIR, strerror (errno)); -+ shadow_progname, TCB_DIR, strerror (errno)); - return SHADOWTCB_FAILURE; - } - shadowgid = tcbdir_stat.st_gid; -@@ -567,39 +567,39 @@ shadowtcb_status shadowtcb_create (const - if (mkdir (dir, 0700) != 0) { - fprintf (shadow_logfd, - _("%s: mkdir: %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free; - } - fd = open (shadow, O_RDWR | O_CREAT | O_TRUNC, 0600); - if (fd < 0) { - fprintf (shadow_logfd, - _("%s: Cannot open %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - close (fd); - if (chown (shadow, 0, authgid) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owner of %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - if (chmod (shadow, (mode_t) ((authgid == shadowgid) ? 0600 : 0640)) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change mode of %s: %s\n"), -- Prog, shadow, strerror (errno)); -+ shadow_progname, shadow, strerror (errno)); - goto out_free; - } - if (chown (dir, 0, authgid) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change owner of %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free; - } - if (chmod (dir, (mode_t) ((authgid == shadowgid) ? 02700 : 02710)) != 0) { - fprintf (shadow_logfd, - _("%s: Cannot change mode of %s: %s\n"), -- Prog, dir, strerror (errno)); -+ shadow_progname, dir, strerror (errno)); - goto out_free; - } - if ( (shadowtcb_set_user (name) == SHADOWTCB_FAILURE) diff --git a/shadow-4.9-revert-useradd-fix-memleak.patch b/shadow-4.9-revert-useradd-fix-memleak.patch deleted file mode 100644 index e8251f2..0000000 --- a/shadow-4.9-revert-useradd-fix-memleak.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 4624e9fca1b02b64e25e8b2280a0186182ab73ba Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Sat, 14 Aug 2021 19:37:24 -0500 -Subject: [PATCH] Revert "useradd.c:fix memleaks of grp" - -In some cases, the value which was being freed is not actually -safe to free. - -Closes #394 - -This reverts commit c44b71cec25d60efc51aec9de3abce1f6efbfcf5. ---- - src/useradd.c | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/useradd.c b/src/useradd.c -index f90127cd..0d3f390d 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -413,7 +413,6 @@ static void get_defaults (void) - } else { - def_group = grp->gr_gid; - def_gname = xstrdup (grp->gr_name); -- gr_free(grp); - } - } - --- -2.31.1 - diff --git a/shadow-4.9-semanage-close-the-selabel-handle.patch b/shadow-4.9-semanage-close-the-selabel-handle.patch deleted file mode 100644 index 11a23e4..0000000 --- a/shadow-4.9-semanage-close-the-selabel-handle.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 234af5cf67fc1a3ba99fc246ba65869a3c416545 Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Fri, 8 Oct 2021 13:13:13 +0200 -Subject: [PATCH] semanage: close the selabel handle - -Close the selabel handle to update the file_context. This means that the -file_context will be remmaped and used by selabel_lookup() to return -the appropriate context to label the home folder. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1993081 - -Signed-off-by: Iker Pedrosa ---- - lib/prototypes.h | 1 + - lib/selinux.c | 5 +++++ - lib/semanage.c | 1 + - 3 files changed, 7 insertions(+) - -diff --git a/lib/prototypes.h b/lib/prototypes.h -index 1d1586d4..b697e0ec 100644 ---- a/lib/prototypes.h -+++ b/lib/prototypes.h -@@ -392,6 +392,7 @@ extern /*@observer@*/const char *crypt_make_salt (/*@null@*//*@observer@*/const - /* selinux.c */ - #ifdef WITH_SELINUX - extern int set_selinux_file_context (const char *dst_name, mode_t mode); -+extern void reset_selinux_handle (void); - extern int reset_selinux_file_context (void); - extern int check_selinux_permit (const char *perm_name); - #endif -diff --git a/lib/selinux.c b/lib/selinux.c -index c83545f9..b075d4c0 100644 ---- a/lib/selinux.c -+++ b/lib/selinux.c -@@ -50,6 +50,11 @@ static void cleanup(void) - } - } - -+void reset_selinux_handle (void) -+{ -+ cleanup(); -+} -+ - /* - * set_selinux_file_context - Set the security context before any file or - * directory creation. -diff --git a/lib/semanage.c b/lib/semanage.c -index 0d30456a..a5bf9218 100644 ---- a/lib/semanage.c -+++ b/lib/semanage.c -@@ -293,6 +293,7 @@ int set_seuser (const char *login_name, const char *seuser_name) - } - - ret = 0; -+ reset_selinux_handle(); - - done: - semanage_seuser_key_free (key); --- -2.31.1 - diff --git a/shadow-4.9-shadow-progname-default-init.patch b/shadow-4.9-shadow-progname-default-init.patch deleted file mode 100644 index 0c6d616..0000000 --- a/shadow-4.9-shadow-progname-default-init.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up shadow-4.9/lib/shadowlog.c.debug3 shadow-4.9/lib/shadowlog.c ---- shadow-4.9/lib/shadowlog.c.debug3 2022-01-10 11:16:31.636261531 +0100 -+++ shadow-4.9/lib/shadowlog.c 2022-01-10 11:16:31.637261538 +0100 -@@ -2,8 +2,8 @@ - - #include "lib/shadowlog_internal.h" - --const char *shadow_progname; --FILE *shadow_logfd; -+const char *shadow_progname = "libshadow"; -+FILE *shadow_logfd = NULL; - - void log_set_progname(const char *progname) - { -diff -up shadow-4.9/libsubid/api.c.debug3 shadow-4.9/libsubid/api.c ---- shadow-4.9/libsubid/api.c.debug3 2022-01-10 11:16:31.637261538 +0100 -+++ shadow-4.9/libsubid/api.c 2022-01-10 11:17:15.431574120 +0100 -@@ -40,17 +40,16 @@ - #include "subid.h" - #include "shadowlog.h" - --const char *Prog = "(libsubid)"; -- - bool libsubid_init(const char *progname, FILE * logfd) - { - FILE *shadow_logfd; - if (progname) { - progname = strdup(progname); -- if (progname) -- Prog = progname; -- else -+ if (!progname) - return false; -+ log_set_progname(progname); -+ } else { -+ log_set_progname("(libsubid)"); - } - - if (logfd) { diff --git a/shadow-4.9-useradd-avoid-generating-empty-subid-range.patch b/shadow-4.9-useradd-avoid-generating-empty-subid-range.patch deleted file mode 100644 index b94fd60..0000000 --- a/shadow-4.9-useradd-avoid-generating-empty-subid-range.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/src/useradd.c b/src/useradd.c -index baeffb35..9abeea6e 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -142,9 +142,7 @@ static bool is_sub_gid = false; - static bool sub_uid_locked = false; - static bool sub_gid_locked = false; - static uid_t sub_uid_start; /* New subordinate uid range */ --static unsigned long sub_uid_count; - static gid_t sub_gid_start; /* New subordinate gid range */ --static unsigned long sub_gid_count; - #endif /* ENABLE_SUBIDS */ - static bool pw_locked = false; - static bool gr_locked = false; -@@ -234,7 +232,7 @@ static void open_shadow (void); - static void faillog_reset (uid_t); - static void lastlog_reset (uid_t); - static void tallylog_reset (const char *); --static void usr_update (void); -+static void usr_update (unsigned long subuid_count, unsigned long subgid_count); - static void create_home (void); - static void create_mail (void); - static void check_uid_range(int rflg, uid_t user_id); -@@ -2092,7 +2090,7 @@ static void tallylog_reset (const char *user_name) - * usr_update() creates the password file entries for this user - * and will update the group entries if required. - */ --static void usr_update (void) -+static void usr_update (unsigned long subuid_count, unsigned long subgid_count) - { - struct passwd pwent; - struct spwd spent; -@@ -2155,14 +2153,14 @@ static void usr_update (void) - } - #ifdef ENABLE_SUBIDS - if (is_sub_uid && -- (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) { -+ (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { - fprintf (stderr, - _("%s: failed to prepare the new %s entry\n"), - Prog, sub_uid_dbname ()); - fail_exit (E_SUB_UID_UPDATE); - } - if (is_sub_gid && -- (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) { -+ (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { - fprintf (stderr, - _("%s: failed to prepare the new %s entry\n"), - Prog, sub_uid_dbname ()); -@@ -2624,16 +2622,16 @@ int main (int argc, char **argv) - } - - #ifdef ENABLE_SUBIDS -- if (is_sub_uid && sub_uid_count != 0) { -- if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) { -+ if (is_sub_uid && subuid_count != 0) { -+ if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) { - fprintf (stderr, - _("%s: can't create subordinate user IDs\n"), - Prog); - fail_exit(E_SUB_UID_UPDATE); - } - } -- if (is_sub_gid && sub_gid_count != 0) { -- if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) { -+ if (is_sub_gid && subgid_count != 0) { -+ if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) { - fprintf (stderr, - _("%s: can't create subordinate group IDs\n"), - Prog); -@@ -2642,7 +2640,7 @@ int main (int argc, char **argv) - } - #endif /* ENABLE_SUBIDS */ - -- usr_update (); -+ usr_update (subuid_count, subgid_count); - - close_files (); - diff --git a/shadow-4.9-useradd-copy-tree-argument.patch b/shadow-4.9-useradd-copy-tree-argument.patch deleted file mode 100644 index f6b9827..0000000 --- a/shadow-4.9-useradd-copy-tree-argument.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/src/useradd.c b/src/useradd.c -index b463a170..f7c97958 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -2704,7 +2704,7 @@ int main (int argc, char **argv) - if (mflg) { - create_home (); - if (home_added) { -- copy_tree (def_template, prefix_user_home, false, false, -+ copy_tree (def_template, prefix_user_home, false, true, - (uid_t)-1, user_id, (gid_t)-1, user_gid); - } else { - fprintf (stderr, diff --git a/shadow-4.9-usermod-allow-all-group-types.patch b/shadow-4.9-usermod-allow-all-group-types.patch deleted file mode 100644 index fada15e..0000000 --- a/shadow-4.9-usermod-allow-all-group-types.patch +++ /dev/null @@ -1,322 +0,0 @@ -From e481437ab9ebe9a8bf8fbaabe986d42b2f765991 Mon Sep 17 00:00:00 2001 -From: Iker Pedrosa -Date: Tue, 3 Aug 2021 08:57:20 +0200 -Subject: [PATCH] usermod: allow all group types with -G option - -The only way of removing a group from the supplementary list is to use --G option, and list all groups that the user is a member of except for -the one that wants to be removed. The problem lies when there's a user -that contains both local and remote groups, and the group to be removed -is a local one. As we need to include the remote group with -G option -the command will fail. - -This reverts commit 140510de9de4771feb3af1d859c09604043a4c9b. This way, -it would be possible to remove the remote groups from the supplementary -list. - -Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1967641 -Resolves: https://github.com/shadow-maint/shadow/issues/338 - -Signed-off-by: Iker Pedrosa ---- - src/usermod.c | 220 ++++++++++++++++++-------------------------------- - 1 file changed, 77 insertions(+), 143 deletions(-) - -diff --git a/src/usermod.c b/src/usermod.c -index 03bb9b9d..a0c03afa 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -187,7 +187,6 @@ static bool sub_gid_locked = false; - static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize, - long int date); - static int get_groups (char *); --static struct group * get_local_group (char * grp_name); - static /*@noreturn@*/void usage (int status); - static void new_pwent (struct passwd *); - static void new_spent (struct spwd *); -@@ -201,9 +200,7 @@ static void grp_update (void); - - static void process_flags (int, char **); - static void close_files (void); --static void close_group_files (void); - static void open_files (void); --static void open_group_files (void); - static void usr_update (void); - static void move_home (void); - static void update_lastlog (void); -@@ -260,11 +257,6 @@ static int get_groups (char *list) - return 0; - } - -- /* -- * Open the group files -- */ -- open_group_files (); -- - /* - * So long as there is some data to be converted, strip off each - * name and look it up. A mix of numerical and string values for -@@ -284,7 +276,7 @@ static int get_groups (char *list) - * Names starting with digits are treated as numerical GID - * values, otherwise the string is looked up as is. - */ -- grp = get_local_group (list); -+ grp = prefix_getgr_nam_gid (list); - - /* - * There must be a match, either by GID value or by -@@ -334,8 +326,6 @@ static int get_groups (char *list) - gr_free ((struct group *)grp); - } while (NULL != list); - -- close_group_files (); -- - user_groups[ngroups] = (char *) 0; - - /* -@@ -348,44 +338,6 @@ static int get_groups (char *list) - return 0; - } - --/* -- * get_local_group - checks if a given group name exists locally -- * -- * get_local_group() checks if a given group name exists locally. -- * If the name exists the group information is returned, otherwise NULL is -- * returned. -- */ --static struct group * get_local_group(char * grp_name) --{ -- const struct group *grp; -- struct group *result_grp = NULL; -- long long int gid; -- char *endptr; -- -- gid = strtoll (grp_name, &endptr, 10); -- if ( ('\0' != *grp_name) -- && ('\0' == *endptr) -- && (ERANGE != errno) -- && (gid == (gid_t)gid)) { -- grp = gr_locate_gid ((gid_t) gid); -- } -- else { -- grp = gr_locate(grp_name); -- } -- -- if (grp != NULL) { -- result_grp = __gr_dup (grp); -- if (NULL == result_grp) { -- fprintf (stderr, -- _("%s: Out of memory. Cannot find group '%s'.\n"), -- Prog, grp_name); -- fail_exit (E_GRP_UPDATE); -- } -- } -- -- return result_grp; --} -- - #ifdef ENABLE_SUBIDS - struct ulong_range - { -@@ -1523,7 +1475,50 @@ static void close_files (void) - } - - if (Gflg || lflg) { -- close_group_files (); -+ if (gr_close () == 0) { -+ fprintf (stderr, -+ _("%s: failure while writing changes to %s\n"), -+ Prog, gr_dbname ()); -+ SYSLOG ((LOG_ERR, -+ "failure while writing changes to %s", -+ gr_dbname ())); -+ fail_exit (E_GRP_UPDATE); -+ } -+#ifdef SHADOWGRP -+ if (is_shadow_grp) { -+ if (sgr_close () == 0) { -+ fprintf (stderr, -+ _("%s: failure while writing changes to %s\n"), -+ Prog, sgr_dbname ()); -+ SYSLOG ((LOG_ERR, -+ "failure while writing changes to %s", -+ sgr_dbname ())); -+ fail_exit (E_GRP_UPDATE); -+ } -+ } -+#endif -+#ifdef SHADOWGRP -+ if (is_shadow_grp) { -+ if (sgr_unlock () == 0) { -+ fprintf (stderr, -+ _("%s: failed to unlock %s\n"), -+ Prog, sgr_dbname ()); -+ SYSLOG ((LOG_ERR, -+ "failed to unlock %s", -+ sgr_dbname ())); -+ /* continue */ -+ } -+ } -+#endif -+ if (gr_unlock () == 0) { -+ fprintf (stderr, -+ _("%s: failed to unlock %s\n"), -+ Prog, gr_dbname ()); -+ SYSLOG ((LOG_ERR, -+ "failed to unlock %s", -+ gr_dbname ())); -+ /* continue */ -+ } - } - - if (is_shadow_pwd) { -@@ -1592,60 +1587,6 @@ static void close_files (void) - #endif - } - --/* -- * close_group_files - close all of the files that were opened -- * -- * close_group_files() closes all of the files that were opened related -- * with groups. This causes any modified entries to be written out. -- */ --static void close_group_files (void) --{ -- if (gr_close () == 0) { -- fprintf (stderr, -- _("%s: failure while writing changes to %s\n"), -- Prog, gr_dbname ()); -- SYSLOG ((LOG_ERR, -- "failure while writing changes to %s", -- gr_dbname ())); -- fail_exit (E_GRP_UPDATE); -- } --#ifdef SHADOWGRP -- if (is_shadow_grp) { -- if (sgr_close () == 0) { -- fprintf (stderr, -- _("%s: failure while writing changes to %s\n"), -- Prog, sgr_dbname ()); -- SYSLOG ((LOG_ERR, -- "failure while writing changes to %s", -- sgr_dbname ())); -- fail_exit (E_GRP_UPDATE); -- } -- } --#endif --#ifdef SHADOWGRP -- if (is_shadow_grp) { -- if (sgr_unlock () == 0) { -- fprintf (stderr, -- _("%s: failed to unlock %s\n"), -- Prog, sgr_dbname ()); -- SYSLOG ((LOG_ERR, -- "failed to unlock %s", -- sgr_dbname ())); -- /* continue */ -- } -- } --#endif -- if (gr_unlock () == 0) { -- fprintf (stderr, -- _("%s: failed to unlock %s\n"), -- Prog, gr_dbname ()); -- SYSLOG ((LOG_ERR, -- "failed to unlock %s", -- gr_dbname ())); -- /* continue */ -- } --} -- - /* - * open_files - lock and open the password files - * -@@ -1681,7 +1622,38 @@ static void open_files (void) - } - - if (Gflg || lflg) { -- open_group_files (); -+ /* -+ * Lock and open the group file. This will load all of the -+ * group entries. -+ */ -+ if (gr_lock () == 0) { -+ fprintf (stderr, -+ _("%s: cannot lock %s; try again later.\n"), -+ Prog, gr_dbname ()); -+ fail_exit (E_GRP_UPDATE); -+ } -+ gr_locked = true; -+ if (gr_open (O_CREAT | O_RDWR) == 0) { -+ fprintf (stderr, -+ _("%s: cannot open %s\n"), -+ Prog, gr_dbname ()); -+ fail_exit (E_GRP_UPDATE); -+ } -+#ifdef SHADOWGRP -+ if (is_shadow_grp && (sgr_lock () == 0)) { -+ fprintf (stderr, -+ _("%s: cannot lock %s; try again later.\n"), -+ Prog, sgr_dbname ()); -+ fail_exit (E_GRP_UPDATE); -+ } -+ sgr_locked = true; -+ if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { -+ fprintf (stderr, -+ _("%s: cannot open %s\n"), -+ Prog, sgr_dbname ()); -+ fail_exit (E_GRP_UPDATE); -+ } -+#endif - } - #ifdef ENABLE_SUBIDS - if (vflg || Vflg) { -@@ -1717,44 +1689,6 @@ static void open_files (void) - #endif /* ENABLE_SUBIDS */ - } - --/* -- * open_group_files - lock and open the group files -- * -- * open_group_files() loads all of the group entries. -- */ --static void open_group_files (void) --{ -- if (gr_lock () == 0) { -- fprintf (stderr, -- _("%s: cannot lock %s; try again later.\n"), -- Prog, gr_dbname ()); -- fail_exit (E_GRP_UPDATE); -- } -- gr_locked = true; -- if (gr_open (O_CREAT | O_RDWR) == 0) { -- fprintf (stderr, -- _("%s: cannot open %s\n"), -- Prog, gr_dbname ()); -- fail_exit (E_GRP_UPDATE); -- } -- --#ifdef SHADOWGRP -- if (is_shadow_grp && (sgr_lock () == 0)) { -- fprintf (stderr, -- _("%s: cannot lock %s; try again later.\n"), -- Prog, sgr_dbname ()); -- fail_exit (E_GRP_UPDATE); -- } -- sgr_locked = true; -- if (is_shadow_grp && (sgr_open (O_CREAT | O_RDWR) == 0)) { -- fprintf (stderr, -- _("%s: cannot open %s\n"), -- Prog, sgr_dbname ()); -- fail_exit (E_GRP_UPDATE); -- } --#endif --} -- - /* - * usr_update - create the user entries - * --- -2.31.1 - diff --git a/shadow-utils.spec b/shadow-utils.spec index bcbadf8..16ec56c 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,12 +1,12 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils -Version: 4.9 -Release: 10%{?dist} +Version: 4.11.1 +Release: 1%{?dist} Epoch: 2 License: BSD and GPLv2+ URL: https://github.com/shadow-maint/shadow -Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz -Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc +Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz +Source1: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc Source2: shadow-utils.useradd Source3: shadow-utils.login.defs Source4: shadow-bsd.txt @@ -18,11 +18,9 @@ Source6: shadow-utils.HOME_MODE.xml ### Patches ### # Misc small changes - most probably non-upstreamable -Patch0: shadow-4.9-redhat.patch +Patch0: shadow-4.11.1-redhat.patch # Be more lenient with acceptable user/group names - non upstreamable Patch1: shadow-4.8-goodname.patch -# https://github.com/shadow-maint/shadow/commit/09c752f00f9dfc610f66d68be38c9e5be8ca7f15 -Patch2: shadow-4.9-move-create-home.patch # SElinux related - upstreamability unknown Patch3: shadow-4.9-default-range.patch # Misc manual page changes - non-upstreamable @@ -32,50 +30,21 @@ Patch5: shadow-4.2.1-date-parsing.patch # Additional error message - could be upstreamed Patch6: shadow-4.6-move-home.patch # Audit message changes - upstreamability unknown -Patch7: shadow-4.9-audit-update.patch +Patch7: shadow-4.11.1-audit-update.patch # Changes related to password unlocking - could be upstreamed Patch8: shadow-4.5-usermod-unlock.patch # Additional SElinux related changes - upstreamability unknown Patch9: shadow-4.8-selinux-perms.patch -# Handle NULL return from *time funcs - could be upstreamed -Patch10: shadow-4.9-null-tm.patch +# Handle NULL return from *time funcs - upstreamable +Patch10: shadow-4.11.1-null-tm.patch # Handle /etc/passwd corruption - could be upstreamed Patch11: shadow-4.8-long-entry.patch # Limit uid/gid allocation to non-zero - could be upstreamed Patch12: shadow-4.6-sysugid-min-limit.patch # Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown Patch13: shadow-4.8-ignore-login-prompt.patch -# https://github.com/shadow-maint/shadow/commit/c6847011e8b656adacd9a0d2a78418cad0de34cb -Patch14: shadow-4.9-newuidmap-libeconf-dependency.patch -# https://github.com/shadow-maint/shadow/commit/e481437ab9ebe9a8bf8fbaabe986d42b2f765991 -Patch15: shadow-4.9-usermod-allow-all-group-types.patch -# https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249 -Patch16: shadow-4.9-useradd-avoid-generating-empty-subid-range.patch -# https://github.com/shadow-maint/shadow/commit/234e8fa7b134d1ebabfdad980a3ae5b63c046c62 -Patch17: shadow-4.9-libmisc-fix-default-value-in-SHA_get_salt_rounds.patch -# https://github.com/shadow-maint/shadow/commit/234af5cf67fc1a3ba99fc246ba65869a3c416545 -Patch18: shadow-4.9-semanage-close-the-selabel-handle.patch -# https://github.com/shadow-maint/shadow/commit/4624e9fca1b02b64e25e8b2280a0186182ab73ba -Patch19: shadow-4.9-revert-useradd-fix-memleak.patch -# https://github.com/shadow-maint/shadow/commit/06eb4e4d76ac7f1ac86e68a89b2dc9be7c7323a2 -Patch20: shadow-4.9-useradd-copy-tree-argument.patch -# https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f -Patch21: shadow-4.9-pwck-fix-segfault-when-calling-fprintf.patch -# https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948 -Patch22: shadow-4.9-newgrp-fix-segmentation-fault.patch -# https://github.com/shadow-maint/shadow/commit/3b6ccf642c6bb2b7db087f09ee563ae9318af734 -Patch23: shadow-4.9-getsubids.patch -# https://github.com/shadow-maint/shadow/commit/a757b458ffb4fb9a40bcbb4f7869449431c67f83 -Patch24: shadow-4.9-groupdel-fix-sigsegv-when-passwd-does-not-exist.patch -# https://github.com/shadow-maint/shadow/commit/79157cbad87f42cdc2068d72e798488572c68bb2 -Patch25: shadow-4.9-make-shadow-logfd-and-prog-not-extern.patch -# https://github.com/shadow-maint/shadow/commit/0e6fe5e728a45baff3977d73e81a27adb6ae30c6 -Patch26: shadow-4.9-rename-prog-to-shadow-progname.patch -# https://github.com/shadow-maint/shadow/commit/2b0bdef6f9a18382e92b0fb6d893c4339123ffac -# https://github.com/shadow-maint/shadow/commit/9750fd681919ed558a9b044248a284d567cddf1a -Patch27: shadow-4.9-shadow-progname-default-init.patch # https://github.com/shadow-maint/shadow/commit/e101219ad71de11da3fdd1b3ec2620fd1a97b92c -Patch28: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch +Patch14: shadow-4.9-nss-get-shadow-logfd-with-log-get-logfd.patch ### Dependencies ### Requires: audit-libs >= 1.6.5 @@ -129,6 +98,7 @@ Utility library that provides a way to manage subid ranges. %package subid-devel Summary: Development package for shadow-utils-subid License: BSD and GPLv2+ +Requires: shadow-utils-subid = %{version}-%{release} %description subid-devel Development files for shadow-utils-subid. @@ -137,7 +107,6 @@ Development files for shadow-utils-subid. %setup -q -n shadow-%{version} %patch0 -p1 -b .redhat %patch1 -p1 -b .goodname -%patch2 -p1 -b .move-create-home %patch3 -p1 -b .default-range %patch4 -p1 -b .manfix %patch5 -p1 -b .date-parsing @@ -149,21 +118,7 @@ Development files for shadow-utils-subid. %patch11 -p1 -b .long-entry %patch12 -p1 -b .sysugid-min-limit %patch13 -p1 -b .login-prompt -%patch14 -p1 -b .newuidmap-libeconf-dependency -%patch15 -p1 -b .usermod-allow-all-group-types -%patch16 -p1 -b .useradd-avoid-generating-empty-subid-range -%patch17 -p1 -b .libmisc-fix-default-value-in-SHA_get_salt_rounds -%patch18 -p1 -b .semanage-close-the-selabel-handle -%patch19 -p1 -b .revert-useradd-fix-memleak -%patch20 -p1 -b .useradd-copy-tree-argument -%patch21 -p1 -b .pwck-fix-segfault-when-calling-fprintf -%patch22 -p1 -b .newgrp-fix-segmentation-fault -%patch23 -p1 -b .getsubids -%patch24 -p1 -b .groupdel-fix-sigsegv-when-passwd-does-not-exist -%patch25 -p1 -b .make-shadow-logfd-and-prog-not-extern -%patch26 -p1 -b .rename-prog-to-shadow-progname -%patch27 -p1 -b .shadow-progname-default-init -%patch28 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd +%patch14 -p1 -b .nss-get-shadow-logfd-with-log-get-logfd iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -275,8 +230,9 @@ echo $(ls) mkdir -p $RPM_BUILD_ROOT/%{includesubiddir} install -m 644 libsubid/subid.h $RPM_BUILD_ROOT/%{includesubiddir}/ -# Remove .la files created by libsubid +# Remove .la and .a files created by libsubid rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a %files -f shadow.lang %doc NEWS doc/HOWTO README @@ -336,6 +292,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_libdir}/libsubid.so %changelog +* Tue Jan 25 2022 Iker Pedrosa - 2:4.11.1-1 +- Rebase to version 4.11.1 (#2034038) +- Fix release sources +- Add explicit subid requirement for subid-devel + * Sat Jan 22 2022 Fedora Release Engineering - 2:4.9-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild