- improve audit logging (#211659)

- improve "-l" option. Do not reset faillog if it's used (#213450).

shadow-4.0.16-lOption.patch

@@ -1,5 +1,5 @@
---- shadow-4.0.16/man/useradd.8.lOption	2006-06-06 10:41:47.000000000 +0200
-+++ shadow-4.0.16/man/useradd.8	2006-06-06 10:42:59.000000000 +0200
+--- shadow-4.0.17/man/useradd.8.lOption	2006-11-02 18:23:50.000000000 +0100
++++ shadow-4.0.17/man/useradd.8	2006-11-02 18:23:50.000000000 +0100
 @@ -96,6 +96,9 @@
  \fB\-m\fR
  option. The default is to not create the directory and to not copy any files.
@@ -10,8 +10,8 @@
  \fB-n\fR
  A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used.
  .TP 3n
---- shadow-4.0.16/src/useradd.c.lOption	2006-06-06 10:41:47.000000000 +0200
-+++ shadow-4.0.16/src/useradd.c	2006-06-06 10:41:47.000000000 +0200
+--- shadow-4.0.17/src/useradd.c.lOption	2006-11-02 18:23:50.000000000 +0100
++++ shadow-4.0.17/src/useradd.c	2006-11-02 18:26:46.000000000 +0100
 @@ -124,6 +124,7 @@
      Gflg = 0,			/* secondary group set for new account */
      kflg = 0,			/* specify a directory to fill new user directory */
@@ -28,7 +28,7 @@
  			   "  -M,                       do not create user's home directory(overrides /etc/login.defs)\n"
  			   "  -r,                       create system account\n"
  			   "  -o, --non-unique		allow create user with duplicate\n"
-@@ -1035,7 +1037,7 @@
+@@ -1041,7 +1043,7 @@
  			{NULL, 0, NULL, '\0'}
  		};
  		while ((c =
@@ -37,7 +37,7 @@
  				     long_options, NULL)) != -1) {
  			switch (c) {
  			case 'b':
-@@ -1175,6 +1177,9 @@
+@@ -1181,6 +1183,9 @@
  			case 'm':
  				mflg++;
  				break;
@@ -47,13 +47,12 @@
  			case 'o':
  				oflg++;
  				break;
-@@ -1540,7 +1545,8 @@
+@@ -1549,7 +1554,7 @@
+ 	 * no user with this UID exists yet (entries for shared UIDs
+ 	 * are left unchanged).  --marekm
  	 */
- 	if (!getpwuid (user_id)) {
+-	if (!getpwuid (user_id)) {
++	if (!getpwuid (user_id) && !lflg) {
  		faillog_reset (user_id);
--		lastlog_reset (user_id);
-+		if (!lflg)
-+			lastlog_reset (user_id);
+ 		lastlog_reset (user_id);
  	}
- 
- 	/*

shadow-4.0.17-auditLogging.patch

@@ -0,0 +1,15 @@
+diff -Nurp shadow-4.0.17.orig/src/useradd.c shadow-4.0.17/src/useradd.c
+--- shadow-4.0.17.orig/src/useradd.c	2006-10-02 18:25:30.000000000 +0100
++++ shadow-4.0.17/src/useradd.c	2006-10-02 18:25:43.000000000 +0100
+@@ -1611,6 +1611,10 @@ static void create_home (void)
+ 				 _
+ 				 ("%s: cannot create directory %s\n"),
+ 				 Prog, user_home);
++#ifdef WITH_AUDIT
++			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++				      "adding home directory", user_name, user_id, 0);
++#endif
+ 			fail_exit (E_HOMEDIR);
+ 		}
+ 		chown (user_home, user_id, user_gid);
+

shadow-utils.spec

@@ -5,7 +5,7 @@
 Summary: Utilities for managing accounts and shadow password files.
 Name: shadow-utils
 Version: 4.0.18.1
-Release: 1%{?dist}
+Release: 2%{?dist}
 Epoch: 2
 URL: http://shadow.pld.org.pl/
 Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2
@@ -20,6 +20,7 @@ Patch4: shadow-4.0.13-newgrpPwd.patch
 Patch5: shadow-4.0.16-lOption.patch
 Patch6: shadow-4.0.17-notInheritFd.patch
 Patch7: shadow-4.0.17-exitValues.patch
+Patch8: shadow-4.0.17-auditLogging.patch
 
 License: BSD
 Group: System Environment/Base
@@ -57,6 +58,7 @@ cp %{SOURCE3} lib/nscd.c
 %patch6 -p1 -b .notInheritFd
 
 %patch7 -p1 -b .exitValues
+%patch8 -p1 -b .auditLogging
 
 rm po/*.gmo
 rm po/stamp-po
@@ -211,6 +213,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/man8/faillog.8*
 
 %changelog
+* Fri Nov 03 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-2
+- improve audit logging (#211659)
+- improve "-l" option. Do not reset faillog if it's used (#213450).
+ 
 * Wed Nov 01 2006 Peter Vrabec <pvrabec@redhat.com> 2:4.0.18.1-1
 - upgrade