From 967e600d2f38add0f81a569b98ff8544d5447b6a Mon Sep 17 00:00:00 2001 From: Peter Vrabec Date: Fri, 3 Nov 2006 15:29:36 +0000 Subject: [PATCH] - improve audit logging (#211659) - improve "-l" option. Do not reset faillog if it's used (#213450). --- shadow-4.0.16-lOption.patch | 25 ++++++++++++------------- shadow-4.0.17-auditLogging.patch | 15 +++++++++++++++ shadow-utils.spec | 8 +++++++- 3 files changed, 34 insertions(+), 14 deletions(-) create mode 100644 shadow-4.0.17-auditLogging.patch diff --git a/shadow-4.0.16-lOption.patch b/shadow-4.0.16-lOption.patch index 03bfd9c..b9407db 100644 --- a/shadow-4.0.16-lOption.patch +++ b/shadow-4.0.16-lOption.patch @@ -1,5 +1,5 @@ ---- shadow-4.0.16/man/useradd.8.lOption 2006-06-06 10:41:47.000000000 +0200 -+++ shadow-4.0.16/man/useradd.8 2006-06-06 10:42:59.000000000 +0200 +--- shadow-4.0.17/man/useradd.8.lOption 2006-11-02 18:23:50.000000000 +0100 ++++ shadow-4.0.17/man/useradd.8 2006-11-02 18:23:50.000000000 +0100 @@ -96,6 +96,9 @@ \fB\-m\fR option. The default is to not create the directory and to not copy any files. @@ -10,8 +10,8 @@ \fB-n\fR A group having the same name as the user being added to the system will be created by default. This option will turn off this Red Hat Linux specific behavior. When this option is used, users by default will be placed in whatever group is specified in \fI/etc/default/useradd\fR. If no default group is defined, group 1 will be used. .TP 3n ---- shadow-4.0.16/src/useradd.c.lOption 2006-06-06 10:41:47.000000000 +0200 -+++ shadow-4.0.16/src/useradd.c 2006-06-06 10:41:47.000000000 +0200 +--- shadow-4.0.17/src/useradd.c.lOption 2006-11-02 18:23:50.000000000 +0100 ++++ shadow-4.0.17/src/useradd.c 2006-11-02 18:26:46.000000000 +0100 @@ -124,6 +124,7 @@ Gflg = 0, /* secondary group set for new account */ kflg = 0, /* specify a directory to fill new user directory */ @@ -28,7 +28,7 @@ " -M, do not create user's home directory(overrides /etc/login.defs)\n" " -r, create system account\n" " -o, --non-unique allow create user with duplicate\n" -@@ -1035,7 +1037,7 @@ +@@ -1041,7 +1043,7 @@ {NULL, 0, NULL, '\0'} }; while ((c = @@ -37,7 +37,7 @@ long_options, NULL)) != -1) { switch (c) { case 'b': -@@ -1175,6 +1177,9 @@ +@@ -1181,6 +1183,9 @@ case 'm': mflg++; break; @@ -47,13 +47,12 @@ case 'o': oflg++; break; -@@ -1540,7 +1545,8 @@ +@@ -1549,7 +1554,7 @@ + * no user with this UID exists yet (entries for shared UIDs + * are left unchanged). --marekm */ - if (!getpwuid (user_id)) { +- if (!getpwuid (user_id)) { ++ if (!getpwuid (user_id) && !lflg) { faillog_reset (user_id); -- lastlog_reset (user_id); -+ if (!lflg) -+ lastlog_reset (user_id); + lastlog_reset (user_id); } - - /* diff --git a/shadow-4.0.17-auditLogging.patch b/shadow-4.0.17-auditLogging.patch new file mode 100644 index 0000000..54d9f61 --- /dev/null +++ b/shadow-4.0.17-auditLogging.patch @@ -0,0 +1,15 @@ +diff -Nurp shadow-4.0.17.orig/src/useradd.c shadow-4.0.17/src/useradd.c +--- shadow-4.0.17.orig/src/useradd.c 2006-10-02 18:25:30.000000000 +0100 ++++ shadow-4.0.17/src/useradd.c 2006-10-02 18:25:43.000000000 +0100 +@@ -1611,6 +1611,10 @@ static void create_home (void) + _ + ("%s: cannot create directory %s\n"), + Prog, user_home); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog, ++ "adding home directory", user_name, user_id, 0); ++#endif + fail_exit (E_HOMEDIR); + } + chown (user_home, user_id, user_gid); + diff --git a/shadow-utils.spec b/shadow-utils.spec index aee576c..8782c82 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -5,7 +5,7 @@ Summary: Utilities for managing accounts and shadow password files. Name: shadow-utils Version: 4.0.18.1 -Release: 1%{?dist} +Release: 2%{?dist} Epoch: 2 URL: http://shadow.pld.org.pl/ Source0: ftp://ftp.pld.org.pl/software/shadow/shadow-%{version}.tar.bz2 @@ -20,6 +20,7 @@ Patch4: shadow-4.0.13-newgrpPwd.patch Patch5: shadow-4.0.16-lOption.patch Patch6: shadow-4.0.17-notInheritFd.patch Patch7: shadow-4.0.17-exitValues.patch +Patch8: shadow-4.0.17-auditLogging.patch License: BSD Group: System Environment/Base @@ -57,6 +58,7 @@ cp %{SOURCE3} lib/nscd.c %patch6 -p1 -b .notInheritFd %patch7 -p1 -b .exitValues +%patch8 -p1 -b .auditLogging rm po/*.gmo rm po/stamp-po @@ -211,6 +213,10 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/man8/faillog.8* %changelog +* Fri Nov 03 2006 Peter Vrabec 2:4.0.18.1-2 +- improve audit logging (#211659) +- improve "-l" option. Do not reset faillog if it's used (#213450). + * Wed Nov 01 2006 Peter Vrabec 2:4.0.18.1-1 - upgrade