Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package shadow for openSUSE:Factory checked
in at 2022-12-18 17:22:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shadow (Old)
and /work/SRC/openSUSE:Factory/.shadow.new.1835 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow"
Sun Dec 18 17:22:23 2022 rev:53 rq:1043310 version:4.13
Changes:
--------
--- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2022-11-12
17:39:50.393693190 +0100
+++ /work/SRC/openSUSE:Factory/.shadow.new.1835/shadow.changes 2022-12-18
17:22:24.973273231 +0100
@@ -1,0 +2,6 @@
+Fri Dec 16 10:04:44 UTC 2022 - Michael Vetter <mvet...@suse.com>
+
+- bsc#1205502: Fix useradd audit event logging of ID field
+ * Add shadow-audit-no-id.patch
+
+-------------------------------------------------------------------
New:
----
shadow-audit-no-id.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shadow.spec ++++++
--- /var/tmp/diff_new_pack.xzUOTY/_old 2022-12-18 17:22:25.581276745 +0100
+++ /var/tmp/diff_new_pack.xzUOTY/_new 2022-12-18 17:22:25.585276769 +0100
@@ -57,6 +57,8 @@
Patch7: useradd-userkeleton.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.ma...@suse.de --
Disable newer libaudit functionality for older distributions.
Patch8: disable_new_audit_function.patch
+# PATCH-FIX-UPSTREAM shadow-audit-no-id.patch mvet...@suse.com -- Fix useradd
audit event logging of ID field (bsc#1205502) (gh/shadow-maint/shadow#606)
+Patch9: shadow-audit-no-id.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
@@ -126,6 +128,7 @@
%if 0%{?suse_version} < 1330
%patch8 -p1
%endif
+%patch9 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO
++++++ shadow-audit-no-id.patch ++++++
>From 3cfc7955b33c85472a7cf11a0ecf1c6851db7c26 Mon Sep 17 00:00:00 2001
From: Michael Vetter <jub...@iodoru.org>
Date: Thu, 15 Dec 2022 11:52:58 +0100
Subject: [PATCH] Fix useradd audit event logging of ID field
When useradd sends its ADD_USER event, it is filling in the id field. This is
not yet written to disk. When auditd sees the event and the log format is
enriched, auditd tries to lookup the user name but it does not exist. This
causes the event to never be resolvable since ausearch relies on the lookup
information attached by auditd.
The fix is to not send the id information for any event until after
close_files() is called. Just the acct field is all that is
Patch by Steve Grubb (afaik).
Reported at https://bugzilla.redhat.com/show_bug.cgi?id=1713432
---
src/useradd.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/useradd.c b/src/useradd.c
index e59e47681..87abd6e33 100644
--- a/src/useradd.c
+++ b/src/useradd.c
@@ -2225,9 +2225,14 @@ static void usr_update (unsigned long subuid_count,
unsigned long subgid_count)
#endif /* ENABLE_SUBIDS */
#ifdef WITH_AUDIT
+ /*
+ * Even though we have the ID of the user, we won't send it now
+ * because its not written to disk yet. After close_files it is
+ * and we can use the real ID thereafter.
+ */
audit_logger (AUDIT_ADD_USER, Prog,
"adding user",
- user_name, (unsigned int) user_id,
+ user_name, AUDIT_NO_ID,
SHADOW_AUDIT_SUCCESS);
#endif
/*
