|
 |
8633999 |
diff -up shadow-4.5/lib/selinux.c.userdel-chroot shadow-4.5/lib/selinux.c
|
|
|
95d0ea6 |
--- shadow-4.5/lib/selinux.c.userdel-chroot 2017-11-06 13:40:41.396131526 +0100
|
|
|
95d0ea6 |
+++ shadow-4.5/lib/selinux.c 2017-11-06 13:40:41.418132035 +0100
|
|
|
8633999 |
@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
|
|
|
8633999 |
}
|
|
|
8633999 |
return 0;
|
|
|
8633999 |
error:
|
|
|
8633999 |
- if (security_getenforce () != 0) {
|
|
|
8633999 |
+ if (security_getenforce () > 0) {
|
|
|
8633999 |
return 1;
|
|
|
8633999 |
}
|
|
|
8633999 |
return 0;
|
|
|
8633999 |
@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
|
|
|
8633999 |
selinux_checked = true;
|
|
|
8633999 |
}
|
|
|
8633999 |
if (selinux_enabled) {
|
|
|
8633999 |
- if (setfscreatecon (NULL) != 0) {
|
|
|
8633999 |
+ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
|
|
|
8633999 |
return 1;
|
|
|
8633999 |
}
|
|
|
8633999 |
}
|
|
|
8633999 |
diff -up shadow-4.5/src/userdel.c.userdel-chroot shadow-4.5/src/userdel.c
|
|
|
95d0ea6 |
--- shadow-4.5/src/userdel.c.userdel-chroot 2017-11-06 13:40:41.410131850 +0100
|
|
|
95d0ea6 |
+++ shadow-4.5/src/userdel.c 2017-11-06 15:26:56.567954410 +0100
|
|
|
8633999 |
@@ -96,6 +96,7 @@ static char *user_home;
|
|
|
8633999 |
static bool fflg = false;
|
|
|
8633999 |
static bool rflg = false;
|
|
|
8633999 |
static bool Zflg = false;
|
|
|
8633999 |
+static bool Rflg = false;
|
|
|
8633999 |
|
|
|
8633999 |
static bool is_shadow_pwd;
|
|
|
8633999 |
|
|
|
8633999 |
@@ -958,6 +959,7 @@ int main (int argc, char **argv)
|
|
|
8633999 |
rflg = true;
|
|
|
8633999 |
break;
|
|
|
8633999 |
case 'R': /* no-op, handled in process_root_flag () */
|
|
|
8633999 |
+ Rflg = true;
|
|
|
8633999 |
break;
|
|
|
8633999 |
#ifdef WITH_SELINUX
|
|
|
8633999 |
case 'Z':
|
|
|
95d0ea6 |
@@ -1032,9 +1034,12 @@ int main (int argc, char **argv)
|
|
|
8633999 |
*/
|
|
|
8633999 |
user_name = argv[argc - 1];
|
|
|
8633999 |
{
|
|
|
8633999 |
- struct passwd *pwd;
|
|
|
8633999 |
- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
|
|
|
8633999 |
+ const struct passwd *pwd;
|
|
|
95d0ea6 |
+
|
|
|
95d0ea6 |
+ pw_open(O_RDONLY);
|
|
|
8633999 |
+ pwd = pw_locate (user_name); /* we care only about local users */
|
|
|
8633999 |
if (NULL == pwd) {
|
|
|
95d0ea6 |
+ pw_close();
|
|
|
8633999 |
fprintf (stderr, _("%s: user '%s' does not exist\n"),
|
|
|
8633999 |
Prog, user_name);
|
|
|
95d0ea6 |
#ifdef WITH_AUDIT
|
|
|
95d0ea6 |
@@ -1048,6 +1053,7 @@ int main (int argc, char **argv)
|
|
|
8633999 |
user_id = pwd->pw_uid;
|
|
|
8633999 |
user_gid = pwd->pw_gid;
|
|
|
95d0ea6 |
user_home = xstrdup (pwd->pw_dir);
|
|
|
95d0ea6 |
+ pw_close();
|
|
|
8633999 |
}
|
|
|
8633999 |
#ifdef WITH_TCB
|
|
|
8633999 |
if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
|
|
|
95d0ea6 |
@@ -1079,7 +1085,7 @@ int main (int argc, char **argv)
|
|
|
8633999 |
* Note: This is a best effort basis. The user may log in between,
|
|
|
8633999 |
* a cron job may be started on her behalf, etc.
|
|
|
8633999 |
*/
|
|
|
8633999 |
- if (user_busy (user_name, user_id) != 0) {
|
|
|
8633999 |
+ if (!Rflg && user_busy (user_name, user_id) != 0) {
|
|
|
8633999 |
if (!fflg) {
|
|
|
8633999 |
#ifdef WITH_AUDIT
|
|
|
8633999 |
audit_logger (AUDIT_DEL_USER, Prog,
|