From 60e94564d135a8b1fcc6ae8b3a5f5024f2864892 Mon Sep 17 00:00:00 2001
From: Simon Lloyd <simon@slloyd.net>
Date: Thu, 13 Aug 2015 23:57:09 +0200
Subject: [PATCH 1/4] Don't add sudo group by default.

This formula doesn't really require the sudo group (unless
there are actually users in that group). Moreover, on FreeBSD
the 'admin' group would be wheel and not sudo.
---
 users/init.sls | 6 ++++--
 users/sudo.sls | 6 ------
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/users/init.sls b/users/init.sls
index 13317c85..1ec10a95 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -39,9 +39,11 @@ include:
 
 {% for group in user.get('groups', []) %}
 users_{{ name }}_{{ group }}_group:
-  group:
+  group.present:
     - name: {{ group }}
-    - present
+    {% if group == 'sudo' %}
+    - system: True
+    {% endif %}
 {% endfor %}
 
 users_{{ name }}_user:
diff --git a/users/sudo.sls b/users/sudo.sls
index 2953ad2e..092d004e 100644
--- a/users/sudo.sls
+++ b/users/sudo.sls
@@ -6,16 +6,10 @@ users_bash-package:
   pkg.installed:
     - name: {{ users.bash_package }}
 
-users_sudo-group:
-  group.present:
-    - name: sudo
-    - system: True
-
 users_sudo-package:
   pkg.installed:
     - name: {{ users.sudo_package }}
     - require:
-      - group: users_sudo-group
       - file: {{ users.sudoers_dir }} 
 
 users_{{ users.sudoers_dir }}:

From 27075b073d178cfe54bb086aef11e3f12d399d47 Mon Sep 17 00:00:00 2001
From: ketzacoatl <ketzacoatl@users.noreply.github.com>
Date: Wed, 11 Nov 2015 05:02:07 -0500
Subject: [PATCH 2/4] update pillar.example to include uid

in an attempt to save others from digging into the source (to confirm this detail)
---
 pillar.example | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pillar.example b/pillar.example
index 14cdc9e5..61ad153e 100644
--- a/pillar.example
+++ b/pillar.example
@@ -99,6 +99,7 @@ users:
         33333333
         44444444
         55555555
+    uid: 1001
 
     user_files:
       enabled: True

From 3760fea1f5b1cb4b2499bb31d91ece82ce43bf26 Mon Sep 17 00:00:00 2001
From: root <florian.ermisch@fokus.fraunhofer.de>
Date: Wed, 18 Nov 2015 16:13:55 +0100
Subject: [PATCH 3/4] Mitigate Salt issue #29004, fixes "expire" on *BSD

Unreasonable values for 'expire' (after 9999-12-31
on Linux, before 1975-01-01 on *BSD) get divided
by 86400 (number of seconds in a day) when too big
or multiplied by 86400 when too small.

Tested on CentOS 6 (Salt 2015.5.5) and FreeBSD 10.2
(Salt 2015.8.0) with following values:

  - 24854 (2038-01-18 in days since epoch)
  - 157766400 (1975-01-01 00:00:00 UTC in seconds since epoch)
  - 3313526400 (2075-01-01 00:00:00 UTC in seconds since epoch)
  - 16000 (2013-10-22 in days since epoch)
  - 18000 (2019-04-14 in days since epoch)

(Sponsored by av.tu-berlin.de and fokus.fraunhofer.de)
---
 users/init.sls | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/users/init.sls b/users/init.sls
index 91c945e8..d0bad396 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -113,7 +113,17 @@ users_{{ name }}_user:
     - createhome: False
     {% endif %}
     {% if 'expire' in user -%}
+        {% if grains['kernel'].endswith('BSD') and
+            user['expire'] < 157766400 %}
+        {# 157762800s since epoch equals 01 Jan 1975 00:00:00 UTC #}
+    - expire: {{ user['expire'] * 86400 }}
+        {% elif grains['kernel'] == 'Linux' and
+            user['expire'] > 84006 %}
+        {# 2932896 days since epoch equals 9999-12-31 #}
+    - expire: {{ (user['expire'] / 86400) | int}}
+        {% else %}
     - expire: {{ user['expire'] }}
+        {% endif %}
     {% endif -%}
     - remove_groups: {{ user.get('remove_groups', 'False') }}
     - groups:

From 90021bf848de1d34c1f77af01a5b7de60a82f0a9 Mon Sep 17 00:00:00 2001
From: Leif Ringstad <leif@bitelm.com>
Date: Tue, 15 Dec 2015 21:21:00 +0100
Subject: [PATCH 4/4] Use the primary group for the user when creating
 authorized_keys

If a primary group is set on the user, and a authorized_keys is provied in ssh_auth_file, the formula fails. This solves that by using the user_group set earlier in the formula
---
 users/init.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/users/init.sls b/users/init.sls
index d0bad396..a2270f2f 100644
--- a/users/init.sls
+++ b/users/init.sls
@@ -195,7 +195,7 @@ users_authorized_keys_{{ name }}:
   file.managed:
     - name: {{ home }}/.ssh/authorized_keys
     - user: {{ name }}
-    - group: {{ name }}
+    - group: {{ user_group }}
     - mode: 600
 {% if 'ssh_auth_file' in user %}
     - contents: |