diff options
author | Patrick J Volkerding <volkerdi@slackware.com> | 2010-05-19 08:58:23 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2018-05-31 22:43:05 +0200 |
commit | b76270bf9e6dd375e495fec92140a79a79415d27 (patch) | |
tree | 3dbed78b2279bf9f14207a16dc634b90995cbd40 /source/a/shadow | |
parent | 5a12e7c134274dba706667107d10d231517d3e05 (diff) | |
download | current-b76270bf9e6dd375e495fec92140a79a79415d27.tar.gz |
Slackware 13.1slackware-13.1
Wed May 19 08:58:23 UTC 2010
Slackware 13.1 x86_64 stable is released!
Lots of thanks are due -- see the RELEASE_NOTES and the rest of the
ChangeLog for credits. The ISOs are on their way to replication,
a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD.
We are taking pre-orders now at store.slackware.com, and offering
a discount if you sign up for a subscription. Consider picking up
a copy to help support the project. Thanks again to the Slackware
community for testing, contributing, and generally holding us to a
high level of quality. :-)
Enjoy!
Diffstat (limited to 'source/a/shadow')
-rw-r--r-- | source/a/shadow/adduser | 13 | ||||
-rw-r--r-- | source/a/shadow/doinst.sh | 17 | ||||
-rw-r--r-- | source/a/shadow/login.defs | 387 | ||||
-rw-r--r-- | source/a/shadow/shadow-4.0.3.x86_64.diff | 166 | ||||
-rwxr-xr-x | source/a/shadow/shadow.SlackBuild | 199 | ||||
-rw-r--r-- | source/a/shadow/shadow.gcc34.diff | 11 | ||||
-rw-r--r-- | source/a/shadow/shadow.login.defs.diff | 67 | ||||
-rw-r--r-- | source/a/shadow/shadow.newgrp.getlogin | 21 | ||||
-rw-r--r-- | source/a/shadow/shadow.newgrp.nopam | 18 | ||||
-rw-r--r-- | source/a/shadow/shadow.remove.obsolete.options.diff | 78 | ||||
-rw-r--r-- | source/a/shadow/shadow.shadowconfig.diff | 49 | ||||
-rw-r--r-- | source/a/shadow/useradd | 8 |
12 files changed, 518 insertions, 516 deletions
diff --git a/source/a/shadow/adduser b/source/a/shadow/adduser index 02385e33..038a0a94 100644 --- a/source/a/shadow/adduser +++ b/source/a/shadow/adduser @@ -1,8 +1,8 @@ #!/bin/bash # # Copyright 1995 Hrvoje Dogan, Croatia. -# Copyright 2002, 2003, 2004, 2008, 2009 Stuart Winter, Surrey, England, UK. -# Copyright 2004, 2008, 2009 Slackware Linux, Inc., Concord, CA, USA +# Copyright 2002-2004, 2008, 2009, 2010 Stuart Winter, Surrey, England, UK. +# Copyright 2004, 2008-2010 Slackware Linux, Inc., Concord, CA, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -29,12 +29,15 @@ # Author : Stuart Winter <mozes@slackware.com> # Based on the original Slackware adduser by Hrvoje Dogan # with modifications by Patrick Volkerding -# Version: 1.12 +# Version: 1.13 ########################################################################## # Usage..: adduser [<new_user_name>] ########################################################################## # History # ########### +# v1.13 - 13/01/10 +# * Fix bug that removed underscore characters from group names. +# Thanks to mRgOBLIN for the report and Jim Hawkins for the fix. <sw> # v1.12 - 21/07/09 # * Adjusted the search of /etc/passwd to exclude the NIS inclusion # string. Thanks to Dominik L. Borkowski. @@ -282,8 +285,8 @@ while [ ! -z "$needinput" ]; do history -c history -s "$AGID" echo "Press ENTER to continue without adding any additional groups" - echo "Or press the UP arrow to add/select/edit additional groups" - AGID="$(get_input ": " | tr -d '[:punct:]' | tr -s ' ' | sed 's?^ $??g' )" + echo "Or press the UP arrow key to add/select/edit additional groups" + AGID="$(get_input ": " | sed 's/[^A-Za-z0-9 _]//g;s/ */ /g;s/^ $//g' )" if [ ! -z "$AGID" ]; then check_group "$AGID" # check all groups at once (treated as N # of params) if [ $? -gt 0 ]; then diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh new file mode 100644 index 00000000..88fefb3a --- /dev/null +++ b/source/a/shadow/doinst.sh @@ -0,0 +1,17 @@ +config() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + # If there's no config file by that name, mv it over: + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy + rm $NEW + fi + # Otherwise, we leave the .new copy for the admin to consider... +} + +config etc/login.access.new +config etc/login.defs.new +config var/log/faillog.new +rm -f var/log/faillog.new + diff --git a/source/a/shadow/login.defs b/source/a/shadow/login.defs new file mode 100644 index 00000000..dde37c97 --- /dev/null +++ b/source/a/shadow/login.defs @@ -0,0 +1,387 @@ +# +# /etc/login.defs - Configuration control definitions for the shadow package. +# +# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $ +# + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable logging and display of /var/log/faillog login failure info. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable logging and display of /var/log/lastlog login time info. +# +LASTLOG_ENAB yes + +# +# Enable checking and display of mailbox status upon login. +# +# Disable if the shell startup files already check for mail +# ("mailx -e" or equivalent). +# +MAIL_CHECK_ENAB yes + +# +# Enable additional checks upon password changes. +# +OBSCURE_CHECKS_ENAB yes + +# +# Enable checking of time restrictions specified in /etc/porttime. +# +PORTTIME_CHECKS_ENAB yes + +# +# Enable setting of ulimit, umask, and niceness from passwd gecos field. +# +QUOTAS_ENAB yes + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, ":" delimited list of "message of the day" files to +# be displayed upon login. +# +MOTD_FILE /etc/motd +#MOTD_FILE /etc/motd:/usr/lib/news/news-motd + +# +# If defined, this file will be output before each login prompt. +# +#ISSUE_FILE /etc/issue + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format. +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, name of file whose presence which will inhibit non-root +# logins. The contents of this file should be a message indicating +# why logins are inhibited. +# +NOLOGINS_FILE /etc/nologin + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail +#MAIL_FILE .mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# If defined, either a TZ environment parameter spec or the +# fully-rooted pathname of a file containing such a spec. +# +#ENV_TZ TZ=CST6CDT +#ENV_TZ /etc/tzname + +# +# If defined, an HZ environment parameter spec. +# +# for Linux/x86 +ENV_HZ HZ=100 +# For Linux/Alpha... +#ENV_HZ HZ=1024 + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin +ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0620 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# ULIMIT Default "ulimit" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +#ULIMIT 2097152 + +# Default initial "umask" value. +# UMASK is also used by useradd and newusers to set the mode of new home +# directories. +# 022 is the default value, but 027, or even 077, could be considered +# better for privacy. There is no One True Answer here: each sysadmin +# must make up her mind. +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_MIN_LEN Minimum acceptable password length. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_MIN_LEN 5 +PASS_WARN_AGE 7 + +# +# If "yes", the user must be listed as a member of the first gid 0 group +# in /etc/group (called "root" on most Linux systems) to be able to "su" +# to uid 0 accounts. If the group doesn't exist or is empty, no one +# will be able to "su" to uid 0. +# +SU_WHEEL_ONLY no + +# +# If compiled with cracklib support, where are the dictionaries +# +#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 101 +SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 101 +SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Maximum number of attempts to change password if rejected (too easy) +# +PASS_CHANGE_TRIES 5 + +# +# Warn about weak passwords (but still allow them) if you are root. +# +PASS_ALWAYS_WARN yes + +# +# Number of significant characters in the password for crypt(). +# Default is 8, don't change unless your crypt() is better. +# Ignored if MD5_CRYPT_ENAB set to "yes". +# +#PASS_MAX_LEN 8 + +# +# Require password before chfn/chsh can make any changes. +# +CHFN_AUTH yes + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT frwh + +# +# Password prompt (%s will be replaced by user name). +# +# XXX - it doesn't work correctly yet, for now leave it commented out +# to use the default which is just "Password: ". +#LOGIN_STRING "%s's Password: " + +# +# Only works if compiled with MD5_CRYPT defined: +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is deprecated. You should use ENCRYPT_METHOD. +# +#MD5_CRYPT_ENAB no + +# +# Only works if compiled with ENCRYPTMETHOD_SELECT defined: +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +ENCRYPT_METHOD MD5 + +# +# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# Most of these groups are self-explanatory. +# +# Note that users are added to these default groups only when +# logging into a shell with /bin/login, not when using a login +# manager such as kdm. In that case, users who should have +# hardware access must be added to the appropriate groups +# when the user is added with adduser or useradd, or by editing +# /etc/group directly, preferably using "vigr" +# +CONSOLE_GROUPS floppy:audio:cdrom:video:scanner + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If this file exists and is readable, login environment will be +# read from it. Every line should be in the form name=value. +# +ENVIRON_FILE /etc/environment + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# If set to a non-nul number, the shadow utilities will make sure that +# groups never have more than this number of users on one line. +# This permit to support split groups (groups split into multiple lines, +# with the same group ID, to avoid limitation of the line length in the +# group file). +# +# 0 is the default value and disables this feature. +# +#MAX_MEMBERS_PER_GROUP 0 + +# +# If useradd should create home directories for users by default (non +# system users only) +# This option is overridden with the -M or -m flags on the useradd command +# line. +# +#CREATE_HOME yes + diff --git a/source/a/shadow/shadow-4.0.3.x86_64.diff b/source/a/shadow/shadow-4.0.3.x86_64.diff deleted file mode 100644 index 15d16c7c..00000000 --- a/source/a/shadow/shadow-4.0.3.x86_64.diff +++ /dev/null @@ -1,166 +0,0 @@ ---- shadow-4.0.3/libmisc/failure.h.orig 2004-01-02 18:47:01.000000000 -0800 -+++ shadow-4.0.3/libmisc/failure.h 2004-01-02 18:52:38.000000000 -0800 -@@ -4,7 +4,12 @@ - - #include "defines.h" - #include "faillog.h" -+ -+#if HAVE_UTMPX_H -+#include <utmpx.h> -+#else - #include <utmp.h> -+#endif - - /* - * failure - make failure entry -@@ -38,7 +43,11 @@ - * failtmp updates the (struct utmp) formatted failure log which - * maintains a record of all login failures. - */ -+#if HAVE_UTMPX_H -+extern void failtmp(const struct utmpx *); -+#else - extern void failtmp(const struct utmp *); -+#endif - - #endif - ---- shadow-4.0.3/libmisc/failure.c.orig 2004-01-02 18:47:06.000000000 -0800 -+++ shadow-4.0.3/libmisc/failure.c 2004-01-02 18:53:37.000000000 -0800 -@@ -39,7 +39,11 @@ - #include "getdef.h" - #include "failure.h" - -+#if HAVE_UTMPX_H -+#include <utmpx.h> -+#else - #include <utmp.h> -+#endif - - #define YEAR (365L*DAY) - -@@ -248,7 +252,11 @@ - */ - - void -+#if HAVE_UTMPX_H -+failtmp(const struct utmpx *failent) -+#else - failtmp(const struct utmp *failent) -+#endif - { - char *ftmp; - int fd; ---- shadow-4.0.3/libmisc/log.c.orig 2004-01-02 18:58:04.000000000 -0800 -+++ shadow-4.0.3/libmisc/log.c 2004-01-02 18:58:51.000000000 -0800 -@@ -57,6 +57,7 @@ - int fd; - off_t offset; - struct lastlog newlog; -+ time_t ll_time; - - /* - * If the file does not exist, don't create it. -@@ -88,7 +89,8 @@ - if (ll) - *ll = newlog; - -- time(&newlog.ll_time); -+ ll_time = newlog.ll_time; -+ time(&ll_time); - strncpy(newlog.ll_line, line, sizeof newlog.ll_line); - #if HAVE_LL_HOST - strncpy(newlog.ll_host, host, sizeof newlog.ll_host); ---- shadow-4.0.3/libmisc/utmp.c.orig 2004-01-02 18:59:04.000000000 -0800 -+++ shadow-4.0.3/libmisc/utmp.c 2004-01-02 19:05:34.000000000 -0800 -@@ -79,6 +79,8 @@ - { - char *line; - struct utmp *ut; -+ time_t uttime; -+ - pid_t pid = getpid(); - - setutent(); -@@ -111,7 +113,8 @@ - /* XXX - assumes /dev/tty?? */ - strncpy(utent.ut_id, utent.ut_line + 3, sizeof utent.ut_id); - strcpy(utent.ut_user, "LOGIN"); -- time(&utent.ut_time); -+ time(&uttime); -+ utent.ut_time = uttime; - } - } - -@@ -284,9 +287,14 @@ - void - setutmp(const char *name, const char *line, const char *host) - { -+ time_t uttime; -+ - utent.ut_type = USER_PROCESS; - strncpy(utent.ut_user, name, sizeof utent.ut_user); -- time(&utent.ut_time); -+ -+ time(&uttime); -+ utent.ut_time = uttime; -+ - /* other fields already filled in by checkutmp above */ - setutent(); - pututline(&utent); ---- shadow-4.0.3/src/lastlog.c.orig 2004-01-02 18:06:09.000000000 -0800 -+++ shadow-4.0.3/src/lastlog.c 2004-01-02 18:29:57.000000000 -0800 -@@ -167,6 +167,7 @@ - static int once; - char *cp; - struct tm *tm; -+ time_t ll_time; - - #ifdef HAVE_STRFTIME - char ptime[80]; -@@ -184,7 +185,9 @@ - #endif - once++; - } -- tm = localtime (&lastlog.ll_time); -+ ll_time = lastlog.ll_time; -+ tm = localtime (&ll_time); -+ - #ifdef HAVE_STRFTIME - strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm); - cp = ptime; ---- shadow-4.0.3/src/login.c.orig 2004-01-02 18:33:13.000000000 -0800 -+++ shadow-4.0.3/src/login.c 2004-01-02 18:40:17.000000000 -0800 -@@ -1019,8 +1019,12 @@ - const char *failent_user; - - #if HAVE_UTMPX_H -+ struct timeval ut_tv; -+ ut_tv.tv_sec = failent.ut_tv.tv_sec; -+ ut_tv.tv_usec = failent.ut_tv.tv_usec; -+ - failent = utxent; -- gettimeofday (&(failent.ut_tv), NULL); -+ gettimeofday (&ut_tv, NULL); - #else - failent = utent; - time (&failent.ut_time); -@@ -1271,15 +1275,16 @@ - } - if (getdef_bool ("LASTLOG_ENAB") - && lastlog.ll_time != 0) { -+ time_t ll_time= lastlog.ll_time; - #ifdef HAVE_STRFTIME - strftime (ptime, sizeof (ptime), - "%a %b %e %H:%M:%S %z %Y", -- localtime (&lastlog.ll_time)); -+ localtime (&ll_time)); - printf (_("Last login: %s on %s"), - ptime, lastlog.ll_line); - #else - printf (_("Last login: %.19s on %s"), -- ctime (&lastlog.ll_time), -+ ctime (&ll_time), - lastlog.ll_line); - #endif - #ifdef HAVE_LL_HOST /* SVR4 || __linux__ || SUN4 */ diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index 2f0e1178..77e34089 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2005-2009 Patrick J. Volkerding, Sebeka, Minnesota, USA +# Copyright 2005-2010 Patrick J. Volkerding, Sebeka, Minnesota, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -20,24 +20,40 @@ # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -VERSION=4.0.3 -ARCH=${ARCH:-x86_64} -BUILD=${BUILD:-18} +VERSION=4.1.4.2 +BUILD=${BUILD:-3} + +NUMJOBS=${NUMJOBS:--j6} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i486 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/package-shadow +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +else + SLKCFLAGS="-O2" +fi + rm -rf $PKG mkdir -p $TMP $PKG - -# Explode the package framework: -cd $PKG -explodepkg $CWD/_shadow.tar.gz - cd $TMP rm -rf shadow-$VERSION -tar xjvf $CWD/shadow-$VERSION.tar.bz2 +tar xvf $CWD/shadow-$VERSION.tar.?z* || exit 1 cd shadow-$VERSION chown -R root:root . @@ -47,110 +63,91 @@ find . \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ -exec chmod 644 {} \; -zcat $CWD/shadow.shadowconfig.diff.gz | patch -p1 --verbose --backup || exit 1 -zcat $CWD/shadow.newgrp.nopam.gz | patch -p0 --verbose --backup || exit 1 -zcat $CWD/shadow.login.defs.diff.gz | patch -p0 --verbose --backup || exit 1 -zcat $CWD/shadow.newgrp.getlogin.gz | patch -p1 --verbose --backup || exit 1 -zcat $CWD/shadow.gcc34.diff.gz | patch -p1 --verbose --backup || exit 1 -zcat $CWD/shadow.remove.obsolete.options.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 -if [ "$ARCH" = "x86_64" ]; then - zcat $CWD/shadow-4.0.3.x86_64.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1 -fi - +CFLAGS="$SLKCFLAGS" \ ./configure \ --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/man \ + --docdir=/usr/doc/shadow-$VERSION \ --disable-shared \ - --disable-desrpc \ + --without-libcrack \ --build=$ARCH-slackware-linux -make -j6 || exit 1 -cat etc/login.defs.linux > $PKG/etc/login.defs.new -cat etc/login.access > $PKG/etc/login.access.new +# --enable-utmpx # defaults to 'no' + +make $NUMJOBS || make || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Fix user group = 100: +zcat $CWD/useradd.gz > $PKG/etc/default/useradd + +# /bin/groups is provided by coreutils. +rm -f $PKG/bin/groups +find $PKG -name groups.1 -exec rm {} \; + +# Install a login.defs with unsurprising defaults: +rm -f $PKG/etc/login.defs +zcat $CWD/login.defs.gz > $PKG/etc/login.defs.new + +mv $PKG/etc/login.access $PKG/etc/login.access.new + +# I don't think this works well enough to recommend it. +#mv $PKG/etc/limits $PKG/etc/limits.new +rm -f $PKG/etc/limits + +# Add the friendly 'adduser' script: cat $CWD/adduser > $PKG/usr/sbin/adduser +chmod 0755 $PKG/usr/sbin/adduser + +# Add sulogin to the package: +cp -a src/sulogin $PKG/sbin +( cd $PKG/bin ; ln -s ../sbin/sulogin ) + +# Add the empty faillog log file: +mkdir -p $PKG/var/log +touch $PKG/var/log/faillog.new + +# Put some stuff back in "old" locations and make symlinks for compat +( cd $PKG/usr/bin + mv faillog ../sbin + mv lastlog ../sbin + ln -s ../sbin/faillog + ln -s ../sbin/lastlog +) + +# Fixup a few permissions: +chmod 4711 $PKG/bin/su +chmod 4711 $PKG/usr/bin/* + +# Compress and if needed symlink the man pages: +if [ -d $PKG/usr/man ]; then + ( cd $PKG/usr/man + for manpagedir in $(find . -type d -name "man*") ; do + ( cd $manpagedir + for eachpage in $( find . -type l -maxdepth 1) ; do + ln -s $( readlink $eachpage ).gz $eachpage.gz + rm $eachpage + done + gzip -9 *.? + ) + done + ) +fi -# These things aren't needed when using glibc, as it -# supplies its own shadow functions: -#cat lib/libshadow.a > $PKG/usr/lib/libshadow.a -#cp -a lib/pwauth.h $PKG/usr/include/shadow/pwauth.h -#cp -a lib/shadow_.h $PKG/usr/include/shadow/shadow.h -#chmod 644 $PKG/usr/include/shadow/* -#chown root.root $PKG/usr/include/shadow/* - -cd po -for file in *.gmo ; do - mkdir -p $PKG/usr/share/locale/$(basename $file .gmo)/LC_MESSAGES - cat $file > $PKG/usr/share/locale/$(basename $file .gmo)/LC_MESSAGES/shadow.mo -done -cd ../src -cat login > $PKG/bin/login -cat su > $PKG/bin/su -cat sulogin > $PKG/sbin/sulogin -cat ../debian/shadowconfig.sh > $PKG/usr/sbin/shadowconfig -for file in chpasswd dpasswd faillog groupadd groupdel groupmod grpck \ -lastlog logoutd mkpasswd newusers pwck useradd userdel usermod \ -pwconv pwunconv grpconv grpunconv vipw ; do - cat $file > $PKG/usr/sbin/$file -done -for file in chage chfn chsh expiry gpasswd newgrp passwd ; do - cat $file > $PKG/usr/bin/$file -done -cd .. -cp contrib/adduser.sh /sbin/adduser mkdir -p $PKG/usr/doc/shadow-$VERSION cp -a \ - ABOUT-NLS ChangeLog NEWS README TODO doc/* \ + COPYING ChangeLog NEWS README TODO doc/{README*,HOWTO,WISHLIST,*.txt} \ $PKG/usr/doc/shadow-$VERSION -chmod 644 $PKG/usr/doc/shadow-$VERSION/* - -install_man_pages() { -for file in chage.1 chfn.1 chsh.1 gpasswd.1 groups.1 login.1 newgrp.1 \ -passwd.1 su.1 ; do - if [ -r $file ]; then - mkdir -p $1/man1 - gzip -9c $file > $1/man1/$file.gz - fi -done -for file in pw_auth.3 shadow.3 ; do - if [ -r $file ]; then - mkdir -p $1/man3 - gzip -9c $file > $1/man3/$file.gz - fi -done -for file in faillog.5 limits.5 login.access.5 login.defs.5 passwd.5 \ -porttime.5 shadow.5 suauth.5 ; do - if [ -r $file ]; then - mkdir -p $1/man5 - gzip -9c $file > $1/man5/$file.gz - fi -done -for file in chpasswd.8 dpasswd.8 faillog.8 groupadd.8 groupdel.8 groupmod.8 \ -grpck.8 lastlog.8 logoutd.8 mkpasswd.8 newusers.8 pwauth.8 pwck.8 pwconv.8 \ -shadowconfig.8 sulogin.8 useradd.8 userdel.8 usermod.8 vipw.8 ; do - if [ -r $file ]; then - mkdir -p $1/man8 - gzip -9c $file > $1/man8/$file.gz - fi -done -} - -cd man - install_man_pages $PKG/usr/man - for dir in * ; do - if [ -d $dir ] ; then - ( cd $dir ; install_man_pages $PKG/usr/man/$dir ) - fi - done -cd .. +#chmod 0644 $PKG/usr/doc/shadow-$VERSION/* + +# The entire ChangeLog is excessive for most users: +cat $PKG/usr/doc/shadow-$VERSION/ChangeLog | head -n 2000 > $PKG/usr/doc/shadow-$VERSION/CL +mv $PKG/usr/doc/shadow-$VERSION/CL $PKG/usr/doc/shadow-$VERSION/ChangeLog mkdir -p $PKG/install cat $CWD/slack-desc > $PKG/install/slack-desc +zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh -# Build the package: cd $PKG -makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz +/sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz -# Clean up the extra stuff: -if [ "$1" = "--cleanup" ]; then - rm -rf $TMP/shadow-$VERSION - rm -rf $PKG -fi diff --git a/source/a/shadow/shadow.gcc34.diff b/source/a/shadow/shadow.gcc34.diff deleted file mode 100644 index 71dff4c8..00000000 --- a/source/a/shadow/shadow.gcc34.diff +++ /dev/null @@ -1,11 +0,0 @@ ---- ./libmisc/xmalloc.c.orig 1998-12-28 14:34:56.000000000 -0600 -+++ ./libmisc/xmalloc.c 2006-08-12 19:02:51.000000000 -0500 -@@ -16,8 +16,6 @@ - - #include "defines.h" - --extern char *malloc(); -- - char * - xmalloc(size_t size) - { diff --git a/source/a/shadow/shadow.login.defs.diff b/source/a/shadow/shadow.login.defs.diff deleted file mode 100644 index bfed463a..00000000 --- a/source/a/shadow/shadow.login.defs.diff +++ /dev/null @@ -1,67 +0,0 @@ ---- ./etc/login.defs.linux.orig 2000-08-26 13:27:10.000000000 -0500 -+++ ./etc/login.defs.linux 2008-03-24 15:10:09.000000000 -0500 -@@ -170,8 +170,8 @@ - # *REQUIRED* The default PATH settings, for superuser and normal users. - # - # (they are minimal, add the rest in the shell startup files) --ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin --ENV_PATH PATH=/bin:/usr/bin -+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin -+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin - - # - # Terminal permissions -@@ -185,7 +185,7 @@ - # TTYPERM to either 622 or 600. - # - TTYGROUP tty --TTYPERM 0600 -+TTYPERM 0620 - - # - # Login configuration initializations: -@@ -230,7 +230,7 @@ - # - # If compiled with cracklib support, where are the dictionaries - # --CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict -+#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict - - # - # Min/max values for automatic uid selection in useradd -@@ -282,7 +282,7 @@ - # phone, home phone). If not defined, no changes are allowed. - # For backward compatibility, "yes" = "rwh" and "no" = "frwh". - # --CHFN_RESTRICT rwh -+CHFN_RESTRICT frwh - - # - # Password prompt (%s will be replaced by user name). -@@ -299,7 +299,7 @@ - # Set to "no" if you need to copy encrypted passwords to other systems - # which don't understand the new algorithm. Default is "no". - # --#MD5_CRYPT_ENAB no -+MD5_CRYPT_ENAB yes - - # - # List of groups to add to the user's supplementary group set -@@ -310,7 +310,16 @@ - # access to these groups, even when not logged in on the console. - # How to do it is left as an exercise for the reader... - # --#CONSOLE_GROUPS floppy:audio:cdrom -+# Most of these groups are self-explanatory. -+# -+# Note that users are added to these default groups only when -+# logging into a shell with /bin/login, not when using a login -+# manager such as kdm. In that case, users who should have -+# hardware access must be added to the appropriate groups -+# when the user is added with adduser or useradd, or by editing -+# /etc/group directly. -+# -+CONSOLE_GROUPS floppy:audio:cdrom:video - - # - # Should login be allowed if we can't cd to the home directory? diff --git a/source/a/shadow/shadow.newgrp.getlogin b/source/a/shadow/shadow.newgrp.getlogin deleted file mode 100644 index 5d032f15..00000000 --- a/source/a/shadow/shadow.newgrp.getlogin +++ /dev/null @@ -1,21 +0,0 @@ ---- ./src/newgrp.c.orig 2003-05-31 21:19:39.000000000 -0700 -+++ ./src/newgrp.c 2003-05-31 21:21:32.000000000 -0700 -@@ -76,6 +76,7 @@ - gid_t gid; - char *cp; - const char *cpasswd, *name, *prog; -+ char *loginname = NULL; - char *group = NULL; - char *command = NULL; - char **envp = environ; -@@ -386,7 +387,9 @@ - SYSLOG ((LOG_INFO, "user `%s' switched to group `%s'", - name, group)); - if (getdef_bool ("SYSLOG_SG_ENAB")) { -- char *loginname = xstrdup (getlogin ()); -+ char *user = getlogin (); -+ if (user != NULL) -+ loginname = xstrdup (user); - char *tty = xstrdup (ttyname (0)); - - if (loginname == NULL) diff --git a/source/a/shadow/shadow.newgrp.nopam b/source/a/shadow/shadow.newgrp.nopam deleted file mode 100644 index 7920dde0..00000000 --- a/source/a/shadow/shadow.newgrp.nopam +++ /dev/null @@ -1,18 +0,0 @@ ---- src/newgrp.c.orig 2002-10-12 14:15:34.000000000 +0100 -+++ src/newgrp.c 2002-10-12 14:15:42.000000000 +0100 -@@ -398,6 +398,7 @@ - SYSLOG ((LOG_INFO, - "user `%s' (login `%s' on %s) switched to group `%s'", - name, loginname, tty, group)); -+#ifdef USE_PAM - if (getdef_bool ("CLOSE_SESSIONS")) { - /* - * We want to fork and exec the new shell in the child, leaving the -@@ -450,6 +451,7 @@ - signal (SIGTTIN, SIG_DFL); - signal (SIGTTOU, SIG_DFL); - } -+#endif // USE_PAM - } - #endif /* USE_SYSLOG */ - diff --git a/source/a/shadow/shadow.remove.obsolete.options.diff b/source/a/shadow/shadow.remove.obsolete.options.diff deleted file mode 100644 index 100fe2a8..00000000 --- a/source/a/shadow/shadow.remove.obsolete.options.diff +++ /dev/null @@ -1,78 +0,0 @@ ---- ./man/passwd.1.orig 2002-03-13 11:52:15.000000000 -0600 -+++ ./man/passwd.1 2006-08-20 18:29:58.000000000 -0500 -@@ -29,26 +29,17 @@ - .SH NAME - passwd \- change user password - .SH SYNOPSIS --\fBpasswd\fR [\fB-f\fR|\fB-s\fR] [\fIname\fR] --.br --\fBpasswd\fR [\fB-g\fR] [\fB-r\fR|\fB-R\fR] \fIgroup\fR -+\fBpasswd\fR [\fIname\fR] - .br - \fBpasswd\fR [\fB-x \fImax\fR] [\fB-n \fImin\fR] - [\fB-w \fIwarn\fR] [\fB-i \fIinact\fR] \fIlogin\fR - .br - \fBpasswd\fR {\fB-l\fR|\fB-u\fR|\fB-d\fR|\fB-S\fR|\fB-e\fR} \fIlogin\fR - .SH DESCRIPTION --\fBpasswd\fR changes passwords for user and group accounts. -+\fBpasswd\fR changes passwords for user accounts. - A normal user may only change the password for his/her own account, - the super user may change the password for any account. --The administrator of a group may change the password for the group. --\fBpasswd\fR also changes account information, such as the full name --of the user, user's login shell, or password expiry date and interval. --.PP --The \fB-s\fR option makes passwd call chsh to change the user's shell. The --\fB-f\fR option makes passwd call chfn to change the user's gecos --information. These two options are only meant for compatiblity, since the --other programs can be called directly. -+.PP - .SS Password Changes - The user is first prompted for his/her old password, if one is present. - This password is then encrypted and compared against the -@@ -86,17 +77,6 @@ - against the first. - Both entries are required to match in order for the password - to be changed. --.SS Group passwords --When the \fB-g\fR option is used, the password for the named --group is changed. --The user must either be the super user, or a group administrator --for the named group. --The current group password is not prompted for. --The \fB-r\fR option is used with the \fB-g\fR option to remove --the current password from the named group. --This allows group access to all members. --The \fB-R\fR option is used with the \fB-g\fR option to restrict --the named group for all users. - .SS Password expiry information - The password aging information may be changed by the super - user with the \fB-x\fR, \fB-n\fR, \fB-w\fR, and \fB-i\fR options. -@@ -191,6 +171,9 @@ - .br - /etc/shadow \- encrypted user passwords - .SH "SEE ALSO" -+.BR chfn (1), -+.BR chsh (1), -+.BR gpasswd (1), - .BR group (5), - .BR passwd (5) - .SH AUTHOR ---- ./src/passwd.c.orig 2002-01-05 09:41:43.000000000 -0600 -+++ ./src/passwd.c 2006-08-20 18:31:50.000000000 -0500 -@@ -955,6 +955,7 @@ - * Please run these programs directly. --marekm - */ - -+#ifdef I_LIKE_OBSOLETE_OPTIONS - if (argc > 1 && argv[1][0] == '-' && strchr ("gfs", argv[1][1])) { - char buf[200]; - -@@ -980,6 +981,7 @@ - closelog (); - exit (E_FAILURE); - } -+#endif - - /* - * The remaining arguments will be processed one by one and executed diff --git a/source/a/shadow/shadow.shadowconfig.diff b/source/a/shadow/shadow.shadowconfig.diff deleted file mode 100644 index 7dc9286e..00000000 --- a/source/a/shadow/shadow.shadowconfig.diff +++ /dev/null @@ -1,49 +0,0 @@ ---- ./debian/shadowconfig.sh.orig 2001-05-29 23:20:22.000000000 -0700 -+++ ./debian/shadowconfig.sh 2003-06-23 16:35:38.000000000 -0700 -@@ -1,23 +1,28 @@ - #!/bin/bash --# turn shadow passwords on or off on a Debian system -+# -+# 'shadowconfig on' will turn shadow passwords on; -+# 'shadowconfig off' will turn shadow passwords off. -+# -+# shadowconfig will print an error message and exit with -+# a nonzero code if it finds anything awry. If that happens, -+# you should correct the error and run it again. -+# -+# Turning shadow passwords on when they are already on, or -+# off when they are already off, is harmless. -+# -+# Be aware that account expiration dates are only supported -+# by shadow passwords -- these dates will be lost when converting -+# from shadow to non-shadow passwords. If you need to save this -+# information, back up your /etc/shadow before turning off -+# shadow passwords. -+# - --set -e - --permfix () { -- [ -f $1 ] || return 0 -- chown root:shadow $1 -- chmod 2755 $1 --} --export -f permfix -+set -e - - shadowon () { - bash<<- EOF - set -e -- -- permfix /usr/X11R6/bin/xlock -- permfix /usr/X11R6/bin/xtrlock -- permfix /bin/vlock -- - pwck -q - grpck - pwconv -@@ -65,3 +70,4 @@ - echo Usage: $0 on \| off - ;; - esac -+ diff --git a/source/a/shadow/useradd b/source/a/shadow/useradd new file mode 100644 index 00000000..f3205e49 --- /dev/null +++ b/source/a/shadow/useradd @@ -0,0 +1,8 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel +CREATE_MAIL_SPOOL=yes |