summaryrefslogtreecommitdiff
path: root/source/a/shadow
diff options
context:
space:
mode:
authorPatrick J Volkerding <volkerdi@slackware.com>2010-05-19 08:58:23 +0000
committerEric Hameleers <alien@slackware.com>2018-05-31 22:43:05 +0200
commitb76270bf9e6dd375e495fec92140a79a79415d27 (patch)
tree3dbed78b2279bf9f14207a16dc634b90995cbd40 /source/a/shadow
parent5a12e7c134274dba706667107d10d231517d3e05 (diff)
downloadcurrent-b76270bf9e6dd375e495fec92140a79a79415d27.tar.gz
Slackware 13.1slackware-13.1
Wed May 19 08:58:23 UTC 2010 Slackware 13.1 x86_64 stable is released! Lots of thanks are due -- see the RELEASE_NOTES and the rest of the ChangeLog for credits. The ISOs are on their way to replication, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. We are taking pre-orders now at store.slackware.com, and offering a discount if you sign up for a subscription. Consider picking up a copy to help support the project. Thanks again to the Slackware community for testing, contributing, and generally holding us to a high level of quality. :-) Enjoy!
Diffstat (limited to 'source/a/shadow')
-rw-r--r--source/a/shadow/adduser13
-rw-r--r--source/a/shadow/doinst.sh17
-rw-r--r--source/a/shadow/login.defs387
-rw-r--r--source/a/shadow/shadow-4.0.3.x86_64.diff166
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild199
-rw-r--r--source/a/shadow/shadow.gcc34.diff11
-rw-r--r--source/a/shadow/shadow.login.defs.diff67
-rw-r--r--source/a/shadow/shadow.newgrp.getlogin21
-rw-r--r--source/a/shadow/shadow.newgrp.nopam18
-rw-r--r--source/a/shadow/shadow.remove.obsolete.options.diff78
-rw-r--r--source/a/shadow/shadow.shadowconfig.diff49
-rw-r--r--source/a/shadow/useradd8
12 files changed, 518 insertions, 516 deletions
diff --git a/source/a/shadow/adduser b/source/a/shadow/adduser
index 02385e33..038a0a94 100644
--- a/source/a/shadow/adduser
+++ b/source/a/shadow/adduser
@@ -1,8 +1,8 @@
#!/bin/bash
#
# Copyright 1995 Hrvoje Dogan, Croatia.
-# Copyright 2002, 2003, 2004, 2008, 2009 Stuart Winter, Surrey, England, UK.
-# Copyright 2004, 2008, 2009 Slackware Linux, Inc., Concord, CA, USA
+# Copyright 2002-2004, 2008, 2009, 2010 Stuart Winter, Surrey, England, UK.
+# Copyright 2004, 2008-2010 Slackware Linux, Inc., Concord, CA, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -29,12 +29,15 @@
# Author : Stuart Winter <mozes@slackware.com>
# Based on the original Slackware adduser by Hrvoje Dogan
# with modifications by Patrick Volkerding
-# Version: 1.12
+# Version: 1.13
##########################################################################
# Usage..: adduser [<new_user_name>]
##########################################################################
# History #
###########
+# v1.13 - 13/01/10
+# * Fix bug that removed underscore characters from group names.
+# Thanks to mRgOBLIN for the report and Jim Hawkins for the fix. <sw>
# v1.12 - 21/07/09
# * Adjusted the search of /etc/passwd to exclude the NIS inclusion
# string. Thanks to Dominik L. Borkowski.
@@ -282,8 +285,8 @@ while [ ! -z "$needinput" ]; do
history -c
history -s "$AGID"
echo "Press ENTER to continue without adding any additional groups"
- echo "Or press the UP arrow to add/select/edit additional groups"
- AGID="$(get_input ": " | tr -d '[:punct:]' | tr -s ' ' | sed 's?^ $??g' )"
+ echo "Or press the UP arrow key to add/select/edit additional groups"
+ AGID="$(get_input ": " | sed 's/[^A-Za-z0-9 _]//g;s/ */ /g;s/^ $//g' )"
if [ ! -z "$AGID" ]; then
check_group "$AGID" # check all groups at once (treated as N # of params)
if [ $? -gt 0 ]; then
diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh
new file mode 100644
index 00000000..88fefb3a
--- /dev/null
+++ b/source/a/shadow/doinst.sh
@@ -0,0 +1,17 @@
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+config etc/login.access.new
+config etc/login.defs.new
+config var/log/faillog.new
+rm -f var/log/faillog.new
+
diff --git a/source/a/shadow/login.defs b/source/a/shadow/login.defs
new file mode 100644
index 00000000..dde37c97
--- /dev/null
+++ b/source/a/shadow/login.defs
@@ -0,0 +1,387 @@
+#
+# /etc/login.defs - Configuration control definitions for the shadow package.
+#
+# $Id: login.defs 3038 2009-07-23 20:41:35Z nekral-guest $
+#
+
+#
+# Delay in seconds before being allowed another attempt after a login failure
+#
+FAIL_DELAY 3
+
+#
+# Enable logging and display of /var/log/faillog login failure info.
+#
+FAILLOG_ENAB yes
+
+#
+# Enable display of unknown usernames when login failures are recorded.
+#
+LOG_UNKFAIL_ENAB no
+
+#
+# Enable logging of successful logins
+#
+LOG_OK_LOGINS no
+
+#
+# Enable logging and display of /var/log/lastlog login time info.
+#
+LASTLOG_ENAB yes
+
+#
+# Enable checking and display of mailbox status upon login.
+#
+# Disable if the shell startup files already check for mail
+# ("mailx -e" or equivalent).
+#
+MAIL_CHECK_ENAB yes
+
+#
+# Enable additional checks upon password changes.
+#
+OBSCURE_CHECKS_ENAB yes
+
+#
+# Enable checking of time restrictions specified in /etc/porttime.
+#
+PORTTIME_CHECKS_ENAB yes
+
+#
+# Enable setting of ulimit, umask, and niceness from passwd gecos field.
+#
+QUOTAS_ENAB yes
+
+#
+# Enable "syslog" logging of su activity - in addition to sulog file logging.
+# SYSLOG_SG_ENAB does the same for newgrp and sg.
+#
+SYSLOG_SU_ENAB yes
+SYSLOG_SG_ENAB yes
+
+#
+# If defined, either full pathname of a file containing device names or
+# a ":" delimited list of device names. Root logins will be allowed only
+# upon these devices.
+#
+CONSOLE /etc/securetty
+#CONSOLE console:tty01:tty02:tty03:tty04
+
+#
+# If defined, all su activity is logged to this file.
+#
+#SULOG_FILE /var/log/sulog
+
+#
+# If defined, ":" delimited list of "message of the day" files to
+# be displayed upon login.
+#
+MOTD_FILE /etc/motd
+#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+#
+# If defined, this file will be output before each login prompt.
+#
+#ISSUE_FILE /etc/issue
+
+#
+# If defined, file which maps tty line to TERM environment parameter.
+# Each line of the file is in a format something like "vt100 tty01".
+#
+#TTYTYPE_FILE /etc/ttytype
+
+#
+# If defined, login failures will be logged here in a utmp format.
+# last, when invoked as lastb, will read /var/log/btmp, so...
+#
+FTMP_FILE /var/log/btmp
+
+#
+# If defined, name of file whose presence which will inhibit non-root
+# logins. The contents of this file should be a message indicating
+# why logins are inhibited.
+#
+NOLOGINS_FILE /etc/nologin
+
+#
+# If defined, the command name to display when running "su -". For
+# example, if this is defined as "su" then a "ps" will display the
+# command is "-su". If not defined, then "ps" would display the
+# name of the shell actually being run, e.g. something like "-sh".
+#
+SU_NAME su
+
+#
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+#
+MAIL_DIR /var/spool/mail
+#MAIL_FILE .mail
+
+#
+# If defined, file which inhibits all the usual chatter during the login
+# sequence. If a full pathname, then hushed mode will be enabled if the
+# user's name or shell are found in the file. If not a full pathname, then
+# hushed mode will be enabled if the file exists in the user's home directory.
+#
+HUSHLOGIN_FILE .hushlogin
+#HUSHLOGIN_FILE /etc/hushlogins
+
+#
+# If defined, either a TZ environment parameter spec or the
+# fully-rooted pathname of a file containing such a spec.
+#
+#ENV_TZ TZ=CST6CDT
+#ENV_TZ /etc/tzname
+
+#
+# If defined, an HZ environment parameter spec.
+#
+# for Linux/x86
+ENV_HZ HZ=100
+# For Linux/Alpha...
+#ENV_HZ HZ=1024
+
+#
+# *REQUIRED* The default PATH settings, for superuser and normal users.
+#
+# (they are minimal, add the rest in the shell startup files)
+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin
+
+#
+# Terminal permissions
+#
+# TTYGROUP Login tty will be assigned this group ownership.
+# TTYPERM Login tty will be set to this permission.
+#
+# If you have a "write" program which is "setgid" to a special group
+# which owns the terminals, define TTYGROUP to the group number and
+# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
+# TTYPERM to either 622 or 600.
+#
+TTYGROUP tty
+TTYPERM 0620
+
+#
+# Login configuration initializations:
+#
+# ERASECHAR Terminal ERASE character ('\010' = backspace).
+# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+# ULIMIT Default "ulimit" value.
+#
+# The ERASECHAR and KILLCHAR are used only on System V machines.
+# The ULIMIT is used only if the system supports it.
+# (now it works with setrlimit too; ulimit is in 512-byte units)
+#
+# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+#
+ERASECHAR 0177
+KILLCHAR 025
+#ULIMIT 2097152
+
+# Default initial "umask" value.
+# UMASK is also used by useradd and newusers to set the mode of new home
+# directories.
+# 022 is the default value, but 027, or even 077, could be considered
+# better for privacy. There is no One True Answer here: each sysadmin
+# must make up her mind.
+UMASK 022
+
+#
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_MIN_LEN Minimum acceptable password length.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_MIN_LEN 5
+PASS_WARN_AGE 7
+
+#
+# If "yes", the user must be listed as a member of the first gid 0 group
+# in /etc/group (called "root" on most Linux systems) to be able to "su"
+# to uid 0 accounts. If the group doesn't exist or is empty, no one
+# will be able to "su" to uid 0.
+#
+SU_WHEEL_ONLY no
+
+#
+# If compiled with cracklib support, where are the dictionaries
+#
+#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+SYS_UID_MIN 101
+SYS_UID_MAX 999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+SYS_GID_MIN 101
+SYS_GID_MAX 999
+
+#
+# Max number of login retries if password is bad
+#
+LOGIN_RETRIES 5
+
+#
+# Max time in seconds for login
+#
+LOGIN_TIMEOUT 60
+
+#
+# Maximum number of attempts to change password if rejected (too easy)
+#
+PASS_CHANGE_TRIES 5
+
+#
+# Warn about weak passwords (but still allow them) if you are root.
+#
+PASS_ALWAYS_WARN yes
+
+#
+# Number of significant characters in the password for crypt().
+# Default is 8, don't change unless your crypt() is better.
+# Ignored if MD5_CRYPT_ENAB set to "yes".
+#
+#PASS_MAX_LEN 8
+
+#
+# Require password before chfn/chsh can make any changes.
+#
+CHFN_AUTH yes
+
+#
+# Which fields may be changed by regular users using chfn - use
+# any combination of letters "frwh" (full name, room number, work
+# phone, home phone). If not defined, no changes are allowed.
+# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
+#
+CHFN_RESTRICT frwh
+
+#
+# Password prompt (%s will be replaced by user name).
+#
+# XXX - it doesn't work correctly yet, for now leave it commented out
+# to use the default which is just "Password: ".
+#LOGIN_STRING "%s's Password: "
+
+#
+# Only works if compiled with MD5_CRYPT defined:
+# If set to "yes", new passwords will be encrypted using the MD5-based
+# algorithm compatible with the one used by recent releases of FreeBSD.
+# It supports passwords of unlimited length and longer salt strings.
+# Set to "no" if you need to copy encrypted passwords to other systems
+# which don't understand the new algorithm. Default is "no".
+#
+# This variable is deprecated. You should use ENCRYPT_METHOD.
+#
+#MD5_CRYPT_ENAB no
+
+#
+# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+# If set to MD5 , MD5-based algorithm will be used for encrypting password
+# If set to SHA256, SHA256-based algorithm will be used for encrypting password
+# If set to SHA512, SHA512-based algorithm will be used for encrypting password
+# If set to DES, DES-based algorithm will be used for encrypting password (default)
+# Overrides the MD5_CRYPT_ENAB option
+#
+ENCRYPT_METHOD MD5
+
+#
+# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+#
+# Define the number of SHA rounds.
+# With a lot of rounds, it is more difficult to brute forcing the password.
+# But note also that it more CPU resources will be needed to authenticate
+# users.
+#
+# If not specified, the libc will choose the default number of rounds (5000).
+# The values must be inside the 1000-999999999 range.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+# SHA_CRYPT_MIN_ROUNDS 5000
+# SHA_CRYPT_MAX_ROUNDS 5000
+
+#
+# List of groups to add to the user's supplementary group set
+# when logging in on the console (as determined by the CONSOLE
+# setting). Default is none.
+#
+# Use with caution - it is possible for users to gain permanent
+# access to these groups, even when not logged in on the console.
+# How to do it is left as an exercise for the reader...
+#
+# Most of these groups are self-explanatory.
+#
+# Note that users are added to these default groups only when
+# logging into a shell with /bin/login, not when using a login
+# manager such as kdm. In that case, users who should have
+# hardware access must be added to the appropriate groups
+# when the user is added with adduser or useradd, or by editing
+# /etc/group directly, preferably using "vigr"
+#
+CONSOLE_GROUPS floppy:audio:cdrom:video:scanner
+
+#
+# Should login be allowed if we can't cd to the home directory?
+# Default in no.
+#
+DEFAULT_HOME yes
+
+#
+# If this file exists and is readable, login environment will be
+# read from it. Every line should be in the form name=value.
+#
+ENVIRON_FILE /etc/environment
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
+# This also enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+#
+# If set to a non-nul number, the shadow utilities will make sure that
+# groups never have more than this number of users on one line.
+# This permit to support split groups (groups split into multiple lines,
+# with the same group ID, to avoid limitation of the line length in the
+# group file).
+#
+# 0 is the default value and disables this feature.
+#
+#MAX_MEMBERS_PER_GROUP 0
+
+#
+# If useradd should create home directories for users by default (non
+# system users only)
+# This option is overridden with the -M or -m flags on the useradd command
+# line.
+#
+#CREATE_HOME yes
+
diff --git a/source/a/shadow/shadow-4.0.3.x86_64.diff b/source/a/shadow/shadow-4.0.3.x86_64.diff
deleted file mode 100644
index 15d16c7c..00000000
--- a/source/a/shadow/shadow-4.0.3.x86_64.diff
+++ /dev/null
@@ -1,166 +0,0 @@
---- shadow-4.0.3/libmisc/failure.h.orig 2004-01-02 18:47:01.000000000 -0800
-+++ shadow-4.0.3/libmisc/failure.h 2004-01-02 18:52:38.000000000 -0800
-@@ -4,7 +4,12 @@
-
- #include "defines.h"
- #include "faillog.h"
-+
-+#if HAVE_UTMPX_H
-+#include <utmpx.h>
-+#else
- #include <utmp.h>
-+#endif
-
- /*
- * failure - make failure entry
-@@ -38,7 +43,11 @@
- * failtmp updates the (struct utmp) formatted failure log which
- * maintains a record of all login failures.
- */
-+#if HAVE_UTMPX_H
-+extern void failtmp(const struct utmpx *);
-+#else
- extern void failtmp(const struct utmp *);
-+#endif
-
- #endif
-
---- shadow-4.0.3/libmisc/failure.c.orig 2004-01-02 18:47:06.000000000 -0800
-+++ shadow-4.0.3/libmisc/failure.c 2004-01-02 18:53:37.000000000 -0800
-@@ -39,7 +39,11 @@
- #include "getdef.h"
- #include "failure.h"
-
-+#if HAVE_UTMPX_H
-+#include <utmpx.h>
-+#else
- #include <utmp.h>
-+#endif
-
- #define YEAR (365L*DAY)
-
-@@ -248,7 +252,11 @@
- */
-
- void
-+#if HAVE_UTMPX_H
-+failtmp(const struct utmpx *failent)
-+#else
- failtmp(const struct utmp *failent)
-+#endif
- {
- char *ftmp;
- int fd;
---- shadow-4.0.3/libmisc/log.c.orig 2004-01-02 18:58:04.000000000 -0800
-+++ shadow-4.0.3/libmisc/log.c 2004-01-02 18:58:51.000000000 -0800
-@@ -57,6 +57,7 @@
- int fd;
- off_t offset;
- struct lastlog newlog;
-+ time_t ll_time;
-
- /*
- * If the file does not exist, don't create it.
-@@ -88,7 +89,8 @@
- if (ll)
- *ll = newlog;
-
-- time(&newlog.ll_time);
-+ ll_time = newlog.ll_time;
-+ time(&ll_time);
- strncpy(newlog.ll_line, line, sizeof newlog.ll_line);
- #if HAVE_LL_HOST
- strncpy(newlog.ll_host, host, sizeof newlog.ll_host);
---- shadow-4.0.3/libmisc/utmp.c.orig 2004-01-02 18:59:04.000000000 -0800
-+++ shadow-4.0.3/libmisc/utmp.c 2004-01-02 19:05:34.000000000 -0800
-@@ -79,6 +79,8 @@
- {
- char *line;
- struct utmp *ut;
-+ time_t uttime;
-+
- pid_t pid = getpid();
-
- setutent();
-@@ -111,7 +113,8 @@
- /* XXX - assumes /dev/tty?? */
- strncpy(utent.ut_id, utent.ut_line + 3, sizeof utent.ut_id);
- strcpy(utent.ut_user, "LOGIN");
-- time(&utent.ut_time);
-+ time(&uttime);
-+ utent.ut_time = uttime;
- }
- }
-
-@@ -284,9 +287,14 @@
- void
- setutmp(const char *name, const char *line, const char *host)
- {
-+ time_t uttime;
-+
- utent.ut_type = USER_PROCESS;
- strncpy(utent.ut_user, name, sizeof utent.ut_user);
-- time(&utent.ut_time);
-+
-+ time(&uttime);
-+ utent.ut_time = uttime;
-+
- /* other fields already filled in by checkutmp above */
- setutent();
- pututline(&utent);
---- shadow-4.0.3/src/lastlog.c.orig 2004-01-02 18:06:09.000000000 -0800
-+++ shadow-4.0.3/src/lastlog.c 2004-01-02 18:29:57.000000000 -0800
-@@ -167,6 +167,7 @@
- static int once;
- char *cp;
- struct tm *tm;
-+ time_t ll_time;
-
- #ifdef HAVE_STRFTIME
- char ptime[80];
-@@ -184,7 +185,9 @@
- #endif
- once++;
- }
-- tm = localtime (&lastlog.ll_time);
-+ ll_time = lastlog.ll_time;
-+ tm = localtime (&ll_time);
-+
- #ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
- cp = ptime;
---- shadow-4.0.3/src/login.c.orig 2004-01-02 18:33:13.000000000 -0800
-+++ shadow-4.0.3/src/login.c 2004-01-02 18:40:17.000000000 -0800
-@@ -1019,8 +1019,12 @@
- const char *failent_user;
-
- #if HAVE_UTMPX_H
-+ struct timeval ut_tv;
-+ ut_tv.tv_sec = failent.ut_tv.tv_sec;
-+ ut_tv.tv_usec = failent.ut_tv.tv_usec;
-+
- failent = utxent;
-- gettimeofday (&(failent.ut_tv), NULL);
-+ gettimeofday (&ut_tv, NULL);
- #else
- failent = utent;
- time (&failent.ut_time);
-@@ -1271,15 +1275,16 @@
- }
- if (getdef_bool ("LASTLOG_ENAB")
- && lastlog.ll_time != 0) {
-+ time_t ll_time= lastlog.ll_time;
- #ifdef HAVE_STRFTIME
- strftime (ptime, sizeof (ptime),
- "%a %b %e %H:%M:%S %z %Y",
-- localtime (&lastlog.ll_time));
-+ localtime (&ll_time));
- printf (_("Last login: %s on %s"),
- ptime, lastlog.ll_line);
- #else
- printf (_("Last login: %.19s on %s"),
-- ctime (&lastlog.ll_time),
-+ ctime (&ll_time),
- lastlog.ll_line);
- #endif
- #ifdef HAVE_LL_HOST /* SVR4 || __linux__ || SUN4 */
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index 2f0e1178..77e34089 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -1,6 +1,6 @@
#!/bin/sh
-# Copyright 2005-2009 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2005-2010 Patrick J. Volkerding, Sebeka, Minnesota, USA
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -20,24 +20,40 @@
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-VERSION=4.0.3
-ARCH=${ARCH:-x86_64}
-BUILD=${BUILD:-18}
+VERSION=4.1.4.2
+BUILD=${BUILD:-3}
+
+NUMJOBS=${NUMJOBS:--j6}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i486 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/package-shadow
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+else
+ SLKCFLAGS="-O2"
+fi
+
rm -rf $PKG
mkdir -p $TMP $PKG
-
-# Explode the package framework:
-cd $PKG
-explodepkg $CWD/_shadow.tar.gz
-
cd $TMP
rm -rf shadow-$VERSION
-tar xjvf $CWD/shadow-$VERSION.tar.bz2
+tar xvf $CWD/shadow-$VERSION.tar.?z* || exit 1
cd shadow-$VERSION
chown -R root:root .
@@ -47,110 +63,91 @@ find . \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \;
-zcat $CWD/shadow.shadowconfig.diff.gz | patch -p1 --verbose --backup || exit 1
-zcat $CWD/shadow.newgrp.nopam.gz | patch -p0 --verbose --backup || exit 1
-zcat $CWD/shadow.login.defs.diff.gz | patch -p0 --verbose --backup || exit 1
-zcat $CWD/shadow.newgrp.getlogin.gz | patch -p1 --verbose --backup || exit 1
-zcat $CWD/shadow.gcc34.diff.gz | patch -p1 --verbose --backup || exit 1
-zcat $CWD/shadow.remove.obsolete.options.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
-if [ "$ARCH" = "x86_64" ]; then
- zcat $CWD/shadow-4.0.3.x86_64.diff.gz | patch -p1 --verbose --backup --suffix=.orig || exit 1
-fi
-
+CFLAGS="$SLKCFLAGS" \
./configure \
--prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/shadow-$VERSION \
--disable-shared \
- --disable-desrpc \
+ --without-libcrack \
--build=$ARCH-slackware-linux
-make -j6 || exit 1
-cat etc/login.defs.linux > $PKG/etc/login.defs.new
-cat etc/login.access > $PKG/etc/login.access.new
+# --enable-utmpx # defaults to 'no'
+
+make $NUMJOBS || make || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Fix user group = 100:
+zcat $CWD/useradd.gz > $PKG/etc/default/useradd
+
+# /bin/groups is provided by coreutils.
+rm -f $PKG/bin/groups
+find $PKG -name groups.1 -exec rm {} \;
+
+# Install a login.defs with unsurprising defaults:
+rm -f $PKG/etc/login.defs
+zcat $CWD/login.defs.gz > $PKG/etc/login.defs.new
+
+mv $PKG/etc/login.access $PKG/etc/login.access.new
+
+# I don't think this works well enough to recommend it.
+#mv $PKG/etc/limits $PKG/etc/limits.new
+rm -f $PKG/etc/limits
+
+# Add the friendly 'adduser' script:
cat $CWD/adduser > $PKG/usr/sbin/adduser
+chmod 0755 $PKG/usr/sbin/adduser
+
+# Add sulogin to the package:
+cp -a src/sulogin $PKG/sbin
+( cd $PKG/bin ; ln -s ../sbin/sulogin )
+
+# Add the empty faillog log file:
+mkdir -p $PKG/var/log
+touch $PKG/var/log/faillog.new
+
+# Put some stuff back in "old" locations and make symlinks for compat
+( cd $PKG/usr/bin
+ mv faillog ../sbin
+ mv lastlog ../sbin
+ ln -s ../sbin/faillog
+ ln -s ../sbin/lastlog
+)
+
+# Fixup a few permissions:
+chmod 4711 $PKG/bin/su
+chmod 4711 $PKG/usr/bin/*
+
+# Compress and if needed symlink the man pages:
+if [ -d $PKG/usr/man ]; then
+ ( cd $PKG/usr/man
+ for manpagedir in $(find . -type d -name "man*") ; do
+ ( cd $manpagedir
+ for eachpage in $( find . -type l -maxdepth 1) ; do
+ ln -s $( readlink $eachpage ).gz $eachpage.gz
+ rm $eachpage
+ done
+ gzip -9 *.?
+ )
+ done
+ )
+fi
-# These things aren't needed when using glibc, as it
-# supplies its own shadow functions:
-#cat lib/libshadow.a > $PKG/usr/lib/libshadow.a
-#cp -a lib/pwauth.h $PKG/usr/include/shadow/pwauth.h
-#cp -a lib/shadow_.h $PKG/usr/include/shadow/shadow.h
-#chmod 644 $PKG/usr/include/shadow/*
-#chown root.root $PKG/usr/include/shadow/*
-
-cd po
-for file in *.gmo ; do
- mkdir -p $PKG/usr/share/locale/$(basename $file .gmo)/LC_MESSAGES
- cat $file > $PKG/usr/share/locale/$(basename $file .gmo)/LC_MESSAGES/shadow.mo
-done
-cd ../src
-cat login > $PKG/bin/login
-cat su > $PKG/bin/su
-cat sulogin > $PKG/sbin/sulogin
-cat ../debian/shadowconfig.sh > $PKG/usr/sbin/shadowconfig
-for file in chpasswd dpasswd faillog groupadd groupdel groupmod grpck \
-lastlog logoutd mkpasswd newusers pwck useradd userdel usermod \
-pwconv pwunconv grpconv grpunconv vipw ; do
- cat $file > $PKG/usr/sbin/$file
-done
-for file in chage chfn chsh expiry gpasswd newgrp passwd ; do
- cat $file > $PKG/usr/bin/$file
-done
-cd ..
-cp contrib/adduser.sh /sbin/adduser
mkdir -p $PKG/usr/doc/shadow-$VERSION
cp -a \
- ABOUT-NLS ChangeLog NEWS README TODO doc/* \
+ COPYING ChangeLog NEWS README TODO doc/{README*,HOWTO,WISHLIST,*.txt} \
$PKG/usr/doc/shadow-$VERSION
-chmod 644 $PKG/usr/doc/shadow-$VERSION/*
-
-install_man_pages() {
-for file in chage.1 chfn.1 chsh.1 gpasswd.1 groups.1 login.1 newgrp.1 \
-passwd.1 su.1 ; do
- if [ -r $file ]; then
- mkdir -p $1/man1
- gzip -9c $file > $1/man1/$file.gz
- fi
-done
-for file in pw_auth.3 shadow.3 ; do
- if [ -r $file ]; then
- mkdir -p $1/man3
- gzip -9c $file > $1/man3/$file.gz
- fi
-done
-for file in faillog.5 limits.5 login.access.5 login.defs.5 passwd.5 \
-porttime.5 shadow.5 suauth.5 ; do
- if [ -r $file ]; then
- mkdir -p $1/man5
- gzip -9c $file > $1/man5/$file.gz
- fi
-done
-for file in chpasswd.8 dpasswd.8 faillog.8 groupadd.8 groupdel.8 groupmod.8 \
-grpck.8 lastlog.8 logoutd.8 mkpasswd.8 newusers.8 pwauth.8 pwck.8 pwconv.8 \
-shadowconfig.8 sulogin.8 useradd.8 userdel.8 usermod.8 vipw.8 ; do
- if [ -r $file ]; then
- mkdir -p $1/man8
- gzip -9c $file > $1/man8/$file.gz
- fi
-done
-}
-
-cd man
- install_man_pages $PKG/usr/man
- for dir in * ; do
- if [ -d $dir ] ; then
- ( cd $dir ; install_man_pages $PKG/usr/man/$dir )
- fi
- done
-cd ..
+#chmod 0644 $PKG/usr/doc/shadow-$VERSION/*
+
+# The entire ChangeLog is excessive for most users:
+cat $PKG/usr/doc/shadow-$VERSION/ChangeLog | head -n 2000 > $PKG/usr/doc/shadow-$VERSION/CL
+mv $PKG/usr/doc/shadow-$VERSION/CL $PKG/usr/doc/shadow-$VERSION/ChangeLog
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
+zcat $CWD/doinst.sh.gz > $PKG/install/doinst.sh
-# Build the package:
cd $PKG
-makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz
+/sbin/makepkg -l y -c n $TMP/shadow-$VERSION-$ARCH-$BUILD.txz
-# Clean up the extra stuff:
-if [ "$1" = "--cleanup" ]; then
- rm -rf $TMP/shadow-$VERSION
- rm -rf $PKG
-fi
diff --git a/source/a/shadow/shadow.gcc34.diff b/source/a/shadow/shadow.gcc34.diff
deleted file mode 100644
index 71dff4c8..00000000
--- a/source/a/shadow/shadow.gcc34.diff
+++ /dev/null
@@ -1,11 +0,0 @@
---- ./libmisc/xmalloc.c.orig 1998-12-28 14:34:56.000000000 -0600
-+++ ./libmisc/xmalloc.c 2006-08-12 19:02:51.000000000 -0500
-@@ -16,8 +16,6 @@
-
- #include "defines.h"
-
--extern char *malloc();
--
- char *
- xmalloc(size_t size)
- {
diff --git a/source/a/shadow/shadow.login.defs.diff b/source/a/shadow/shadow.login.defs.diff
deleted file mode 100644
index bfed463a..00000000
--- a/source/a/shadow/shadow.login.defs.diff
+++ /dev/null
@@ -1,67 +0,0 @@
---- ./etc/login.defs.linux.orig 2000-08-26 13:27:10.000000000 -0500
-+++ ./etc/login.defs.linux 2008-03-24 15:10:09.000000000 -0500
-@@ -170,8 +170,8 @@
- # *REQUIRED* The default PATH settings, for superuser and normal users.
- #
- # (they are minimal, add the rest in the shell startup files)
--ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
--ENV_PATH PATH=/bin:/usr/bin
-+ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
-+ENV_PATH PATH=/usr/local/bin:/bin:/usr/bin
-
- #
- # Terminal permissions
-@@ -185,7 +185,7 @@
- # TTYPERM to either 622 or 600.
- #
- TTYGROUP tty
--TTYPERM 0600
-+TTYPERM 0620
-
- #
- # Login configuration initializations:
-@@ -230,7 +230,7 @@
- #
- # If compiled with cracklib support, where are the dictionaries
- #
--CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
-+#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
-
- #
- # Min/max values for automatic uid selection in useradd
-@@ -282,7 +282,7 @@
- # phone, home phone). If not defined, no changes are allowed.
- # For backward compatibility, "yes" = "rwh" and "no" = "frwh".
- #
--CHFN_RESTRICT rwh
-+CHFN_RESTRICT frwh
-
- #
- # Password prompt (%s will be replaced by user name).
-@@ -299,7 +299,7 @@
- # Set to "no" if you need to copy encrypted passwords to other systems
- # which don't understand the new algorithm. Default is "no".
- #
--#MD5_CRYPT_ENAB no
-+MD5_CRYPT_ENAB yes
-
- #
- # List of groups to add to the user's supplementary group set
-@@ -310,7 +310,16 @@
- # access to these groups, even when not logged in on the console.
- # How to do it is left as an exercise for the reader...
- #
--#CONSOLE_GROUPS floppy:audio:cdrom
-+# Most of these groups are self-explanatory.
-+#
-+# Note that users are added to these default groups only when
-+# logging into a shell with /bin/login, not when using a login
-+# manager such as kdm. In that case, users who should have
-+# hardware access must be added to the appropriate groups
-+# when the user is added with adduser or useradd, or by editing
-+# /etc/group directly.
-+#
-+CONSOLE_GROUPS floppy:audio:cdrom:video
-
- #
- # Should login be allowed if we can't cd to the home directory?
diff --git a/source/a/shadow/shadow.newgrp.getlogin b/source/a/shadow/shadow.newgrp.getlogin
deleted file mode 100644
index 5d032f15..00000000
--- a/source/a/shadow/shadow.newgrp.getlogin
+++ /dev/null
@@ -1,21 +0,0 @@
---- ./src/newgrp.c.orig 2003-05-31 21:19:39.000000000 -0700
-+++ ./src/newgrp.c 2003-05-31 21:21:32.000000000 -0700
-@@ -76,6 +76,7 @@
- gid_t gid;
- char *cp;
- const char *cpasswd, *name, *prog;
-+ char *loginname = NULL;
- char *group = NULL;
- char *command = NULL;
- char **envp = environ;
-@@ -386,7 +387,9 @@
- SYSLOG ((LOG_INFO, "user `%s' switched to group `%s'",
- name, group));
- if (getdef_bool ("SYSLOG_SG_ENAB")) {
-- char *loginname = xstrdup (getlogin ());
-+ char *user = getlogin ();
-+ if (user != NULL)
-+ loginname = xstrdup (user);
- char *tty = xstrdup (ttyname (0));
-
- if (loginname == NULL)
diff --git a/source/a/shadow/shadow.newgrp.nopam b/source/a/shadow/shadow.newgrp.nopam
deleted file mode 100644
index 7920dde0..00000000
--- a/source/a/shadow/shadow.newgrp.nopam
+++ /dev/null
@@ -1,18 +0,0 @@
---- src/newgrp.c.orig 2002-10-12 14:15:34.000000000 +0100
-+++ src/newgrp.c 2002-10-12 14:15:42.000000000 +0100
-@@ -398,6 +398,7 @@
- SYSLOG ((LOG_INFO,
- "user `%s' (login `%s' on %s) switched to group `%s'",
- name, loginname, tty, group));
-+#ifdef USE_PAM
- if (getdef_bool ("CLOSE_SESSIONS")) {
- /*
- * We want to fork and exec the new shell in the child, leaving the
-@@ -450,6 +451,7 @@
- signal (SIGTTIN, SIG_DFL);
- signal (SIGTTOU, SIG_DFL);
- }
-+#endif // USE_PAM
- }
- #endif /* USE_SYSLOG */
-
diff --git a/source/a/shadow/shadow.remove.obsolete.options.diff b/source/a/shadow/shadow.remove.obsolete.options.diff
deleted file mode 100644
index 100fe2a8..00000000
--- a/source/a/shadow/shadow.remove.obsolete.options.diff
+++ /dev/null
@@ -1,78 +0,0 @@
---- ./man/passwd.1.orig 2002-03-13 11:52:15.000000000 -0600
-+++ ./man/passwd.1 2006-08-20 18:29:58.000000000 -0500
-@@ -29,26 +29,17 @@
- .SH NAME
- passwd \- change user password
- .SH SYNOPSIS
--\fBpasswd\fR [\fB-f\fR|\fB-s\fR] [\fIname\fR]
--.br
--\fBpasswd\fR [\fB-g\fR] [\fB-r\fR|\fB-R\fR] \fIgroup\fR
-+\fBpasswd\fR [\fIname\fR]
- .br
- \fBpasswd\fR [\fB-x \fImax\fR] [\fB-n \fImin\fR]
- [\fB-w \fIwarn\fR] [\fB-i \fIinact\fR] \fIlogin\fR
- .br
- \fBpasswd\fR {\fB-l\fR|\fB-u\fR|\fB-d\fR|\fB-S\fR|\fB-e\fR} \fIlogin\fR
- .SH DESCRIPTION
--\fBpasswd\fR changes passwords for user and group accounts.
-+\fBpasswd\fR changes passwords for user accounts.
- A normal user may only change the password for his/her own account,
- the super user may change the password for any account.
--The administrator of a group may change the password for the group.
--\fBpasswd\fR also changes account information, such as the full name
--of the user, user's login shell, or password expiry date and interval.
--.PP
--The \fB-s\fR option makes passwd call chsh to change the user's shell. The
--\fB-f\fR option makes passwd call chfn to change the user's gecos
--information. These two options are only meant for compatiblity, since the
--other programs can be called directly.
-+.PP
- .SS Password Changes
- The user is first prompted for his/her old password, if one is present.
- This password is then encrypted and compared against the
-@@ -86,17 +77,6 @@
- against the first.
- Both entries are required to match in order for the password
- to be changed.
--.SS Group passwords
--When the \fB-g\fR option is used, the password for the named
--group is changed.
--The user must either be the super user, or a group administrator
--for the named group.
--The current group password is not prompted for.
--The \fB-r\fR option is used with the \fB-g\fR option to remove
--the current password from the named group.
--This allows group access to all members.
--The \fB-R\fR option is used with the \fB-g\fR option to restrict
--the named group for all users.
- .SS Password expiry information
- The password aging information may be changed by the super
- user with the \fB-x\fR, \fB-n\fR, \fB-w\fR, and \fB-i\fR options.
-@@ -191,6 +171,9 @@
- .br
- /etc/shadow \- encrypted user passwords
- .SH "SEE ALSO"
-+.BR chfn (1),
-+.BR chsh (1),
-+.BR gpasswd (1),
- .BR group (5),
- .BR passwd (5)
- .SH AUTHOR
---- ./src/passwd.c.orig 2002-01-05 09:41:43.000000000 -0600
-+++ ./src/passwd.c 2006-08-20 18:31:50.000000000 -0500
-@@ -955,6 +955,7 @@
- * Please run these programs directly. --marekm
- */
-
-+#ifdef I_LIKE_OBSOLETE_OPTIONS
- if (argc > 1 && argv[1][0] == '-' && strchr ("gfs", argv[1][1])) {
- char buf[200];
-
-@@ -980,6 +981,7 @@
- closelog ();
- exit (E_FAILURE);
- }
-+#endif
-
- /*
- * The remaining arguments will be processed one by one and executed
diff --git a/source/a/shadow/shadow.shadowconfig.diff b/source/a/shadow/shadow.shadowconfig.diff
deleted file mode 100644
index 7dc9286e..00000000
--- a/source/a/shadow/shadow.shadowconfig.diff
+++ /dev/null
@@ -1,49 +0,0 @@
---- ./debian/shadowconfig.sh.orig 2001-05-29 23:20:22.000000000 -0700
-+++ ./debian/shadowconfig.sh 2003-06-23 16:35:38.000000000 -0700
-@@ -1,23 +1,28 @@
- #!/bin/bash
--# turn shadow passwords on or off on a Debian system
-+#
-+# 'shadowconfig on' will turn shadow passwords on;
-+# 'shadowconfig off' will turn shadow passwords off.
-+#
-+# shadowconfig will print an error message and exit with
-+# a nonzero code if it finds anything awry. If that happens,
-+# you should correct the error and run it again.
-+#
-+# Turning shadow passwords on when they are already on, or
-+# off when they are already off, is harmless.
-+#
-+# Be aware that account expiration dates are only supported
-+# by shadow passwords -- these dates will be lost when converting
-+# from shadow to non-shadow passwords. If you need to save this
-+# information, back up your /etc/shadow before turning off
-+# shadow passwords.
-+#
-
--set -e
-
--permfix () {
-- [ -f $1 ] || return 0
-- chown root:shadow $1
-- chmod 2755 $1
--}
--export -f permfix
-+set -e
-
- shadowon () {
- bash<<- EOF
- set -e
--
-- permfix /usr/X11R6/bin/xlock
-- permfix /usr/X11R6/bin/xtrlock
-- permfix /bin/vlock
--
- pwck -q
- grpck
- pwconv
-@@ -65,3 +70,4 @@
- echo Usage: $0 on \| off
- ;;
- esac
-+
diff --git a/source/a/shadow/useradd b/source/a/shadow/useradd
new file mode 100644
index 00000000..f3205e49
--- /dev/null
+++ b/source/a/shadow/useradd
@@ -0,0 +1,8 @@
+# useradd defaults file
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=yes