diff options
Diffstat (limited to 'source/a')
| -rw-r--r-- | source/a/shadow/doinst.sh | 27 | ||||
| -rw-r--r-- | source/a/shadow/pam.d/chfn | 4 | ||||
| -rw-r--r-- | source/a/shadow/pam.d/chsh | 4 | ||||
| -rwxr-xr-x | source/a/shadow/shadow.SlackBuild | 2 | ||||
| -rw-r--r-- | source/a/util-linux/doinst.sh | 6 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/chfn | 6 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/chsh | 6 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/login (renamed from source/a/shadow/pam.d/login) | 0 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/runuser | 5 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/runuser-l | 4 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/su (renamed from source/a/shadow/pam.d/su) | 0 | ||||
| -rw-r--r-- | source/a/util-linux/pam.d/su-l (renamed from source/a/shadow/pam.d/su-l) | 0 | ||||
| -rwxr-xr-x | source/a/util-linux/util-linux.SlackBuild | 21 |
13 files changed, 63 insertions, 22 deletions
diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh index ce3e8116..98c8a92c 100644 --- a/source/a/shadow/doinst.sh +++ b/source/a/shadow/doinst.sh @@ -10,17 +10,20 @@ config() { # Otherwise, we leave the .new copy for the admin to consider... } -# First, check for PAM: -if [ -r etc/pam.d/login.new ]; then - # If there's an existing /etc/login.defs that contains an obsolete option - # intended for a non-pam system, rename it to back it up and allow the - # pam-enabled login.defs to be installed automatically: - if grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then - mv etc/login.defs etc/login.defs.non-pam.backup - fi -else # Same thing, but in reverse for a non-pam system: - if ! grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then - mv etc/login.defs etc/login.defs.pam.backup +# See if we need to backup an existing login.defs: +if [ -r etc/login.defs ]; then + # First, check for PAM: + if [ -r etc/pam.d/login.new ]; then + # If there's an existing /etc/login.defs that contains an obsolete option + # intended for a non-pam system, rename it to back it up and allow the + # pam-enabled login.defs to be installed automatically: + if grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then + mv etc/login.defs etc/login.defs.non-pam.backup + fi + else # Same thing, but in reverse for a non-pam system: + if ! grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then + mv etc/login.defs etc/login.defs.pam.backup + fi fi fi @@ -31,7 +34,7 @@ rm -f var/log/faillog.new if [ -r etc/login.access.new ]; then config etc/login.access.new fi -for configfile in chage.new chfn.new chgpasswd.new chpasswd.new chsh.new groupadd.new groupdel.new groupmems.new groupmod.new login.new newusers.new other.new passwd.new postlogin.new su-l.new su.new system-auth.new useradd.new userdel.new usermod.new ; do +for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new system-auth.new useradd.new userdel.new usermod.new ; do if [ -r etc/pam.d/$configfile ]; then config etc/pam.d/$configfile fi diff --git a/source/a/shadow/pam.d/chfn b/source/a/shadow/pam.d/chfn deleted file mode 100644 index 8f49f5cc..00000000 --- a/source/a/shadow/pam.d/chfn +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -account required pam_permit.so -password include system-auth diff --git a/source/a/shadow/pam.d/chsh b/source/a/shadow/pam.d/chsh deleted file mode 100644 index 8f49f5cc..00000000 --- a/source/a/shadow/pam.d/chsh +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -account required pam_permit.so -password include system-auth diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index bc22d5e8..1cd486be 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then diff --git a/source/a/util-linux/doinst.sh b/source/a/util-linux/doinst.sh index da24e743..8277c0e6 100644 --- a/source/a/util-linux/doinst.sh +++ b/source/a/util-linux/doinst.sh @@ -22,6 +22,12 @@ config etc/rc.d/rc.serial.new config etc/rc.d/rc.setterm.new config etc/serial.conf.new +for configfile in chfn.new chsh.new login.new runuser.new runuser-l.new su.new su-l.new ; do + if [ -r etc/pam.d/$configfile ]; then + config etc/pam.d/$configfile + fi +done + if [ -r etc/default/su.new ]; then config etc/default/su.new fi diff --git a/source/a/util-linux/pam.d/chfn b/source/a/util-linux/pam.d/chfn new file mode 100644 index 00000000..2dbc0aaf --- /dev/null +++ b/source/a/util-linux/pam.d/chfn @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/util-linux/pam.d/chsh b/source/a/util-linux/pam.d/chsh new file mode 100644 index 00000000..2dbc0aaf --- /dev/null +++ b/source/a/util-linux/pam.d/chsh @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth diff --git a/source/a/shadow/pam.d/login b/source/a/util-linux/pam.d/login index eb312199..eb312199 100644 --- a/source/a/shadow/pam.d/login +++ b/source/a/util-linux/pam.d/login diff --git a/source/a/util-linux/pam.d/runuser b/source/a/util-linux/pam.d/runuser new file mode 100644 index 00000000..37f0e84e --- /dev/null +++ b/source/a/util-linux/pam.d/runuser @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/source/a/util-linux/pam.d/runuser-l b/source/a/util-linux/pam.d/runuser-l new file mode 100644 index 00000000..fa1e4d83 --- /dev/null +++ b/source/a/util-linux/pam.d/runuser-l @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/source/a/shadow/pam.d/su b/source/a/util-linux/pam.d/su index c7c81487..c7c81487 100644 --- a/source/a/shadow/pam.d/su +++ b/source/a/util-linux/pam.d/su diff --git a/source/a/shadow/pam.d/su-l b/source/a/util-linux/pam.d/su-l index 656a139a..656a139a 100644 --- a/source/a/shadow/pam.d/su-l +++ b/source/a/util-linux/pam.d/su-l diff --git a/source/a/util-linux/util-linux.SlackBuild b/source/a/util-linux/util-linux.SlackBuild index 1d101d46..2f0688be 100755 --- a/source/a/util-linux/util-linux.SlackBuild +++ b/source/a/util-linux/util-linux.SlackBuild @@ -26,7 +26,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=util-linux VERSION=${VERSION:-$(echo util-linux*.tar.xz | cut -d - -f 3 | rev | cut -f 3- -d . | rev)} -BUILD=${BUILD:-2} +BUILD=${BUILD:-3} ADJTIMEXVERS=1.29 SETSERIALVERS=2.17 @@ -90,6 +90,17 @@ if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then cp -a $CWD/su.default $PKG/etc/default/su.new chown root:root $PKG/etc/default/su.new chmod 644 $PKG/etc/default/su.new + # Add /etc/pam.d config files: + rm -rf $PKG/etc/pam.d + mkdir -p $PKG/etc/pam.d + for file in $CWD/pam.d/* ; do + cp -a ${file} $PKG/etc/pam.d/ + done + # Ensure correct perms/ownership on files in /etc/pam.d/: + chown root:root $PKG/etc/pam.d/* + chmod 644 $PKG/etc/pam.d/* + # Don't clobber existing config files: + find $PKG/etc/pam.d -type f -exec mv {} {}.new \; else LOGIN_OPTIONS="--disable-login" fi @@ -150,6 +161,14 @@ CFLAGS="$SLKCFLAGS" \ make $NUMJOBS || make || exit 1 make install $NUMJOBS DESTDIR=$PKG || exit 1 +# These need to be setuid root to work properly (only built for PAM): +if [ -r $PKG/usr/bin/chfn ]; then + chmod 4711 $PKG/usr/bin/chfn +fi +if [ -r $PKG/usr/bin/chsh ]; then + chmod 4711 $PKG/usr/bin/chsh +fi + # Build python3 bindings for libmount: make clean CFLAGS="$SLKCFLAGS" \ |