shadow:

update binary path to /usr/bin
refs #961

5 files changed, 45 insertions, 426 deletions

diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD
index 971b59a..0ca6f54 100644
--- a/abs/core/shadow/PKGBUILD
+++ b/abs/core/shadow/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 162993 2012-07-04 21:45:24Z dreisner $
+# $Id: PKGBUILD 197840 2013-10-30 11:06:53Z allan $
 # Maintainer: Dave Reisner <dreisner@archlinux.org>
 # Maintainer: Aaron Griffin <aaron@archlinux.org>
 
 pkgname=shadow
 pkgver=4.1.5.1
-pkgrel=1
+pkgrel=7
 pkgdesc="Password and account management tool suite with support for shadow files and PAM"
 arch=('i686' 'x86_64')
 url='http://pkg-shadow.alioth.debian.org/'
@@ -16,11 +16,10 @@ backup=(etc/login.defs
         etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
         etc/pam.d/{chgpasswd,groupmems}
         etc/default/useradd)
-options=('!libtool')
+options=(strip debug)
 install='shadow.install'
 source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
         LICENSE
-        adduser
         chgpasswd
         chpasswd
         defaults.pam
@@ -30,21 +29,22 @@ source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{
         shadow.cron.daily
         useradd.defaults
         xstrdup.patch
-        shadow-strncpy-usage.patch)
+        shadow-strncpy-usage.patch
+        lastlog.tmpfiles)
 sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30'
-          '126570e2939bf3b57f28df5197ab9309747a6b5c'
+          'SKIP'
           '33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
-          '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
           '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
           '12427b1ca92a9b85ca8202239f0d9f50198b818f'
           '0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
-          'e5cab2118ecb1e61874cde842d7d04d1003f35cb'
+          'e92045fb75e0c21a3f294a00de0bd2cd252e9463'
           '12427b1ca92a9b85ca8202239f0d9f50198b818f'
           '611be25d91c3f8f307c7fe2485d5f781e5dee75f'
-          '5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
+          '98f4919014b1a9eb9f01ca7731e04b1d973cedd5'
           '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
           '6010fffeed1fc6673ad9875492e1193b1a847b53'
-          '21e12966a6befb25ec123b403cd9b5c492fe5b16')
+          '21e12966a6befb25ec123b403cd9b5c492fe5b16'
+          'f57ecde3f72b4738fad75c097d19cf46a412350f')
 
 build() {
   cd "$pkgname-$pkgver"
@@ -53,7 +53,7 @@ build() {
   sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
 
   # link to glibc's crypt(3)
-  LDFLAGS+=" -lcrypt"
+  export LIBS="-lcrypt"
 
   # need to offer these upstream
   patch -Np1 <"$srcdir/xstrdup.patch"
@@ -64,11 +64,14 @@ build() {
 
   ./configure \
     --prefix=/usr \
+    --bindir=/usr/bin \
+    --sbindir=/usr/bin \
     --libdir=/lib \
     --mandir=/usr/share/man \
     --sysconfdir=/etc \
     --with-libpam \
-    --without-selinux
+    --without-selinux \
+    --with-group-name-max-length=32
 
   make
 }
@@ -81,9 +84,6 @@ package() {
   # license
   install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
 
-  # interactive useradd
-  install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser"
-
   # useradd defaults
   install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
 
@@ -106,10 +106,15 @@ package() {
     install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file"
   done
 
+  # lastlog log file creation
+  install -Dm644 "$srcdir/lastlog.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/lastlog.conf"
+
+  # Remove evil/broken tools
+  rm "$pkgdir"/usr/sbin/logoutd
+
   # Remove utilities provided by util-linux
   rm \
-      "$pkgdir"/usr/bin/{chsh,chfn,sg} \
-      "$pkgdir"/bin/{login,su} \
+      "$pkgdir"/usr/bin/{login,su,chsh,chfn,sg,nologin} \
       "$pkgdir"/usr/sbin/{vipw,vigr}
 
   # but we keep newgrp, as sg is really an alias to it
@@ -117,15 +122,21 @@ package() {
 
   # ...and their many man pages
   find "$pkgdir"/usr/share/man \
-      '(' -name 'chsh.1'  -o \
-          -name 'chfn.1'  -o \
-          -name 'su.1'    -o \
-          -name 'login.1' -o \
-          -name 'vipw.8'  -o \
-          -name 'vigr.8'  -o \
+      '(' -name 'chsh.1'    -o \
+          -name 'chfn.1'    -o \
+          -name 'su.1'      -o \
+          -name 'logoutd.8' -o \
+          -name 'login.1'   -o \
+          -name 'nologin.8' -o \
+          -name 'vipw.8'    -o \
+          -name 'vigr.8'    -o \
           -name 'newgrp.1' ')' \
       -delete
   rmdir \
       "$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \
       "$pkgdir"/usr/share/man/{fi,ko/man8}
+
+  # move everything else to /usr/bin, because this isn't handled by ./configure
+  mv "$pkgdir"/usr/sbin/* "$pkgdir"/usr/bin
+  rmdir "$pkgdir/usr/sbin"
 }
diff --git a/abs/core/shadow/adduser b/abs/core/shadow/adduser
deleted file mode 100644
index a5d7fd4..0000000
--- a/abs/core/shadow/adduser
+++ /dev/null
@@ -1,399 +0,0 @@
-#!/bin/bash
-#
-# Copyright 1995  Hrvoje Dogan, Croatia.
-# Copyright 2002, 2003, 2004  Stuart Winter, West Midlands, England, UK.
-# Copyright 2004  Slackware Linux, Inc., Concord, CA, USA
-# All rights reserved.
-#
-# Redistribution and use of this script, with or without modification, is
-# permitted provided that the following conditions are met:
-#
-# 1. Redistributions of this script must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-#  THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
-#  WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-#  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO
-#  EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-#  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-#  PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-#  OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-#  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-#  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-#  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-##########################################################################
-# Program: /usr/sbin/adduser
-# Purpose: Interactive front end to /usr/sbin/useradd for Slackware Linux
-# Author : Stuart Winter <stuart@polplex.co.uk>
-#          Based on the original Slackware adduser by Hrvoje Dogan
-#          with modifications by Patrick Volkerding
-# Version: 1.09
-##########################################################################
-# Usage..: adduser [<new_user_name>]
-##########################################################################
-# History #
-###########
-# v1.09 - 07/06/04 
-#       * Added standard Slackware script licence to the head of this file.
-# v1.08 - 25/04/04
-#       * Disallow user names that begin with a numeric because useradd 
-#         (from shadow v4.03) does not allow them. <sw>
-# v1.07 - 07/03/03
-#       * When supplying a null string for the uid (meaning 'Choose next available'), 
-#         if there were file names in the range 'a-z' in the pwd then the 
-#         egrep command considered these files rather than the null string. 
-#         The egrep expression is now in quotes.  
-#         Reported & fixed by Vadim O. Ustiansky <sw>
-# v1.06 - 31/03/03
-#       * Ask to chown user.group the home directory if it already exists.
-#         This helps reduce later confusion when adding users whose home dir
-#         already exists (mounted partition for example) and is owned
-#         by a user other than the user to which the directory is being
-#         assigned as home.  Default is not to chown.
-#         Brought to my attention by mRgOBLIN. <sw>
-# v1.05 - 04/01/03
-#       * Advise & prevent users from creating logins with '.' characters
-#         in the user name. <sw>
-#       * Made pending account creation info look neater <sw>
-# v1.04 - 09/06/02
-#       * Catered for shadow-4.0.3's 'useradd' binary that no longer
-#         will let you create a user that has any uppercase chars in it
-#         This was reported on the userlocal.org forums
-#         by 'xcp' - thanks. <sw,pjv>
-# v1.03 - 20/05/02
-#       * Support 'broken' (null lines in) /etc/passwd and 
-#         /etc/group files <sw>       
-#       * For recycling UIDs (default still 'off'), we now look in 
-#         /etc/login.defs for the UID_MIN value and use it
-#         If not found then default to 1000 <sw>
-# v1.02 - 10/04/02
-#       * Fix user-specified UID bug. <pjv>
-# v1.01 - 23/03/02
-#       * Match Slackware indenting style, simplify. <pjv>
-# v1.00 - 22/03/02
-#       * Created
-#######################################################################
-
-# Path to files
-pfile=/etc/passwd
-gfile=/etc/group
-sfile=/etc/shells
-
-# Paths to binaries
-useradd=/usr/sbin/useradd
-chfn=/usr/bin/chfn
-passwd=/usr/bin/passwd
-
-# Defaults
-defhome=/home
-defshell=/bin/bash
-defgroup=users
-
-# Determine what the minimum UID is (for UID recycling)
-# (we ignore it if it's not at the beginning of the line (i.e. commented out with #))
-export recycleUIDMIN="$(grep ^UID_MIN /etc/login.defs | awk '{print $2}' 2>/dev/null)"
-# If we couldn't find it, set it to the default of 1000
-if [ -z "$recycleUIDMIN" ]; then
-   export recycleUIDMIN=1000  # this is the default from Slackware's /etc/login.defs
-fi
-
-
-# This setting enables the 'recycling' of older unused UIDs.
-# When you userdel a user, it removes it from passwd and shadow but it will
-# never get used again unless you specify it expliticly -- useradd (appears to) just
-# look at the last line in passwd and increment the uid.  I like the idea of 
-# recycling uids but you may have very good reasons not to (old forgotten
-# confidential files still on the system could then be owned by this new user).
-# We'll set this to no because this is what the original adduser shell script
-# did and it's what users expect.
-recycleuids=no
-
-# Function to read keyboard input.
-# bash1 is broken (even ash will take read -ep!), so we work around
-# it (even though bash1 is no longer supported on Slackware).
-function get_input() { 
-  local output
-  if [ "`echo $BASH_VERSION | cut -b1`" = "1" ]; then
-    echo -n "${1} " >&2 # fudge for use with bash v1
-    read output
-  else # this should work with any other /bin/sh
-    read -ep "${1} " output
-  fi
-  echo $output
-}
-
-# Function to display the account info
-function display () {
-  local goose
-  goose="$(echo $2 | cut -d ' ' -f 2-)"  # lop off the prefixed argument useradd needs
-  echo -n "$1 "
-  # If it's null then display the 'other' information
-  if [ -z "$goose" -a ! -z "$3" ]; then 
-    echo "$3" 
-  else 
-    echo "$goose" 
-  fi
-}
-
-# Function to check whether groups exist in the /etc/group file
-function check_group () {
-  local got_error group
-  if [ ! -z "$@" ]; then  
-  for group in $@ ; do
-    local uid_not_named="" uid_not_num=""
-    grep -v "$^" $gfile | awk -F: '{print $1}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_named=yes  
-    grep -v "$^" $gfile | awk -F: '{print $3}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_num=yes
-    if [ ! -z "$uid_not_named" -a ! -z "$uid_not_num" ]; then
-      echo "- Group '$group' does not exist"
-      got_error=yes
-    fi
-  done
-  fi
-  # Return exit code of 1 if at least one of the groups didn't exist
-  if [ ! -z "$got_error" ]; then
-    return 1
-  fi
-}   
-
-#: Read the login name for the new user :#
-#
-# Remember that most Mail Transfer Agents are case independant, so having
-# 'uSer' and 'user' may cause confusion/things to break.  Because of this,
-# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase,
-# and we must reject them, too.
-
-# Set the login variable to the command line param
-echo
-LOGIN="$1"
-needinput=yes
-while [ ! -z $needinput ]; do
-  if [ -z "$LOGIN" ]; then 
-    while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done
-  fi
-  grep "^${LOGIN}:" $pfile >/dev/null 2>&1  # ensure it's not already used
-  if [ $? -eq 0 ]; then
-    echo "- User '$LOGIN' already exists; please choose another"
-    unset LOGIN
-  elif [ ! -z "$( echo $LOGIN | grep "^[0-9]" )" ]; then
-    echo "- User names cannot begin with a number; please choose another"
-    unset LOGIN
-  elif [ ! "$LOGIN" = "`echo $LOGIN | tr A-Z a-z`" ]; then # useradd does not allow uppercase
-    echo "- User '$LOGIN' contains illegal characters (uppercase); please choose another"
-    unset LOGIN
-  elif [ ! -z "$( echo $LOGIN | grep '\.' )" ]; then
-    echo "- User '$LOGIN' contains illegal characters (period/dot); please choose another"
-    unset LOGIN
-  else
-    unset needinput
-  fi
-done
-
-# Display the user name passed from the shell if it hasn't changed
-if [ "$1" = "$LOGIN" ]; then
-  echo "Login name for new user: $LOGIN"
-fi
-
-#: Get the UID for the user & ensure it's not already in use :#
-#
-# Whilst we _can_ allow users with identical UIDs, it's not a 'good thing' because
-# when you change password for the uid, it finds the first match in /etc/passwd 
-# which isn't necessarily the correct user
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  _UID="$(get_input "User ID ('UID') [ defaults to next available ]:")"
-  grep -v "^$" $pfile | awk -F: '{print $3}' | grep "^${_UID}$" >/dev/null 2>&1
-  if [ $? -eq 0 ]; then
-    echo "- That UID is already in use; please choose another"
-  elif [ ! -z "$(echo $_UID | egrep '[A-Za-z]')" ]; then
-    echo "- UIDs are numerics only"         
-  else
-    unset needinput
-  fi
-done
-# If we were given a UID, then syntax up the variable to pass to useradd
-if [ ! -z "$_UID" ]; then 
-  U_ID="-u ${_UID}"
-else
-  # Will we be recycling UIDs?
-  if [ "$recycleuids" = "yes" ]; then
-    U_ID="-u $(awk -F: '{uid[$3]=1} END { for (i=ENVIRON["recycleUIDMIN"];i in uid;i++);print i}' $pfile)"
-  fi   
-fi
-
-#: Get the initial group for the user & ensure it exists :#
-#
-# We check /etc/group for both the text version and the group ID number 
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  GID="$(get_input "Initial group [ ${defgroup} ]:")"
-  check_group "$GID"
-  if [ $? -gt 0 ]; then
-    echo "- Please choose another"
-  else
-    unset needinput 
-  fi
-done
-# Syntax the variable ready for useradd
-if [ -z "$GID" ]; then
-  GID="-g ${defgroup}"
-else
-  GID="-g ${GID}"
-fi
-
-#: Get additional groups for the user :#
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  AGID="$(get_input "Additional groups (comma separated) []:")"
-  AGID="$(echo "$AGID" | tr -d ' ' | tr , ' ')" # fix up for parsing 
-  if [ ! -z "$AGID" ]; then
-    check_group "$AGID"  # check all groups at once (treated as N # of params)
-    if [ $? -gt 0 ]; then
-      echo "- Please re-enter the group(s)"
-    else
-      unset needinput # we found all groups specified
-      AGID="-G $(echo "$AGID" | tr ' ' ,)"
-    fi
-  else
-    unset needinput   # we don't *have* to have additional groups
-  fi
-done
-
-#: Get the new user's home dir :#
-#       
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  HME="$(get_input "Home directory [ ${defhome}/${LOGIN} ]")"
-  if [ -z "$HME" ]; then
-    HME="${defhome}/${LOGIN}"
-  fi 
-  # Warn the user if the home dir already exists
-  if [ -d "$HME" ]; then
-    echo "- Warning: '$HME' already exists !"
-    getyn="$(get_input "  Do you wish to change the home directory path ? (Y/n) ")"
-    if [ "$(echo $getyn | grep -i "n")" ]; then
-      unset needinput
-      # You're most likely going to only do this if you have the dir *mounted* for this user's $HOME
-      getyn="$(get_input "  Do you want to chown $LOGIN.$( echo $GID | awk '{print $2}') $HME ? (y/N) ")"
-      if [ "$(echo $getyn | grep -i "y")" ]; then
-         CHOWNHOMEDIR=$HME # set this to the home directory
-      fi
-    fi
-  else
-    unset needinput
-  fi
-done           
-HME="-d ${HME}"  
-    
-#: Get the new user's shell :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  unset got_error
-  SHL="$(get_input "Shell [ ${defshell} ]")"
-  if [ -z "$SHL" ]; then
-    SHL="${defshell}"
-  fi 
-  # Warn the user if the shell doesn't exist in /etc/shells or as a file
-  if [ -z "$(grep "^${SHL}$" $sfile)" ]; then
-    echo "- Warning: ${SHL} is not in ${sfile} (potential problem using FTP)"
-    got_error=yes
-  fi
-  if [ ! -f "$SHL" ]; then
-    echo "- Warning: ${SHL} does not exist as a file"
-    got_error=yes
-  fi
-  if [ ! -z "$got_error" ]; then
-    getyn="$(get_input "  Do you wish to change the shell ? (Y/n) ")"
-    if [ "$(echo $getyn | grep -i "n")" ]; then
-      unset needinput
-    fi
-  else
-    unset needinput
-  fi
-done           
-SHL="-s ${SHL}"
-
-#: Get the expiry date :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
-  EXP="$(get_input "Expiry date (YYYY-MM-DD) []:")"
-  if [ ! -z "$EXP" ]; then
-    # Check to see whether the expiry date is in the valid format
-    if [ -z "$(echo "$EXP" | grep "^[[:digit:]]\{4\}[-]\?[[:digit:]]\{2\}[-]\?[[:digit:]]\{2\}$")" ]; then
-      echo "- That is not a valid expiration date"
-    else
-      unset needinput 
-      EXP="-e ${EXP}" 
-    fi
-  else
-    unset needinput
-  fi
-done
-
-# Display the info about the new impending account
-echo
-echo "New account will be created as follows:"
-echo
-echo "---------------------------------------"
-display "Login name.......: " "$LOGIN"
-display "UID..............: " "$_UID" "[ Next available ]"
-display "Initial group....: " "$GID"
-display "Additional groups: " "$AGID" "[ None ]"
-display "Home directory...: " "$HME"
-display "Shell............: " "$SHL"
-display "Expiry date......: " "$EXP" "[ Never ]"
-echo
-
-echo "This is it... if you want to bail out, hit Control-C.  Otherwise, press"
-echo "ENTER to go ahead and make the account."
-read junk
-
-echo
-echo "Creating new account..."
-echo
-echo
-
-# Add the account to the system
-CMD="$useradd "$HME" -m "$EXP" "$U_ID" "$GID" "$AGID" "$SHL" "$LOGIN""
-$CMD
-
-if [ $? -gt 0 ]; then
-  echo "- Error running useradd command -- account not created!"
-  echo "(cmd: $CMD)"
-  exit 1
-fi
-
-# chown the home dir ?  We can only do this once the useradd has
-# completed otherwise the user name doesn't exist.
-if [ ! -z "${CHOWNHOMEDIR}" ]; then
-  chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}"
-fi
-
-# Set the finger information
-$chfn "$LOGIN"
-if [ $? -gt 0 ]; then
-  echo "- Warning: an error occurred while setting finger information"
-fi
-
-# Set a password
-$passwd "$LOGIN"
-if [ $? -gt 0 ]; then
-  echo "* WARNING: An error occured while setting the password for"
-  echo "           this account.  Please manually investigate this *"
-  exit 1
-fi
-
-echo
-echo
-echo "Account setup complete."
-exit 0
-
diff --git a/abs/core/shadow/lastlog.tmpfiles b/abs/core/shadow/lastlog.tmpfiles
new file mode 100644
index 0000000..9c07b39
--- /dev/null
+++ b/abs/core/shadow/lastlog.tmpfiles
@@ -0,0 +1 @@
+f /var/log/lastlog 0644 root root
diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs
index 2500ee4..5913671 100644
--- a/abs/core/shadow/login.defs
+++ b/abs/core/shadow/login.defs
@@ -81,8 +81,8 @@ HUSHLOGIN_FILE	.hushlogin
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH	PATH=/bin:/usr/bin
+ENV_SUPATH	PATH=/usr/bin
+ENV_PATH	PATH=/usr/bin
 
 #
 # Terminal permissions
@@ -195,3 +195,9 @@ DEFAULT_HOME	yes
 #
 USERGROUPS_ENAB yes
 
+#
+# Controls display of the motd file. This is better handled by pam_motd.so
+# so the declaration here is empty is suppress display by readers of this
+# file.
+#
+MOTD_FILE
diff --git a/abs/core/shadow/shadow.cron.daily b/abs/core/shadow/shadow.cron.daily
index 1931a79..1373ecd 100755
--- a/abs/core/shadow/shadow.cron.daily
+++ b/abs/core/shadow/shadow.cron.daily
@@ -1,6 +1,6 @@
 #!/bin/sh
 
 # Verify integrity of password and group files
-/usr/sbin/pwck -r
-/usr/sbin/grpck -r
+/usr/bin/pwck -r
+/usr/bin/grpck -r