summaryrefslogtreecommitdiffstats
path: root/abs/core/shadow
diff options
context:
space:
mode:
Diffstat (limited to 'abs/core/shadow')
-rw-r--r--abs/core/shadow/PKGBUILD57
-rw-r--r--abs/core/shadow/adduser399
-rw-r--r--abs/core/shadow/lastlog.tmpfiles1
-rw-r--r--abs/core/shadow/login.defs10
-rwxr-xr-xabs/core/shadow/shadow.cron.daily4
5 files changed, 45 insertions, 426 deletions
diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD
index 971b59a..0ca6f54 100644
--- a/abs/core/shadow/PKGBUILD
+++ b/abs/core/shadow/PKGBUILD
@@ -1,10 +1,10 @@
-# $Id: PKGBUILD 162993 2012-07-04 21:45:24Z dreisner $
+# $Id: PKGBUILD 197840 2013-10-30 11:06:53Z allan $
# Maintainer: Dave Reisner <dreisner@archlinux.org>
# Maintainer: Aaron Griffin <aaron@archlinux.org>
pkgname=shadow
pkgver=4.1.5.1
-pkgrel=1
+pkgrel=7
pkgdesc="Password and account management tool suite with support for shadow files and PAM"
arch=('i686' 'x86_64')
url='http://pkg-shadow.alioth.debian.org/'
@@ -16,11 +16,10 @@ backup=(etc/login.defs
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
etc/pam.d/{chgpasswd,groupmems}
etc/default/useradd)
-options=('!libtool')
+options=(strip debug)
install='shadow.install'
source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig}
LICENSE
- adduser
chgpasswd
chpasswd
defaults.pam
@@ -30,21 +29,22 @@ source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{
shadow.cron.daily
useradd.defaults
xstrdup.patch
- shadow-strncpy-usage.patch)
+ shadow-strncpy-usage.patch
+ lastlog.tmpfiles)
sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30'
- '126570e2939bf3b57f28df5197ab9309747a6b5c'
+ 'SKIP'
'33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
- '78ec184a499f9708adcfcf0b7a3b22a60bf39f91'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
- 'e5cab2118ecb1e61874cde842d7d04d1003f35cb'
+ 'e92045fb75e0c21a3f294a00de0bd2cd252e9463'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
- '5d83ba7e11c765c951867cbe00b0ae7ff57148fa'
+ '98f4919014b1a9eb9f01ca7731e04b1d973cedd5'
'9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19'
'6010fffeed1fc6673ad9875492e1193b1a847b53'
- '21e12966a6befb25ec123b403cd9b5c492fe5b16')
+ '21e12966a6befb25ec123b403cd9b5c492fe5b16'
+ 'f57ecde3f72b4738fad75c097d19cf46a412350f')
build() {
cd "$pkgname-$pkgver"
@@ -53,7 +53,7 @@ build() {
sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am
# link to glibc's crypt(3)
- LDFLAGS+=" -lcrypt"
+ export LIBS="-lcrypt"
# need to offer these upstream
patch -Np1 <"$srcdir/xstrdup.patch"
@@ -64,11 +64,14 @@ build() {
./configure \
--prefix=/usr \
+ --bindir=/usr/bin \
+ --sbindir=/usr/bin \
--libdir=/lib \
--mandir=/usr/share/man \
--sysconfdir=/etc \
--with-libpam \
- --without-selinux
+ --without-selinux \
+ --with-group-name-max-length=32
make
}
@@ -81,9 +84,6 @@ package() {
# license
install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE"
- # interactive useradd
- install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser"
-
# useradd defaults
install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd"
@@ -106,10 +106,15 @@ package() {
install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file"
done
+ # lastlog log file creation
+ install -Dm644 "$srcdir/lastlog.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/lastlog.conf"
+
+ # Remove evil/broken tools
+ rm "$pkgdir"/usr/sbin/logoutd
+
# Remove utilities provided by util-linux
rm \
- "$pkgdir"/usr/bin/{chsh,chfn,sg} \
- "$pkgdir"/bin/{login,su} \
+ "$pkgdir"/usr/bin/{login,su,chsh,chfn,sg,nologin} \
"$pkgdir"/usr/sbin/{vipw,vigr}
# but we keep newgrp, as sg is really an alias to it
@@ -117,15 +122,21 @@ package() {
# ...and their many man pages
find "$pkgdir"/usr/share/man \
- '(' -name 'chsh.1' -o \
- -name 'chfn.1' -o \
- -name 'su.1' -o \
- -name 'login.1' -o \
- -name 'vipw.8' -o \
- -name 'vigr.8' -o \
+ '(' -name 'chsh.1' -o \
+ -name 'chfn.1' -o \
+ -name 'su.1' -o \
+ -name 'logoutd.8' -o \
+ -name 'login.1' -o \
+ -name 'nologin.8' -o \
+ -name 'vipw.8' -o \
+ -name 'vigr.8' -o \
-name 'newgrp.1' ')' \
-delete
rmdir \
"$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \
"$pkgdir"/usr/share/man/{fi,ko/man8}
+
+ # move everything else to /usr/bin, because this isn't handled by ./configure
+ mv "$pkgdir"/usr/sbin/* "$pkgdir"/usr/bin
+ rmdir "$pkgdir/usr/sbin"
}
diff --git a/abs/core/shadow/adduser b/abs/core/shadow/adduser
deleted file mode 100644
index a5d7fd4..0000000
--- a/abs/core/shadow/adduser
+++ /dev/null
@@ -1,399 +0,0 @@
-#!/bin/bash
-#
-# Copyright 1995 Hrvoje Dogan, Croatia.
-# Copyright 2002, 2003, 2004 Stuart Winter, West Midlands, England, UK.
-# Copyright 2004 Slackware Linux, Inc., Concord, CA, USA
-# All rights reserved.
-#
-# Redistribution and use of this script, with or without modification, is
-# permitted provided that the following conditions are met:
-#
-# 1. Redistributions of this script must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
-# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-##########################################################################
-# Program: /usr/sbin/adduser
-# Purpose: Interactive front end to /usr/sbin/useradd for Slackware Linux
-# Author : Stuart Winter <stuart@polplex.co.uk>
-# Based on the original Slackware adduser by Hrvoje Dogan
-# with modifications by Patrick Volkerding
-# Version: 1.09
-##########################################################################
-# Usage..: adduser [<new_user_name>]
-##########################################################################
-# History #
-###########
-# v1.09 - 07/06/04
-# * Added standard Slackware script licence to the head of this file.
-# v1.08 - 25/04/04
-# * Disallow user names that begin with a numeric because useradd
-# (from shadow v4.03) does not allow them. <sw>
-# v1.07 - 07/03/03
-# * When supplying a null string for the uid (meaning 'Choose next available'),
-# if there were file names in the range 'a-z' in the pwd then the
-# egrep command considered these files rather than the null string.
-# The egrep expression is now in quotes.
-# Reported & fixed by Vadim O. Ustiansky <sw>
-# v1.06 - 31/03/03
-# * Ask to chown user.group the home directory if it already exists.
-# This helps reduce later confusion when adding users whose home dir
-# already exists (mounted partition for example) and is owned
-# by a user other than the user to which the directory is being
-# assigned as home. Default is not to chown.
-# Brought to my attention by mRgOBLIN. <sw>
-# v1.05 - 04/01/03
-# * Advise & prevent users from creating logins with '.' characters
-# in the user name. <sw>
-# * Made pending account creation info look neater <sw>
-# v1.04 - 09/06/02
-# * Catered for shadow-4.0.3's 'useradd' binary that no longer
-# will let you create a user that has any uppercase chars in it
-# This was reported on the userlocal.org forums
-# by 'xcp' - thanks. <sw,pjv>
-# v1.03 - 20/05/02
-# * Support 'broken' (null lines in) /etc/passwd and
-# /etc/group files <sw>
-# * For recycling UIDs (default still 'off'), we now look in
-# /etc/login.defs for the UID_MIN value and use it
-# If not found then default to 1000 <sw>
-# v1.02 - 10/04/02
-# * Fix user-specified UID bug. <pjv>
-# v1.01 - 23/03/02
-# * Match Slackware indenting style, simplify. <pjv>
-# v1.00 - 22/03/02
-# * Created
-#######################################################################
-
-# Path to files
-pfile=/etc/passwd
-gfile=/etc/group
-sfile=/etc/shells
-
-# Paths to binaries
-useradd=/usr/sbin/useradd
-chfn=/usr/bin/chfn
-passwd=/usr/bin/passwd
-
-# Defaults
-defhome=/home
-defshell=/bin/bash
-defgroup=users
-
-# Determine what the minimum UID is (for UID recycling)
-# (we ignore it if it's not at the beginning of the line (i.e. commented out with #))
-export recycleUIDMIN="$(grep ^UID_MIN /etc/login.defs | awk '{print $2}' 2>/dev/null)"
-# If we couldn't find it, set it to the default of 1000
-if [ -z "$recycleUIDMIN" ]; then
- export recycleUIDMIN=1000 # this is the default from Slackware's /etc/login.defs
-fi
-
-
-# This setting enables the 'recycling' of older unused UIDs.
-# When you userdel a user, it removes it from passwd and shadow but it will
-# never get used again unless you specify it expliticly -- useradd (appears to) just
-# look at the last line in passwd and increment the uid. I like the idea of
-# recycling uids but you may have very good reasons not to (old forgotten
-# confidential files still on the system could then be owned by this new user).
-# We'll set this to no because this is what the original adduser shell script
-# did and it's what users expect.
-recycleuids=no
-
-# Function to read keyboard input.
-# bash1 is broken (even ash will take read -ep!), so we work around
-# it (even though bash1 is no longer supported on Slackware).
-function get_input() {
- local output
- if [ "`echo $BASH_VERSION | cut -b1`" = "1" ]; then
- echo -n "${1} " >&2 # fudge for use with bash v1
- read output
- else # this should work with any other /bin/sh
- read -ep "${1} " output
- fi
- echo $output
-}
-
-# Function to display the account info
-function display () {
- local goose
- goose="$(echo $2 | cut -d ' ' -f 2-)" # lop off the prefixed argument useradd needs
- echo -n "$1 "
- # If it's null then display the 'other' information
- if [ -z "$goose" -a ! -z "$3" ]; then
- echo "$3"
- else
- echo "$goose"
- fi
-}
-
-# Function to check whether groups exist in the /etc/group file
-function check_group () {
- local got_error group
- if [ ! -z "$@" ]; then
- for group in $@ ; do
- local uid_not_named="" uid_not_num=""
- grep -v "$^" $gfile | awk -F: '{print $1}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_named=yes
- grep -v "$^" $gfile | awk -F: '{print $3}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_num=yes
- if [ ! -z "$uid_not_named" -a ! -z "$uid_not_num" ]; then
- echo "- Group '$group' does not exist"
- got_error=yes
- fi
- done
- fi
- # Return exit code of 1 if at least one of the groups didn't exist
- if [ ! -z "$got_error" ]; then
- return 1
- fi
-}
-
-#: Read the login name for the new user :#
-#
-# Remember that most Mail Transfer Agents are case independant, so having
-# 'uSer' and 'user' may cause confusion/things to break. Because of this,
-# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase,
-# and we must reject them, too.
-
-# Set the login variable to the command line param
-echo
-LOGIN="$1"
-needinput=yes
-while [ ! -z $needinput ]; do
- if [ -z "$LOGIN" ]; then
- while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done
- fi
- grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used
- if [ $? -eq 0 ]; then
- echo "- User '$LOGIN' already exists; please choose another"
- unset LOGIN
- elif [ ! -z "$( echo $LOGIN | grep "^[0-9]" )" ]; then
- echo "- User names cannot begin with a number; please choose another"
- unset LOGIN
- elif [ ! "$LOGIN" = "`echo $LOGIN | tr A-Z a-z`" ]; then # useradd does not allow uppercase
- echo "- User '$LOGIN' contains illegal characters (uppercase); please choose another"
- unset LOGIN
- elif [ ! -z "$( echo $LOGIN | grep '\.' )" ]; then
- echo "- User '$LOGIN' contains illegal characters (period/dot); please choose another"
- unset LOGIN
- else
- unset needinput
- fi
-done
-
-# Display the user name passed from the shell if it hasn't changed
-if [ "$1" = "$LOGIN" ]; then
- echo "Login name for new user: $LOGIN"
-fi
-
-#: Get the UID for the user & ensure it's not already in use :#
-#
-# Whilst we _can_ allow users with identical UIDs, it's not a 'good thing' because
-# when you change password for the uid, it finds the first match in /etc/passwd
-# which isn't necessarily the correct user
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- _UID="$(get_input "User ID ('UID') [ defaults to next available ]:")"
- grep -v "^$" $pfile | awk -F: '{print $3}' | grep "^${_UID}$" >/dev/null 2>&1
- if [ $? -eq 0 ]; then
- echo "- That UID is already in use; please choose another"
- elif [ ! -z "$(echo $_UID | egrep '[A-Za-z]')" ]; then
- echo "- UIDs are numerics only"
- else
- unset needinput
- fi
-done
-# If we were given a UID, then syntax up the variable to pass to useradd
-if [ ! -z "$_UID" ]; then
- U_ID="-u ${_UID}"
-else
- # Will we be recycling UIDs?
- if [ "$recycleuids" = "yes" ]; then
- U_ID="-u $(awk -F: '{uid[$3]=1} END { for (i=ENVIRON["recycleUIDMIN"];i in uid;i++);print i}' $pfile)"
- fi
-fi
-
-#: Get the initial group for the user & ensure it exists :#
-#
-# We check /etc/group for both the text version and the group ID number
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- GID="$(get_input "Initial group [ ${defgroup} ]:")"
- check_group "$GID"
- if [ $? -gt 0 ]; then
- echo "- Please choose another"
- else
- unset needinput
- fi
-done
-# Syntax the variable ready for useradd
-if [ -z "$GID" ]; then
- GID="-g ${defgroup}"
-else
- GID="-g ${GID}"
-fi
-
-#: Get additional groups for the user :#
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- AGID="$(get_input "Additional groups (comma separated) []:")"
- AGID="$(echo "$AGID" | tr -d ' ' | tr , ' ')" # fix up for parsing
- if [ ! -z "$AGID" ]; then
- check_group "$AGID" # check all groups at once (treated as N # of params)
- if [ $? -gt 0 ]; then
- echo "- Please re-enter the group(s)"
- else
- unset needinput # we found all groups specified
- AGID="-G $(echo "$AGID" | tr ' ' ,)"
- fi
- else
- unset needinput # we don't *have* to have additional groups
- fi
-done
-
-#: Get the new user's home dir :#
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- HME="$(get_input "Home directory [ ${defhome}/${LOGIN} ]")"
- if [ -z "$HME" ]; then
- HME="${defhome}/${LOGIN}"
- fi
- # Warn the user if the home dir already exists
- if [ -d "$HME" ]; then
- echo "- Warning: '$HME' already exists !"
- getyn="$(get_input " Do you wish to change the home directory path ? (Y/n) ")"
- if [ "$(echo $getyn | grep -i "n")" ]; then
- unset needinput
- # You're most likely going to only do this if you have the dir *mounted* for this user's $HOME
- getyn="$(get_input " Do you want to chown $LOGIN.$( echo $GID | awk '{print $2}') $HME ? (y/N) ")"
- if [ "$(echo $getyn | grep -i "y")" ]; then
- CHOWNHOMEDIR=$HME # set this to the home directory
- fi
- fi
- else
- unset needinput
- fi
-done
-HME="-d ${HME}"
-
-#: Get the new user's shell :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- unset got_error
- SHL="$(get_input "Shell [ ${defshell} ]")"
- if [ -z "$SHL" ]; then
- SHL="${defshell}"
- fi
- # Warn the user if the shell doesn't exist in /etc/shells or as a file
- if [ -z "$(grep "^${SHL}$" $sfile)" ]; then
- echo "- Warning: ${SHL} is not in ${sfile} (potential problem using FTP)"
- got_error=yes
- fi
- if [ ! -f "$SHL" ]; then
- echo "- Warning: ${SHL} does not exist as a file"
- got_error=yes
- fi
- if [ ! -z "$got_error" ]; then
- getyn="$(get_input " Do you wish to change the shell ? (Y/n) ")"
- if [ "$(echo $getyn | grep -i "n")" ]; then
- unset needinput
- fi
- else
- unset needinput
- fi
-done
-SHL="-s ${SHL}"
-
-#: Get the expiry date :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- EXP="$(get_input "Expiry date (YYYY-MM-DD) []:")"
- if [ ! -z "$EXP" ]; then
- # Check to see whether the expiry date is in the valid format
- if [ -z "$(echo "$EXP" | grep "^[[:digit:]]\{4\}[-]\?[[:digit:]]\{2\}[-]\?[[:digit:]]\{2\}$")" ]; then
- echo "- That is not a valid expiration date"
- else
- unset needinput
- EXP="-e ${EXP}"
- fi
- else
- unset needinput
- fi
-done
-
-# Display the info about the new impending account
-echo
-echo "New account will be created as follows:"
-echo
-echo "---------------------------------------"
-display "Login name.......: " "$LOGIN"
-display "UID..............: " "$_UID" "[ Next available ]"
-display "Initial group....: " "$GID"
-display "Additional groups: " "$AGID" "[ None ]"
-display "Home directory...: " "$HME"
-display "Shell............: " "$SHL"
-display "Expiry date......: " "$EXP" "[ Never ]"
-echo
-
-echo "This is it... if you want to bail out, hit Control-C. Otherwise, press"
-echo "ENTER to go ahead and make the account."
-read junk
-
-echo
-echo "Creating new account..."
-echo
-echo
-
-# Add the account to the system
-CMD="$useradd "$HME" -m "$EXP" "$U_ID" "$GID" "$AGID" "$SHL" "$LOGIN""
-$CMD
-
-if [ $? -gt 0 ]; then
- echo "- Error running useradd command -- account not created!"
- echo "(cmd: $CMD)"
- exit 1
-fi
-
-# chown the home dir ? We can only do this once the useradd has
-# completed otherwise the user name doesn't exist.
-if [ ! -z "${CHOWNHOMEDIR}" ]; then
- chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}"
-fi
-
-# Set the finger information
-$chfn "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "- Warning: an error occurred while setting finger information"
-fi
-
-# Set a password
-$passwd "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "* WARNING: An error occured while setting the password for"
- echo " this account. Please manually investigate this *"
- exit 1
-fi
-
-echo
-echo
-echo "Account setup complete."
-exit 0
-
diff --git a/abs/core/shadow/lastlog.tmpfiles b/abs/core/shadow/lastlog.tmpfiles
new file mode 100644
index 0000000..9c07b39
--- /dev/null
+++ b/abs/core/shadow/lastlog.tmpfiles
@@ -0,0 +1 @@
+f /var/log/lastlog 0644 root root
diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs
index 2500ee4..5913671 100644
--- a/abs/core/shadow/login.defs
+++ b/abs/core/shadow/login.defs
@@ -81,8 +81,8 @@ HUSHLOGIN_FILE .hushlogin
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
-ENV_PATH PATH=/bin:/usr/bin
+ENV_SUPATH PATH=/usr/bin
+ENV_PATH PATH=/usr/bin
#
# Terminal permissions
@@ -195,3 +195,9 @@ DEFAULT_HOME yes
#
USERGROUPS_ENAB yes
+#
+# Controls display of the motd file. This is better handled by pam_motd.so
+# so the declaration here is empty is suppress display by readers of this
+# file.
+#
+MOTD_FILE
diff --git a/abs/core/shadow/shadow.cron.daily b/abs/core/shadow/shadow.cron.daily
index 1931a79..1373ecd 100755
--- a/abs/core/shadow/shadow.cron.daily
+++ b/abs/core/shadow/shadow.cron.daily
@@ -1,6 +1,6 @@
#!/bin/sh
# Verify integrity of password and group files
-/usr/sbin/pwck -r
-/usr/sbin/grpck -r
+/usr/bin/pwck -r
+/usr/bin/grpck -r