diff options
Diffstat (limited to 'abs/core')
-rw-r--r-- | abs/core/shadow/LICENSE | 31 | ||||
-rw-r--r-- | abs/core/shadow/PKGBUILD | 154 | ||||
-rw-r--r-- | abs/core/shadow/chage | 6 | ||||
-rw-r--r-- | abs/core/shadow/chpasswd | 2 | ||||
-rw-r--r-- | abs/core/shadow/chsh | 6 | ||||
-rw-r--r-- | abs/core/shadow/login | 21 | ||||
-rw-r--r-- | abs/core/shadow/login.defs | 21 | ||||
-rw-r--r-- | abs/core/shadow/newusers | 2 | ||||
-rw-r--r-- | abs/core/shadow/passwd | 4 | ||||
-rw-r--r-- | abs/core/shadow/shadow | 6 | ||||
-rw-r--r-- | abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch | 21 | ||||
-rw-r--r-- | abs/core/shadow/shadow-strncpy-usage.patch | 25 | ||||
-rw-r--r-- | abs/core/shadow/shadow.install | 7 |
13 files changed, 158 insertions, 148 deletions
diff --git a/abs/core/shadow/LICENSE b/abs/core/shadow/LICENSE new file mode 100644 index 0000000..c5ab15a --- /dev/null +++ b/abs/core/shadow/LICENSE @@ -0,0 +1,31 @@ +/* + * Copyright (c) 1990 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 2000, Marek Michałkiewicz + * Copyright (c) 2001 - 2006, Tomasz Kłoczko + * Copyright (c) 2007 - 2009, Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ diff --git a/abs/core/shadow/PKGBUILD b/abs/core/shadow/PKGBUILD index f8afc52..971b59a 100644 --- a/abs/core/shadow/PKGBUILD +++ b/abs/core/shadow/PKGBUILD @@ -1,97 +1,131 @@ -# $Id: PKGBUILD 81313 2010-05-28 01:29:23Z ibiru $ +# $Id: PKGBUILD 162993 2012-07-04 21:45:24Z dreisner $ +# Maintainer: Dave Reisner <dreisner@archlinux.org> # Maintainer: Aaron Griffin <aaron@archlinux.org> pkgname=shadow -pkgver=4.1.4.2 -pkgrel=3 -pkgdesc="Shadow password file utilities" +pkgver=4.1.5.1 +pkgrel=1 +pkgdesc="Password and account management tool suite with support for shadow files and PAM" arch=('i686' 'x86_64') url='http://pkg-shadow.alioth.debian.org/' -license=('custom') +license=('BSD') groups=('base') -depends=('bash') +depends=('bash' 'pam' 'acl') backup=(etc/login.defs - etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel} + etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} - etc/pam.d/{chfn,chgpasswd,groupmems,chsh} + etc/pam.d/{chgpasswd,groupmems} etc/default/useradd) -depends=('pam') -source=(ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-$pkgver.tar.bz2 - useradd.defaults login passwd chgpasswd chpasswd newusers defaults.pam - login.defs adduser shadow.cron.daily xstrdup.patch shadow-4.1.4.2-groupmod-pam-check.patch) -options=(!libtool) -install=shadow.install -md5sums=('d593a9cab93c48ee0a6ba056db8c1997' - 'beb64d09256ea46a4d96a783f096447f' - 'a7597cb2f60d7544d8d0ba6e49f6d937' - 'b84204ab731bd02dca49d0637d44ebec' - '65e9ebce249a5b9ed021e2790452b9e1' - '453a98456b297d2a69ca7e9b5f40d10b' - '453a98456b297d2a69ca7e9b5f40d10b' - 'a31374fef2cba0ca34dfc7078e2969e4' - 'fad9a7116366f7775b1099290be840da' - '6ce67e423ee19c87ae64f661310b2408' - '1d64b4113e1d402746d9dd65f28a2c6f' - '0eebe9d13065bec4b5d7ccf3bf46c509' - '7b747f7dca38b0b6e8ee56434378baae') +options=('!libtool') +install='shadow.install' +source=("http://pkg-shadow.alioth.debian.org/releases/$pkgname-$pkgver.tar.bz2"{,.sig} + LICENSE + adduser + chgpasswd + chpasswd + defaults.pam + login.defs + newusers + passwd + shadow.cron.daily + useradd.defaults + xstrdup.patch + shadow-strncpy-usage.patch) +sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30' + '126570e2939bf3b57f28df5197ab9309747a6b5c' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + '78ec184a499f9708adcfcf0b7a3b22a60bf39f91' + '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' + 'e5cab2118ecb1e61874cde842d7d04d1003f35cb' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '611be25d91c3f8f307c7fe2485d5f781e5dee75f' + '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' + '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' + '6010fffeed1fc6673ad9875492e1193b1a847b53' + '21e12966a6befb25ec123b403cd9b5c492fe5b16') build() { - cd $srcdir/$pkgname-$pkgver + cd "$pkgname-$pkgver" - #Ugh, force this to build shared libraries, for god's sake - sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am - libtoolize - autoreconf - export LDFLAGS="$LDFLAGS -lcrypt" + # avoid transitive linking issues with binutils 2.22 + sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am - patch -Np1 -i $srcdir/xstrdup.patch || return 1 - patch -Np1 -i $srcdir/shadow-4.1.4.2-groupmod-pam-check.patch || return 1 + # link to glibc's crypt(3) + LDFLAGS+=" -lcrypt" + + # need to offer these upstream + patch -Np1 <"$srcdir/xstrdup.patch" + patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" # supress etc/pam.d/*, we provide our own sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in ./configure \ - --prefix=/usr --libdir=/lib \ - --mandir=/usr/share/man --sysconfdir=/etc \ - --enable-shared --disable-static \ - --with-libpam --without-selinux - make || return 1 + --prefix=/usr \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --with-libpam \ + --without-selinux + + make } + package() { - cd $srcdir/$pkgname-$pkgver - make DESTDIR=$pkgdir install + cd "$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install # license - install -Dm644 COPYING $pkgdir/usr/share/licenses/shadow/COPYING + install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" # interactive useradd - install -Dm755 $srcdir/adduser $pkgdir/usr/sbin/adduser + install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser" # useradd defaults - install -Dm644 $srcdir/useradd.defaults $pkgdir/etc/default/useradd + install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" # cron job - install -Dm744 $srcdir/shadow.cron.daily $pkgdir/etc/cron.daily/shadow + install -Dm744 "$srcdir/shadow.cron.daily" "$pkgdir/etc/cron.daily/shadow" # login.defs - install -Dm644 $srcdir/login.defs $pkgdir/etc/login.defs - - # PAM config - cutsom - install -Dm644 $srcdir/login $pkgdir/etc/pam.d/login - install -Dm644 $srcdir/passwd $pkgdir/etc/pam.d/passwd - install -Dm644 $srcdir/chgpasswd $pkgdir/etc/pam.d/chgpasswd - install -Dm644 $srcdir/chpasswd $pkgdir/etc/pam.d/chpasswd - install -Dm644 $srcdir/newusers $pkgdir/etc/pam.d/newusers + install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" + + # PAM config - custom + install -dm755 "$pkgdir/etc/pam.d" + install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers} + # PAM config - from tarball - install -Dm644 etc/pam.d/groupmems $pkgdir/etc/pam.d/groupmems + install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" # we use the 'useradd' PAM file for other similar utilities - for file in chage chfn chsh groupadd groupdel groupmod shadow \ + for file in chage groupadd groupdel groupmod shadow \ useradd usermod userdel; do - install -Dm644 $srcdir/defaults.pam $pkgdir/etc/pam.d/$file + install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file" done - # Remove su - using su from coreutils instead - rm -v $pkgdir/bin/su - find $pkgdir/usr/share/man -name 'su.1' -exec rm -v {} \; + # Remove utilities provided by util-linux + rm \ + "$pkgdir"/usr/bin/{chsh,chfn,sg} \ + "$pkgdir"/bin/{login,su} \ + "$pkgdir"/usr/sbin/{vipw,vigr} + + # but we keep newgrp, as sg is really an alias to it + mv "$pkgdir"/usr/bin/{newgrp,sg} + + # ...and their many man pages + find "$pkgdir"/usr/share/man \ + '(' -name 'chsh.1' -o \ + -name 'chfn.1' -o \ + -name 'su.1' -o \ + -name 'login.1' -o \ + -name 'vipw.8' -o \ + -name 'vigr.8' -o \ + -name 'newgrp.1' ')' \ + -delete + rmdir \ + "$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \ + "$pkgdir"/usr/share/man/{fi,ko/man8} } diff --git a/abs/core/shadow/chage b/abs/core/shadow/chage deleted file mode 100644 index a7bf8a4..0000000 --- a/abs/core/shadow/chage +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/abs/core/shadow/chpasswd b/abs/core/shadow/chpasswd index bc14857..5d44798 100644 --- a/abs/core/shadow/chpasswd +++ b/abs/core/shadow/chpasswd @@ -3,4 +3,4 @@ auth sufficient pam_rootok.so auth required pam_unix.so account required pam_unix.so session required pam_unix.so -password required pam_unix.so md5 shadow +password required pam_unix.so sha512 shadow diff --git a/abs/core/shadow/chsh b/abs/core/shadow/chsh deleted file mode 100644 index a7bf8a4..0000000 --- a/abs/core/shadow/chsh +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/abs/core/shadow/login b/abs/core/shadow/login deleted file mode 100644 index 2230dd0..0000000 --- a/abs/core/shadow/login +++ /dev/null @@ -1,21 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth requisite pam_nologin.so -auth required pam_unix.so nullok -auth required pam_tally.so onerr=succeed file=/var/log/faillog -# use this to lockout accounts for 10 minutes after 3 failed attempts -#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog -account required pam_access.so -account required pam_time.so -account required pam_unix.so -#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -#password required pam_unix.so md5 shadow use_authtok -session required pam_unix.so -session required pam_env.so -session required pam_motd.so -session required pam_limits.so -session optional pam_mail.so dir=/var/spool/mail standard -session optional pam_lastlog.so -# install consolekit and uncomment the line below -# to have ACL handle non-standard udev permissions -#session optional pam_ck_connector.so diff --git a/abs/core/shadow/login.defs b/abs/core/shadow/login.defs index 653e14e..2500ee4 100644 --- a/abs/core/shadow/login.defs +++ b/abs/core/shadow/login.defs @@ -187,27 +187,6 @@ DEFAULT_HOME yes #USERDEL_CMD /usr/sbin/userdel_local # -# When prompting for password without echo, getpass() can optionally -# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' -# characters for each character typed. This feature is designed to -# confuse people looking over your shoulder when you enter a password :-). -# Also, the new getpass() accepts both Backspace (8) and Delete (127) -# keys to delete previous character (to cope with different terminal -# types), Control-U to delete all characters, and beeps when there are -# no more characters to delete, or too many characters entered. -# -# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - -# exactly one '*' displayed for each character typed. -# -# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, -# Delete, Control-U and beep continue to work as described above). -# -# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() -# without any new features. This is the default. -# -#GETPASS_ASTERISKS 1 - -# # Enable setting of the umask group bits to be the same as owner bits # (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is # the same as gid, and username is the same as the primary group name. diff --git a/abs/core/shadow/newusers b/abs/core/shadow/newusers index bc14857..5d44798 100644 --- a/abs/core/shadow/newusers +++ b/abs/core/shadow/newusers @@ -3,4 +3,4 @@ auth sufficient pam_rootok.so auth required pam_unix.so account required pam_unix.so session required pam_unix.so -password required pam_unix.so md5 shadow +password required pam_unix.so sha512 shadow diff --git a/abs/core/shadow/passwd b/abs/core/shadow/passwd index 1ffd1bd..ab56da4 100644 --- a/abs/core/shadow/passwd +++ b/abs/core/shadow/passwd @@ -1,4 +1,4 @@ #%PAM-1.0 #password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -#password required pam_unix.so md5 shadow use_authtok -password required pam_unix.so md5 shadow nullok +#password required pam_unix.so sha512 shadow use_authtok +password required pam_unix.so sha512 shadow nullok diff --git a/abs/core/shadow/shadow b/abs/core/shadow/shadow deleted file mode 100644 index a7bf8a4..0000000 --- a/abs/core/shadow/shadow +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch b/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch deleted file mode 100644 index f25c4e1..0000000 --- a/abs/core/shadow/shadow-4.1.4.2-groupmod-pam-check.patch +++ /dev/null @@ -1,21 +0,0 @@ -http://bugs.gentoo.org/300790 -http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html - -2009-11-05 Nicolas François <nicolas.francois@centraliens.net> - - * NEWS, src/groupmod.c: Fixed groupmod when configured with - --enable-account-tools-setuid. - -diff --git a/src/groupmod.c b/src/groupmod.c -index 4205df2..da6d77f 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -724,7 +724,7 @@ int main (int argc, char **argv) - { - struct passwd *pampw; - pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */ -- if (NULL == pamh) { -+ if (NULL == pampw) { - fprintf (stderr, - _("%s: Cannot determine your user name.\n"), - Prog); diff --git a/abs/core/shadow/shadow-strncpy-usage.patch b/abs/core/shadow/shadow-strncpy-usage.patch new file mode 100644 index 0000000..5aba8fa --- /dev/null +++ b/abs/core/shadow/shadow-strncpy-usage.patch @@ -0,0 +1,25 @@ +diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c +--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 ++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 +@@ -182,7 +182,7 @@ + struct tm *tp; + + if (date < 0) { +- strncpy (buf, "never", maxsize); ++ strncpy (buf, "never", maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); +diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c +--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 ++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 +@@ -752,7 +752,8 @@ + _("%s login: "), hostn); + } else { + strncpy (loginprompt, _("login: "), +- sizeof (loginprompt)); ++ sizeof (loginprompt) - 1); ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; + } + + retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); diff --git a/abs/core/shadow/shadow.install b/abs/core/shadow/shadow.install index c1bd106..14384c3 100644 --- a/abs/core/shadow/shadow.install +++ b/abs/core/shadow/shadow.install @@ -1,8 +1,9 @@ post_upgrade() { - grpck -r &>/dev/null + grpck -r >/dev/null 2>&1 if [ $? -eq 2 ]; then - echo "Fixing gshadow file ..." - while :; do echo "y"; done | grpck &>/dev/null + printf '%s\n' \ + "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ + " Run 'grpck' to correct this." fi return 0 } |