Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 3987cc7880 |
@@ -1,6 +1,31 @@
|
||||
2022-08-22 Serge Hallyn <serge@hallyn.com>
|
||||
2022-11-08 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Revert the removal of subid_init as pointed out by Balint.
|
||||
* useradd.8: fix default group ID (Tim Biermann)
|
||||
* Revert drop of subid_init() (Serge Hallyn)
|
||||
* Georgian translation (NorwayFun)
|
||||
* useradd: Avoid taking unneeded space: do not reset non-existent data
|
||||
in lastlog (David Kalnischkies)
|
||||
* relax username restrictions (Alexander Kanavin)
|
||||
* selinux: check MLS enabled before setting serange (genBTC)
|
||||
* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
|
||||
* copy_tree: don't block on FIFOs (Samanta Navarro)
|
||||
* add shell linter (Jan Macku)
|
||||
* copy_tree: carefully treat permissions (Samanta Navarro)
|
||||
* lib/commonio: make lock failures more detailed (Luca BRUNO)
|
||||
* lib: use strzero and memzero where applicable (Christian Göttsche)
|
||||
* Update Dutch translation (Frans Spiesschaert)
|
||||
* Don't test for NULL before calling free (Alex Colomar)
|
||||
* Use libc MAX() and MIN() (Alejandro Colomar)
|
||||
* chage: Fix regression in print_date (Xiami)
|
||||
* usermod: report error if homedir does not exist (Iker Pedrosa)
|
||||
* libmisc: minimum id check for system accounts (Iker Pedrosa)
|
||||
* fix usermod -rG x y wrongly adding a group (xyz)
|
||||
* man: add missing space in useradd.8.xml (Iker Pedrosa)
|
||||
* lastlog: check for localtime() return value (Iker Pedrosa)
|
||||
* Raise limit for passwd and shadow entry length (Iker Pedrosa)
|
||||
* Remove adduser-old.c (Alejandro Colomar)
|
||||
* useradd: Fix buffer overflow when using a prefix (David Michael)
|
||||
* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
|
||||
|
||||
2022-08-15 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
#! /bin/sh
|
||||
# Guess values for system-dependent variables and create Makefiles.
|
||||
# Generated by GNU Autoconf 2.71 for shadow 4.12.3.
|
||||
# Generated by GNU Autoconf 2.71 for shadow 4.13.
|
||||
#
|
||||
# Report bugs to <pkg-shadow-devel@lists.alioth.debian.org>.
|
||||
#
|
||||
@@ -621,8 +621,8 @@ MAKEFLAGS=
|
||||
# Identity of this package.
|
||||
PACKAGE_NAME='shadow'
|
||||
PACKAGE_TARNAME='shadow'
|
||||
PACKAGE_VERSION='4.12.3'
|
||||
PACKAGE_STRING='shadow 4.12.3'
|
||||
PACKAGE_VERSION='4.13'
|
||||
PACKAGE_STRING='shadow 4.13'
|
||||
PACKAGE_BUGREPORT='pkg-shadow-devel@lists.alioth.debian.org'
|
||||
PACKAGE_URL='https://github.com/shadow-maint/shadow'
|
||||
|
||||
@@ -1458,7 +1458,7 @@ if test "$ac_init_help" = "long"; then
|
||||
# Omit some internal or obsolete options to make the list less imposing.
|
||||
# This message is too long to be a string in the A/UX 3.1 sh.
|
||||
cat <<_ACEOF
|
||||
\`configure' configures shadow 4.12.3 to adapt to many kinds of systems.
|
||||
\`configure' configures shadow 4.13 to adapt to many kinds of systems.
|
||||
|
||||
Usage: $0 [OPTION]... [VAR=VALUE]...
|
||||
|
||||
@@ -1529,7 +1529,7 @@ fi
|
||||
|
||||
if test -n "$ac_init_help"; then
|
||||
case $ac_init_help in
|
||||
short | recursive ) echo "Configuration of shadow 4.12.3:";;
|
||||
short | recursive ) echo "Configuration of shadow 4.13:";;
|
||||
esac
|
||||
cat <<\_ACEOF
|
||||
|
||||
@@ -1696,7 +1696,7 @@ fi
|
||||
test -n "$ac_init_help" && exit $ac_status
|
||||
if $ac_init_version; then
|
||||
cat <<\_ACEOF
|
||||
shadow configure 4.12.3
|
||||
shadow configure 4.13
|
||||
generated by GNU Autoconf 2.71
|
||||
|
||||
Copyright (C) 2021 Free Software Foundation, Inc.
|
||||
@@ -2353,7 +2353,7 @@ cat >config.log <<_ACEOF
|
||||
This file contains any messages produced by compilers while
|
||||
running configure, to aid debugging if configure makes a mistake.
|
||||
|
||||
It was created by shadow $as_me 4.12.3, which was
|
||||
It was created by shadow $as_me 4.13, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
$ $0$ac_configure_args_raw
|
||||
@@ -3626,7 +3626,7 @@ fi
|
||||
|
||||
# Define the identity of the package.
|
||||
PACKAGE='shadow'
|
||||
VERSION='4.12.3'
|
||||
VERSION='4.13'
|
||||
|
||||
|
||||
printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h
|
||||
@@ -20744,7 +20744,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
|
||||
# report actual input values of CONFIG_FILES etc. instead of their
|
||||
# values after options handling.
|
||||
ac_log="
|
||||
This file was extended by shadow $as_me 4.12.3, which was
|
||||
This file was extended by shadow $as_me 4.13, which was
|
||||
generated by GNU Autoconf 2.71. Invocation command line was
|
||||
|
||||
CONFIG_FILES = $CONFIG_FILES
|
||||
@@ -20813,7 +20813,7 @@ ac_cs_config_escaped=`printf "%s\n" "$ac_cs_config" | sed "s/^ //; s/'/'\\\\\\\\
|
||||
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
|
||||
ac_cs_config='$ac_cs_config_escaped'
|
||||
ac_cs_version="\\
|
||||
shadow config.status 4.12.3
|
||||
shadow config.status 4.13
|
||||
configured by $0, generated by GNU Autoconf 2.71,
|
||||
with options \\"\$ac_cs_config\\"
|
||||
|
||||
|
||||
+1
-1
@@ -4,7 +4,7 @@ m4_define([libsubid_abi_major], 4)
|
||||
m4_define([libsubid_abi_minor], 0)
|
||||
m4_define([libsubid_abi_micro], 0)
|
||||
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
||||
AC_INIT([shadow], [4.12.3], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
||||
AC_INIT([shadow], [4.13], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
||||
[https://github.com/shadow-maint/shadow])
|
||||
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
|
||||
AC_CONFIG_MACRO_DIRS([m4])
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
# This is a dummy Makefile.am to get automake work flawlessly,
|
||||
# and also cooperate to make a distribution for `make dist'
|
||||
|
||||
EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
|
||||
EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
|
||||
atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
|
||||
udbachk.tgz
|
||||
|
||||
+1
-1
@@ -293,7 +293,7 @@ target_alias = @target_alias@
|
||||
top_build_prefix = @top_build_prefix@
|
||||
top_builddir = @top_builddir@
|
||||
top_srcdir = @top_srcdir@
|
||||
EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
|
||||
EXTRA_DIST = README adduser.c adduser.sh adduser2.sh \
|
||||
atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
|
||||
udbachk.tgz
|
||||
|
||||
|
||||
@@ -1,300 +0,0 @@
|
||||
/****
|
||||
** 03/17/96
|
||||
** hacked a bit more, removed unused code, cleaned up for gcc -Wall.
|
||||
** --marekm
|
||||
**
|
||||
** 02/26/96
|
||||
** modified to call shadow utils (useradd,chage,passwd) on shadowed
|
||||
** systems - Cristian Gafton, gafton@sorosis.ro
|
||||
**
|
||||
** 6/27/95
|
||||
** shadow-adduser 1.4:
|
||||
**
|
||||
** now it copies the /etc/skel dir into the person's dir,
|
||||
** makes the mail folders, changed some defaults and made a 'make
|
||||
** install' just for the hell of it.
|
||||
**
|
||||
** Greg Gallagher
|
||||
** CIN.Net
|
||||
**
|
||||
** 1/28/95
|
||||
** shadow-adduser 1.3:
|
||||
**
|
||||
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
||||
** It was such a stupid bug that I would have never seen it myself.
|
||||
**
|
||||
** Brandon
|
||||
*****
|
||||
** 01/27/95
|
||||
**
|
||||
** shadow-adduser 1.2:
|
||||
** I took the C source from adduser-shadow (credits are below) and made
|
||||
** it a little more worthwhile. Many small changes... Here's
|
||||
** the ones I can remember:
|
||||
**
|
||||
** Removed support for non-shadowed systems (if you don't have shadow,
|
||||
** use the original adduser, don't get this shadow version!)
|
||||
** Added support for the correct /etc/shadow fields (Min days before
|
||||
** password change, max days before password change, Warning days,
|
||||
** and how many days from expiry date does the account go invalid)
|
||||
** The previous version just left all of those fields blank.
|
||||
** There is still one field left (expiry date for the account, period)
|
||||
** which I have left blank because I do not use it and didn't want to
|
||||
** spend any more time on this. I'm sure someone will put it in and
|
||||
** tack another plethora of credits on here. :)
|
||||
** Added in the password date field, which should always reflect the last
|
||||
** date the password was changed, for expiry purposes. "passwd" always
|
||||
** updates this field, so the adduser program should set it up right
|
||||
** initially (or a user could keep thier initial password forever ;)
|
||||
** The number is in days since Jan 1st, 1970.
|
||||
**
|
||||
** Have fun with it, and someone please make
|
||||
** a real version(this is still just a hack)
|
||||
** for us all to use (and Email it to me???)
|
||||
**
|
||||
** Brandon
|
||||
** photon@usis.com
|
||||
**
|
||||
*****
|
||||
** adduser 1.0: add a new user account (For systems not using shadow)
|
||||
** With a nice little interface and a will to do all the work for you.
|
||||
**
|
||||
** Craig Hagan
|
||||
** hagan@opine.cs.umass.edu
|
||||
**
|
||||
** Modified to really work, look clean, and find unused uid by Chris Cappuccio
|
||||
** chris@slinky.cs.umass.edu
|
||||
**
|
||||
*****
|
||||
**
|
||||
** 01/19/95
|
||||
**
|
||||
** FURTHER modifications to enable shadow passwd support (kludged, but
|
||||
** no more so than the original) by Dan Crowson - dcrowson@mo.net
|
||||
**
|
||||
** Search on DAN for all changes...
|
||||
**
|
||||
*****
|
||||
**
|
||||
** cc -O -o adduser adduser.c
|
||||
** Use gcc if you have it... (political reasons beyond my control) (chris)
|
||||
**
|
||||
** I've gotten this program to work with success under Linux (without
|
||||
** shadow) and SunOS 4.1.3. I would assume it should work pretty well
|
||||
** on any system that uses no shadow. (chris)
|
||||
**
|
||||
** If you have no crypt() then try
|
||||
** cc -DNO_CRYPT -O -o adduser adduser.c xfdes.c
|
||||
** I'm not sure how login operates with no crypt()... I guess
|
||||
** the same way we're doing it here.
|
||||
*/
|
||||
|
||||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#include <ctype.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <time.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/timeb.h>
|
||||
#include <sys/time.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#define DEFAULT_SHELL "/bin/bash" /* because BASH is your friend */
|
||||
#define DEFAULT_HOME "/home"
|
||||
#define USERADD_PATH "/usr/sbin/useradd"
|
||||
#define CHAGE_PATH "/usr/sbin/chage"
|
||||
#define PASSWD_PATH "/usr/bin/passwd"
|
||||
#define DEFAULT_GROUP 100
|
||||
|
||||
#define DEFAULT_MAX_PASS 60
|
||||
#define DEFAULT_WARN_PASS 10
|
||||
/* if you use this feature, you will get a lot of complaints from users
|
||||
who rarely use their accounts :) (something like 3 months would be
|
||||
more reasonable) --marekm */
|
||||
#define DEFAULT_USER_DIE /* 10 */ 0
|
||||
|
||||
void main()
|
||||
{
|
||||
char foo[32];
|
||||
char uname[9],person[32],dir[32],shell[32];
|
||||
unsigned int group,min_pass,max_pass,warn_pass,user_die;
|
||||
/* the group and uid of the new user */
|
||||
int bad=0,done=0,correct=0,gets_warning=0;
|
||||
char cmd[255];
|
||||
struct group *grp;
|
||||
|
||||
/* flags, in order:
|
||||
* bad to see if the username is in /etc/passwd, or if strange stuff has
|
||||
* been typed if the user might be put in group 0
|
||||
* done allows the program to exit when a user has been added
|
||||
* correct loops until a password is found that isn't in /etc/passwd
|
||||
* gets_warning allows the fflush to be skipped for the first gets
|
||||
* so that output is still legible
|
||||
*/
|
||||
|
||||
/* The real program starts HERE! */
|
||||
|
||||
if(geteuid()!=0)
|
||||
{
|
||||
printf("It seems you don't have access to add a new user. Try\n");
|
||||
printf("logging in as root or su root to gain super-user access.\n");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/* Sanity checks
|
||||
*/
|
||||
|
||||
if (!(grp=getgrgid(DEFAULT_GROUP))){
|
||||
printf("Error: the default group %d does not exist on this system!\n",
|
||||
DEFAULT_GROUP);
|
||||
printf("adduser must be recompiled.\n");
|
||||
exit(1);
|
||||
};
|
||||
|
||||
while(!correct) { /* loop until a "good" uname is chosen */
|
||||
while(!done) {
|
||||
printf("\nLogin to add (^C to quit): ");
|
||||
if(gets_warning) /* if the warning was already shown */
|
||||
fflush(stdout); /* fflush stdout, otherwise set the flag */
|
||||
else
|
||||
gets_warning=1;
|
||||
|
||||
gets(uname);
|
||||
if(!strlen(uname)) {
|
||||
printf("Empty input.\n");
|
||||
done=0;
|
||||
continue;
|
||||
};
|
||||
|
||||
/* what I saw here before made me think maybe I was running DOS */
|
||||
/* might this be a solution? (chris) */
|
||||
if (getpwnam(uname) != NULL) {
|
||||
printf("That name is in use, choose another.\n");
|
||||
done=0;
|
||||
} else
|
||||
done=1;
|
||||
}; /* done, we have a valid new user name */
|
||||
|
||||
/* all set, get the rest of the stuff */
|
||||
printf("\nEditing information for new user [%s]\n",uname);
|
||||
|
||||
printf("\nFull Name [%s]: ",uname);
|
||||
gets(person);
|
||||
if (!strlen(person)) {
|
||||
bzero(person,sizeof(person));
|
||||
strcpy(person,uname);
|
||||
};
|
||||
|
||||
do {
|
||||
bad=0;
|
||||
printf("GID [%d]: ",DEFAULT_GROUP);
|
||||
gets(foo);
|
||||
if (!strlen(foo))
|
||||
group=DEFAULT_GROUP;
|
||||
else
|
||||
if (isdigit (*foo)) {
|
||||
group = atoi(foo);
|
||||
if (! (grp = getgrgid (group))) {
|
||||
printf("unknown gid %s\n",foo);
|
||||
group=DEFAULT_GROUP;
|
||||
bad=1;
|
||||
};
|
||||
} else
|
||||
if ((grp = getgrnam (foo)))
|
||||
group = grp->gr_gid;
|
||||
else {
|
||||
printf("unknown group %s\n",foo);
|
||||
group=DEFAULT_GROUP;
|
||||
bad=1;
|
||||
}
|
||||
if (group==0){ /* You're not allowed to make root group users! */
|
||||
printf("Creation of root group users not allowed (must be done by hand)\n");
|
||||
group=DEFAULT_GROUP;
|
||||
bad=1;
|
||||
};
|
||||
} while(bad);
|
||||
|
||||
|
||||
fflush(stdin);
|
||||
|
||||
printf("\nIf home dir ends with a / then [%s] will be appended to it\n",uname);
|
||||
printf("Home Directory [%s/%s]: ",DEFAULT_HOME,uname);
|
||||
fflush(stdout);
|
||||
gets(dir);
|
||||
if (!strlen(dir)) { /* hit return */
|
||||
sprintf(dir,"%s/%s",DEFAULT_HOME,uname);
|
||||
fflush(stdin);
|
||||
} else
|
||||
if (dir[strlen(dir)-1]=='/')
|
||||
sprintf(dir+strlen(dir),"%s",uname);
|
||||
|
||||
printf("\nShell [%s]: ",DEFAULT_SHELL);
|
||||
fflush(stdout);
|
||||
gets(shell);
|
||||
if (!strlen(shell))
|
||||
sprintf(shell,"%s",DEFAULT_SHELL);
|
||||
|
||||
printf("\nMin. Password Change Days [0]: ");
|
||||
gets(foo);
|
||||
min_pass=atoi(foo);
|
||||
|
||||
printf("Max. Password Change Days [%d]: ",DEFAULT_MAX_PASS);
|
||||
gets(foo);
|
||||
if (strlen(foo) > 1)
|
||||
max_pass = atoi(foo);
|
||||
else
|
||||
max_pass = DEFAULT_MAX_PASS;
|
||||
|
||||
printf("Password Warning Days [%d]: ",DEFAULT_WARN_PASS);
|
||||
gets(foo);
|
||||
warn_pass = atoi(foo);
|
||||
if (warn_pass==0)
|
||||
warn_pass = DEFAULT_WARN_PASS;
|
||||
|
||||
printf("Days after Password Expiry for Account Locking [%d]: ",DEFAULT_USER_DIE);
|
||||
gets(foo);
|
||||
user_die = atoi(foo);
|
||||
if (user_die == 0)
|
||||
user_die = DEFAULT_USER_DIE;
|
||||
|
||||
printf("\nInformation for new user [%s] [%s]:\n",uname,person);
|
||||
printf("Home directory: [%s] Shell: [%s]\n",dir,shell);
|
||||
printf("GID: [%d]\n",group);
|
||||
printf("MinPass: [%d] MaxPass: [%d] WarnPass: [%d] UserExpire: [%d]\n",
|
||||
min_pass,max_pass,warn_pass,user_die);
|
||||
printf("\nIs this correct? [y/N]: ");
|
||||
fflush(stdout);
|
||||
gets(foo);
|
||||
|
||||
done=bad=correct=(foo[0]=='y'||foo[0]=='Y');
|
||||
|
||||
if(bad!=1)
|
||||
printf("\nUser [%s] not added\n",uname);
|
||||
}
|
||||
|
||||
bzero(cmd,sizeof(cmd));
|
||||
sprintf(cmd,"%s -g %d -d %s -s %s -c \"%s\" -m -k /etc/skel %s",
|
||||
USERADD_PATH,group,dir,shell,person,uname);
|
||||
printf("Calling useradd to add new user:\n%s\n",cmd);
|
||||
if(system(cmd)){
|
||||
printf("User add failed!\n");
|
||||
exit(errno);
|
||||
};
|
||||
bzero(cmd,sizeof(cmd));
|
||||
sprintf(cmd,"%s -m %d -M %d -W %d -I %d %s", CHAGE_PATH,
|
||||
min_pass,max_pass,warn_pass,user_die,uname);
|
||||
printf("%s\n",cmd);
|
||||
if(system(cmd)){
|
||||
printf("There was an error setting password expire values\n");
|
||||
exit(errno);
|
||||
};
|
||||
bzero(cmd,sizeof(cmd));
|
||||
sprintf(cmd,"%s %s",PASSWD_PATH,uname);
|
||||
system(cmd);
|
||||
printf("\nDone.\n");
|
||||
}
|
||||
|
||||
Vendored
-43
@@ -1,43 +0,0 @@
|
||||
<!--
|
||||
Copyright (c) 1991 - 1993, Julianne Frances Haugh
|
||||
Copyright (c) 1991 - 1993, Chip Rosenthal
|
||||
Copyright (c) 2007 - 2009, Nicolas François
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. The name of the copyright holders or contributors may not be used to
|
||||
endorse or promote products derived from this software without
|
||||
specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
-->
|
||||
<varlistentry>
|
||||
<term><option>HOME_MODE</option> (number)</term>
|
||||
<listitem>
|
||||
<para>
|
||||
The mode for new home directories. If not specified,
|
||||
the <option>UMASK</option> is used to create the mode.
|
||||
</para>
|
||||
<para>
|
||||
<command>useradd</command> and <command>newusers</command> use this
|
||||
to set the mode of the home directory they create.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
PKG=shadow
|
||||
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
|
||||
|
||||
deb:: check_cheese
|
||||
|
||||
include /usr/share/quilt/quilt.debbuild.mk
|
||||
|
||||
check_cheese:
|
||||
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
|
||||
echo ""; \
|
||||
echo " ** **"; \
|
||||
echo " ** Warning: not a cheesy release! **"; \
|
||||
echo " ** **"; \
|
||||
echo ""; \
|
||||
exit 1; \
|
||||
}
|
||||
Vendored
-54
@@ -1,54 +0,0 @@
|
||||
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
|
||||
|
||||
Login now prevents an empty password field to be interpreted as
|
||||
"no authentication required" for UID 0 (root account).
|
||||
The historical default of letting all users with empty password field
|
||||
in without authentication can be restored in /etc/login.defs setting
|
||||
PREVENT_NO_AUTH to "no".
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu> Sun, 07 Nov 2021 21:51:46 +0100
|
||||
|
||||
shadow (1:4.7-1) unstable; urgency=medium
|
||||
|
||||
* /etc/securetty is no longer shipped by this package and it is no longer
|
||||
honored in login's PAM configuration by default. Please see #731656 for the
|
||||
details.
|
||||
|
||||
-- Balint Reczey <rbalint@ubuntu.com> Thu, 20 Jun 2019 13:46:52 +0200
|
||||
|
||||
shadow (1:4.0.15-5) unstable; urgency=low
|
||||
|
||||
* commands passed in argument to su must use su's -c option and must quote
|
||||
the command if it contains a space, as in:
|
||||
su - root -c "ls -l /"
|
||||
The following commands won't work anymore:
|
||||
su - root -c ls -l /
|
||||
su - root "ls -l /"
|
||||
su - root ls -l /
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
|
||||
|
||||
shadow (1:4.0.14-1) unstable; urgency=low
|
||||
|
||||
* passwd does not support the -f, -s, and -g options anymore. You should use
|
||||
the chfn, chsh and gpasswd utilities instead.
|
||||
* login now distributes the nologin utility, which can be used as a shell
|
||||
to politely refuse a login
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
|
||||
|
||||
shadow (1:4.0.12-1) unstable; urgency=low
|
||||
|
||||
CLOSE_SESSIONS and other variables are not used anymore in
|
||||
/etc/login/defs.
|
||||
As shadow utilities which use this file now warn about unknown
|
||||
entries there, administrators should remove such unknown entries.
|
||||
The supplied login.defs file does not include them anymore.
|
||||
|
||||
dpasswd is no more distributed by upstream. Login do not support
|
||||
dialup password anymore. Re-introducing this functionality in
|
||||
upstream is not trivial.
|
||||
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
|
||||
|
||||
Vendored
-62
@@ -1,62 +0,0 @@
|
||||
Read this file first for a brief overview of the new versions of login
|
||||
and passwd.
|
||||
|
||||
|
||||
---Shadow passwords
|
||||
|
||||
The command `shadowconfig on' will turn on shadow password support.
|
||||
`shadowconfig off' will turn it back off. If you turn on shadow
|
||||
password support, you'll gain the ability to set password ages and
|
||||
expirations with chage(1).
|
||||
|
||||
NOTE: If you use the nscd package, you may have problems with a
|
||||
slight delay in updating the password information. You may notice
|
||||
this during upgrades of certain packages that try to add a system
|
||||
user and then access the users information immediately afterwards.
|
||||
To avoid this, it is suggested that you stop the nscd daemon before
|
||||
upgrades, then restart it again.
|
||||
|
||||
---General configuration
|
||||
|
||||
Most of the configuration for the shadow utilities is in
|
||||
/etc/login.defs. See login.defs(5). The defaults are quite
|
||||
reasonable.
|
||||
|
||||
Also see the /etc/pam.d/* files for each program to configure the PAM
|
||||
support. PAM documentation is available in several formats in the
|
||||
libpam-doc package.
|
||||
|
||||
|
||||
---MD5 Encryption
|
||||
|
||||
This is enabled now using the /etc/pam.d/* files. Examples are given.
|
||||
|
||||
|
||||
---Adding users and groups
|
||||
|
||||
Though you may add users and groups with the SysV type commands,
|
||||
useradd and groupadd, I recommend you add them with Debian adduser
|
||||
version 3+. adduser gives you more configuration and conforms to the
|
||||
Debian UID and GID allocation.
|
||||
|
||||
Editing user and group parameters can be done with usermod and
|
||||
groupmod. Removing users and groups can be done with userdel and
|
||||
groupdel.
|
||||
|
||||
|
||||
--- Group administration
|
||||
|
||||
Local group allocation is much easier. With gpasswd(1) you can
|
||||
designate users to administer groups. They can then securely add or
|
||||
remove users from the group.
|
||||
|
||||
|
||||
--- What to read next?
|
||||
|
||||
Read the manpages, the other files in this directory, and the Shadow
|
||||
Password HOWTO (included in the doc-linux package). A large portion
|
||||
of these files deals with getting shadow installed. You can, of
|
||||
course, ignore those parts.
|
||||
|
||||
Also, the libpam-doc package will go a long way to allowing you to take
|
||||
full advantage of the PAM authentication scheme.
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
If you update the translation of upsteam files (thank you for that!) please
|
||||
submit a pull request upstream instead of filing a bug in the Debian BTS
|
||||
to get it reviewed and accepted faster.
|
||||
|
||||
A testsuite is also available. Instruction on how to run this testsuite
|
||||
are available in tests/README
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu>, Mon, 31 Jan 2022 14:07:11 +0100
|
||||
Vendored
-19
@@ -1,19 +0,0 @@
|
||||
Things that should be done:
|
||||
* Verify the files left in debian/tmp
|
||||
+ e.g. /etc/default/adduser should be installed
|
||||
* Check the build system: rebuilding the package twoce in the same tree
|
||||
doubles the size of the diff.gz file
|
||||
|
||||
Other points (not related to the release of a syncronized shadow):
|
||||
* compare the source with the usages and man pages
|
||||
+ probably add a sentence to chsh/chfn's manpages about authentication
|
||||
required for ordinary users
|
||||
* do something (a tool) for the variables in login.defs
|
||||
In Debian, some tools are not compiled with the PAM support, so upstream
|
||||
getdef.c won't be OK.
|
||||
It should be nice to see in each man page the set of variables used.
|
||||
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
|
||||
with the debugging informations. This may be used to extract the set of
|
||||
variables used in Debian/for each tools.
|
||||
* verify all the patches around (I've found patches for at least RedHat,
|
||||
OWL, LFS, Mandriva, Gentoo; are they already applied?)
|
||||
Vendored
-25
@@ -1,25 +0,0 @@
|
||||
This described the usertags used by the team.
|
||||
|
||||
For usertags documentation, see
|
||||
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
|
||||
|
||||
All bugs tagged by team members must be tagged with
|
||||
"user pkg-shadow-devel@lists.alioth.debian.org"
|
||||
|
||||
Tags list
|
||||
---------
|
||||
|
||||
toclose: This bug has been announced to be closed in case no more news
|
||||
or information is received from the bug submitter or someone
|
||||
else until the delay specified in the limits_YYYYMMDD tag
|
||||
|
||||
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
|
||||
bugs can be closed without other action in case no news
|
||||
is received
|
||||
|
||||
manpages-replace A bug reported angainst a manpages-xx package to indicate
|
||||
conflicting man pages. This tag can be used to tune the
|
||||
Replaces fields.
|
||||
|
||||
su-transition: This bug is related to the su transition (#276419)
|
||||
|
||||
Vendored
-4050
File diff suppressed because it is too large
Load Diff
Vendored
-89
@@ -1,89 +0,0 @@
|
||||
Source: shadow
|
||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Uploaders: Balint Reczey <balint@balintreczey.hu>,
|
||||
Serge Hallyn <serge@hallyn.com>
|
||||
Section: admin
|
||||
Priority: required
|
||||
Build-Depends: debhelper-compat (= 13),
|
||||
gettext,
|
||||
libcrypt-dev,
|
||||
libpam0g-dev,
|
||||
quilt,
|
||||
xsltproc,
|
||||
docbook-xsl,
|
||||
docbook-xml,
|
||||
libxml2-utils,
|
||||
libselinux1-dev [linux-any],
|
||||
libsemanage-dev [linux-any],
|
||||
itstool,
|
||||
bison,
|
||||
libaudit-dev [linux-any]
|
||||
Standards-Version: 4.6.1
|
||||
Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master
|
||||
Vcs-Browser: https://salsa.debian.org/debian/shadow
|
||||
Homepage: https://github.com/shadow-maint/shadow
|
||||
Rules-Requires-Root: binary-targets
|
||||
|
||||
Package: passwd
|
||||
Architecture: any
|
||||
Multi-Arch: foreign
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-modules
|
||||
Recommends: sensible-utils
|
||||
Description: change and administer password and group data
|
||||
This package includes passwd, chsh, chfn, and many other programs to
|
||||
maintain password and group data.
|
||||
.
|
||||
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
|
||||
|
||||
Package: login
|
||||
Architecture: any
|
||||
Multi-Arch: foreign
|
||||
Essential: yes
|
||||
Pre-Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-runtime,
|
||||
libpam-modules
|
||||
Breaks: hurd (<< 20140206~) [hurd-any],
|
||||
util-linux (<< 2.32-0.2~)
|
||||
Conflicts: python-4suite (<< 0.99cvs20060405-1)
|
||||
Replaces: hurd (<< 20140206~) [hurd-any]
|
||||
Description: system login tools
|
||||
This package provides some required infrastructure for logins and for
|
||||
changing effective user or group IDs, including:
|
||||
* login, the program that invokes a user shell on a virtual terminal;
|
||||
* nologin, a dummy shell for disabled user accounts;
|
||||
|
||||
Package: uidmap
|
||||
Architecture: any
|
||||
Multi-Arch: foreign
|
||||
Priority: optional
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends}
|
||||
Description: programs to help use subuids
|
||||
These programs help unprivileged users to create uid and gid mappings in
|
||||
user namespaces.
|
||||
|
||||
Package: libsubid4
|
||||
Section: libs
|
||||
Priority: optional
|
||||
Architecture: any
|
||||
Multi-Arch: same
|
||||
Pre-Depends: ${misc:Pre-Depends}
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
||||
Description: subordinate id handling library -- shared library
|
||||
The library provides an interface for querying, granding and ungranting
|
||||
subordinate user and group ids.
|
||||
|
||||
Package: libsubid-dev
|
||||
Section: libdevel
|
||||
Priority: optional
|
||||
Architecture: any
|
||||
Depends: ${misc:Depends}, libsubid4 (= ${binary:Version})
|
||||
Description: subordinate id handling library -- shared library
|
||||
The library provides an interface for querying, granding and ungranting
|
||||
subordinate user and group ids.
|
||||
.
|
||||
This package contains the C header files that are
|
||||
needed for applications to use the libsubid4 library.
|
||||
Vendored
-221
@@ -1,221 +0,0 @@
|
||||
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: Shadow
|
||||
Source: https://github.com/shadow-maint/shadow
|
||||
Note: atudel is licensed under BSD-4-Clause which is not DFSG compatible
|
||||
Files-Excluded: contrib/atudel
|
||||
|
||||
Files: *
|
||||
Copyright: 1989-1994, Julianne Frances Haugh
|
||||
2016-2022, Serge Hallyn <serge@hallyn.com>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/po/da.po
|
||||
man/po/de.po
|
||||
man/tr/man1/su.1
|
||||
po/da.po
|
||||
po/de.po
|
||||
po/es.po
|
||||
po/eu.po
|
||||
po/fi.po
|
||||
po/gl.po
|
||||
po/it.po
|
||||
po/kk.po
|
||||
po/nb.po
|
||||
po/nl.po
|
||||
po/nn.po
|
||||
po/pl.po
|
||||
po/pt_BR.po
|
||||
po/ru.po
|
||||
po/sq.po
|
||||
po/sv.po
|
||||
po/vi.po
|
||||
Copyright: 1999-2015, Free Software Foundation, Inc
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/fi/man1/chfn.1
|
||||
man/id/man1/*
|
||||
man/ko/man1/chfn.1
|
||||
man/ko/man1/chsh.1
|
||||
man/tr/man1/chfn.1
|
||||
man/zh_TW/man1/chfn.1
|
||||
man/zh_TW/man1/chsh.1
|
||||
Copyright: 1994, salvatore valente <svalente@athena.mit.edu>
|
||||
License: GPL-1
|
||||
|
||||
Files: man/pt_BR/man8/*
|
||||
man/zh_TW/man8/usermod.8
|
||||
Copyright: 1991-1994, Julianne Frances Haugh
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/hu/man1/gpasswd.1
|
||||
man/ja/man1/gpasswd.1
|
||||
man/pt_BR/man1/*
|
||||
Copyright: 1996, Rafal Maszkowski <rzm@pdi.net>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/id/man1/login.1
|
||||
man/ko/man1/login.1
|
||||
man/tr/man1/login.1
|
||||
Copyright: 1993, Rickard E. Faith <faith@cs.unc.edu>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/ja/man1/groups.1
|
||||
man/ja/man5/limits.5
|
||||
man/ja/man8/vipw.8
|
||||
Copyright: 2001, Maki KURODA
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/pt_BR/man5/passwd.5
|
||||
man/tr/man5/passwd.5
|
||||
Copyright: 1993, Michael Haardt <michael@moria.de>
|
||||
License: GPL-2+
|
||||
|
||||
Files: man/ja/man1/chage.1
|
||||
man/ja/man5/suauth.5
|
||||
Copyright: 1997, Kazuyoshi Furutaka
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/po/fr.po
|
||||
po/fr.po
|
||||
Copyright: 2011-2013, Debian French l10n team <debian-l10n-french@lists.debian.org>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/zh_TW/man5/*
|
||||
Copyright: 1993, Michael Haardt <michael@moria.de>
|
||||
1993, Scorpio, www.linuxforum.net
|
||||
License: GPL-2+
|
||||
|
||||
Files: contrib/udbachk.tgz
|
||||
Copyright: 1999, Sami Kerola and Janne Riihijärvi
|
||||
License: GPL-2+
|
||||
|
||||
Files: man/hu/man5/*
|
||||
Copyright: 1993, Michael Haardt <u31b3hs@pool.informatik.rwth-aachen.de>
|
||||
License: GPL-2+
|
||||
|
||||
Files: contrib/adduser2.sh
|
||||
Copyright: 1996, Petri Mattila, Prihateam Networks <petri@prihateam.fi>
|
||||
License: GPL-2+
|
||||
|
||||
Files: contrib/pwdauth.c
|
||||
Copyright: 1996, Marek Michalkiewicz
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: lib/subordinateio.h
|
||||
Copyright: 2012, Eric W. Biederman
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: libmisc/date_to_str.c
|
||||
Copyright: 2021, Alejandro Colomar <alx.manpages@gmail.com>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/hu/man1/su.1
|
||||
Copyright: 1999, Ragnar Hojland Espinosa <ragnar@macula.net>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/ja/man1/id.1
|
||||
Copyright: 2000, ISHIKAWA Keisuke
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: man/ja/man8/pwconv.8
|
||||
Copyright: 2001, Yuichi SATO
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: src/login_nopam.c
|
||||
Copyright: 1995, Wietse Venema
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: src/su.c
|
||||
Copyright: 1989 - 1994, Julianne Frances Haugh
|
||||
1996 - 2000, Marek Michałkiewicz
|
||||
2000 - 2006, Tomasz Kłoczko
|
||||
2007 - 2013, Nicolas François
|
||||
License: GPL-2+
|
||||
|
||||
Files: src/vipw.c
|
||||
Copyright: 1997, Guy Maor <maor@ece.utexas.edu>
|
||||
1999 - 2000, Marek Michałkiewicz
|
||||
2002 - 2006, Tomasz Kłoczko
|
||||
2007 - 2013, Nicolas François
|
||||
License: GPL-2+
|
||||
|
||||
Files: libmisc/getdate.y
|
||||
Copyright: Steven M. Bellovin <smb@research.att.com>
|
||||
License: public-domain
|
||||
Originally written by Steven M. Bellovin <smb@research.att.com> while
|
||||
at the University of North Carolina at Chapel Hill. Later tweaked by
|
||||
a couple of people on Usenet. Completely overhauled by Rich $alz
|
||||
<rsalz@bbn.com> and Jim Berets <jberets@bbn.com> in August, 1990;
|
||||
.
|
||||
This code is in the public domain and has no copyright.
|
||||
|
||||
Files: man/ko/man5/*
|
||||
Copyright: 2000, ASPLINUX <man@asp-linux.co.kr>
|
||||
License: GPL-2+
|
||||
|
||||
Files: debian/*
|
||||
Copyright: 1999-2001, Ben Collins <bcollins@debian.org>
|
||||
2001-2004 Karl Ramm <kcr@debian.org>
|
||||
2004-2014 Christian Perrier <bubulle@debian.org>
|
||||
2006-2012 Nicolas Francois (Nekral) <nicolas.francois@centraliens.net>
|
||||
2017-2022 Balint Reczey <balint@balintreczey.hu>
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: debian/HOME_MODE.xml
|
||||
Copyright: 1991-1993, Chip Rosenthal
|
||||
1991-1993, Julianne Frances Haugh
|
||||
2007-2009, Nicolas François
|
||||
License: BSD-3-clause
|
||||
|
||||
Files: debian/patches/401_cppw_src.dpatch
|
||||
Copyright: 1997, Guy Maor <maor@ece.utexas.edu>
|
||||
1999, Stephen Frost <sfrost@snowman.net>
|
||||
License: GPL-2+
|
||||
|
||||
Files: debian/passwd.expire.cron
|
||||
Copyright: 1999, Ben Collins <bcollins@debian.org>
|
||||
License: BSD-3-clause
|
||||
|
||||
License: BSD-3-clause
|
||||
All rights reserved.
|
||||
.
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of the University nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
.
|
||||
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
License: GPL-1
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; version 1
|
||||
.
|
||||
On Debian systems, the complete text of version 1 of the GNU General
|
||||
Public License can be found in '/usr/share/common-licenses/GPL-1'.
|
||||
|
||||
License: GPL-2+
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; version 2 dated June, 1991, or (at
|
||||
your option) any later version.
|
||||
.
|
||||
On Debian systems, the complete text of version 2 of the GNU General
|
||||
Public License can be found in '/usr/share/common-licenses/GPL-2'.
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
.so man8/cppw.8
|
||||
Vendored
-27
@@ -1,27 +0,0 @@
|
||||
.TH CPPW 8 "7 Apr 2005"
|
||||
.SH NAME
|
||||
cppw, cpgr \- copy with locking the given file to the password or group file
|
||||
.SH SYNOPSIS
|
||||
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
|
||||
.br
|
||||
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
|
||||
|
||||
.SH DESCRIPTION
|
||||
.BR cppw " and " cpgr
|
||||
will copy, with locking, the given file to
|
||||
.IR /etc/passwd " and " /etc/group ", respectively."
|
||||
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
|
||||
.IR /etc/shadow " and " /etc/gshadow ", respectively."
|
||||
|
||||
With the \fB\-h\fR flag, the commands display a short help message and exit
|
||||
silently.
|
||||
.SH "SEE ALSO"
|
||||
.BR vipw (8),
|
||||
.BR vigr (8),
|
||||
.BR group (5),
|
||||
.BR passwd (5),
|
||||
.BR shadow (5),
|
||||
.BR gshadow (5)
|
||||
.SH AUTHOR
|
||||
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
|
||||
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
|
||||
Vendored
-37
@@ -1,37 +0,0 @@
|
||||
# Default values for useradd(8)
|
||||
#
|
||||
# The SHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
# Similar to DSHELL in adduser. However, we use "sh" here because
|
||||
# useradd is a low level utility and should be as general
|
||||
# as possible
|
||||
SHELL=/bin/sh
|
||||
#
|
||||
# The default group for users
|
||||
# 100=users on Debian systems
|
||||
# Same as USERS_GID in adduser
|
||||
# This argument is used when the -n flag is specified.
|
||||
# The default behavior (when -n and -g are not specified) is to create a
|
||||
# primary user group with the same name as the user being added to the
|
||||
# system.
|
||||
# GROUP=100
|
||||
#
|
||||
# The default home directory. Same as DHOME for adduser
|
||||
# HOME=/home
|
||||
#
|
||||
# The number of days after a password expires until the account
|
||||
# is permanently disabled
|
||||
# INACTIVE=-1
|
||||
#
|
||||
# The default expire date
|
||||
# EXPIRE=
|
||||
#
|
||||
# The SKEL variable specifies the directory containing "skeletal" user
|
||||
# files; in other words, files such as a sample .profile that will be
|
||||
# copied to the new user's home directory when it is created.
|
||||
# SKEL=/etc/skel
|
||||
#
|
||||
# Defines whether the mail spool should be created while
|
||||
# creating the account
|
||||
# CREATE_MAIL_SPOOL=no
|
||||
|
||||
Vendored
-94
@@ -1,94 +0,0 @@
|
||||
Build-Depends:
|
||||
==============
|
||||
* autoconf
|
||||
* automake1.9
|
||||
works with 1.7 or 1.9 (at least)
|
||||
* libtool
|
||||
* gettext
|
||||
POT, PO, GMO regenerated?
|
||||
* libpam0g-dev
|
||||
OK
|
||||
* debhelper (>= 4.1.16)
|
||||
* po-debconf
|
||||
OK
|
||||
* quilt
|
||||
patch system
|
||||
* dpkg-dev (>= 1.13.5)
|
||||
* xsltproc
|
||||
used to generate the manpages
|
||||
* docbook-xsl
|
||||
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
|
||||
* docbook-xml
|
||||
manpages/docbook.xsl includes html/docbook.xsl
|
||||
(But it is not strictly needed. The generated manpages are identical.
|
||||
Without it, a warning is generated.)
|
||||
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
|
||||
* libxml2-utils
|
||||
needed by the JH_CHECK_XML_CATALOG macros
|
||||
* cdbs
|
||||
used in debian/rules
|
||||
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
|
||||
* gnome-doc-utils (>= 0.4.3-1)
|
||||
xml2po, 0.4.3-1 needed for the -l switch.
|
||||
|
||||
passwd Depends:
|
||||
===============
|
||||
* ${shlibs:Depends}
|
||||
OK
|
||||
* ${loginpam}
|
||||
- hurd
|
||||
login
|
||||
libpam-modules (>= 0.72-5)
|
||||
- other archs
|
||||
+ login (>= 970502-1)
|
||||
login is needed because some passwd utils need /etc/login.defs
|
||||
login is Essential, so this is just to enforce the version
|
||||
+ libpam-modules (>= 0.72-5)
|
||||
* debianutils (>= 2.15.2)
|
||||
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
|
||||
/etc/shell was forgotten and introduced in debianutils in 2.15.2
|
||||
|
||||
passwd Conflicts:
|
||||
=================
|
||||
|
||||
passwd Replaces:
|
||||
================
|
||||
Some of the passwd man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
|
||||
All those packages have been updated during sarge->etch. So these Replaces
|
||||
should be removed after lenny release
|
||||
* manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
login Pre-Depends:
|
||||
==================
|
||||
* ${shlibs:Depends}
|
||||
* libpam-runtime (>= 0.76-14)
|
||||
sarge contained 0.76-22
|
||||
|
||||
Why Pre-Depends? (because it's an essential package?)
|
||||
|
||||
login Depends:
|
||||
==============
|
||||
* libpam-modules (>= 0.72-5)
|
||||
libpam-modules is needed.
|
||||
potato contained 0.72-9
|
||||
|
||||
login Conflicts:
|
||||
================
|
||||
|
||||
login Replaces:
|
||||
===============
|
||||
* Some of the login man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
|
||||
Those are packages that have been updated during sarge->etch. These
|
||||
Replaces should be removed after lenny
|
||||
- manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
variables:
|
||||
RELEASE: 'unstable'
|
||||
include:
|
||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
|
||||
Vendored
-3
@@ -1,3 +0,0 @@
|
||||
usr/include/*
|
||||
usr/lib/*/libsubid.a
|
||||
usr/lib/*/libsubid.so
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/lib/*/libsubid.so.*
|
||||
Vendored
-10
@@ -1,10 +0,0 @@
|
||||
libsubid.so.4 libsubid4 #MINVER#
|
||||
subid_get_gid_owners@Base 1:4.11.1
|
||||
subid_get_gid_ranges@Base 1:4.11.1
|
||||
subid_get_uid_owners@Base 1:4.11.1
|
||||
subid_get_uid_ranges@Base 1:4.11.1
|
||||
subid_grant_gid_range@Base 1:4.11.1
|
||||
subid_grant_uid_range@Base 1:4.11.1
|
||||
subid_init@Base 1:4.11.1
|
||||
subid_ungrant_gid_range@Base 1:4.11.1
|
||||
subid_ungrant_uid_range@Base 1:4.11.1
|
||||
Vendored
-402
@@ -1,402 +0,0 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the login package.
|
||||
#
|
||||
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
|
||||
# If unspecified, some arbitrary (and possibly incorrect) value will
|
||||
# be assumed. All other items are optional - if not specified then
|
||||
# the described action or option will be inhibited.
|
||||
#
|
||||
# Comment lines (lines beginning with "#") and blank lines are ignored.
|
||||
#
|
||||
# Modified for Linux. --marekm
|
||||
|
||||
# REQUIRED for useradd/userdel/usermod
|
||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
|
||||
# MAIL_DIR takes precedence.
|
||||
#
|
||||
# Essentially:
|
||||
# - MAIL_DIR defines the location of users mail spool files
|
||||
# (for mbox use) by appending the username to MAIL_DIR as defined
|
||||
# below.
|
||||
# - MAIL_FILE defines the location of the users mail spool files as the
|
||||
# fully-qualified filename obtained by prepending the user home
|
||||
# directory before $MAIL_FILE
|
||||
#
|
||||
# NOTE: This is no more used for setting up users MAIL environment variable
|
||||
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
|
||||
# job of the pam_mail PAM modules
|
||||
# See default PAM configuration files provided for
|
||||
# login, su, etc.
|
||||
#
|
||||
# This is a temporary situation: setting these variables will soon
|
||||
# move to /etc/default/useradd and the variables will then be
|
||||
# no more supported
|
||||
MAIL_DIR /var/mail
|
||||
#MAIL_FILE .mail
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/faillog login failure info.
|
||||
# This option conflicts with the pam_tally PAM module.
|
||||
#
|
||||
FAILLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
#
|
||||
# WARNING: Unknown usernames may become world readable.
|
||||
# See #290803 and #298773 for details about how this could become a security
|
||||
# concern
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
# Enable logging of successful logins
|
||||
#
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
# If defined, all su activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
# If defined, login failures will be logged here in a utmp format
|
||||
# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
#
|
||||
FTMP_FILE /var/log/btmp
|
||||
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
# example, if this is defined as "su" then a "ps" will display the
|
||||
# command is "-su". If not defined, then "ps" would display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
SU_NAME su
|
||||
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
#
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a "write" program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP to the group number and
|
||||
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
|
||||
# TTYPERM to either 622 or 600.
|
||||
#
|
||||
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
|
||||
# However, the default and recommended value for TTYPERM is still 0600
|
||||
# to not allow anyone to write to anyone else console or terminal
|
||||
|
||||
# Users can still allow other people to write them by issuing
|
||||
# the "mesg y" command.
|
||||
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
#
|
||||
# Login configuration initializations:
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
# UMASK Default "umask" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
#
|
||||
# UMASK is the default umask value for pam_umask and is used by
|
||||
# useradd and newusers to set the mode of the new home directories.
|
||||
# 022 is the "historical" value in Debian for UMASK
|
||||
# 027, or even 077, could be considered better for privacy
|
||||
# There is no One True Answer here : each sysadmin must make up his/her
|
||||
# mind.
|
||||
#
|
||||
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
|
||||
# for private user groups, i. e. the uid is the same as gid, and username is
|
||||
# the same as the primary group name: for these, the user permissions will be
|
||||
# used as group permissions, e. g. 022 will become 002.
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
UMASK 022
|
||||
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
#HOME_MODE 0700
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_UID_MIN 100
|
||||
#SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
SUB_UID_COUNT 65536
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_GID_MIN 100
|
||||
#SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login retries if password is bad. This will most likely be
|
||||
# overriden by PAM, since the default pam_unix module has it's own built
|
||||
# in of 3 retries. However, this is a safe fallback in case you are using
|
||||
# an authentication module that does not enforce PAM_MAXTRIES.
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
# Max time in seconds for login
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
#
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
# If set to yes, userdel will remove the user's group if it contains no
|
||||
# more members, and useradd will create by default a group with the name
|
||||
# of the user.
|
||||
#
|
||||
# Other former uses of this variable such as setting the umask when
|
||||
# user==primary group are not used in PAM environments, such as Debian
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
#
|
||||
# Instead of the real user shell, the program specified by this parameter
|
||||
# will be launched, although its visible name (argv[0]) will be the shell's.
|
||||
# The program may do whatever it wants (logging, additional authentification,
|
||||
# banner, ...) before running the actual shell.
|
||||
#
|
||||
# FAKE_SHELL /bin/fakeshell
|
||||
|
||||
#
|
||||
# If defined, either full pathname of a file containing device names or
|
||||
# a ":" delimited list of device names. Root logins will be allowed only
|
||||
# upon these devices.
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE /etc/consoles
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
# List of groups to add to the user's supplementary group set
|
||||
# when logging in on the console (as determined by the CONSOLE
|
||||
# setting). Default is none.
|
||||
#
|
||||
# Use with caution - it is possible for users to gain permanent
|
||||
# access to these groups, even when not logged in on the console.
|
||||
# How to do it is left as an exercise for the reader...
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
|
||||
#
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
||||
# which don't understand the new algorithm. Default is "no".
|
||||
#
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD.
|
||||
#
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
|
||||
# If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
# MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
|
||||
# Overrides the MD5_CRYPT_ENAB option
|
||||
#
|
||||
# Note: It is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
ENCRYPT_METHOD SHA512
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000),
|
||||
# which is orders of magnitude too low for modern hardware.
|
||||
# The values must be within the 1000-999999999 range.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
#SHA_CRYPT_MIN_ROUNDS 5000
|
||||
#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to YESCRYPT.
|
||||
#
|
||||
# Define the YESCRYPT cost factor.
|
||||
# With a higher cost factor, it is more difficult to brute-force the password.
|
||||
# However, more CPU time and more memory will be needed to authenticate users
|
||||
# if this value is increased.
|
||||
#
|
||||
# If not specified, a cost factor of 5 will be used.
|
||||
# The value must be within the 1-11 range.
|
||||
#
|
||||
#YESCRYPT_COST_FACTOR 5
|
||||
|
||||
#
|
||||
# The pwck(8) utility emits a warning for any system account with a home
|
||||
# directory that does not exist. Some system accounts intentionally do
|
||||
# not have a home directory. Such accounts may have this string as
|
||||
# their home directory in /etc/passwd to avoid a spurious warning.
|
||||
#
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
#
|
||||
# Allow newuidmap and newgidmap when running under an alternative
|
||||
# primary group.
|
||||
#
|
||||
#GRANT_AUX_GROUP_SUBIDS yes
|
||||
|
||||
#
|
||||
# Prevents an empty password field to be interpreted as "no authentication
|
||||
# required".
|
||||
# Set to "yes" to prevent for all accounts
|
||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||
PREVENT_NO_AUTH superuser
|
||||
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
# authentication code.
|
||||
#
|
||||
# Note: It is recommended to check hmac(3) to see the possible algorithms
|
||||
# that are available in your system.
|
||||
#
|
||||
#HMAC_CRYPTO_ALGO SHA512
|
||||
|
||||
################# OBSOLETED BY PAM ##############
|
||||
# #
|
||||
# These options are now handled by PAM. Please #
|
||||
# edit the appropriate file in /etc/pam.d/ to #
|
||||
# enable the equivelants of them.
|
||||
#
|
||||
###############
|
||||
|
||||
#MOTD_FILE
|
||||
#DIALUPS_CHECK_ENAB
|
||||
#LASTLOG_ENAB
|
||||
#MAIL_CHECK_ENAB
|
||||
#OBSCURE_CHECKS_ENAB
|
||||
#PORTTIME_CHECKS_ENAB
|
||||
#SU_WHEEL_ONLY
|
||||
#CRACKLIB_DICTPATH
|
||||
#PASS_CHANGE_TRIES
|
||||
#PASS_ALWAYS_WARN
|
||||
#ENVIRON_FILE
|
||||
#NOLOGINS_FILE
|
||||
#ISSUE_FILE
|
||||
#PASS_MIN_LEN
|
||||
#PASS_MAX_LEN
|
||||
#ULIMIT
|
||||
#ENV_HZ
|
||||
#CHFN_AUTH
|
||||
#CHSH_AUTH
|
||||
#FAIL_DELAY
|
||||
|
||||
################# OBSOLETED #######################
|
||||
# #
|
||||
# These options are no more handled by shadow. #
|
||||
# #
|
||||
# Shadow utilities will display a warning if they #
|
||||
# still appear. #
|
||||
# #
|
||||
###################################################
|
||||
|
||||
# CLOSE_SESSIONS
|
||||
# LOGIN_STRING
|
||||
# NO_PASSWORD_CONSOLE
|
||||
# QMAIL_DIR
|
||||
|
||||
|
||||
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
Vendored
-7
@@ -1,7 +0,0 @@
|
||||
debian/login.defs etc
|
||||
usr/share/locale/*/LC_MESSAGES/shadow.mo
|
||||
sbin/nologin usr/sbin
|
||||
usr/bin/faillog
|
||||
usr/bin/lastlog
|
||||
usr/bin/newgrp
|
||||
bin/login
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/bin/newgrp usr/bin/sg
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
login: elevated-privileges 4755 root/root [usr/bin/newgrp]
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
rm_conffile /etc/securetty 1:4.7-1~
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
usr/share/man/*/man1/login.1
|
||||
usr/share/man/*/man1/newgrp.1
|
||||
usr/share/man/*/man1/sg.1
|
||||
usr/share/man/*/man5/faillog.5
|
||||
usr/share/man/*/man5/login.defs.5
|
||||
usr/share/man/*/man8/faillog.8
|
||||
usr/share/man/*/man8/lastlog.8
|
||||
usr/share/man/*/man8/nologin.8
|
||||
usr/share/man/man1/login.1
|
||||
usr/share/man/man1/newgrp.1
|
||||
usr/share/man/man1/sg.1
|
||||
usr/share/man/man5/faillog.5
|
||||
usr/share/man/man5/login.defs.5
|
||||
usr/share/man/man8/faillog.8
|
||||
usr/share/man/man8/lastlog.8
|
||||
usr/share/man/man8/nologin.8
|
||||
Vendored
-100
@@ -1,100 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `login' service
|
||||
#
|
||||
|
||||
# Enforce a minimal delay in case of failure (in microseconds).
|
||||
# (Replaces the `FAIL_DELAY' setting from login.defs)
|
||||
# Note that other modules may require another minimal delay. (for example,
|
||||
# to disable any delay, you should add the nodelay option to pam_unix)
|
||||
auth optional pam_faildelay.so delay=3000000
|
||||
|
||||
# Outputs an issue file prior to each login prompt (Replaces the
|
||||
# ISSUE_FILE option from login.defs). Uncomment for use
|
||||
# auth required pam_issue.so issue=/etc/issue
|
||||
|
||||
# Disallows other than root logins when /etc/nologin exists
|
||||
# (Replaces the `NOLOGINS_FILE' option from login.defs)
|
||||
auth requisite pam_nologin.so
|
||||
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without this it is possible
|
||||
# that a module could execute code in the wrong domain.
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
|
||||
# Sets the loginuid process attribute
|
||||
session required pam_loginuid.so
|
||||
|
||||
# Prints the message of the day upon successful login.
|
||||
# (Replaces the `MOTD_FILE' option in login.defs)
|
||||
# This includes a dynamically generated part from /run/motd.dynamic
|
||||
# and a static (admin-editable) part from /etc/motd.
|
||||
session optional pam_motd.so motd=/run/motd.dynamic
|
||||
session optional pam_motd.so noupdate
|
||||
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this.
|
||||
# pam_selinux.so changes the SELinux context of the used TTY and configures
|
||||
# SELinux in order to transition to the user context with the next execve()
|
||||
# call.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Standard Un*x authentication.
|
||||
@include common-auth
|
||||
|
||||
# This allows certain extra groups to be granted to a user
|
||||
# based on things like time of day, tty, service, and user.
|
||||
# Please edit /etc/security/group.conf to fit your needs
|
||||
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
|
||||
auth optional pam_group.so
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restraint on logins.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# Uncomment and edit /etc/security/access.conf if you need to
|
||||
# set access limits.
|
||||
# (Replaces /etc/login.access file)
|
||||
# account required pam_access.so
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# Prints the last login info upon successful login
|
||||
# (Replaces the `LASTLOG_ENAB' option from login.defs)
|
||||
session optional pam_lastlog.so
|
||||
|
||||
# Prints the status of the user's mailbox upon successful login
|
||||
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
|
||||
#
|
||||
# This also defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
session optional pam_mail.so standard
|
||||
|
||||
# Create a new session keyring.
|
||||
session optional pam_keyinit.so force revoke
|
||||
|
||||
# Standard Un*x account and session
|
||||
@include common-account
|
||||
@include common-session
|
||||
@include common-password
|
||||
Vendored
-30
@@ -1,30 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
|
||||
if [ "$1" = "configure" ]; then
|
||||
# Install faillog during initial installs only
|
||||
if [ "$2" = "" ] && [ ! -f "$DPKG_ROOT/var/log/faillog" ] ; then
|
||||
touch "$DPKG_ROOT/var/log/faillog"
|
||||
chown 0:0 "$DPKG_ROOT/var/log/faillog"
|
||||
chmod 644 "$DPKG_ROOT/var/log/faillog"
|
||||
fi
|
||||
|
||||
# Create subuid/subgid if missing
|
||||
if [ ! -e "$DPKG_ROOT/etc/subuid" ]; then
|
||||
touch "$DPKG_ROOT/etc/subuid"
|
||||
chown 0:0 "$DPKG_ROOT/etc/subuid"
|
||||
chmod 644 "$DPKG_ROOT/etc/subuid"
|
||||
fi
|
||||
|
||||
if [ ! -e "$DPKG_ROOT/etc/subgid" ]; then
|
||||
touch "$DPKG_ROOT/etc/subgid"
|
||||
chown 0:0 "$DPKG_ROOT/etc/subgid"
|
||||
chmod 644 "$DPKG_ROOT/etc/subgid"
|
||||
fi
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-36
@@ -1,36 +0,0 @@
|
||||
bin/groups
|
||||
etc/default/useradd
|
||||
etc/login.defs
|
||||
etc/pam.d/chfn
|
||||
etc/pam.d/chage
|
||||
etc/pam.d/chpasswd
|
||||
etc/pam.d/chsh
|
||||
etc/pam.d/groupadd
|
||||
etc/pam.d/groupdel
|
||||
etc/pam.d/groupmems
|
||||
etc/pam.d/groupmod
|
||||
etc/pam.d/login
|
||||
etc/pam.d/newusers
|
||||
etc/pam.d/passwd
|
||||
etc/pam.d/useradd
|
||||
etc/pam.d/userdel
|
||||
etc/pam.d/usermod
|
||||
usr/bin/sg
|
||||
usr/lib/*/libsubid.la
|
||||
usr/sbin/logoutd
|
||||
usr/sbin/vigr
|
||||
usr/share/man/*/man1/groups.1
|
||||
usr/share/man/*/man1/logoutd.1
|
||||
usr/share/man/*/man1/su.1
|
||||
usr/share/man/*/man3/getspnam.3
|
||||
usr/share/man/*/man3/shadow.3
|
||||
usr/share/man/*/man5/suauth.5
|
||||
usr/share/man/*/man8/logoutd.8
|
||||
usr/share/man/man1/groups.1
|
||||
usr/share/man/man1/logoutd.1
|
||||
usr/share/man/man1/su.1
|
||||
usr/share/man/man3/getspnam.3
|
||||
usr/share/man/man3/shadow.3
|
||||
usr/share/man/man5/suauth.5
|
||||
usr/share/man/man8/logoutd.8
|
||||
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chage' service
|
||||
#
|
||||
|
||||
# This allows root to change password aging being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chfn' service
|
||||
#
|
||||
|
||||
# This allows root to change user infomation without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chpasswd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-20
@@ -1,20 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chsh' service
|
||||
#
|
||||
|
||||
# This will not allow a user to change their shell unless
|
||||
# their current one is listed in /etc/shells. This keeps
|
||||
# accounts with special shells from changing them.
|
||||
auth required pam_shells.so
|
||||
|
||||
# This allows root to change user shell without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
etc/default
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
debian/passwd.expire.cron
|
||||
Vendored
-57
@@ -1,57 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# passwd.expire.cron: sample expiry notification script for use as a cronjob
|
||||
#
|
||||
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
|
||||
# for use, distribution, modification, etc.
|
||||
#
|
||||
# Usage:
|
||||
# edit the listed options, including the actual email, then rename to
|
||||
# /etc/cron.daily/passwd
|
||||
#
|
||||
# If your users don't have a valid login shell (ie. they are ftp or mail
|
||||
# users only), they will need some other way to change their password
|
||||
# (telnet will work since login will handle password aging, or a poppasswd
|
||||
# program, if they are mail users).
|
||||
|
||||
# <CONFIG> #
|
||||
|
||||
# should be same as /etc/adduser.conf
|
||||
$LOW_UID=1000;
|
||||
$HIGH_UID=29999;
|
||||
|
||||
# this let's the MTA handle the domain,
|
||||
# set it manually if you want. Make sure
|
||||
# you also add the @ like "\@domain.com"
|
||||
$MAIL_DOM="";
|
||||
|
||||
# </CONFIG> #
|
||||
|
||||
# Set the current day reference
|
||||
$curdays = int(time() / (60 * 60 * 24));
|
||||
|
||||
# Now go through the list
|
||||
|
||||
open(SH, "< /etc/shadow");
|
||||
while (<SH>) {
|
||||
@shent = split(':', $_);
|
||||
@userent = getpwnam($shent[0]);
|
||||
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
|
||||
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
|
||||
$shent[4] != -1 && $shent[4] != 0 &&
|
||||
$shent[5] != -1 && $shent[5] != 0) {
|
||||
$daysleft = ($shent[2] + $shent[4]) - $curdays;
|
||||
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
|
||||
if ($daysleft < 0) { next; }
|
||||
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
|
||||
print MAIL <<EOF;
|
||||
Your account will expire in $daysleft $days. Please change your password before
|
||||
then or your account will expire
|
||||
EOF
|
||||
close (MAIL);
|
||||
# This makes sure we also get a list of almost expired users
|
||||
print "$shent[0]'s account will expire in $daysleft days\n";
|
||||
}
|
||||
}
|
||||
@userent = getpwent();
|
||||
}
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupadd' service
|
||||
#
|
||||
|
||||
# This allows root to add groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupmod' service
|
||||
#
|
||||
|
||||
# This allows root to modify groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-26
@@ -1,26 +0,0 @@
|
||||
debian/default/useradd etc/default
|
||||
debian/shadowconfig sbin
|
||||
usr/bin/chage
|
||||
usr/bin/chfn
|
||||
usr/bin/chsh
|
||||
usr/bin/expiry
|
||||
usr/bin/gpasswd
|
||||
usr/bin/passwd
|
||||
usr/sbin/chpasswd
|
||||
usr/sbin/chgpasswd
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/groupmems
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
usr/sbin/grpunconv
|
||||
usr/sbin/newusers
|
||||
usr/sbin/pwck
|
||||
usr/sbin/pwconv
|
||||
usr/sbin/pwunconv
|
||||
usr/sbin/useradd
|
||||
usr/sbin/userdel
|
||||
usr/sbin/usermod
|
||||
usr/sbin/vipw
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/sbin/vipw usr/sbin/vigr
|
||||
usr/sbin/cppw usr/sbin/cpgr
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
passwd: elevated-privileges 2755 root/shadow [usr/bin/chage]
|
||||
passwd: elevated-privileges 4755 root/root [usr/bin/chfn]
|
||||
passwd: elevated-privileges 4755 root/root [usr/bin/chsh]
|
||||
passwd: elevated-privileges 2755 root/shadow [usr/bin/expiry]
|
||||
passwd: elevated-privileges 4755 root/root [usr/bin/gpasswd]
|
||||
passwd: elevated-privileges 4755 root/root [usr/bin/passwd]
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
rm_conffile /etc/cron.daily/passwd 1:4.7-2~
|
||||
Vendored
-60
@@ -1,60 +0,0 @@
|
||||
debian/cpgr.8
|
||||
debian/cppw.8
|
||||
usr/share/man/*/man1/chage.1
|
||||
usr/share/man/*/man1/chfn.1
|
||||
usr/share/man/*/man1/chsh.1
|
||||
usr/share/man/*/man1/expiry.1
|
||||
usr/share/man/*/man1/gpasswd.1
|
||||
usr/share/man/*/man1/passwd.1
|
||||
usr/share/man/*/man5/passwd.5
|
||||
usr/share/man/*/man5/subgid.5
|
||||
usr/share/man/*/man5/subuid.5
|
||||
usr/share/man/*/man5/shadow.5
|
||||
usr/share/man/*/man5/gshadow.5
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/chgpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
usr/share/man/*/man8/grpunconv.8
|
||||
usr/share/man/*/man8/newusers.8
|
||||
usr/share/man/*/man8/pwck.8
|
||||
usr/share/man/*/man8/pwconv.8
|
||||
usr/share/man/*/man8/pwunconv.8
|
||||
usr/share/man/*/man8/useradd.8
|
||||
usr/share/man/*/man8/userdel.8
|
||||
usr/share/man/*/man8/usermod.8
|
||||
usr/share/man/*/man8/vigr.8
|
||||
usr/share/man/*/man8/vipw.8
|
||||
usr/share/man/man1/chage.1
|
||||
usr/share/man/man1/chfn.1
|
||||
usr/share/man/man1/chsh.1
|
||||
usr/share/man/man1/expiry.1
|
||||
usr/share/man/man1/gpasswd.1
|
||||
usr/share/man/man1/passwd.1
|
||||
usr/share/man/man5/passwd.5
|
||||
usr/share/man/man5/shadow.5
|
||||
usr/share/man/man5/gshadow.5
|
||||
usr/share/man/man5/subuid.5
|
||||
usr/share/man/man5/subgid.5
|
||||
usr/share/man/man8/chgpasswd.8
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
usr/share/man/man8/groupmems.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
usr/share/man/man8/grpunconv.8
|
||||
usr/share/man/man8/newusers.8
|
||||
usr/share/man/man8/pwck.8
|
||||
usr/share/man/man8/pwconv.8
|
||||
usr/share/man/man8/pwunconv.8
|
||||
usr/share/man/man8/useradd.8
|
||||
usr/share/man/man8/userdel.8
|
||||
usr/share/man/man8/usermod.8
|
||||
usr/share/man/man8/vigr.8
|
||||
usr/share/man/man8/vipw.8
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'newusers' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `passwd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-30
@@ -1,30 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
|
||||
then
|
||||
groupadd -g 42 shadow || (
|
||||
cat <<EOF
|
||||
Group ID 42 has been allocated for the shadow group. You have either
|
||||
used 42 yourself or created a shadow group with a different ID.
|
||||
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
|
||||
Note that both user and group IDs in the range 0-99 are globally
|
||||
allocated by the Debian project and must be the same on every Debian
|
||||
system.
|
||||
EOF
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# Run shadowconfig only on new installs
|
||||
[ -z "$2" ] && shadowconfig on
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# If a password operation is in progress and we lose power, stale lockfiles
|
||||
# can be left behind. Clear them on boot.
|
||||
r! /etc/gshadow.lock
|
||||
r! /etc/shadow.lock
|
||||
r! /etc/passwd.lock
|
||||
r! /etc/group.lock
|
||||
r! /etc/subuid.lock
|
||||
r! /etc/subgid.lock
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'useradd' service
|
||||
#
|
||||
|
||||
# This allows root to add users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'userdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
@@ -1,32 +0,0 @@
|
||||
From e503fd574b7dbf6b21b1168e20938f0922807916 Mon Sep 17 00:00:00 2001
|
||||
From: Xiami <1927254+Xiami2012@users.noreply.github.com>
|
||||
Date: Wed, 5 Oct 2022 18:11:28 +0800
|
||||
Subject: [PATCH] chage: Fix regression in print_date
|
||||
|
||||
Introduced by c6c8130db4319613a91dd07bbb845f6c33c5f79f
|
||||
|
||||
After removing snprintf, the format string should get unescaped once.
|
||||
|
||||
Fixes #564
|
||||
|
||||
Reporter and patch author: DerMouse (github.com/DerMouse)
|
||||
---
|
||||
src/chage.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/chage.c b/src/chage.c
|
||||
index 8cf67794..01570d72 100644
|
||||
--- a/src/chage.c
|
||||
+++ b/src/chage.c
|
||||
@@ -228,7 +228,7 @@ static void print_date (time_t date)
|
||||
if (NULL == tp) {
|
||||
(void) printf ("time_t: %lu\n", (unsigned long)date);
|
||||
} else {
|
||||
- (void) strftime (buf, sizeof buf, iflg ? "%%Y-%%m-%%d" : "%%b %%d, %%Y", tp);
|
||||
+ (void) strftime (buf, sizeof buf, iflg ? "%Y-%m-%d" : "%b %d, %Y", tp);
|
||||
(void) puts (buf);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.34.1
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
From f3bdb28e57e5e38c1e89347976c7d61a181eec32 Mon Sep 17 00:00:00 2001
|
||||
From: Samanta Navarro <ferivoz@riseup.net>
|
||||
Date: Sun, 4 Sep 2022 11:54:19 +0000
|
||||
Subject: [PATCH 1/2] copy_tree: use fchmodat instead of chmod
|
||||
|
||||
Fixes regression introduced in faeab50e710131816b261de66141524898c2c487
|
||||
for setups configured without acl support.
|
||||
---
|
||||
libmisc/copydir.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libmisc/copydir.c b/libmisc/copydir.c
|
||||
index 5605f6fe..b6025f4c 100644
|
||||
--- a/libmisc/copydir.c
|
||||
+++ b/libmisc/copydir.c
|
||||
@@ -529,7 +529,7 @@ static int copy_dir (const struct path_info *src, const struct path_info *dst,
|
||||
|| ( (perm_copy_path (src, dst, &ctx) != 0)
|
||||
&& (errno != 0))
|
||||
#else /* !WITH_ACL */
|
||||
- || (chmod (dst, statp->st_mode) != 0)
|
||||
+ || (fchmodat (dst->dirfd, dst->name, statp->st_mode & 07777, AT_SYMLINK_NOFOLLOW) != 0)
|
||||
#endif /* !WITH_ACL */
|
||||
#ifdef WITH_ATTR
|
||||
/*
|
||||
--
|
||||
2.34.1
|
||||
|
||||
@@ -1,53 +0,0 @@
|
||||
From 10cd68e0f04b48363eb32d2c6e168b358fb27810 Mon Sep 17 00:00:00 2001
|
||||
From: Samanta Navarro <ferivoz@riseup.net>
|
||||
Date: Sun, 4 Sep 2022 11:58:03 +0000
|
||||
Subject: [PATCH 2/2] copy_tree: do not block on fifos
|
||||
|
||||
Fixes regression introduced in faeab50e710131816b261de66141524898c2c487.
|
||||
|
||||
If a directory contains fifos, then openat blocks until the other side
|
||||
of the fifo is connected as well.
|
||||
|
||||
This means that users can prevent "usermod -m" from completing if their
|
||||
home directories contain at least one fifo.
|
||||
---
|
||||
libmisc/copydir.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/libmisc/copydir.c b/libmisc/copydir.c
|
||||
index b6025f4c..5fb47da0 100644
|
||||
--- a/libmisc/copydir.c
|
||||
+++ b/libmisc/copydir.c
|
||||
@@ -126,12 +126,12 @@ static int perm_copy_path(const struct path_info *src,
|
||||
{
|
||||
int src_fd, dst_fd, ret;
|
||||
|
||||
- src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
+ src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
|
||||
if (src_fd < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
- dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
+ dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
|
||||
if (dst_fd < 0) {
|
||||
(void) close (src_fd);
|
||||
return -1;
|
||||
@@ -152,12 +152,12 @@ static int attr_copy_path(const struct path_info *src,
|
||||
{
|
||||
int src_fd, dst_fd, ret;
|
||||
|
||||
- src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
+ src_fd = openat(src->dirfd, src->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
|
||||
if (src_fd < 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
- dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||
+ dst_fd = openat(dst->dirfd, dst->name, O_RDONLY | O_NOFOLLOW | O_NONBLOCK | O_CLOEXEC);
|
||||
if (dst_fd < 0) {
|
||||
(void) close (src_fd);
|
||||
return -1;
|
||||
--
|
||||
2.34.1
|
||||
|
||||
-51
@@ -1,51 +0,0 @@
|
||||
Goal: Log login failures to the btmp file
|
||||
|
||||
Notes:
|
||||
* I'm not sure login should add an entry in the FTMP file when PAM is used.
|
||||
(but nothing in /etc/login.defs indicates that the failure is not logged)
|
||||
|
||||
--- a/src/login.c
|
||||
+++ b/src/login.c
|
||||
@@ -829,6 +829,24 @@
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if (getdef_str("FTMP_FILE") != NULL) {
|
||||
+#ifdef USE_UTMPX
|
||||
+ struct utmpx *failent =
|
||||
+ prepare_utmpx (failent_user,
|
||||
+ tty,
|
||||
+ /* FIXME: or fromhost? */hostname,
|
||||
+ utent);
|
||||
+#else /* !USE_UTMPX */
|
||||
+ struct utmp *failent =
|
||||
+ prepare_utmp (failent_user,
|
||||
+ tty,
|
||||
+ hostname,
|
||||
+ utent);
|
||||
+#endif /* !USE_UTMPX */
|
||||
+ failtmp (failent_user, failent);
|
||||
+ free (failent);
|
||||
+ }
|
||||
+
|
||||
if (failcount >= retries) {
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
--- a/lib/getdef.c
|
||||
+++ b/lib/getdef.c
|
||||
@@ -38,7 +38,6 @@
|
||||
{"ENVIRON_FILE", NULL}, \
|
||||
{"ENV_TZ", NULL}, \
|
||||
{"FAILLOG_ENAB", NULL}, \
|
||||
- {"FTMP_FILE", NULL}, \
|
||||
{"HMAC_CRYPTO_ALGO", NULL}, \
|
||||
{"ISSUE_FILE", NULL}, \
|
||||
{"LASTLOG_ENAB", NULL}, \
|
||||
@@ -80,6 +79,7 @@
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
+ {"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
{"GID_MIN", NULL},
|
||||
{"HOME_MODE", NULL},
|
||||
@@ -1,37 +0,0 @@
|
||||
From ebf9b232b012725d2be5e750876c7336cf1c37fd Mon Sep 17 00:00:00 2001
|
||||
From: David Kalnischkies <david@kalnischkies.de>
|
||||
Date: Wed, 24 Aug 2022 13:21:01 +0200
|
||||
Subject: [PATCH] useradd: Do not reset non-existent data in {last,fail}log
|
||||
|
||||
useradd does not create the files if they don't exist, but if they exist
|
||||
it will reset user data even if the data did not exist before creating
|
||||
a hole and an explicitly zero'd data point resulting (especially for
|
||||
high UIDs) in a lot of zeros ending up in containers and tarballs.
|
||||
---
|
||||
src/useradd.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -1996,8 +1996,9 @@ static void faillog_reset (uid_t uid)
|
||||
struct faillog fl;
|
||||
int fd;
|
||||
off_t offset_uid = (off_t) (sizeof fl) * uid;
|
||||
+ struct stat st;
|
||||
|
||||
- if (access (FAILLOG_FILE, F_OK) != 0) {
|
||||
+ if (stat (FAILLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -2033,8 +2034,9 @@ static void lastlog_reset (uid_t uid)
|
||||
int fd;
|
||||
off_t offset_uid = (off_t) (sizeof ll) * uid;
|
||||
uid_t max_uid;
|
||||
+ struct stat st;
|
||||
|
||||
- if (access (LASTLOG_FILE, F_OK) != 0) {
|
||||
+ if (stat (LASTLOG_FILE, &st) != 0 || st.st_size <= offset_uid) {
|
||||
return;
|
||||
}
|
||||
|
||||
Vendored
-276
@@ -1,276 +0,0 @@
|
||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
||||
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
||||
##
|
||||
## All lines beginning with `## DP:' are a description of the patch.
|
||||
## DP: Add cppw / cpgr
|
||||
|
||||
@DPATCH@
|
||||
--- /dev/null
|
||||
+++ b/src/cppw.c
|
||||
@@ -0,0 +1,238 @@
|
||||
+/*
|
||||
+ cppw, cpgr copy with locking given file over the password or group file
|
||||
+ with -s will copy with locking given file over shadow or gshadow file
|
||||
+
|
||||
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
|
||||
+
|
||||
+ Based on vipw, vigr by:
|
||||
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
|
||||
+
|
||||
+ This program is free software; you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; either version 2 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful, but
|
||||
+ WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program; if not, write to the Free Software
|
||||
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+
|
||||
+ */
|
||||
+
|
||||
+#include <config.h>
|
||||
+#include "defines.h"
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <unistd.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <signal.h>
|
||||
+#include <utime.h>
|
||||
+#include "exitcodes.h"
|
||||
+#include "prototypes.h"
|
||||
+#include "pwio.h"
|
||||
+#include "shadowio.h"
|
||||
+#include "groupio.h"
|
||||
+#include "sgroupio.h"
|
||||
+
|
||||
+
|
||||
+const char *Prog;
|
||||
+
|
||||
+const char *filename, *filenewname;
|
||||
+static bool filelocked = false;
|
||||
+static int (*unlock) (void);
|
||||
+
|
||||
+/* local function prototypes */
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
|
||||
+static void cppwexit (const char *msg, int syserr, int ret);
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void));
|
||||
+
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
|
||||
+{
|
||||
+ struct utimbuf ub;
|
||||
+ FILE *bkfp;
|
||||
+ int c;
|
||||
+ mode_t mask;
|
||||
+
|
||||
+ mask = umask (077);
|
||||
+ bkfp = fopen (dest, "w");
|
||||
+ (void) umask (mask);
|
||||
+ if (NULL == bkfp) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ rewind (fp);
|
||||
+ while ((c = getc (fp)) != EOF) {
|
||||
+ if (putc (c, bkfp) == EOF) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ( (c != EOF)
|
||||
+ || (fflush (bkfp) != 0)) {
|
||||
+ (void) fclose (bkfp);
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if ( (fsync (fileno (bkfp)) != 0)
|
||||
+ || (fclose (bkfp) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ub.actime = sb->st_atime;
|
||||
+ ub.modtime = sb->st_mtime;
|
||||
+ if ( (utime (dest, &ub) != 0)
|
||||
+ || (chmod (dest, sb->st_mode) != 0)
|
||||
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void cppwexit (const char *msg, int syserr, int ret)
|
||||
+{
|
||||
+ int err = errno;
|
||||
+ if (filelocked) {
|
||||
+ (*unlock) ();
|
||||
+ }
|
||||
+ if (NULL != msg) {
|
||||
+ fprintf (stderr, "%s: %s", Prog, msg);
|
||||
+ if (0 != syserr) {
|
||||
+ fprintf (stderr, ": %s", strerror (err));
|
||||
+ }
|
||||
+ (void) fputs ("\n", stderr);
|
||||
+ }
|
||||
+ if (NULL != filename) {
|
||||
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
|
||||
+ } else {
|
||||
+ fprintf (stderr, _("%s: no changes\n"), Prog);
|
||||
+ }
|
||||
+
|
||||
+ exit (ret);
|
||||
+}
|
||||
+
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void))
|
||||
+{
|
||||
+ struct stat st1;
|
||||
+ FILE *f;
|
||||
+ char filenew[1024];
|
||||
+
|
||||
+ snprintf (filenew, sizeof filenew, "%s.new", file);
|
||||
+ unlock = file_unlock;
|
||||
+ filename = file;
|
||||
+ filenewname = filenew;
|
||||
+
|
||||
+ if (access (file, F_OK) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ if (file_lock () == 0) {
|
||||
+ cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
+ }
|
||||
+ filelocked = true;
|
||||
+
|
||||
+ /* file to copy has same owners, perm */
|
||||
+ if (stat (file, &st1) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ f = fopen (in_file, "r");
|
||||
+ if (NULL == f) {
|
||||
+ cppwexit (in_file, 1, 1);
|
||||
+ }
|
||||
+ if (create_copy (f, filenew, &st1) != 0) {
|
||||
+ cppwexit (_("Couldn't make copy"), errno, 1);
|
||||
+ }
|
||||
+
|
||||
+ /* XXX - here we should check filenew for errors; if there are any,
|
||||
+ * fail w/ an appropriate error code and let the user manually fix
|
||||
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
|
||||
+ * stolen from '--marekm's comment) */
|
||||
+
|
||||
+ if (rename (filenew, file) != 0) {
|
||||
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
|
||||
+ Prog, filenew, strerror (errno));
|
||||
+ cppwexit (NULL,0,1);
|
||||
+ }
|
||||
+
|
||||
+ (*file_unlock) ();
|
||||
+}
|
||||
+
|
||||
+int main (int argc, char **argv)
|
||||
+{
|
||||
+ int flag;
|
||||
+ bool cpshadow = false;
|
||||
+ char *in_file;
|
||||
+ int e = E_USAGE;
|
||||
+ bool do_cppw = true;
|
||||
+
|
||||
+ (void) setlocale (LC_ALL, "");
|
||||
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
+ (void) textdomain (PACKAGE);
|
||||
+
|
||||
+ Prog = Basename (argv[0]);
|
||||
+ if (strcmp (Prog, "cpgr") == 0) {
|
||||
+ do_cppw = false;
|
||||
+ }
|
||||
+
|
||||
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
|
||||
+ switch (flag) {
|
||||
+ case 'p':
|
||||
+ do_cppw = true;
|
||||
+ break;
|
||||
+ case 'g':
|
||||
+ do_cppw = false;
|
||||
+ break;
|
||||
+ case 's':
|
||||
+ cpshadow = true;
|
||||
+ break;
|
||||
+ case 'h':
|
||||
+ e = E_SUCCESS;
|
||||
+ /*pass through*/
|
||||
+ default:
|
||||
+ (void) fputs (_("Usage:\n\
|
||||
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
|
||||
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
|
||||
+"), (E_SUCCESS != e) ? stderr : stdout);
|
||||
+ exit (e);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (argc != optind + 1) {
|
||||
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
|
||||
+ }
|
||||
+
|
||||
+ in_file = argv[optind];
|
||||
+
|
||||
+ if (do_cppw) {
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
|
||||
+ } else {
|
||||
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
|
||||
+ }
|
||||
+ } else {
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
|
||||
+ } else
|
||||
+#endif /* SHADOWGRP */
|
||||
+ {
|
||||
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -34,6 +34,7 @@
|
||||
bin_PROGRAMS += su
|
||||
endif
|
||||
usbin_PROGRAMS = \
|
||||
+ cppw \
|
||||
chgpasswd \
|
||||
chpasswd \
|
||||
groupadd \
|
||||
@@ -102,6 +103,7 @@
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
|
||||
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
+cppw_LDADD = $(LDADD) $(LIBSELINUX) $(LIBAUDIT)
|
||||
expiry_LDADD = $(LDADD) $(LIBECONF)
|
||||
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
|
||||
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -ldl
|
||||
--- a/po/POTFILES.in
|
||||
+++ b/po/POTFILES.in
|
||||
@@ -91,6 +91,7 @@
|
||||
src/chgpasswd.c
|
||||
src/chpasswd.c
|
||||
src/chsh.c
|
||||
+src/cppw.c
|
||||
src/expiry.c
|
||||
src/faillog.c
|
||||
src/gpasswd.c
|
||||
Vendored
-64
@@ -1,64 +0,0 @@
|
||||
Goal: Add selinux support to cppw
|
||||
|
||||
Fix:
|
||||
|
||||
Status wrt upstream: cppw is not available upstream.
|
||||
The patch was made based on the
|
||||
302_vim_selinux_support patch. It needs to be
|
||||
reviewed by an SE-Linux aware person.
|
||||
|
||||
Depends on 401_cppw_src.dpatch
|
||||
|
||||
Index: git/src/cppw.c
|
||||
===================================================================
|
||||
--- git.orig/src/cppw.c
|
||||
+++ git/src/cppw.c
|
||||
@@ -34,6 +34,9 @@
|
||||
#include <sys/types.h>
|
||||
#include <signal.h>
|
||||
#include <utime.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#endif /* WITH_SELINUX */
|
||||
#include "exitcodes.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
@@ -139,6 +142,22 @@
|
||||
if (access (file, F_OK) != 0) {
|
||||
cppwexit (file, 1, 1);
|
||||
}
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* if SE Linux is enabled then set the context of all new files
|
||||
+ * to be the context of the file we are editing */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ security_context_t passwd_context=NULL;
|
||||
+ int ret = 0;
|
||||
+ if (getfilecon (file, &passwd_context) < 0) {
|
||||
+ cppwexit (_("Couldn't get file context"), errno, 1);
|
||||
+ }
|
||||
+ ret = setfscreatecon (passwd_context);
|
||||
+ freecon (passwd_context);
|
||||
+ if (0 != ret) {
|
||||
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
if (file_lock () == 0) {
|
||||
cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
}
|
||||
@@ -167,6 +186,15 @@
|
||||
cppwexit (NULL,0,1);
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* unset the fscreatecon */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ if (setfscreatecon (NULL)) {
|
||||
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
+
|
||||
(*file_unlock) ();
|
||||
}
|
||||
|
||||
-84
@@ -1,84 +0,0 @@
|
||||
Goal: Re-enable logging and displaying failures on login when login is
|
||||
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
|
||||
faillog file if it does not exist on postinst (as on Woody).
|
||||
Depends: 008_login_more_LOG_UNKFAIL_ENAB
|
||||
Fixes: #192849
|
||||
|
||||
Note: It could be removed if pam_tally could report the number of failures
|
||||
preceding a successful login.
|
||||
|
||||
--- a/src/login.c
|
||||
+++ b/src/login.c
|
||||
@@ -114,9 +114,9 @@
|
||||
#endif
|
||||
);
|
||||
|
||||
-#ifndef USE_PAM
|
||||
static struct faillog faillog;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
static void bad_time_notify (void);
|
||||
static void check_nologin (bool login_to_root);
|
||||
#else
|
||||
@@ -789,6 +789,9 @@
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
failcount, fromhost, failent_user));
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
fprintf (stderr,
|
||||
_("Maximum number of tries exceeded (%u)\n"),
|
||||
failcount);
|
||||
@@ -806,6 +809,14 @@
|
||||
pam_strerror (pamh, retcode)));
|
||||
failed = true;
|
||||
}
|
||||
+ if ( (NULL != pwd)
|
||||
+ && getdef_bool("FAILLOG_ENAB")
|
||||
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
|
||||
+ SYSLOG((LOG_CRIT,
|
||||
+ "exceeded failure limit for `%s' %s",
|
||||
+ failent_user, fromhost));
|
||||
+ failed = 1;
|
||||
+ }
|
||||
|
||||
if (!failed) {
|
||||
break;
|
||||
@@ -829,6 +840,10 @@
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
+
|
||||
if (getdef_str("FTMP_FILE") != NULL) {
|
||||
#ifdef USE_UTMPX
|
||||
struct utmpx *failent =
|
||||
@@ -1299,6 +1314,7 @@
|
||||
*/
|
||||
#ifndef USE_PAM
|
||||
motd (); /* print the message of the day */
|
||||
+#endif
|
||||
if ( getdef_bool ("FAILLOG_ENAB")
|
||||
&& (0 != faillog.fail_cnt)) {
|
||||
failprint (&faillog);
|
||||
@@ -1311,6 +1327,7 @@
|
||||
username, (int) faillog.fail_cnt));
|
||||
}
|
||||
}
|
||||
+#ifndef USE_PAM
|
||||
if ( getdef_bool ("LASTLOG_ENAB")
|
||||
&& pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
|
||||
&& (ll.ll_time != 0)) {
|
||||
--- a/lib/getdef.c
|
||||
+++ b/lib/getdef.c
|
||||
@@ -78,6 +78,7 @@
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
+ {"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
-97
@@ -1,97 +0,0 @@
|
||||
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
|
||||
job to set a delay...or not
|
||||
|
||||
Fixes: #87648
|
||||
|
||||
Status wrt upstream: Forwarded but not applied yet
|
||||
|
||||
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
|
||||
|
||||
--- a/src/login.c
|
||||
+++ b/src/login.c
|
||||
@@ -514,7 +514,6 @@
|
||||
#if !defined(USE_PAM)
|
||||
char ptime[80];
|
||||
#endif
|
||||
- unsigned int delay;
|
||||
unsigned int retries;
|
||||
bool subroot = false;
|
||||
#ifndef USE_PAM
|
||||
@@ -539,6 +538,7 @@
|
||||
pid_t child;
|
||||
char *pam_user = NULL;
|
||||
#else
|
||||
+ unsigned int delay;
|
||||
struct spwd *spwd = NULL;
|
||||
#endif
|
||||
/*
|
||||
@@ -703,7 +703,6 @@
|
||||
}
|
||||
|
||||
environ = newenvp; /* make new environment active */
|
||||
- delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
|
||||
|
||||
#ifdef USE_PAM
|
||||
@@ -719,8 +718,7 @@
|
||||
|
||||
/*
|
||||
* hostname & tty are either set to NULL or their correct values,
|
||||
- * depending on how much we know. We also set PAM's fail delay to
|
||||
- * ours.
|
||||
+ * depending on how much we know.
|
||||
*
|
||||
* PAM_RHOST and PAM_TTY are used for authentication, only use
|
||||
* information coming from login or from the caller (e.g. no utmp)
|
||||
@@ -729,10 +727,6 @@
|
||||
PAM_FAIL_CHECK;
|
||||
retcode = pam_set_item (pamh, PAM_TTY, tty);
|
||||
PAM_FAIL_CHECK;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- retcode = pam_fail_delay (pamh, 1000000 * delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
-#endif
|
||||
/* if fflg, then the user has already been authenticated */
|
||||
if (!fflg) {
|
||||
unsigned int failcount = 0;
|
||||
@@ -773,12 +767,6 @@
|
||||
bool failed = false;
|
||||
|
||||
failcount++;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- if (delay > 0) {
|
||||
- retcode = pam_fail_delay(pamh, 1000000*delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
- }
|
||||
-#endif
|
||||
|
||||
retcode = pam_authenticate (pamh, 0);
|
||||
|
||||
@@ -1114,14 +1102,17 @@
|
||||
free (username);
|
||||
username = NULL;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
/*
|
||||
* Wait a while (a la SVR4 /usr/bin/login) before attempting
|
||||
* to login the user again. If the earlier alarm occurs
|
||||
* before the sleep() below completes, login will exit.
|
||||
*/
|
||||
+ delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
if (delay > 0) {
|
||||
(void) sleep (delay);
|
||||
}
|
||||
+#endif
|
||||
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
--- a/lib/getdef.c
|
||||
+++ b/lib/getdef.c
|
||||
@@ -77,7 +77,6 @@
|
||||
{"ENV_PATH", NULL},
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
- {"FAIL_DELAY", NULL},
|
||||
{"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
-60
@@ -1,60 +0,0 @@
|
||||
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
||||
|
||||
Fixes: #166793
|
||||
|
||||
--- a/lib/commonio.c
|
||||
+++ b/lib/commonio.c
|
||||
@@ -21,6 +21,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
+#include <grp.h>
|
||||
#include "nscd.h"
|
||||
#include "sssd.h"
|
||||
#ifdef WITH_TCB
|
||||
@@ -976,12 +977,23 @@
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
+ struct group *grp;
|
||||
/*
|
||||
* Default permissions for new [g]shadow files.
|
||||
*/
|
||||
sb.st_mode = db->st_mode;
|
||||
sb.st_uid = db->st_uid;
|
||||
sb.st_gid = db->st_gid;
|
||||
+
|
||||
+ /*
|
||||
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
||||
+ */
|
||||
+ if (sb.st_gid == 0) {
|
||||
+ if ((grp = getgrnam("shadow")) != NULL)
|
||||
+ sb.st_gid = grp->gr_gid;
|
||||
+ else
|
||||
+ sb.st_gid = 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
--- a/lib/sgroupio.c
|
||||
+++ b/lib/sgroupio.c
|
||||
@@ -206,7 +206,7 @@
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
--- a/lib/shadowio.c
|
||||
+++ b/lib/shadowio.c
|
||||
@@ -82,7 +82,7 @@
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif /* WITH_SELINUX */
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
-41
@@ -1,41 +0,0 @@
|
||||
From: Balint Reczey <balint@balintreczey.hu>
|
||||
Description: Keep using Debian's adduser defaults
|
||||
Upstream's bbf4b79bc49fd1826eb41f6629669ef0b647267b commit
|
||||
in 4.9 merged those values from upstream's default configuration file
|
||||
which is not shipped in Debian.
|
||||
This patch keeps the program's compiled in defaults in sync with the
|
||||
configuration files shipped in Debian (debian/default/useradd).
|
||||
Bug: https://github.com/shadow-maint/shadow/issues/501
|
||||
Bug-Debian: https://bugs.debian.org/1004710
|
||||
Forwarded: not-needed
|
||||
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -79,12 +79,12 @@
|
||||
/*
|
||||
* These defaults are used if there is no defaults file.
|
||||
*/
|
||||
-static gid_t def_group = 1000;
|
||||
+static gid_t def_group = 100;
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
||||
static const char *def_shell = "/bin/bash";
|
||||
static const char *def_template = SKEL_DIR;
|
||||
-static const char *def_create_mail_spool = "yes";
|
||||
+static const char *def_create_mail_spool = "no";
|
||||
static const char *def_log_init = "yes";
|
||||
|
||||
static long def_inactive = -1;
|
||||
diff --git a/man/useradd.8.xml b/man/useradd.8.xml
|
||||
index af02a23f..c7f95b47 100644
|
||||
--- a/man/useradd.8.xml
|
||||
+++ b/man/useradd.8.xml
|
||||
@@ -248,7 +248,7 @@
|
||||
command line), useradd will set the primary group of the new
|
||||
user to the value specified by the <option>GROUP</option>
|
||||
variable in <filename>/etc/default/useradd</filename>, or
|
||||
- 1000 by default.
|
||||
+ 100 by default.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
Vendored
-201
@@ -1,201 +0,0 @@
|
||||
Goal: Document the shadowconfig utility
|
||||
|
||||
Status wrt upstream: The shadowconfig utility is debian specific.
|
||||
Its man page also (but it used to be distributed)
|
||||
|
||||
Index: git/man/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8
|
||||
@@ -0,0 +1,41 @@
|
||||
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||
+.de Sh \" Subsection
|
||||
+.br
|
||||
+.if t .Sp
|
||||
+.ne 5
|
||||
+.PP
|
||||
+\fB\\$1\fR
|
||||
+.PP
|
||||
+..
|
||||
+.de Sp \" Vertical space (when we can't use .PP)
|
||||
+.if t .sp .5v
|
||||
+.if n .sp
|
||||
+..
|
||||
+.de Ip \" List item
|
||||
+.br
|
||||
+.ie \\n(.$>=3 .ne \\$3
|
||||
+.el .ne 3
|
||||
+.IP "\\$1" \\$2
|
||||
+..
|
||||
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
|
||||
+.SH NAME
|
||||
+shadowconfig \- toggle shadow passwords on and off
|
||||
+.SH "SYNOPSIS"
|
||||
+.ad l
|
||||
+.hy 0
|
||||
+.HP 13
|
||||
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
|
||||
+.ad
|
||||
+.hy
|
||||
+
|
||||
+.SH "DESCRIPTION"
|
||||
+
|
||||
+.PP
|
||||
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
|
||||
+
|
||||
+.PP
|
||||
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
|
||||
+
|
||||
+.PP
|
||||
+Note that turning shadow passwords off and on again will lose all password aging information\&.
|
||||
+
|
||||
Index: git/man/shadowconfig.8.xml
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8.xml
|
||||
@@ -0,0 +1,52 @@
|
||||
+<?xml version="1.0" encoding="UTF-8"?>
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
||||
+<refentry id='shadowconfig.8'>
|
||||
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
|
||||
+ <refentryinfo>
|
||||
+ <date>19 Apr 1997</date>
|
||||
+ </refentryinfo>
|
||||
+ <refmeta>
|
||||
+ <refentrytitle>shadowconfig</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum>
|
||||
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
|
||||
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
|
||||
+ </refmeta>
|
||||
+ <refnamediv id='name'>
|
||||
+ <refname>shadowconfig</refname>
|
||||
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
|
||||
+ </refnamediv>
|
||||
+
|
||||
+ <refsynopsisdiv id='synopsis'>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>shadowconfig</command>
|
||||
+ <group choice='plain'>
|
||||
+ <arg choice='plain'><replaceable>on</replaceable></arg>
|
||||
+ <arg choice='plain'><replaceable>off</replaceable></arg>
|
||||
+ </group>
|
||||
+ </cmdsynopsis>
|
||||
+ </refsynopsisdiv>
|
||||
+
|
||||
+ <refsect1 id='description'>
|
||||
+ <title>DESCRIPTION</title>
|
||||
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
|
||||
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
|
||||
+ passwords off. <command>shadowconfig</command> will print an error
|
||||
+ message and exit with a nonzero code if it finds anything awry. If
|
||||
+ that happens, you should correct the error and run it again. Turning
|
||||
+ shadow passwords on when they are already on, or off when they are
|
||||
+ already off, is harmless.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
|
||||
+ brief introduction
|
||||
+ to shadow passwords and related features.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>Note that turning shadow passwords off and on again will lose all
|
||||
+ password
|
||||
+ aging information.
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+</refentry>
|
||||
Index: git/man/fr/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/fr/shadowconfig.8
|
||||
@@ -0,0 +1,26 @@
|
||||
+.\" This file was generated with po4a. Translate the source file.
|
||||
+.\"
|
||||
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
|
||||
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
|
||||
+.SH NOM
|
||||
+shadowconfig \- active ou désactive les mots de passe cachés
|
||||
+.SH SYNOPSIS
|
||||
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
|
||||
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
|
||||
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
|
||||
+de recommencer.
|
||||
+
|
||||
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
|
||||
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
|
||||
+
|
||||
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
|
||||
+mots de passe cachés et à leurs fonctionnalités.
|
||||
+
|
||||
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
|
||||
+conséquence la perte des informations d'âge sur les mots de passe.
|
||||
+.SH TRADUCTION
|
||||
+Nicolas FRANÇOIS, 2004.
|
||||
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
|
||||
Index: git/man/ja/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/ja/shadowconfig.8
|
||||
@@ -0,0 +1,25 @@
|
||||
+.\" all right reserved,
|
||||
+.\" Translated Tue Oct 30 11:59:11 JST 2001
|
||||
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
|
||||
+.\"
|
||||
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
|
||||
+.SH 名前
|
||||
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
|
||||
+.SH 書式
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH 説明
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+は shadow パスワードを有効にする。
|
||||
+.B shadowconfig off
|
||||
+は shadow パスワードを無効にする。
|
||||
+.B shadowconfig
|
||||
+は何らかの間違いがあると、エラーメッセージを表示し、
|
||||
+ゼロではない返り値を返す。
|
||||
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
|
||||
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
|
||||
+すでにオフの場合にオフに設定しても、何の影響もない。
|
||||
+
|
||||
+.I /usr/share/doc/passwd/README.debian.gz
|
||||
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
|
||||
Index: git/man/pl/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/pl/shadowconfig.8
|
||||
@@ -0,0 +1,27 @@
|
||||
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
|
||||
+.\" {PTM/WK/1999-09-14}
|
||||
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
|
||||
+.SH NAZWA
|
||||
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
|
||||
+.SH SKŁADNIA
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH OPIS
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
|
||||
+.B shadowconfig off
|
||||
+wyłącza dodatkowe pliki haseł i grup.
|
||||
+.B shadowconfig
|
||||
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
|
||||
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
|
||||
+.\" if it finds anything awry.
|
||||
+i uruchomić program ponownie.
|
||||
+
|
||||
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
|
||||
+gdy jest wyłączona jest nieszkodliwe.
|
||||
+
|
||||
+Przeczytaj
|
||||
+.IR /usr/share/doc/passwd/README.debian.gz ,
|
||||
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
|
||||
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
|
||||
-36
@@ -1,36 +0,0 @@
|
||||
Goal: Recommend using adduser and deluser.
|
||||
|
||||
Fixes: #406046
|
||||
|
||||
Status wrt upstream: Debian specific patch.
|
||||
|
||||
--- a/man/useradd.8.xml
|
||||
+++ b/man/useradd.8.xml
|
||||
@@ -83,6 +83,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>useradd</command> is a low level utility for adding
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>adduser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
When invoked without the <option>-D</option> option, the
|
||||
<command>useradd</command> command creates a new user account using
|
||||
the values specified on the command line plus the default values from
|
||||
--- a/man/userdel.8.xml
|
||||
+++ b/man/userdel.8.xml
|
||||
@@ -59,6 +59,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>userdel</command> is a low level utility for removing
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>deluser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
The <command>userdel</command> command modifies the system account
|
||||
files, deleting all entries that refer to the user name <emphasis
|
||||
remap='I'>LOGIN</emphasis>. The named user must exist.
|
||||
Vendored
-100
@@ -1,100 +0,0 @@
|
||||
Goal: Relaxed usernames/groupnames checking patch.
|
||||
|
||||
Status wrt upstream: Debian specific. Not to be used upstream
|
||||
|
||||
Details:
|
||||
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
|
||||
characters and don't start with '-', '+', or '~'. This patch is more
|
||||
restrictive than original Karl's version. closes: #264879
|
||||
Also closes: #377844
|
||||
|
||||
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
|
||||
|
||||
I can't come up with a good justification as to why characters other
|
||||
than ':'s and '\0's should be disallowed in group and usernames (other
|
||||
than '-' as the leading character). Thus, the maintenance tools don't
|
||||
anymore. closes: #79682, #166798, #171179
|
||||
|
||||
--- a/libmisc/chkname.c
|
||||
+++ b/libmisc/chkname.c
|
||||
@@ -31,6 +31,7 @@
|
||||
return true;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
/*
|
||||
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
*/
|
||||
@@ -50,6 +51,26 @@
|
||||
return false;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
+ /*
|
||||
+ * POSIX indicate that usernames are composed of characters from the
|
||||
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
|
||||
+ * should not be used as the first character of a portable user name.
|
||||
+ *
|
||||
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
|
||||
+ */
|
||||
+ if ( ('\0' == *name)
|
||||
+ || ('-' == *name)
|
||||
+ || ('~' == *name)
|
||||
+ || ('+' == *name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ do {
|
||||
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ name++;
|
||||
+ } while ('\0' != *name);
|
||||
|
||||
return true;
|
||||
}
|
||||
--- a/man/useradd.8.xml
|
||||
+++ b/man/useradd.8.xml
|
||||
@@ -698,12 +698,20 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
- Usernames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that usernames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space: ' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
|
||||
+ ('/') may break the default algorithm for the definition of the
|
||||
+ user's home directory.
|
||||
+ </para>
|
||||
+ <para>
|
||||
Usernames may only be up to 32 characters long.
|
||||
</para>
|
||||
</refsect1>
|
||||
--- a/man/groupadd.8.xml
|
||||
+++ b/man/groupadd.8.xml
|
||||
@@ -64,12 +64,18 @@
|
||||
files as needed.
|
||||
</para>
|
||||
<para>
|
||||
- Groupnames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that groupnames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space:' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.).
|
||||
+ </para>
|
||||
+ <para>
|
||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||
</para>
|
||||
</refsect1>
|
||||
Vendored
-40
@@ -1,40 +0,0 @@
|
||||
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
|
||||
|
||||
Note: useradd.8 needs to be regenerated.
|
||||
|
||||
Status wrt upstream: not included as this is just specific
|
||||
backward compatibility for Debian
|
||||
|
||||
--- a/man/useradd.8.xml
|
||||
+++ b/man/useradd.8.xml
|
||||
@@ -326,6 +326,11 @@
|
||||
=<replaceable>100</replaceable> <option>-K</option>
|
||||
<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
|
||||
</para>
|
||||
+ <para>
|
||||
+ For the compatibility with previous Debian's
|
||||
+ <command>useradd</command>, the <option>-O</option> option is
|
||||
+ also supported.
|
||||
+ </para>
|
||||
<!--para>
|
||||
Note: <option>-K</option> <replaceable>UID_MIN</replaceable>=<replaceable>10</replaceable>,<replaceable>UID_MAX</replaceable>=<replaceable>499</replaceable>
|
||||
doesn't work yet.
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -1227,7 +1227,7 @@
|
||||
{NULL, 0, NULL, '\0'}
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U"
|
||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:P:s:u:U"
|
||||
#ifdef WITH_SELINUX
|
||||
"Z:"
|
||||
#endif /* WITH_SELINUX */
|
||||
@@ -1367,6 +1367,7 @@
|
||||
kflg = true;
|
||||
break;
|
||||
case 'K':
|
||||
+ case 'O': /* compatibility with previous Debian useradd */
|
||||
/*
|
||||
* override login.defs defaults (-K name=value)
|
||||
* example: -K UID_MIN=100 -K UID_MAX=499
|
||||
-81
@@ -1,81 +0,0 @@
|
||||
--- a/debian/passwd.install
|
||||
+++ b/debian/passwd.install
|
||||
@@ -9,6 +9,7 @@
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
+usr/sbin/groupmems
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
@@ -33,6 +34,7 @@
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
+usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
@@ -59,6 +61,7 @@
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
+usr/share/man/man8/groupmems.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
--- a/debian/passwd.postinst
|
||||
+++ b/debian/passwd.postinst
|
||||
@@ -31,6 +31,24 @@
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
|
||||
+ then
|
||||
+ groupadd -g 99 groupmems || (
|
||||
+ cat <<EOF
|
||||
+************************ TESTSUITE *****************************
|
||||
+Group ID 99 has been allocated for the groupmems group. You have either
|
||||
+used 99 yourself or created a groupmems group with a different ID.
|
||||
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
+
|
||||
+Note that both user and group IDs in the range 0-99 are globally
|
||||
+allocated by the Debian project and must be the same on every Debian
|
||||
+system.
|
||||
+EOF
|
||||
+ exit 1
|
||||
+ )
|
||||
+# FIXME
|
||||
+ chgrp groupmems /usr/sbin/groupmems
|
||||
+ fi
|
||||
;;
|
||||
esac
|
||||
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -60,6 +60,7 @@
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
+ dh_installpam -p passwd --name=groupmems
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# login is not built on The Hurd, but some utilities of passwd depends on
|
||||
# /etc/login.defs.
|
||||
@@ -87,3 +88,6 @@
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
|
||||
+ chmod u+s debian/passwd/usr/sbin/groupmems
|
||||
+ chmod o-x debian/passwd/usr/sbin/groupmems
|
||||
--- /dev/null
|
||||
+++ b/debian/passwd.groupmems.pam
|
||||
@@ -0,0 +1,8 @@
|
||||
+# The PAM configuration file for the Shadow 'groupmod' service
|
||||
+#
|
||||
+
|
||||
+# This allows root to modify groups without being prompted for a password
|
||||
+auth sufficient pam_rootok.so
|
||||
+
|
||||
+@include common-auth
|
||||
+@include common-account
|
||||
Vendored
-76
@@ -1,76 +0,0 @@
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
DEFS =
|
||||
|
||||
noinst_LTLIBRARIES = libshadow.la
|
||||
--- a/libmisc/Makefile.am
|
||||
+++ b/libmisc/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = -I$(top_srcdir)/lib
|
||||
|
||||
noinst_LIBRARIES = libmisc.a
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -7,6 +7,8 @@
|
||||
suidperms = 4755
|
||||
sgidperms = 2755
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = \
|
||||
-I${top_srcdir}/lib \
|
||||
-I$(top_srcdir)/libmisc
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -40,6 +40,12 @@
|
||||
endif
|
||||
export CFLAGS
|
||||
|
||||
+clean:: clean_gcov
|
||||
+
|
||||
+clean_gcov:
|
||||
+ find . -name "*.gcda" -delete
|
||||
+ find . -name "*.gcno" -delete
|
||||
+
|
||||
# Add extras to the install process:
|
||||
binary-install/login::
|
||||
dh_installpam -p login
|
||||
--- a/lib/defines.h
|
||||
+++ b/lib/defines.h
|
||||
@@ -174,23 +174,9 @@
|
||||
trust the formatted time received from the unix domain (or worse,
|
||||
UDP) socket. -MM */
|
||||
/* Avoid translated PAM error messages: Set LC_ALL to "C".
|
||||
+ * This is disabled for coverage testing
|
||||
* --Nekral */
|
||||
-#define SYSLOG(x) \
|
||||
- do { \
|
||||
- char *old_locale = setlocale (LC_ALL, NULL); \
|
||||
- char *saved_locale = NULL; \
|
||||
- if (NULL != old_locale) { \
|
||||
- saved_locale = strdup (old_locale); \
|
||||
- } \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, "C"); \
|
||||
- } \
|
||||
- syslog x ; \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, saved_locale); \
|
||||
- free (saved_locale); \
|
||||
- } \
|
||||
- } while (false)
|
||||
+#define SYSLOG(x) syslog x
|
||||
#else /* !ENABLE_NLS */
|
||||
#define SYSLOG(x) syslog x
|
||||
#endif /* !ENABLE_NLS */
|
||||
Vendored
-22
@@ -1,22 +0,0 @@
|
||||
Small intro to the system for numbering the patches here...
|
||||
|
||||
-The 00xx-... patches are forwarded to upstream's git repository
|
||||
|
||||
-The 0xx_... series of patches are patches isolated from the latest
|
||||
version of the shadow Debian package not using quilt in order to
|
||||
separate upstream from Debian-specific stuff.
|
||||
|
||||
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
|
||||
|
||||
-The 4xx series are patches which have been applied to Debian's shadow
|
||||
and have NOT been accepted and/or applied upstream. These patches MUST be kept
|
||||
even after resynced with upstream
|
||||
|
||||
-The 5xx series are patches which are applied to Debian's shadow
|
||||
and will never be proposed upstream because they're too specific
|
||||
This list SHOULD BE AS SHORT AS POSSIBLE
|
||||
|
||||
In short, while we are working towards synchronisation with upstream,
|
||||
our goal is to make 0xx patches disappear by moving them either to 3xx
|
||||
series (things already implemented upstream) or to 4xx series
|
||||
(Debian-specific patches).
|
||||
Vendored
-20
@@ -1,20 +0,0 @@
|
||||
# These patches are only for the testsuite:
|
||||
#900_testsuite_groupmems
|
||||
#901_testsuite_gcov
|
||||
|
||||
0001-chage-Fix-regression-in-print_date.patch
|
||||
0002-copy_tree-use-fchmodat-instead-of-chmod.patch
|
||||
0003-copy_tree-do-not-block-on-fifos.patch
|
||||
008_login_log_failure_in_FTMP
|
||||
301_lastlog_faillog_do_not_reset_non-existent_data
|
||||
401_cppw_src.dpatch
|
||||
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
|
||||
402_cppw_selinux
|
||||
429_login_FAILLOG_ENAB
|
||||
463_login_delay_obeys_to_PAM
|
||||
501_commonio_group_shadow
|
||||
502_debian_useradd_defaults
|
||||
503_shadowconfig.8
|
||||
505_useradd_recommend_adduser
|
||||
506_relaxed_usernames
|
||||
542_useradd-O_option
|
||||
Vendored
-78
@@ -1,78 +0,0 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- mode: makefile; coding: utf-8 -*-
|
||||
|
||||
# Enable PIE, BINDNOW, and possible future flags.
|
||||
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
||||
DPKG_EXPORT_BUILDFLAGS = 1
|
||||
include /usr/share/dpkg/buildflags.mk
|
||||
|
||||
# Adds extra options when calling the configure script:
|
||||
DEB_CONFIGURE_EXTRA_FLAGS := --without-libcrack \
|
||||
--mandir=/usr/share/man \
|
||||
--with-libpam \
|
||||
--with-yescrypt \
|
||||
--enable-shadowgrp \
|
||||
--enable-man \
|
||||
--disable-account-tools-setuid \
|
||||
--with-group-name-max-length=32 \
|
||||
--without-acl \
|
||||
--without-attr \
|
||||
--without-su \
|
||||
--without-tcb \
|
||||
SHELL=/bin/sh
|
||||
|
||||
# Set the default editor for vipw/vigr
|
||||
CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
|
||||
|
||||
%:
|
||||
dh $@
|
||||
|
||||
override_dh_auto_configure:
|
||||
cp debian/HOME_MODE.xml man/login.defs.d/HOME_MODE.xml
|
||||
dh_auto_configure -- $(DEB_CONFIGURE_EXTRA_FLAGS)
|
||||
|
||||
override_dh_install-arch:
|
||||
ifneq ($(DEB_HOST_ARCH_OS),linux)
|
||||
sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
|
||||
endif
|
||||
dh_install -a
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# /bin/login is provided by the hurd package.
|
||||
rm -f debian/login/bin/login
|
||||
endif
|
||||
|
||||
override_dh_installpam:
|
||||
# Distribute the pam.d files; unless for the commands with disabled PAM
|
||||
# support
|
||||
dh_installpam -p login
|
||||
dh_installpam -p passwd --name=passwd
|
||||
dh_installpam -p passwd --name=chfn
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
|
||||
override_dh_builddeb-arch:
|
||||
# uidmap
|
||||
chmod u+s debian/uidmap/usr/bin/newuidmap
|
||||
chmod u+s debian/uidmap/usr/bin/newgidmap
|
||||
# login
|
||||
# No real need for login to be setuid root
|
||||
# chmod u+s debian/login/bin/login
|
||||
chmod u+s debian/login/usr/bin/newgrp
|
||||
# passwd
|
||||
chmod u+s debian/passwd/usr/bin/chfn
|
||||
chmod u+s debian/passwd/usr/bin/chsh
|
||||
chmod u+s debian/passwd/usr/bin/gpasswd
|
||||
chmod u+s debian/passwd/usr/bin/passwd
|
||||
chgrp shadow debian/passwd/usr/bin/chage
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
dh_builddeb -a
|
||||
|
||||
override_dh_auto_clean:
|
||||
sed -i 's/# Linux only # //' debian/login.pam
|
||||
dh_auto_clean
|
||||
|
||||
override_dh_clean:
|
||||
dh_clean ./man/login.defs.d/HOME_MODE.xml
|
||||
Vendored
-70
@@ -1,70 +0,0 @@
|
||||
#!/bin/sh
|
||||
# turn shadow passwords on or off on a Debian system
|
||||
|
||||
set -e
|
||||
|
||||
shadowon () {
|
||||
set -e
|
||||
|
||||
if [ -n "$DPKG_ROOT" ] \
|
||||
&& cmp "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/usr/share/base-passwd/passwd.master" 2>/dev/null \
|
||||
&& cmp "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/usr/share/base-passwd/group.master" 2>/dev/null; then
|
||||
# If dpkg is run with --force-script-chrootless and if /etc/passwd
|
||||
# and /etc/group are unchanged, we avoid the chroot() call by manually
|
||||
# processing the files. This produces bit-by-bit identical results
|
||||
# compared to the normal case as shown by the CI setup at
|
||||
# https://salsa.debian.org/helmutg/dpkg-root-demo/-/jobs
|
||||
for f in passwd group; do
|
||||
cp -a "${DPKG_ROOT}/etc/$f" "${DPKG_ROOT}/etc/$f-"
|
||||
done
|
||||
chmod 600 "${DPKG_ROOT}/etc/passwd-"
|
||||
sed -i 's/^\([^:]\+\):\*:/\1:x:/' "${DPKG_ROOT}/etc/group" "${DPKG_ROOT}/etc/passwd"
|
||||
[ -n "$SOURCE_DATE_EPOCH" ] && epoch=$SOURCE_DATE_EPOCH || epoch=$(date +%s)
|
||||
sed "s/^\([^:]\+\):.*/\1:*:$((epoch/60/60/24)):0:99999:7:::/" "${DPKG_ROOT}/etc/passwd" > "${DPKG_ROOT}/etc/shadow"
|
||||
sed "s/^\([^:]\+\):.*/\1:*::/" "${DPKG_ROOT}/etc/group" > "${DPKG_ROOT}/etc/gshadow"
|
||||
touch "${DPKG_ROOT}/etc/.pwd.lock"
|
||||
chmod 600 "${DPKG_ROOT}/etc/.pwd.lock"
|
||||
else
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwconv
|
||||
grpconv
|
||||
fi
|
||||
chown root:root "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
|
||||
chmod 644 "${DPKG_ROOT}/etc/passwd" "${DPKG_ROOT}/etc/group"
|
||||
chown root:shadow "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
|
||||
chmod 640 "${DPKG_ROOT}/etc/shadow" "${DPKG_ROOT}/etc/gshadow"
|
||||
}
|
||||
|
||||
shadowoff () {
|
||||
set -e
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwunconv
|
||||
grpunconv
|
||||
# sometimes the passwd perms get munged
|
||||
chown root:root /etc/passwd /etc/group
|
||||
chmod 644 /etc/passwd /etc/group
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
"on")
|
||||
if shadowon ; then
|
||||
echo Shadow passwords are now on.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 on\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
"off")
|
||||
if shadowoff ; then
|
||||
echo Shadow passwords are now off.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 off\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo Usage: $0 on \| off
|
||||
;;
|
||||
esac
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
3.0 (quilt)
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
Tests: smoke
|
||||
Restrictions: needs-root superficial
|
||||
Vendored
-13
@@ -1,13 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
echo "Adding an user works"
|
||||
useradd shadow-test-user
|
||||
grep '^shadow-test-user:x:' /etc/passwd
|
||||
grep '^shadow-test-user:!:' /etc/shadow
|
||||
|
||||
echo "Removing an user works"
|
||||
userdel shadow-test-user
|
||||
! grep 'shadow-test-user' /etc/passwd
|
||||
! grep 'shadow-test-user' /etc/shadow
|
||||
Vendored
-3
@@ -1,3 +0,0 @@
|
||||
bin/getsubids usr/bin
|
||||
usr/bin/newuidmap
|
||||
usr/bin/newgidmap
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
uidmap: elevated-privileges 4755 root/root [usr/bin/newgidmap]
|
||||
uidmap: elevated-privileges 4755 root/root [usr/bin/newuidmap]
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
usr/share/man/*/man1/newgidmap.1
|
||||
usr/share/man/*/man1/newuidmap.1
|
||||
usr/share/man/man1/getsubids.1
|
||||
usr/share/man/man1/newgidmap.1
|
||||
usr/share/man/man1/newuidmap.1
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
---
|
||||
Bug-Database: https://github.com/shadow-maint/shadow/issues
|
||||
Bug-Submit: https://github.com/shadow-maint/shadow/issues/new
|
||||
Repository-Browse: https://github.com/shadow-maint/shadow
|
||||
Vendored
-80
@@ -1,80 +0,0 @@
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
|
||||
9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
|
||||
qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
|
||||
MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
|
||||
2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
|
||||
6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
|
||||
c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
|
||||
KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
|
||||
nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
|
||||
3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
|
||||
1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
|
||||
ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
|
||||
qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
|
||||
bxFMLyObhCsq/QxSh/nYrKsw0rQsU2VyZ2UgSGFsbHluIChrZXJuZWwub3JnKSA8
|
||||
c2VyZ2VAaGFsbHluLmNvbT6JATgEEwECACIFAk+oKZQCGwMGCwkIBwMCBhUIAgkK
|
||||
CwQWAgMBAh4BAheAAAoJELF1z6mPGSryYfEIAJviOHYwzXjnHWrsbQQ75rJq2wQ4
|
||||
NlM5FRljskufCXtIz/DUpKKT3aqG3y7ywtEwl4ePofJmLbC0O5bZF9blgSSCV02z
|
||||
zGdeUosAJsxumYHVi9CRHWsiAaNMX8gif9vePqz/iY/caPS4w4gBXJK8vLwvxToI
|
||||
4CZDwIlMkMov//3HQ5v5OKfeqbA1rnsGI74vUw9Zt/Sqgudz5bY65693OqeRRWU6
|
||||
tOH8zo4HkFew26Ydh80qAn1R7ALnk68zwfXj8vdyR9f05dEqbg/4thZWcjWC/Frn
|
||||
QOjcTwKu5DnUCE937a1MPzt4t1FCYUHrqcLN99uzGuOD42o9/S+JAa2HWhe5AQ0E
|
||||
T6gplAEIANz2xhKdYCPfLpAT2wY0NQVoqkAVSymulDwt4DTmeHdFTFgN3vmpzR7C
|
||||
0ZHX5KWCl6EpB9JdVBPbniMzmUlqc0M9h9+T2T2UzCBJWhM/ZBqzN8OCKvtYopC6
|
||||
Pd0HCeZgd0hjaar55oCH/VwJT/+CB1oBOjgQ1CEpMAiK6+IYoGlhf/McCU8i/IWM
|
||||
RGwGarTChAq8MayhAQ5vHXO7UZpNZ5NIgScfJGFqMxCspQDFIKH1OHZWPrE6G/H1
|
||||
MrqWL55zFi64FU/ReWWDUZ2hAELwpYhMM6tTXyy6PW8QYrhg7NBA/EA2zojzVK9V
|
||||
113ZuHvVzICOEevWS6DDc9ZC8t7jIccAEQEAAYkBHwQYAQIACQUCT6gplAIbDAAK
|
||||
CRCxdc+pjxkq8mtUCACLsJVcm3yZmI37LPCJlWXOuRFB24HZyC8ZkPoebcwlzVpU
|
||||
DcaHS0lwuj5J260I7MpKY9FKydZPX0QrGkMytz2P3s+L1IOsbJQ7HsHPyAqNMjoF
|
||||
x880CEDIivkav1IPJPHq1R25KaYSuu+NhY/X8nPuykic3bBB3llVFK9L+s1kaHU1
|
||||
TfWh5aVumRTQmkZtmQxe/gkjL7VxofnPOtxEwL0kXF+b9th1qr6MeEy5+dLLRBrd
|
||||
CAmQq/PHO+Ugb0FpSa415H5egD0hIQxDMBherElBIvbwSv0hVo2C3PmaoIx/y+4N
|
||||
M8amRjKoac6O1A0Xr3nCIDsICvf9ZN6ISXqQqwEWuQENBF2r4KYBCADpPHTIGLuE
|
||||
O4VOOtRAvzLcSIsEg/Iu5Ys1AfEs8RT58loJLxthYpOZVIgyZhLLS3Qpt3aWqYib
|
||||
nc3E4JfQG6OMYKKvlWykQj5NNNeyRNmzUmxd05sYWhwB4gb4VP1PpEc/pQ51BNUp
|
||||
ocxndcp9ZAr5hvTJlo4kD5Bvby8d3eOgwZ6hzusJ9QBXioirsgrNYoL7U9qs/tvo
|
||||
s2PbcnfrNjveftQg0LJakPCEDT9NHBUyZY7JN3ZmV0G+kpMcUzRvhP9rzHVGYVG2
|
||||
+1CBVDphXpGbxmTCH/bDTCRglSDfr8jDIRNTANe4iRsbQBVanjDeMAPfjAOM+bnZ
|
||||
HoHW8Z1sS7YNABEBAAGJAmwEGAEKACAWIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUC
|
||||
XavgpgIbAgFACRCxdc+pjxkq8sB0IAQZAQoAHRYhBKm9P/FwcrbbeA/PlDVw2hcn
|
||||
Cs4kBQJdq+CmAAoJEDVw2hcnCs4k9nwH/j4EtPJvVIpLPS1gKfQaWolZ9El8f12I
|
||||
UyZka+/FKwh6IGbLQBE9oWi6lsDCKMjqYnuVbrcYtll0Lc7CdQR1fSwfzT95xU/z
|
||||
/WrGV8xbQQUULA8MVuYottIZByhtdDNvkBogtLLH4tc40BSm2jqcb6LuT4vswULk
|
||||
9UUOuTUKxWECOM3ci2554l9hGaQ4qSxSXhrPPNR0Le0Y8ElLQI11vTP6UEA6fyVh
|
||||
I6eg90eMrNP2OHCW5QnIuazPFJ/2lb12BgahKbHXYR/cRqZNCU1rRgH8NWtKL0b9
|
||||
/Q9bsBvLl00IlA0xhpZZV4c6S5HCQbU/FXqIIgBmQvfaWzVuQVPHGxcjhwf/UPxw
|
||||
ZiKpo+TGL0GQkP/3H/QH/YHPqNmAOPyoNqUn/RimYs3dyfDTtOTumErF6iLAa9pS
|
||||
Bo8OJJZBOxskXfylTEDsaxWPbxXHUsULpJZxVHoh+90RT957Hc8PjEa+B3KW5vRd
|
||||
HwpwemlNYKn++Hv+kIr+ndqauw88s8e2QpvAUS09h2WxXmEOhrHTiGIFs1l6rq5P
|
||||
+vK5RNQ+xaPSivZZqyzsK6+3s9aTixwPKTw4WYcSOQ92YQ7C1Lsd3GglHxXT/1aW
|
||||
iYoxjXNR2LfJpOFNUG+mZWn02G++RfXetb/PzPxwE2eSqU/YK9GhpH8KbcwsJQSf
|
||||
MqXESPQLlFAwkwFyBrkBDQRdq+FiAQgAx36JU5PHoULcaG/Y8BJ5eyfG1v0B/5oG
|
||||
M1/SbxYpMuAhL3FBvGA0ly0boASm2QF8BK1EsgDmo5rSJgimQnKcQ9uicnXaq+2U
|
||||
npvqDWHcBOFhdAGNNDz1f6uUXNUZCyJ6pqeMj5+JI1sNqs4tBRt4k6uR8W6Svfij
|
||||
nGWgoQ0v+TC7WUMb9jYYzFlEt7VpUlRdCDgWISJoT4s0VutQfF01HY8The4kd62d
|
||||
4cSJP/Nem8QXgwKKyMlMYAcQLjeuXs6odT8YN1xbS53J/2/fcsIVZNEuWAoodXJS
|
||||
sdWFXNsHbPX7GfHGH9tBeOC20g/dmqfwteIudQ1Tn56MmK4DB3ByfwARAQABiQE2
|
||||
BBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAl2r4WICGwwACgkQsXXPqY8Z
|
||||
KvL39Qf/S86hi7pvntTGwk1Hl0IyGw9hXsUUhf26PlcgOj9tC3ZFMxrY+4oxtwMY
|
||||
g2wOodeo4WlmrlYMeGrRwSgiqGWSCPW4LvsssbDuZbKJoxshNAOVHM/1z1CPc2QY
|
||||
0pboVPBHss+HjeSBfKA7VK1UAMh0dqmLD2EjnasXwWs1jLig1FeFRwM9+fTdqS4h
|
||||
sXvmxoIdpg7/GhB4SoT7SpXzZX8VPm0hIzKCTOCr73NSGIDhdCPGJWFIrZwCLSJR
|
||||
Ndl5zIS54uTrNn2+QPwllqBKKtMWDG0uueFWlQEkw6B9+/mOY79K6fiz7clsB2Jy
|
||||
awWrD3SFaYY3BrQXkdnbSsRUDCR23bkBDQRdq+GrAQgAwoQJz9/x/T8J6cqTPfBc
|
||||
YS2UbjpguO1O3a1Zhd231nTiKFVph49qcW2+66PI7cjeNRA2/Z+hTUK065XJ9mpf
|
||||
5NeqzQFQ9dbBMKQw7Jz98RDm7QEUmNZi2avaxljgCDWO4mybMjuDdycwsv0tuOls
|
||||
dGu4UhPmue/03Abs9RGfVecK3211n93SHu8Ro2QPfuPruuPLxQSVVVzBUaGwJHwK
|
||||
SrBnpnClDET3DKr9PFv6/yoQlyiFzlJZtiXvQC3Mc5uiSRbpy9GM3P4FwSmc9+7X
|
||||
SVs87/xrXoH3pUN2MMY+PayF82wUtpPwy0V8MB2NlEaWt+/danioVGVJQauMie84
|
||||
swARAQABiQE2BBgBCgAgFiEEZtA4fbhdMg+ECBZtsXXPqY8ZKvIFAl2r4asCGyAA
|
||||
CgkQsXXPqY8ZKvJbjAf/deT3H5ZTF4k22b7mE5978oGxdBRsHP4kcYWN31hDD3yN
|
||||
S8803VF+C0p/fVv4UMpuT9y771s0tJ+EoPPYARERWKiApFxWMkPL1eaZZB3Wij4z
|
||||
gYc1iGki3lkrV3cJE4iKqKwtCyKHrj+CX2BugxyxS4dGRzeFUpRva6YJk8bfuFR0
|
||||
C86Y4xLv/QoIZLmled+xf7N6BIqOmzXayITFheJGmTFsX0xbt6vr/q6S8cvHiMem
|
||||
CJnlKO3/06pSIA6BRJB+GkBQmVovF70TeeP4AGzstX4U6O0jriySqCptijlVehsV
|
||||
ImGoVOiDX4qYzOd+x0po5lC5mHe/dO0ZTOTGgxQc9w==
|
||||
=Ruhn
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
version=4
|
||||
opts="pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+dfsg\d*$//,repacksuffix=+dfsg1" \
|
||||
https://github.com/shadow-maint/shadow/releases \
|
||||
(?:.*?/)?shadow-(\d[\d.]*)\.tar\.xz debian uupdate
|
||||
+19
-27
@@ -32,7 +32,7 @@
|
||||
|
||||
/* local function prototypes */
|
||||
static int lrename (const char *, const char *);
|
||||
static int check_link_count (const char *file);
|
||||
static int check_link_count (const char *file, bool log);
|
||||
static int do_lock_file (const char *file, const char *lock, bool log);
|
||||
static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
|
||||
const char *name,
|
||||
@@ -85,23 +85,31 @@ int lrename (const char *old, const char *new)
|
||||
res = rename (old, new);
|
||||
|
||||
#ifdef __GLIBC__
|
||||
if (NULL != r) {
|
||||
free (r);
|
||||
}
|
||||
free (r);
|
||||
#endif /* __GLIBC__ */
|
||||
|
||||
return res;
|
||||
}
|
||||
|
||||
static int check_link_count (const char *file)
|
||||
static int check_link_count (const char *file, bool log)
|
||||
{
|
||||
struct stat sb;
|
||||
|
||||
if (stat (file, &sb) != 0) {
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s file stat error: %s\n",
|
||||
shadow_progname, file, strerror (errno));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (sb.st_nlink != 2) {
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: lock file already used (nlink: %u)\n",
|
||||
shadow_progname, file, sb.st_nlink);
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -153,12 +161,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
close (fd);
|
||||
|
||||
if (link (file, lock) == 0) {
|
||||
retval = check_link_count (file);
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: lock file already used\n",
|
||||
shadow_progname, file);
|
||||
}
|
||||
retval = check_link_count (file, log);
|
||||
unlink (file);
|
||||
return retval;
|
||||
}
|
||||
@@ -219,12 +222,7 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
|
||||
retval = 0;
|
||||
if (link (file, lock) == 0) {
|
||||
retval = check_link_count (file);
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
"%s: %s: lock file already used\n",
|
||||
shadow_progname, file);
|
||||
}
|
||||
retval = check_link_count (file, log);
|
||||
} else {
|
||||
if (log) {
|
||||
(void) fprintf (shadow_logfd,
|
||||
@@ -337,9 +335,7 @@ static void free_linked_list (struct commonio_db *db)
|
||||
p = db->head;
|
||||
db->head = p->next;
|
||||
|
||||
if (NULL != p->line) {
|
||||
free (p->line);
|
||||
}
|
||||
free (p->line);
|
||||
|
||||
if (NULL != p->eptr) {
|
||||
db->ops->free (p->eptr);
|
||||
@@ -395,10 +391,8 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
||||
err = 1;
|
||||
}
|
||||
cleanup_ENOMEM:
|
||||
if (file)
|
||||
free(file);
|
||||
if (lock)
|
||||
free(lock);
|
||||
free(file);
|
||||
free(lock);
|
||||
return err;
|
||||
}
|
||||
|
||||
@@ -1200,9 +1194,7 @@ int commonio_remove (struct commonio_db *db, const char *name)
|
||||
|
||||
commonio_del_entry (db, p);
|
||||
|
||||
if (NULL != p->line) {
|
||||
free (p->line);
|
||||
}
|
||||
free (p->line);
|
||||
|
||||
if (NULL != p->eptr) {
|
||||
db->ops->free (p->eptr);
|
||||
|
||||
+3
-8
@@ -310,14 +310,6 @@ extern char *strerror ();
|
||||
# define format_attr(type, index, check)
|
||||
#endif
|
||||
|
||||
/* ! Arguments evaluated twice ! */
|
||||
#ifndef MIN
|
||||
#define MIN(a,b) (((a) < (b)) ? (a) : (b))
|
||||
#endif
|
||||
#ifndef MAX
|
||||
#define MAX(x,y) (((x) > (y)) ? (x) : (y))
|
||||
#endif
|
||||
|
||||
/* Maximum length of usernames */
|
||||
#ifdef HAVE_UTMPX_H
|
||||
# include <utmpx.h>
|
||||
@@ -335,6 +327,9 @@ extern char *strerror ();
|
||||
# endif
|
||||
#endif
|
||||
|
||||
/* Maximum length of passwd entry */
|
||||
#define PASSWD_ENTRY_MAX_LENGTH 32768
|
||||
|
||||
#ifdef HAVE_SECURE_GETENV
|
||||
# define shadow_getenv(name) secure_getenv(name)
|
||||
# else
|
||||
|
||||
+1
-4
@@ -388,10 +388,7 @@ int putdef_str (const char *name, const char *value)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (NULL != d->value) {
|
||||
free (d->value);
|
||||
}
|
||||
|
||||
free (d->value);
|
||||
d->value = cp;
|
||||
return 0;
|
||||
}
|
||||
|
||||
+1
-3
@@ -418,9 +418,7 @@ static int split_groups (unsigned int max_members)
|
||||
/* Shift all the members */
|
||||
/* The number of members in new_gptr will be check later */
|
||||
for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
|
||||
if (NULL != new_gptr->gr_mem[i]) {
|
||||
free (new_gptr->gr_mem[i]);
|
||||
}
|
||||
free (new_gptr->gr_mem[i]);
|
||||
new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
|
||||
new_gptr->gr_mem[i + max_members] = NULL;
|
||||
}
|
||||
|
||||
+1
-1
@@ -80,7 +80,7 @@ void gr_free (/*@out@*/ /*@only@*/struct group *grent)
|
||||
{
|
||||
free (grent->gr_name);
|
||||
if (NULL != grent->gr_passwd) {
|
||||
memzero (grent->gr_passwd, strlen (grent->gr_passwd));
|
||||
strzero (grent->gr_passwd);
|
||||
free (grent->gr_passwd);
|
||||
}
|
||||
gr_free_members(grent);
|
||||
|
||||
@@ -59,7 +59,6 @@ void nss_init(const char *nsswitch_path) {
|
||||
// subid: files
|
||||
nssfp = fopen(nsswitch_path, "r");
|
||||
if (!nssfp) {
|
||||
fprintf(shadow_logfd, "Failed opening %s: %m\n", nsswitch_path);
|
||||
atomic_store(&nss_init_completed, true);
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -483,7 +483,6 @@ extern bool valid (const char *, const struct passwd *);
|
||||
extern /*@maynotreturn@*/ /*@only@*//*@out@*//*@notnull@*/void *xmalloc (size_t size)
|
||||
/*@ensures MaxSet(result) == (size - 1); @*/;
|
||||
extern /*@maynotreturn@*/ /*@only@*//*@notnull@*/char *xstrdup (const char *);
|
||||
extern void xfree(void *ap);
|
||||
|
||||
/* xgetpwnam.c */
|
||||
extern /*@null@*/ /*@only@*/struct passwd *xgetpwnam (const char *);
|
||||
|
||||
+4
-1
@@ -56,7 +56,10 @@ static int passwd_put (const void *ent, FILE * file)
|
||||
|| (pw->pw_gid == (gid_t)-1)
|
||||
|| (valid_field (pw->pw_gecos, ":\n") == -1)
|
||||
|| (valid_field (pw->pw_dir, ":\n") == -1)
|
||||
|| (valid_field (pw->pw_shell, ":\n") == -1)) {
|
||||
|| (valid_field (pw->pw_shell, ":\n") == -1)
|
||||
|| (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
|
||||
strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
|
||||
strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
+1
-1
@@ -73,7 +73,7 @@ void pw_free (/*@out@*/ /*@only@*/struct passwd *pwent)
|
||||
if (pwent != NULL) {
|
||||
free (pwent->pw_name);
|
||||
if (pwent->pw_passwd) {
|
||||
memzero (pwent->pw_passwd, strlen (pwent->pw_passwd));
|
||||
strzero (pwent->pw_passwd);
|
||||
free (pwent->pw_passwd);
|
||||
}
|
||||
free (pwent->pw_gecos);
|
||||
|
||||
+16
-13
@@ -122,12 +122,14 @@ static int semanage_user_mod (semanage_handle_t *handle,
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s\n"), login_name);
|
||||
ret = 1;
|
||||
goto done;
|
||||
if (semanage_mls_enabled(handle)) {
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s\n"), login_name);
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
@@ -179,13 +181,14 @@ static int semanage_user_add (semanage_handle_t *handle,
|
||||
goto done;
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s\n"),
|
||||
login_name);
|
||||
ret = 1;
|
||||
goto done;
|
||||
if (semanage_mls_enabled(handle)) {
|
||||
ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
|
||||
if (ret != 0) {
|
||||
fprintf (shadow_logfd,
|
||||
_("Could not set serange for %s\n"), login_name);
|
||||
ret = 1;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
|
||||
|
||||
+2
-4
@@ -54,8 +54,7 @@ static char **list (char *s)
|
||||
rbuf = malloc (size * sizeof (char *));
|
||||
}
|
||||
if (!rbuf) {
|
||||
if (members)
|
||||
free (members);
|
||||
free (members);
|
||||
members = 0;
|
||||
size = 0;
|
||||
return (char **) 0;
|
||||
@@ -89,8 +88,7 @@ struct group *sgetgrent (const char *buf)
|
||||
if (strlen (buf) + 1 > size) {
|
||||
/* no need to use realloc() here - just free it and
|
||||
allocate a larger block */
|
||||
if (grpbuf)
|
||||
free (grpbuf);
|
||||
free (grpbuf);
|
||||
size = strlen (buf) + 1000; /* at least: strlen(buf) + 1 */
|
||||
grpbuf = malloc (size);
|
||||
if (!grpbuf) {
|
||||
|
||||
+7
-2
@@ -16,6 +16,7 @@
|
||||
#include <stdio.h>
|
||||
#include <pwd.h>
|
||||
#include "prototypes.h"
|
||||
#include "shadowlog_internal.h"
|
||||
|
||||
#define NFIELDS 7
|
||||
|
||||
@@ -34,7 +35,7 @@
|
||||
struct passwd *sgetpwent (const char *buf)
|
||||
{
|
||||
static struct passwd pwent;
|
||||
static char pwdbuf[1024];
|
||||
static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
int i;
|
||||
char *cp;
|
||||
char *fields[NFIELDS];
|
||||
@@ -44,8 +45,12 @@ struct passwd *sgetpwent (const char *buf)
|
||||
* the password structure remain valid.
|
||||
*/
|
||||
|
||||
if (strlen (buf) >= sizeof pwdbuf)
|
||||
if (strlen (buf) >= sizeof pwdbuf) {
|
||||
fprintf (shadow_logfd,
|
||||
"%s: Too long passwd entry encountered, file corruption?\n",
|
||||
shadow_progname);
|
||||
return 0; /* fail if too long */
|
||||
}
|
||||
strcpy (pwdbuf, buf);
|
||||
|
||||
/*
|
||||
|
||||
+5
-1
@@ -16,6 +16,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
#include "prototypes.h"
|
||||
#include "shadowlog_internal.h"
|
||||
#include "defines.h"
|
||||
#include <stdio.h>
|
||||
#define FIELDS 9
|
||||
@@ -25,7 +26,7 @@
|
||||
*/
|
||||
struct spwd *sgetspent (const char *string)
|
||||
{
|
||||
static char spwbuf[1024];
|
||||
static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
|
||||
static struct spwd spwd;
|
||||
char *fields[FIELDS];
|
||||
char *cp;
|
||||
@@ -37,6 +38,9 @@ struct spwd *sgetspent (const char *string)
|
||||
*/
|
||||
|
||||
if (strlen (string) >= sizeof spwbuf) {
|
||||
fprintf (shadow_logfd,
|
||||
"%s: Too long passwd entry encountered, file corruption?\n",
|
||||
shadow_progname);
|
||||
return 0; /* fail if too long */
|
||||
}
|
||||
strcpy (spwbuf, string);
|
||||
|
||||
+1
-1
@@ -128,7 +128,7 @@ void sgr_free (/*@out@*/ /*@only@*/struct sgrp *sgent)
|
||||
size_t i;
|
||||
free (sgent->sg_name);
|
||||
if (NULL != sgent->sg_passwd) {
|
||||
memzero (sgent->sg_passwd, strlen (sgent->sg_passwd));
|
||||
strzero (sgent->sg_passwd);
|
||||
free (sgent->sg_passwd);
|
||||
}
|
||||
for (i = 0; NULL != sgent->sg_adm[i]; i++) {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user