Compare commits
1305 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 499c6f7938 | |||
| e568b9e435 | |||
| 36ef489fe1 | |||
| 65741533ca | |||
| 93ce5304fe | |||
| 355e31d19d | |||
| 24cfe44b07 | |||
| db38a728d1 | |||
| 4ad827768e | |||
| b04c2d7e99 | |||
| cb550dae17 | |||
| 56c7096000 | |||
| b0bcb01888 | |||
| f7257fafe1 | |||
| 616ed68b48 | |||
| 7e96d749e4 | |||
| 885692e3c5 | |||
| bbb2a1522f | |||
| ae00a3579c | |||
| fa69d08d13 | |||
| 7d5d9c1841 | |||
| 80907f451b | |||
| f4f6300499 | |||
| d6f18c207e | |||
| 35c0b2cb47 | |||
| d07e4b8e32 | |||
| 0762426c4d | |||
| 5cd975acbf | |||
| ae69e6da5a | |||
| 647c22c85a | |||
| 1edc2153bb | |||
| bf56a7097e | |||
| a6418fb0df | |||
| 401d72d609 | |||
| a1352582df | |||
| 2e239f44cf | |||
| 5b22b11454 | |||
| 91d5c24f58 | |||
| e9a8ffbb51 | |||
| 1b9b5ec306 | |||
| f596cd113c | |||
| 2e075ad91b | |||
| fd55bd5d4a | |||
| 604c7d72d9 | |||
| 738ebc04b9 | |||
| 8dfd253b9c | |||
| 2a08642cdc | |||
| 3aa2765d59 | |||
| 12235612b5 | |||
| 39b17ee5d5 | |||
| 37bda83dfc | |||
| 16ea6678ef | |||
| a7118480af | |||
| 41705d4532 | |||
| b98658bd11 | |||
| 50916c195b | |||
| a61ecc3177 | |||
| 627ebe09ed | |||
| 2adab29e61 | |||
| fb41fb8c46 | |||
| 738eac8669 | |||
| 82afbc40ce | |||
| 00694672cd | |||
| fa2afc96ac | |||
| 42cb56a3a0 | |||
| b5e7ede8b7 | |||
| c859ad91c4 | |||
| 5dead2b296 | |||
| 6573e0175f | |||
| 96816f495e | |||
| 9f13b4fdaa | |||
| 5f143879df | |||
| 785231657c | |||
| b9ecd1cf42 | |||
| 4a4549c49b | |||
| 3e85eafb4c | |||
| e3343c1d9b | |||
| 297141c6c4 | |||
| 589a773f7e | |||
| f634cd3e2c | |||
| 8eaa6f8b4c | |||
| 9ee294ba70 | |||
| d945d61e42 | |||
| f8f0886248 | |||
| 87bb724151 | |||
| 205e8b5137 | |||
| a9b8fdc3c9 | |||
| 321e3ed02c | |||
| 63e6dc6b11 | |||
| a96a8861dd | |||
| 24875bb422 | |||
| 74073db5db | |||
| fe0a5b6ee3 | |||
| 12875d2687 | |||
| 489432d742 | |||
| 750093a3ed | |||
| a01499179f | |||
| 6ba7fd7d13 | |||
| 1737e6e0ec | |||
| 3f649c5504 | |||
| 9bdcf8fa15 | |||
| 7f9e196903 | |||
| 8bcb2c1e71 | |||
| 79db09da98 | |||
| 8f64190223 | |||
| ce684e236c | |||
| d1534c53f7 | |||
| 19b672c3a4 | |||
| a979e7d14d | |||
| 4654150518 | |||
| 0921785ca2 | |||
| b60e8b6b45 | |||
| 538336a332 | |||
| 5c1279d803 | |||
| 61939960cc | |||
| ee7af4d7e2 | |||
| b8355dba15 | |||
| 5d661e366b | |||
| 787fbd3fab | |||
| c671c3a738 | |||
| 69fe59a632 | |||
| ba65b06b4a | |||
| 4da0573bf7 | |||
| 4e75bb57bb | |||
| c527c0196b | |||
| a326ffa435 | |||
| 0f448edf19 | |||
| 9b6b06cd03 | |||
| d7d0b06a41 | |||
| 72fa8afa07 | |||
| 1e75786616 | |||
| 1db4402dbb | |||
| 59e1947950 | |||
| f8b8aaf5e4 | |||
| 613dc54ac5 | |||
| a1591f77e8 | |||
| 102253834a | |||
| dd85562fac | |||
| 90cc7f0f1d | |||
| bb00d1630a | |||
| a5188d2f05 | |||
| 6547cbda6f | |||
| 79919f184c | |||
| e6b23e1431 | |||
| b0c0a94c66 | |||
| 76b51939aa | |||
| 91fc51387c | |||
| 009125484e | |||
| 8112a12521 | |||
| 69307a1f2b | |||
| e68e07d095 | |||
| 851245107d | |||
| e88d1f5803 | |||
| 988f7334ad | |||
| 80fd2969c9 | |||
| 13b74243a6 | |||
| c7035dbe9c | |||
| 8f78169a52 | |||
| 5766499b85 | |||
| 4fd672c5b9 | |||
| fca3b5cdc9 | |||
| 8fa9bedcf7 | |||
| 44869516d3 | |||
| 06d5369fdb | |||
| 71f7f777ec | |||
| 3a37388d43 | |||
| 4c1d96e8e0 | |||
| f9bd143012 | |||
| 98e42fa944 | |||
| ab6c366668 | |||
| fc656ad7bd | |||
| 1353c71054 | |||
| 566fbac1ef | |||
| 496002abc9 | |||
| e8dd48ac09 | |||
| 08b4253001 | |||
| 1a87c69854 | |||
| 861773bf77 | |||
| 01e88bda16 | |||
| 5e45ac1688 | |||
| 10396f9536 | |||
| 0c571784a3 | |||
| 7646230de2 | |||
| 42e72c418d | |||
| 37eec13774 | |||
| f28f5f3af4 | |||
| 6e357e14fc | |||
| d0d01ffb00 | |||
| 916977c5bb | |||
| af8ff8c1ca | |||
| 3d2f164dca | |||
| c357e94283 | |||
| 7f165aab7f | |||
| 956d68c870 | |||
| 61ebff6d97 | |||
| 0b1397b33b | |||
| a121b9b659 | |||
| 43033b65ad | |||
| 0c6159650d | |||
| 7b562d96b3 | |||
| 988ec76cf8 | |||
| 87e15d7b82 | |||
| 77c1b2a369 | |||
| b0db85bc04 | |||
| cbd90eed74 | |||
| 35f0a2e951 | |||
| 614c79defc | |||
| fef6f9379a | |||
| fe29344b33 | |||
| 2c0f3ef707 | |||
| aebddca35d | |||
| 620ee81b7e | |||
| e76a5df932 | |||
| 7fb1063ccd | |||
| 811288df64 | |||
| 31906409c8 | |||
| b05783da32 | |||
| 54302f6006 | |||
| 2a32262725 | |||
| e35a7fbd89 | |||
| c55311aa6d | |||
| 3704745289 | |||
| eae8b63d4f | |||
| 349efcb0a6 | |||
| 46d697cded | |||
| 53e0ff91d3 | |||
| a362a68f53 | |||
| 332a50c273 | |||
| 790dbb07fc | |||
| f59a69f4b6 | |||
| efcbbc3d74 | |||
| a0503bc3a1 | |||
| 82c1a583f8 | |||
| fcfa81283e | |||
| fba5cad820 | |||
| 5bdf239a66 | |||
| 408a30f0ba | |||
| c8f45eda53 | |||
| 2ba18ea4a9 | |||
| a45b272a2f | |||
| 5ad0d896f1 | |||
| 9efd6a53d2 | |||
| 18fdfee274 | |||
| a6ac4dda75 | |||
| 29c3763f9c | |||
| c694843da5 | |||
| 432faba3e1 | |||
| 70e1a5c9b6 | |||
| 61c1d100dc | |||
| 3508f7dccc | |||
| d4158bdf77 | |||
| 1bcf2ffb59 | |||
| 87ac185752 | |||
| 22fbd774dc | |||
| a87e747049 | |||
| f3bea401e9 | |||
| 2ce68e8aec | |||
| bf66861e3f | |||
| 131e95ffaf | |||
| ca10b825c7 | |||
| 2ed05e548b | |||
| 8156c3b0be | |||
| d2a822fe39 | |||
| 5298ac3dd9 | |||
| c49371e423 | |||
| 76f7ae8d7d | |||
| e312f007b8 | |||
| 239bb04b18 | |||
| 4d2bee2e23 | |||
| a24058d660 | |||
| 70d9bc6233 | |||
| 5fa86c2b42 | |||
| a8586cbce7 | |||
| acc3423c96 | |||
| ceddfa340d | |||
| 8675b74bf4 | |||
| b4a3ab4082 | |||
| 0b4b3d63da | |||
| 774f8a073a | |||
| 6b46161f2d | |||
| 08a212ccae | |||
| 64a9f33ffa | |||
| bc0f4fa509 | |||
| 681c1d12b5 | |||
| ce156b578f | |||
| 4e32b9fea9 | |||
| fb631fa4eb | |||
| ac305b82a4 | |||
| 5a56996eef | |||
| af7b9b8b62 | |||
| 554d4f6b95 | |||
| 80a30dfe6f | |||
| cab74eddef | |||
| 42590e062f | |||
| 3fdefd3e40 | |||
| 192fa18195 | |||
| 60a7cc9d7c | |||
| e27f4a91b9 | |||
| ca1bb50c24 | |||
| 8d136297c4 | |||
| 2c400eff94 | |||
| 5d9c298e9d | |||
| 689a7197a0 | |||
| 413bb19543 | |||
| db337babbc | |||
| 46861e6bd8 | |||
| 84f5ca951c | |||
| 1c97cf5c83 | |||
| 9a7f5c6b16 | |||
| b5200cf753 | |||
| 686ac847aa | |||
| e075442345 | |||
| c7258f22d8 | |||
| 304b0ec202 | |||
| 52238dd6a7 | |||
| 66e39884e2 | |||
| d548bf4742 | |||
| 1675ca3378 | |||
| 77459dc27d | |||
| ffd3e43ad8 | |||
| 95bc6eb7b2 | |||
| 06c81b67c2 | |||
| c3f109556a | |||
| f481938cc5 | |||
| 4b15eefd3c | |||
| b9df8b5817 | |||
| ac52639b77 | |||
| a51954203e | |||
| 021066a980 | |||
| a1cac18ac3 | |||
| 2a3b84b888 | |||
| f703b686da | |||
| 682eedb167 | |||
| 3511b1de80 | |||
| 2f85113366 | |||
| b23443630c | |||
| 7585fa0fe9 | |||
| 1ba2139d5c | |||
| f67403ba01 | |||
| 996e842149 | |||
| c2bb947c14 | |||
| d4fc74e43c | |||
| a1dd26d2d6 | |||
| 503976fc6a | |||
| dab1523df5 | |||
| a65c2c9b18 | |||
| 5331930716 | |||
| 96c7b12bc4 | |||
| 5dd5f51700 | |||
| df7abc5447 | |||
| db7370d242 | |||
| a8e9fc86eb | |||
| a402c4db3b | |||
| 780af2653a | |||
| 9372111aaa | |||
| 9fda9f5c28 | |||
| 80135cdc17 | |||
| 6aa874a0a0 | |||
| d1dac25379 | |||
| 526e7ac972 | |||
| fa7bae1210 | |||
| d60f0a1a10 | |||
| 78230efd01 | |||
| 8411a8e8b4 | |||
| 295106b6a8 | |||
| 29381bf9d6 | |||
| 5a5cf15430 | |||
| 884a2de437 | |||
| 5349c79d12 | |||
| 9ee627fe02 | |||
| 1def19ecea | |||
| dc857372ed | |||
| 730fc8fc33 | |||
| fafe281d31 | |||
| f98b47eb55 | |||
| e3e64317e8 | |||
| f2c8017df4 | |||
| bf9036d27a | |||
| 87da822c7f | |||
| 47a57bced1 | |||
| 1dc04372df | |||
| 27153ae92b | |||
| 28d7f83c87 | |||
| c1052e2df2 | |||
| c9121d025f | |||
| 0e2a3979f4 | |||
| 186ea0e203 | |||
| f47d9eba94 | |||
| 7368452e49 | |||
| 635ef3bbf8 | |||
| b46fd9a2b4 | |||
| a62e781248 | |||
| 32ef9c2135 | |||
| f2d6449374 | |||
| 7b532f0b44 | |||
| af96cba0cc | |||
| a684cadbb6 | |||
| 6c85ca9661 | |||
| de60b7b2de | |||
| d8c9236a18 | |||
| 2bb7007fcb | |||
| 4c7d798307 | |||
| 3cb730bcfe | |||
| 1b0a32d71c | |||
| 915ec6531a | |||
| 1df7433e44 | |||
| 0bd396011a | |||
| 6405b58a98 | |||
| 9d977dba8e | |||
| ad7a108d60 | |||
| fca6aeeea2 | |||
| 5b8ff14caf | |||
| a438c2f184 | |||
| 66cb5b33ad | |||
| c28c443d8f | |||
| 93358ac3de | |||
| 0667aee3cc | |||
| 2297508f13 | |||
| 1a04bbb044 | |||
| cf31f05cfb | |||
| 2b290e7abb | |||
| a324a7f13f | |||
| eb4097180b | |||
| 8d7e1faebf | |||
| c0311206c8 | |||
| 4b2f537795 | |||
| 4d49f543dd | |||
| d400af51fa | |||
| c8d2175981 | |||
| 11c7543c76 | |||
| 29d4533047 | |||
| c813e692a2 | |||
| 65e32d850c | |||
| 9f2ce12b28 | |||
| f4860274be | |||
| 6b17118e72 | |||
| 54a0762bbb | |||
| 1e3f19ad89 | |||
| 5b73a0492d | |||
| 9fa519c983 | |||
| c71e7861ed | |||
| f3df48ab4f | |||
| 5df1f2f683 | |||
| 0833bc3cc0 | |||
| b18d46e68d | |||
| d1f92a2225 | |||
| a279244709 | |||
| b12db09e31 | |||
| 4d6385633f | |||
| 8c060833c8 | |||
| 70c9eeff05 | |||
| f91b828708 | |||
| 828e9d095e | |||
| bab84a13ff | |||
| 49f0d8b680 | |||
| 4976708c00 | |||
| 761cdf5dfc | |||
| 2fb1dbfcd1 | |||
| 8b3029e430 | |||
| f8aef607ae | |||
| bbae92e76f | |||
| c89eb6d7eb | |||
| 70cf08329b | |||
| a7b3bcb43c | |||
| 18b7c8d188 | |||
| f34a638b38 | |||
| e48fb58753 | |||
| 18fc4505d3 | |||
| ee4e367ea8 | |||
| 7034a913fd | |||
| e3ebd2c736 | |||
| 25d67da1da | |||
| 7e17182e4c | |||
| 7e0008a2d7 | |||
| a21809cdae | |||
| 3dcaaf87e7 | |||
| f3c7ca59c5 | |||
| ba98ffe152 | |||
| abddd42aa0 | |||
| 118303b9da | |||
| f74d7a9fd0 | |||
| 12a9942732 | |||
| a109ff1d85 | |||
| 3766b78eba | |||
| 614e95af39 | |||
| 05e4cf9aae | |||
| d2c11f8bee | |||
| c04189bfb6 | |||
| 6c5e97e745 | |||
| 687ae4f4a8 | |||
| 87b56b19fb | |||
| 190a6e7687 | |||
| 046fe0cfe0 | |||
| 81e1dbc90e | |||
| 281721cd15 | |||
| 0fcae007a0 | |||
| 6b3266f228 | |||
| ce4152c817 | |||
| 73877b22c4 | |||
| bf3e8f290c | |||
| 81a4edb776 | |||
| 399f453b4d | |||
| 8e6c4b2e07 | |||
| 4507bd32af | |||
| e9a14b2409 | |||
| cd6a300222 | |||
| 978b3ef881 | |||
| da693710f6 | |||
| 71656e3cba | |||
| 72d75d50d9 | |||
| cdf963b2b3 | |||
| 6598f82111 | |||
| de11907053 | |||
| 8075d27e32 | |||
| 7109072b8f | |||
| cf4aea18b4 | |||
| 7bbaec8fed | |||
| 68b7aad535 | |||
| f86b2704d5 | |||
| c59126a817 | |||
| b4899946ef | |||
| 76ea48bb64 | |||
| 0802405344 | |||
| 0c7df2f9a0 | |||
| 77f81fa0b6 | |||
| 8851893412 | |||
| aa2fee4969 | |||
| d7b55ce2bb | |||
| 38a50366bc | |||
| 307f703b99 | |||
| 306f19b805 | |||
| 421085672b | |||
| b6dc6082ab | |||
| a3be8ff055 | |||
| c9119dc6bb | |||
| cfeacc4d67 | |||
| 7cc0389757 | |||
| 2bdcb9c33d | |||
| 7ae6b8fc34 | |||
| 82779cd336 | |||
| 82ed690817 | |||
| 130553a578 | |||
| 1355d5d3eb | |||
| fa33bb9d0e | |||
| 0ebc407246 | |||
| 2c950c5cb5 | |||
| 2722e6bb68 | |||
| ce4e0b78bc | |||
| 5d1795062f | |||
| b6cc69cd8f | |||
| 10e78fbd8e | |||
| e3e99974f8 | |||
| e069125a2c | |||
| 0528803da6 | |||
| e5e00ce9d6 | |||
| 69b276a712 | |||
| 5c04fe9b61 | |||
| 9c050c54ef | |||
| 3a07026740 | |||
| 538db04950 | |||
| e2b778a38e | |||
| 85bc9c1d1a | |||
| 501ae11f51 | |||
| eb6cb5311b | |||
| e3a5f66059 | |||
| fd4b6cc52a | |||
| 93ccc35ff0 | |||
| ccc49e8841 | |||
| 7fc596fb8a | |||
| b0fe7d3a0b | |||
| 6461841ccd | |||
| 75e65f72c2 | |||
| 2cba7fdfcd | |||
| 9ddc88dd9d | |||
| bc8456425d | |||
| 7eab6d9958 | |||
| 2bf3f0c03c | |||
| 9eea2344fc | |||
| 538600ef48 | |||
| 2ebd2a08ff | |||
| 6713942f83 | |||
| c6f5ce280f | |||
| 9aad7a3783 | |||
| a22551d56b | |||
| d6f96fa07e | |||
| 5a0715fd6c | |||
| 717110d355 | |||
| d5c6257ac2 | |||
| 88fce52fbf | |||
| 8f3ee46325 | |||
| aa035f9853 | |||
| b2f5629de8 | |||
| db98798134 | |||
| d4227e75cd | |||
| e6c015e0d0 | |||
| 44db9db053 | |||
| 4c2ed7b52e | |||
| 6f571dbfc6 | |||
| a363e1c51f | |||
| b684ea837d | |||
| d4eced9b84 | |||
| a674a2e6fd | |||
| 276e406c0f | |||
| 7ac0323c7b | |||
| 95c78ce92b | |||
| 21c692d23f | |||
| 5b194e290c | |||
| 22fb4fe019 | |||
| 62c8e79676 | |||
| e4e3bd5175 | |||
| eb18ee624f | |||
| 6298ca94cb | |||
| 7c9270d7a5 | |||
| 5f9226b14b | |||
| 9320075030 | |||
| ca032792bd | |||
| abb95d5aab | |||
| dcd480ffd9 | |||
| 68cdac68cb | |||
| e1307ea789 | |||
| 52fe9f62f6 | |||
| f42160862a | |||
| 1b631c42ef | |||
| 0afd6a8312 | |||
| 4ac21ca652 | |||
| dbbae8dcd3 | |||
| eed5fc7179 | |||
| b8c5483b85 | |||
| 4f12c31e3b | |||
| 53543b9b6a | |||
| afafd0f683 | |||
| d65354efcf | |||
| d3abd86df5 | |||
| 838f39d0fd | |||
| 4589ba350f | |||
| 92143eb7b9 | |||
| c9679b7954 | |||
| 5fc99a117b | |||
| 87ba782106 | |||
| dd8a09ce8d | |||
| ba7dde0168 | |||
| 3a03794bb6 | |||
| fe753e24a3 | |||
| 42a4604461 | |||
| a70898fc28 | |||
| 186eef69dc | |||
| c3a380ade8 | |||
| 936bd6a191 | |||
| 73d36f5ece | |||
| 00431d772e | |||
| a22c7e731a | |||
| 398cf8ee6f | |||
| e50ff5c7b5 | |||
| 906e8c0001 | |||
| 2fa4cedb1e | |||
| 47210d9a1a | |||
| d1881d1b56 | |||
| 6713a2ce67 | |||
| f626317e90 | |||
| 56327f6298 | |||
| 7d05c4a2b0 | |||
| 232bcafd7c | |||
| c82cfebd5e | |||
| 07a6bcaa77 | |||
| fe0e4f635e | |||
| 815ffb7d3e | |||
| 7f8c48834f | |||
| 0a6ce91369 | |||
| 71dda8b648 | |||
| 2296db3db6 | |||
| 1e798b640d | |||
| e91899c0da | |||
| 6099bda088 | |||
| 43e4d608ae | |||
| ef32209fd7 | |||
| 55b2e44814 | |||
| 6bb86709ee | |||
| ce6dca81bc | |||
| d7ffaf94b1 | |||
| c573f432fe | |||
| 7cb33ba636 | |||
| 182731d6eb | |||
| f79fd32208 | |||
| b3c68f1692 | |||
| ef1a2a82dd | |||
| 269d4c55dd | |||
| 91c8e1bf0d | |||
| c8626c09af | |||
| cac7d1a495 | |||
| 3cbda4157b | |||
| 46ce06791a | |||
| 462e8a3d90 | |||
| cd9e4d1b2b | |||
| e31af5f255 | |||
| a0dae7557c | |||
| 836bf643b0 | |||
| f9e4c7ca02 | |||
| a31782497c | |||
| 47f937ac13 | |||
| be8d08fda6 | |||
| 7dea133b55 | |||
| 63f0e5e2c0 | |||
| fdb577e0a0 | |||
| 45544f42b9 | |||
| 0452fa2458 | |||
| 2b92b0f305 | |||
| e43c3aed67 | |||
| 6aa98c17bd | |||
| a9f1ce0db1 | |||
| d48973bbc8 | |||
| 3879f07fa8 | |||
| 3ea7f76c17 | |||
| 827f8882bc | |||
| 24a7015f64 | |||
| 2a267ca05f | |||
| e41460cae5 | |||
| 5e2b49dad4 | |||
| 5038f6687b | |||
| 8b98a2e829 | |||
| 46466a8fcc | |||
| 4e0d734598 | |||
| 8cfe8db1fb | |||
| 5ae74603da | |||
| 747664ad4f | |||
| 9e31065b5e | |||
| 004fb5f9c2 | |||
| da62edb4e0 | |||
| adc4729ffa | |||
| 64d0313c5b | |||
| 94b414861d | |||
| 9305161183 | |||
| 297fa24b90 | |||
| 3ca3362283 | |||
| 4f38c8d201 | |||
| 964f68630a | |||
| caed1add3a | |||
| 77020623ed | |||
| d264017684 | |||
| 383ea561f8 | |||
| ef5e803875 | |||
| 22de221c21 | |||
| 6f88bcf581 | |||
| 6ce26e12f5 | |||
| 09869159f7 | |||
| 14839257ac | |||
| f16c6bd7dd | |||
| a24aff2148 | |||
| fc6d8e933b | |||
| c6364944d4 | |||
| 70ef747a56 | |||
| 3d7aa44c8e | |||
| c249832df1 | |||
| 3169455653 | |||
| f7122499a6 | |||
| cc7ac94641 | |||
| 7f9dfde0dc | |||
| 2533c87bd6 | |||
| 6fef9f5178 | |||
| f9ac07f455 | |||
| 175e361a4d | |||
| 53bedaa4c1 | |||
| 1ebf7842f5 | |||
| f14452ec3c | |||
| 78c0edb7c1 | |||
| f2b4efff20 | |||
| 11003f5842 | |||
| c638c3cc3d | |||
| a2982f0d4e | |||
| 639b2bd8e5 | |||
| 7069324a20 | |||
| 9d331bb32b | |||
| bc0657d13c | |||
| 712ed48a62 | |||
| 66afec21d1 | |||
| b94825bbad | |||
| 06d2a32a3e | |||
| 623d9e2ab3 | |||
| cb8d416b37 | |||
| de9bee0354 | |||
| ae75a8c0c1 | |||
| 8098f63998 | |||
| 2303ddd0de | |||
| b5b636b8b7 | |||
| a665e829ae | |||
| 6124b59aff | |||
| 9c41a8ad38 | |||
| cda1f9a23d | |||
| 0219d72f48 | |||
| d99423405c | |||
| eeb9592ded | |||
| 0120fc10e1 | |||
| b9ac46305f | |||
| ec9e63b7de | |||
| a917ba4fb9 | |||
| 9c69fe73b1 | |||
| 63228ac1c6 | |||
| a071d72e48 | |||
| 7ab3a97dfe | |||
| ae7aeda621 | |||
| 0d6b2221ab | |||
| 337a97ceab | |||
| 461d69522f | |||
| 537496c019 | |||
| 300f7416c4 | |||
| 243809af3a | |||
| 3fed00196c | |||
| fb4271bdf9 | |||
| 6a17c2b27f | |||
| c7302b61ef | |||
| 8a8072a563 | |||
| 4196525702 | |||
| 4d7d6a1a9f | |||
| 2542732a0c | |||
| 7baffa5e74 | |||
| 10ebb14481 | |||
| 8e82ae234e | |||
| 17cb7c754e | |||
| 70bf7cca33 | |||
| f89cf0cf20 | |||
| 1dd0a7e836 | |||
| 1de80f9457 | |||
| b345316e49 | |||
| e8a2633984 | |||
| 5c9143c432 | |||
| 9dda0ada5f | |||
| 57144e2820 | |||
| d7a926d69a | |||
| 0a5fad05a8 | |||
| ad135f478a | |||
| f2b518a31f | |||
| 231bb00904 | |||
| f7a256fc19 | |||
| eca5208c20 | |||
| 9a6f0d3969 | |||
| fed294e11e | |||
| 04af9cb9f8 | |||
| 32b424e507 | |||
| d94602add8 | |||
| e33e2b7d79 | |||
| 78c59b7261 | |||
| 8377303981 | |||
| a8a614c515 | |||
| b1a0769d3d | |||
| 1b808e62df | |||
| 5af8a5d74d | |||
| d1290c0d5d | |||
| bded00fd11 | |||
| a2242f6f1b | |||
| 9e07fec6ba | |||
| d44f1dfeca | |||
| 987d853aa9 | |||
| e0579449d8 | |||
| 1b2618d688 | |||
| 6ea65c8992 | |||
| 52cfc3372b | |||
| 528346cb3b | |||
| f43a4659c6 | |||
| 2a2b2b3aa4 | |||
| db479122f3 | |||
| 4160d8c1fb | |||
| dead78e4d9 | |||
| 7ce94164c7 | |||
| 77f722ae9d | |||
| 93e2f66a60 | |||
| 2a5c015cd1 | |||
| dc641054a1 | |||
| 23ac189d48 | |||
| 29e71bf1b3 | |||
| 7ec4a64cdb | |||
| c81db0b178 | |||
| bb824221a4 | |||
| ca2636f08a | |||
| 18c914f086 | |||
| ed52b88b92 | |||
| 280fcebae8 | |||
| 80ef1db3b3 | |||
| a8bc585e33 | |||
| 1599d3d128 | |||
| a5f949165a | |||
| ead95673a5 | |||
| 132eb55983 | |||
| f08833fba2 | |||
| f8679b385a | |||
| ae5db5d36b | |||
| fdae41eb63 | |||
| 25433a17e7 | |||
| 737806a53a | |||
| feb2e41181 | |||
| 6e9078f16c | |||
| 4e01ea6c33 | |||
| 65ed10d75c | |||
| aed929ae90 | |||
| 04190741e7 | |||
| 72cfa974d8 | |||
| a1ae1c4fba | |||
| e21f90fd68 | |||
| be7c51d27a | |||
| 7344e055be | |||
| 57f713e426 | |||
| 5672b53263 | |||
| e899b34160 | |||
| 3755086645 | |||
| ae99674e9b | |||
| 28a9441f4f | |||
| 8c229ea473 | |||
| 3dd5866244 | |||
| 96f7a7588f | |||
| 01f9705dd5 | |||
| 1b246725c5 | |||
| de239d9b01 | |||
| f4b9f1b2e0 | |||
| 926aeec06a | |||
| 934ac07b06 | |||
| 0d1be15e0f | |||
| 294e3a632e | |||
| 229e6cbdd8 | |||
| 53561134a9 | |||
| 7535467358 | |||
| 20153121be | |||
| caf3f2603e | |||
| 03e5a3a181 | |||
| ae8cbbc34d | |||
| b082ebead2 | |||
| 85febc5729 | |||
| e663f6c0b4 | |||
| 8a1abbe80b | |||
| 39c9007f67 | |||
| ee268550d9 | |||
| e5b7987764 | |||
| 06691758e8 | |||
| 1d63dfd1d4 | |||
| 9d6d2de4d3 | |||
| 9104a7a4a4 | |||
| 1520a0ae3e | |||
| 7b22265d4e | |||
| 116a76e528 | |||
| 93177a5615 | |||
| 0c867d23ad | |||
| 5c6f68cd8f | |||
| d85b926a14 | |||
| 8289eabc55 | |||
| 58176a821d | |||
| 4cdbd1fa1d | |||
| 0e07f3e48d | |||
| 569a3b8e59 | |||
| 747e174bec | |||
| ff49a02023 | |||
| 9c7ddf94c9 | |||
| 050364aba2 | |||
| 23e8564812 | |||
| 462be08456 | |||
| db0dddc6e9 | |||
| cea5c823a1 | |||
| 5a4848c8cc | |||
| 6cf5b05493 | |||
| f8a95f7ca1 | |||
| e94d2da45e | |||
| 8d440a2a52 | |||
| 616ad5252d | |||
| 8d9c39789b | |||
| bbb9470661 | |||
| f11bbd3b70 | |||
| 239b2d7bee | |||
| 2040826791 | |||
| 83b7153b40 | |||
| 53b075a760 | |||
| b8ce324a66 | |||
| 99dc2b1abf | |||
| 96bca84ca4 | |||
| b7d372d8e3 | |||
| 867034e3ba | |||
| 3c800f5880 | |||
| 11864d22b4 | |||
| 1ff4e28748 | |||
| d590d0ccee | |||
| 94b3b98196 | |||
| 1d76eb6ef7 | |||
| 631fa3b4f3 | |||
| 6f45325d6e | |||
| e700196c17 | |||
| 53ecd8e0c0 | |||
| 97d7df1ef4 | |||
| 376d990101 | |||
| 4c2f65d7d0 | |||
| 92d8cbb26c | |||
| 7080370042 | |||
| a9ae2a8710 | |||
| 94266e1360 | |||
| f6e79f59be | |||
| 27ed5ec8b9 | |||
| f9f420b107 | |||
| 1c2f4f0428 | |||
| 42a5b75c5a | |||
| 6ac97a708c | |||
| d022527b71 | |||
| 3ad9a439d5 | |||
| ef2c12e560 | |||
| 6912ac253a | |||
| a3501dfd95 | |||
| 09a95ed70a | |||
| d0de685c7a | |||
| 72713d0b73 | |||
| b681e50ff2 | |||
| bb8af02978 | |||
| bca732693b | |||
| 0dccafcd23 | |||
| b25feca14c | |||
| 0aaddfaf29 | |||
| 3d82d5e452 | |||
| 612820cb9a | |||
| f6f6eeda8e | |||
| 83b9a376a2 | |||
| ca9fbc0d8e | |||
| 1ec694eae7 | |||
| b9a00ea0ee | |||
| 0cc661a2cf | |||
| d6cabcde78 | |||
| 4c9686df0c | |||
| ce4e74c1b9 | |||
| 3709183127 | |||
| 9a67b445b1 | |||
| ca035a53a0 | |||
| f031095d9f | |||
| 7ed7e14dee | |||
| 4af02cb083 | |||
| ce3c44b0f7 | |||
| c086f6c931 | |||
| ca468cb988 | |||
| 3d04ff4037 | |||
| 7279ff37f3 | |||
| d0b984528a | |||
| e448d1acb1 | |||
| f09b1404eb | |||
| db38d0b104 | |||
| 3b7497b063 | |||
| d1bee8b593 | |||
| 99230a30ad | |||
| 623010396c | |||
| 098173e1df | |||
| 67b9c423fe | |||
| b040f047fd | |||
| 8c4efbb8ce | |||
| 9923513271 | |||
| 60a422b284 | |||
| 3c890a55d8 | |||
| 37ccc0a3d4 | |||
| a7cbfedc85 | |||
| 2d771a97b7 | |||
| 6ca79a36b0 | |||
| 388dcee3e4 | |||
| 8563319b8b | |||
| 9fe450e216 | |||
| 28cd038c35 | |||
| 8dc959ea1f | |||
| f54464bcf6 | |||
| 05651a338e | |||
| 908e2cbcc7 | |||
| b9eec1ea49 | |||
| 566b357f99 | |||
| dc1dccd9e2 | |||
| 8dc4ca297c | |||
| 605a338216 | |||
| 6d09b4ce4d | |||
| 147c37789a | |||
| ffa34c5afd | |||
| da37da30e1 | |||
| b4f6b853f8 | |||
| cc1f6c10be | |||
| 08e09354b2 | |||
| 0b6b9fe090 | |||
| 83b546beef | |||
| b4071939e0 | |||
| 0a4424ef00 | |||
| 18a654d13b | |||
| b8650378c1 | |||
| 9a9a9c0414 | |||
| 523392dc0b | |||
| ed1dd1bb99 | |||
| 6987e6f12a | |||
| 9c79c77de4 | |||
| 7f5a4e15c6 | |||
| 6bc43fea06 | |||
| cc4b37f65c | |||
| dfb6416a5b | |||
| bfa8ef3e75 | |||
| b58df6280d | |||
| 641d73ab83 | |||
| a77eb6b49d | |||
| c919701466 | |||
| c81bf3e06f | |||
| 586181bf71 | |||
| 55d581d041 | |||
| f429f3e38d | |||
| 7b05484494 | |||
| 5714adb090 | |||
| ac7693ef7b | |||
| 5cbc86b7d9 | |||
| b44a6c316d | |||
| f5461ff01e | |||
| b77cef01a9 | |||
| 3a48f0954c | |||
| fd970ab62c | |||
| e663c696c2 | |||
| 65d0682647 | |||
| 3935d32676 | |||
| c57e8983ff | |||
| a840bc8c99 | |||
| 20dfe6ba98 | |||
| 60c167838f | |||
| d6ee05ef93 | |||
| 34ed03d978 | |||
| 82ab505d1a | |||
| 8418f76979 | |||
| 15989f16f7 | |||
| 9ac8c65e37 | |||
| 462794685f | |||
| 8c4d98edc1 | |||
| 6c6a220b2e | |||
| 50452e30fc | |||
| 713d777c61 | |||
| 5a00c2a03e | |||
| 0f7f0ea467 | |||
| 7fd329721a | |||
| 4183905c3a | |||
| b75fe4940b | |||
| cb041d775f | |||
| a428137884 | |||
| ece64e4195 | |||
| 8ed5ead77b | |||
| 1683c26db3 | |||
| 543b693547 | |||
| fabc69e9d8 | |||
| 971c43c0e5 | |||
| 6831c45533 | |||
| 0e400eae56 | |||
| 4d606cc690 | |||
| ee5c48d51c | |||
| 6ffc0f820a | |||
| afbf2094a8 | |||
| 2e782e3d7d | |||
| e1e619074c | |||
| a99bec34a9 | |||
| 963bfaf521 | |||
| 43b10b311a | |||
| 1cc6fd0d16 | |||
| acba134aae | |||
| add1c18b2e | |||
| d8d8f70b0e | |||
| f0ccf72107 | |||
| d316ba1b87 | |||
| ba1e26e25f | |||
| e15fbb905c | |||
| a0488ccac2 | |||
| b2c58c81ed | |||
| 905596ced5 | |||
| 3dbf1efbc3 | |||
| 08dadcb2b7 | |||
| f171d63b5b | |||
| a34110320f | |||
| 46ae2113b6 | |||
| 6f7ed628e2 | |||
| fd0b22cb55 | |||
| 9aa40bb96d | |||
| 1d4b67c773 | |||
| cda805ff4e | |||
| a30c0a8192 | |||
| 6e3ad7a275 | |||
| 5cb462d767 | |||
| 63a4e65ca1 | |||
| 90de228897 | |||
| 0b695f5a76 | |||
| eb23bbfd98 | |||
| e406b7fe4a | |||
| c214b26ee6 | |||
| 65f536165d | |||
| b8d8d0de00 | |||
| cfc3378a0b | |||
| 39e5c0a1ab | |||
| d16cc1ea89 | |||
| 6a0a7171d2 | |||
| 398c993e67 | |||
| 221856ccc2 | |||
| 9cf3af04f7 | |||
| 03047a3980 | |||
| ecc11d5542 | |||
| 03118ffb9b | |||
| dcedc12f36 | |||
| 9adfc136b6 | |||
| ea63711c2c | |||
| 69525890db | |||
| 0b13ea5676 | |||
| ce579ac6d2 | |||
| cd1089e6f0 | |||
| 311f4baa27 | |||
| 7b50ff67f9 | |||
| a8aa7028f4 | |||
| 722941eae1 | |||
| 0743a7236d | |||
| 85463e754d | |||
| 5e438aa46c | |||
| 1f4488f963 | |||
| 225b096838 | |||
| 8e568ef697 | |||
| 24cfb1c158 | |||
| cbb2911b7f | |||
| a9f2f60c68 | |||
| 1bcf56c8b2 | |||
| 77bfba3017 | |||
| 7eed43550c | |||
| 0fd1ed4517 | |||
| 7503c8a029 | |||
| be972d7db3 | |||
| fb6cb07a60 | |||
| 5bcc89ffe7 | |||
| e47ee90033 | |||
| f16a859ff8 | |||
| ae5f08b1cb | |||
| 5d2ca8b240 | |||
| 90ef765c2e | |||
| ca875647b9 | |||
| e39a941413 | |||
| 87b5ce3036 | |||
| af045a0733 | |||
| 488184394e | |||
| 71392cdc8f | |||
| 4aafb131ca | |||
| 6c2e7c124f | |||
| 24e742d202 | |||
| 326074388c | |||
| 9afe59af3e | |||
| 7ecdf9b71f | |||
| 0325483ee4 | |||
| b370e1502e | |||
| 07c2610170 | |||
| c2ebdc4b5d | |||
| 449f17385a | |||
| e163c5fe9c | |||
| f55e00dc4e | |||
| e0edb7db17 | |||
| 690f7aee2e | |||
| 8d527f156d | |||
| 15f43716c1 | |||
| b2120265fd | |||
| fb3b2ddbff | |||
| 0f09d5378a | |||
| f9de15fdcf | |||
| 1bdb92706e | |||
| 6a051e1544 | |||
| 6a73df0b18 | |||
| 8609e24880 | |||
| 4bb174fa8c | |||
| a8856cbfbd | |||
| afbacaaba4 | |||
| 16285e6768 | |||
| 93acdeb8ff | |||
| 3ada732dc0 | |||
| e942010304 | |||
| 4e796db54f | |||
| 5e8dbee79a | |||
| 600347a7e8 | |||
| 84b79dd20d | |||
| 4750ec187b | |||
| c8933a922b | |||
| 6487e675b2 | |||
| 30d15b861f | |||
| d059ef6780 | |||
| d254707b96 | |||
| f0a3e8b09e | |||
| 3d67951f15 | |||
| e3f303fdb5 | |||
| 756b6812a6 | |||
| 9873619e22 | |||
| 79bf2081fe | |||
| 0d93a36930 | |||
| c187b2be78 | |||
| 5e20c4359f | |||
| 8a78a8d68c | |||
| 0fa9083026 | |||
| 591830e43b | |||
| 24178ad677 | |||
| 8451bed8b0 | |||
| e89f3546f2 | |||
| 1de90a599c | |||
| b48129fcbb | |||
| 8c50e06102 | |||
| 7c47e0fde3 | |||
| 8e167d28af | |||
| 0ee095abd8 | |||
| 164b557066 | |||
| b0e078d9c8 | |||
| e637799f9b | |||
| effd479bff | |||
| 4903ce068e | |||
| 37dc61340b | |||
| 9db6abfa42 | |||
| 3bc4996775 | |||
| 8fee8c57ae | |||
| 4e3fe42600 | |||
| d6e9891ad7 | |||
| be1f391d2a | |||
| 5cd76a407a | |||
| efd7efa9f1 | |||
| 446e664caa | |||
| 45c6603cc8 | |||
| 9c72ed9062 |
@@ -17,7 +17,6 @@ Makefile.in
|
||||
/ABOUT-NLS
|
||||
/aclocal.m4
|
||||
/autom4te.cache
|
||||
/compile
|
||||
/config.guess
|
||||
/config.h
|
||||
/config.h.in
|
||||
|
||||
@@ -1,207 +1,6 @@
|
||||
$Id$
|
||||
|
||||
shadow-4.1.5.1 -> shadow-4.2 UNRELEASED
|
||||
|
||||
*** general
|
||||
* Handle libc whose crypt() returns NULL when passed a salt that
|
||||
violates specs or system requirements (e.g. FIPS140). This is needed
|
||||
with glibc/eglibc 2.17 for tools checking passwords (passwd (non PAM
|
||||
enabled) or newgrp), and for tools generating encrypted passwords
|
||||
(chgpasswd, chpasswd, or gpasswd when non PAM enabled or when a fixed
|
||||
crypt method is requested on the command line, and newusers, or passwd
|
||||
in their non PAM enabled versions)
|
||||
* Fix segfault when reading groups split on multiple lines. This impacts
|
||||
most user/group management tools when MAX_MEMBERS_PER_GROUP is set.
|
||||
|
||||
- su
|
||||
* When su receives a signal (SIGTERM, or SIGINT/SIGQUIT in non
|
||||
interactive mode), kill the child process group, rather than just the
|
||||
immediate child.
|
||||
* Fix segmentation faults for users without a proper home or shell in
|
||||
their passwd entries.
|
||||
|
||||
- login
|
||||
* Fix segmentation faults for users without a proper home or shell in
|
||||
their passwd entries.
|
||||
|
||||
*** documentation
|
||||
* Fixed useradd man page (--home-dir option, instead of --home).
|
||||
|
||||
*** translation
|
||||
* Updated Russian translation.
|
||||
* Updated German man pages translation.
|
||||
* Fixed gshadow Japanese man page translation.
|
||||
|
||||
shadow-4.1.5 -> shadow-4.1.5.1 2012-05-25
|
||||
|
||||
- login
|
||||
* Log into utmp(x) when PAM is enabled, but do not log into wtmp.
|
||||
This complete pam_lastlog which logs into wtmp and in into utmp(x).
|
||||
- su
|
||||
* non PAM enabled versions: do not fail if su is called without a
|
||||
controlling terminal.
|
||||
- userdel
|
||||
* Fix segfault when userdel removes the user's group.
|
||||
|
||||
*** documentation
|
||||
* .so links now point to paths relative to the top-level manual hierarchy
|
||||
|
||||
*** translation
|
||||
* Updated French man pages translation.
|
||||
* Updated German man pages translation.
|
||||
* Updated Polish man pages translation. (logoutd.8)
|
||||
|
||||
shadow-4.1.4.3 -> shadow-4.1.5 2012-02-12
|
||||
|
||||
*** security
|
||||
* su -c could be abused by the executed command to invoke commands with
|
||||
the caller privileges. See below. (CVE-2005-4890)
|
||||
|
||||
*** general
|
||||
* report usage error to stderr, but report usage help to stdout (and return
|
||||
zero) when explicitly requested (e.g. with --help).
|
||||
* initial support for tcb (http://openwall.com/tcb/) for useradd,
|
||||
userdel, usermod, chage, pwck, vipw.
|
||||
* Added support for ACLs and Extended Attributes in useradd and usermod.
|
||||
Support shall be enabled with the new --with-acl or --with-attr
|
||||
configure options.
|
||||
* Added diagnosis for lock failures.
|
||||
* use libsemanage instead of the semanage tool.
|
||||
|
||||
- chage
|
||||
* Add --root option.
|
||||
- chfn
|
||||
* Add --root option.
|
||||
- chgpasswd
|
||||
* When the gshadow file exists but there are no gshadow entries, an entry
|
||||
is created if the password is changed and group requires a
|
||||
shadow entry.
|
||||
* Add --root option.
|
||||
- chpasswd
|
||||
* PAM enabled versions: restore the -e option to allow restoring
|
||||
passwords without knowing those passwords. Restore together the -m
|
||||
and -c options. (These options were removed in shadow-4.1.4 on PAM
|
||||
enabled versions)
|
||||
* When the shadow file exists but there are no shadow entries, an entry
|
||||
is created if the password is changed and passwd requires a
|
||||
shadow entry.
|
||||
* Add --root option.
|
||||
- chsh
|
||||
* Add --root option.
|
||||
- faillog
|
||||
* The -l, -m, -r, -t options only act on the existing users, unless -a is
|
||||
specified.
|
||||
* Add --root option.
|
||||
- gpasswd
|
||||
* Add --root option.
|
||||
- groupadd
|
||||
* Add --root option.
|
||||
- groupdel
|
||||
* Add --root option.
|
||||
- groupmems
|
||||
* Fix parsing of gshadow entries.
|
||||
* Add --root option.
|
||||
- groupmod
|
||||
* Fixed groupmod when configured with --enable-account-tools-setuid.
|
||||
* When the gshadow file exists but there are no gshadow entries, an entry
|
||||
is created if the password is changed and group requires a
|
||||
shadow entry.
|
||||
* Add --root option.
|
||||
- grpck
|
||||
* Add --root option.
|
||||
* NIS entries were dropped by -s (sort).
|
||||
- grpconv
|
||||
* Add --root option.
|
||||
- grpunconv
|
||||
* Add --root option.
|
||||
- lastlog
|
||||
* Add --root option.
|
||||
- login
|
||||
* Fixed limits support (non PAM enabled versions only)
|
||||
* Added support for infinite limits and group based limits (non PAM
|
||||
enabled versions only)
|
||||
* Fixed infinite loop when CONSOLE is configured with a colon-separated
|
||||
list of TTYs.
|
||||
* Fixed warning and support for CONSOLE_GROUPS for users member of more
|
||||
than 16 groups.
|
||||
* Do not log into utmp(x) or wtmp when PAM is enabled. This is done by
|
||||
pam_lastlog.
|
||||
- newgrp, sg
|
||||
* Fix parsing of gshadow entries.
|
||||
- newusers
|
||||
* Add --root option.
|
||||
- passwd
|
||||
* Add --root option.
|
||||
- pwpck
|
||||
* NIS entries were dropped by -s (sort).
|
||||
* Add --root option.
|
||||
- pwconv
|
||||
* Add --root option.
|
||||
- pwunconv
|
||||
* Add --root option.
|
||||
- useradd
|
||||
* If the skeleton directory contained hardlinked files, copies of the
|
||||
hardlink were removed from the skeleton directory.
|
||||
* Add --root option.
|
||||
- userdel
|
||||
* Check the existence of the user's mail spool before trying to remove
|
||||
it. If it does not exist, a warning is issued, but no failure.
|
||||
* Do not remove a group with the same name as the user (usergroup) if
|
||||
this group isn't the user's primary group.
|
||||
* Add --root option.
|
||||
* Add --selinux-user option.
|
||||
- usermod
|
||||
* Accept options in any order (username not necessarily at the end)
|
||||
* When the shadow file exists but there are no shadow entries, an entry
|
||||
is created if the password is changed and passwd requires a
|
||||
shadow entry, or if aging features are used (-e or -f).
|
||||
* Add --root option.
|
||||
- su
|
||||
* Document the su exit values.
|
||||
* When su receives a signal, wait for the child to terminate (after
|
||||
sending a SIGTERM), and kill it only if it did not terminate by itself.
|
||||
No delay will be enforced if the child cooperates.
|
||||
* Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin
|
||||
* Fixed infinite loop when CONSOLE is configured with a colon-separated
|
||||
list of TTYs.
|
||||
* Fixed warning and support for CONSOLE_GROUPS for users member of more
|
||||
than 16 groups.
|
||||
* Do not forward the controlling terminal to commands executed with -c.
|
||||
This prevents tty hijacking which could lead to execution with the
|
||||
caller's privileges.
|
||||
* Close PAM sessions as root. This will be more friendly to PAM modules
|
||||
like pam_mount or pam_systemd.
|
||||
* Added support for PAM modules which change PAM_USER.
|
||||
|
||||
*** translation
|
||||
* Updated Brazilian Portuguese translation.
|
||||
* Updated Catalan translation.
|
||||
* Updated Czech translation.
|
||||
* Updated Danish translation.
|
||||
* New Danish man pages translation.
|
||||
* Updated French translation.
|
||||
* Updated French man pages translation.
|
||||
* Updated German translation.
|
||||
* Updated German man pages translation.
|
||||
* Updated Greek translation.
|
||||
* Updated Italian man pages translation.
|
||||
* Updated Japanese translation.
|
||||
* Updated Kazakh translation.
|
||||
* Updated Norwegian Bokmål translation.
|
||||
* Updated Portuguese translation.
|
||||
* Updated Russian translation.
|
||||
* Updated Simplified Chinese translation.
|
||||
* Updated Simplified Chinese man pages translation.
|
||||
* Updated Swedish translation.
|
||||
* Updated Vietnamese translation.
|
||||
|
||||
shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15
|
||||
|
||||
*** security
|
||||
- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
|
||||
to create users or groups in a NIS environment.
|
||||
|
||||
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
|
||||
shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
|
||||
|
||||
- general
|
||||
* Improved support for large groups (impacts most user/group management
|
||||
@@ -511,7 +310,7 @@ shadow-4.1.0 -> shadow-4.1.1 02-04-2008
|
||||
faillog faster.
|
||||
- gpasswd
|
||||
* Fix failures when the gshadow file is not present.
|
||||
* When a password is moved to the gshadow file, use "x" instead of "!"
|
||||
* When a password is moved to the gshadow file, use "x" instead of "x"
|
||||
to indicate that the password is shadowed (consistency with grpconv).
|
||||
* Make sure the group and gshadow files are unlocked on exit.
|
||||
- groupadd
|
||||
|
||||
@@ -37,7 +37,7 @@ S/Key support:
|
||||
Authors and contributors
|
||||
========================
|
||||
|
||||
Thanks to at least the following people for sending patches, bug
|
||||
Thanks to at least the following people for sending me patches, bug
|
||||
reports and various comments. This list may be incomplete, I received
|
||||
a lot of mail...
|
||||
|
||||
@@ -69,7 +69,6 @@ Greg Mortensen <loki@world.std.com>
|
||||
Guido van Rooij
|
||||
Guy Maor <maor@debian.org>
|
||||
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
|
||||
Jakub Hrozek <jhrozek@redhat.com>
|
||||
Janos Farkas <chexum@bankinf.banki.hu>
|
||||
Jay Soffian <jay@lw.net>
|
||||
Jesse Thilo <Jesse.Thilo@pobox.com>
|
||||
@@ -81,7 +80,6 @@ Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
|
||||
Judd Bourgeois <shagboy@bluesky.net>
|
||||
Juergen Heinzl <unicorn@noris.net>
|
||||
Juha Virtanen <jiivee@iki.fi>
|
||||
Julian Pidancet <julian.pidancet@gmail.com>
|
||||
Julianne Frances Haugh <jockgrrl@ix.netcom.com>
|
||||
Leonard N. Zubkoff <lnz@dandelion.com>
|
||||
Luca Berra <bluca@www.polimi.it>
|
||||
@@ -97,12 +95,10 @@ Mike Pakovic <mpakovic@users.southeast.net>
|
||||
Nicolas François <nicolas.francois@centraliens.net>
|
||||
Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
|
||||
Pavel Machek <pavel@bug.ucw.cz>
|
||||
Peter Vrabec <pvrabec@redhat.com>
|
||||
Phillip Street
|
||||
Rafał Maszkowski <rzm@icm.edu.pl>
|
||||
Rani Chouha <ranibey@smartec.com>
|
||||
Sami Kerola <kerolasa@rocketmail.com>
|
||||
Scott Garman <scott.a.garman@intel.com>
|
||||
Sebastian Rick Rijkers <srrijkers@gmail.com>
|
||||
Seraphim Mellos <mellos@ceid.upatras.gr>
|
||||
Shane Watts <shane@nexus.mlckew.edu.au>
|
||||
|
||||
@@ -1,10 +1,3 @@
|
||||
* Create a common usage function that'd take the array of
|
||||
long options and an array of descriptions and output that so things would
|
||||
be standardized across the utils.
|
||||
Usage strings should be normalized and split first.
|
||||
Investigate optparse.
|
||||
|
||||
|
||||
/etc/default/useradd
|
||||
* GROUP=1000 should accept a group name.
|
||||
|
||||
@@ -115,13 +108,7 @@ ALL:
|
||||
entry (with a password).
|
||||
- Add check to move passwd passwords to shadow if there is a shadow
|
||||
file.
|
||||
- Support an alternative /etc/tcb directory as second parameter.
|
||||
- add options -g / -G to specify alternative group / gshadow files
|
||||
|
||||
- su
|
||||
- add a login.defs configuration parameter to add variables to keep in
|
||||
the environment with "su -l" (TERM/TERMCOLOR/...)
|
||||
|
||||
- vipw
|
||||
- set ACLs and XATTRs on the temporary file (and backups?)
|
||||
- vipw + selinux -> use lib/selinux.c
|
||||
the environment with "su -l" (TERM/TERMCOLOR/...
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
#! /bin/sh
|
||||
|
||||
autoreconf -v -f --install || exit 1
|
||||
|
||||
./configure \
|
||||
CFLAGS="-O2 -Wall" \
|
||||
--enable-man \
|
||||
|
||||
+15
-146
@@ -1,6 +1,6 @@
|
||||
dnl Process this file with autoconf to produce a configure script.
|
||||
AC_INIT
|
||||
AM_INIT_AUTOMAKE(shadow, 4.4)
|
||||
AM_INIT_AUTOMAKE(shadow, 4.1.4.2)
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
|
||||
dnl Some hacks...
|
||||
@@ -19,6 +19,7 @@ AC_PROG_CC
|
||||
AC_ISC_POSIX
|
||||
AC_PROG_LN_S
|
||||
AC_PROG_YACC
|
||||
AM_C_PROTOTYPES
|
||||
AM_PROG_LIBTOOL
|
||||
|
||||
dnl Checks for libraries.
|
||||
@@ -32,8 +33,7 @@ AC_HEADER_STDBOOL
|
||||
AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
|
||||
utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
|
||||
utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
|
||||
locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
|
||||
attr/error_context.h)
|
||||
locale.h rpc/key_prot.h netdb.h)
|
||||
|
||||
dnl shadow now uses the libc's shadow implementation
|
||||
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
||||
@@ -41,8 +41,7 @@ AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
||||
AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
|
||||
gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
|
||||
lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
|
||||
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo \
|
||||
ruserok)
|
||||
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo)
|
||||
AC_SYS_LARGEFILE
|
||||
|
||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||
@@ -113,6 +112,7 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
|
||||
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
|
||||
|
||||
AC_CHECK_FUNC(setpgrp)
|
||||
AC_FUNC_SETPGRP
|
||||
|
||||
if test "$ac_cv_header_shadow_h" = "yes"; then
|
||||
AC_CACHE_CHECK(for working shadow group support,
|
||||
@@ -195,10 +195,8 @@ AC_DEFINE_UNQUOTED(PASSWD_PROGRAM, "$shadow_cv_passwd_dir/passwd",
|
||||
|
||||
dnl XXX - quick hack, should disappear before anyone notices :).
|
||||
AC_DEFINE(USE_SYSLOG, 1, [Define to use syslog().])
|
||||
if test "$ac_cv_func_ruserok" = "yes"; then
|
||||
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
|
||||
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
|
||||
fi
|
||||
AC_DEFINE(RLOGIN, 1, [Define if login should support the -r flag for rlogind.])
|
||||
AC_DEFINE(RUSEROK, 0, [Define to the ruserok() "success" return value (0 or 1).])
|
||||
|
||||
AC_ARG_ENABLE(shadowgrp,
|
||||
[AC_HELP_STRING([--enable-shadowgrp], [enable shadow group support @<:@default=yes@:>@])],
|
||||
@@ -240,13 +238,6 @@ AC_ARG_ENABLE(utmpx,
|
||||
[enable_utmpx="no"]
|
||||
)
|
||||
|
||||
AC_ARG_ENABLE(subordinate-ids,
|
||||
[AC_HELP_STRING([--enable-subordinate-ids],
|
||||
[support subordinate ids @<:@default=yes@:>@])],
|
||||
[enable_subids="${enableval}"],
|
||||
[enable_subids="maybe"]
|
||||
)
|
||||
|
||||
AC_ARG_WITH(audit,
|
||||
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
||||
[with_audit=$withval], [with_audit=maybe])
|
||||
@@ -256,20 +247,11 @@ AC_ARG_WITH(libpam,
|
||||
AC_ARG_WITH(selinux,
|
||||
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
||||
[with_selinux=$withval], [with_selinux=maybe])
|
||||
AC_ARG_WITH(acl,
|
||||
[AC_HELP_STRING([--with-acl], [use ACL support @<:@default=yes if found@:>@])],
|
||||
[with_acl=$withval], [with_acl=maybe])
|
||||
AC_ARG_WITH(attr,
|
||||
[AC_HELP_STRING([--with-attr], [use Extended Attribute support @<:@default=yes if found@:>@])],
|
||||
[with_attr=$withval], [with_attr=maybe])
|
||||
AC_ARG_WITH(skey,
|
||||
[AC_HELP_STRING([--with-skey], [use S/Key support @<:@default=no@:>@])],
|
||||
[with_skey=$withval], [with_skey=no])
|
||||
AC_ARG_WITH(tcb,
|
||||
[AC_HELP_STRING([--with-tcb], [use tcb support (incomplete) @<:@default=yes if found@:>@])],
|
||||
[with_tcb=$withval], [with_tcb=maybe])
|
||||
AC_ARG_WITH(libcrack,
|
||||
[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=no@:>@])],
|
||||
[AC_HELP_STRING([--with-libcrack], [use libcrack @<:@default=yes if found and if PAM not enabled@:>@])],
|
||||
[with_libcrack=$withval], [with_libcrack=no])
|
||||
AC_ARG_WITH(sha-crypt,
|
||||
[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
|
||||
@@ -331,81 +313,10 @@ if test "$enable_man" = "yes"; then
|
||||
fi
|
||||
AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test "x$enable_man" != "xno")
|
||||
|
||||
if test "$enable_subids" != "no"; then
|
||||
dnl
|
||||
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
|
||||
dnl
|
||||
AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
|
||||
AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
|
||||
|
||||
if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
|
||||
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
|
||||
enable_subids="yes"
|
||||
else
|
||||
if test "x$enable_subids" = "xyes"; then
|
||||
AC_MSG_ERROR([Cannot enable support the subordinate IDs on systems where gid_t or uid_t has less than 32 bits])
|
||||
fi
|
||||
enable_subids="no"
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL(ENABLE_SUBIDS, test "x$enable_subids" != "xno")
|
||||
|
||||
AC_SUBST(LIBCRYPT)
|
||||
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
||||
[AC_MSG_ERROR([crypt() not found])])
|
||||
|
||||
AC_SUBST(LIBACL)
|
||||
if test "$with_acl" != "no"; then
|
||||
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
|
||||
if test "$acl_header$with_acl" = "noyes" ; then
|
||||
AC_MSG_ERROR([acl/libacl.h or attr/error_context.h is missing])
|
||||
elif test "$acl_header" = "yes" ; then
|
||||
AC_CHECK_LIB(acl, perm_copy_file,
|
||||
[AC_CHECK_LIB(acl, perm_copy_fd,
|
||||
[acl_lib="yes"],
|
||||
[acl_lib="no"])],
|
||||
[acl_lib="no"])
|
||||
if test "$acl_lib$with_acl" = "noyes" ; then
|
||||
AC_MSG_ERROR([libacl not found])
|
||||
elif test "$acl_lib" = "no" ; then
|
||||
with_acl="no"
|
||||
else
|
||||
AC_DEFINE(WITH_ACL, 1,
|
||||
[Build shadow with ACL support])
|
||||
LIBACL="-lacl"
|
||||
with_acl="yes"
|
||||
fi
|
||||
else
|
||||
with_acl="no"
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBATTR)
|
||||
if test "$with_attr" != "no"; then
|
||||
AC_CHECK_HEADERS(attr/libattr.h attr/error_context.h, [attr_header="yes"], [attr_header="no"])
|
||||
if test "$attr_header$with_attr" = "noyes" ; then
|
||||
AC_MSG_ERROR([attr/libattr.h or attr/error_context.h is missing])
|
||||
elif test "$attr_header" = "yes" ; then
|
||||
AC_CHECK_LIB(attr, attr_copy_file,
|
||||
[AC_CHECK_LIB(attr, attr_copy_fd,
|
||||
[attr_lib="yes"],
|
||||
[attr_lib="no"])],
|
||||
[attr_lib="no"])
|
||||
if test "$attr_lib$with_attr" = "noyes" ; then
|
||||
AC_MSG_ERROR([libattr not found])
|
||||
elif test "$attr_lib" = "no" ; then
|
||||
with_attr="no"
|
||||
else
|
||||
AC_DEFINE(WITH_ATTR, 1,
|
||||
[Build shadow with Extended Attributes support])
|
||||
LIBATTR="-lattr"
|
||||
with_attr="yes"
|
||||
fi
|
||||
else
|
||||
with_attr="no"
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBAUDIT)
|
||||
if test "$with_audit" != "no"; then
|
||||
AC_CHECK_HEADER(libaudit.h, [audit_header="yes"], [audit_header="no"])
|
||||
@@ -450,65 +361,28 @@ if test "$with_libcrack" = "yes"; then
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBSELINUX)
|
||||
AC_SUBST(LIBSEMANAGE)
|
||||
if test "$with_selinux" != "no"; then
|
||||
AC_CHECK_HEADERS(selinux/selinux.h, [selinux_header="yes"], [selinux_header="no"])
|
||||
if test "$selinux_header$with_selinux" = "noyes" ; then
|
||||
AC_MSG_ERROR([selinux/selinux.h is missing])
|
||||
fi
|
||||
|
||||
AC_CHECK_HEADERS(semanage/semanage.h, [semanage_header="yes"], [semanage_header="no"])
|
||||
if test "$semanage_header$with_selinux" = "noyes" ; then
|
||||
AC_MSG_ERROR([semanage/semanage.h is missing])
|
||||
fi
|
||||
|
||||
if test "$selinux_header$semanage_header" = "yesyes" ; then
|
||||
AC_CHECK_LIB(selinux, is_selinux_enabled, [selinux_lib="yes"], [selinux_lib="no"])
|
||||
elif test "$selinux_header" = "yes" ; then
|
||||
AC_CHECK_LIB(selinux, is_selinux_enabled,
|
||||
[selinux_lib="yes"], [selinux_lib="no"])
|
||||
if test "$selinux_lib$with_selinux" = "noyes" ; then
|
||||
AC_MSG_ERROR([libselinux not found])
|
||||
fi
|
||||
|
||||
AC_CHECK_LIB(semanage, semanage_connect, [semanage_lib="yes"], [semanage_lib="no"])
|
||||
if test "$semanage_lib$with_selinux" = "noyes" ; then
|
||||
AC_MSG_ERROR([libsemanage not found])
|
||||
fi
|
||||
|
||||
if test "$selinux_lib$semanage_lib" == "yesyes" ; then
|
||||
elif test "$selinux_lib" = "no" ; then
|
||||
with_selinux="no"
|
||||
else
|
||||
AC_DEFINE(WITH_SELINUX, 1,
|
||||
[Build shadow with SELinux support])
|
||||
LIBSELINUX="-lselinux"
|
||||
LIBSEMANAGE="-lsemanage"
|
||||
with_selinux="yes"
|
||||
else
|
||||
with_selinux="no"
|
||||
fi
|
||||
else
|
||||
with_selinux="no"
|
||||
fi
|
||||
fi
|
||||
|
||||
AC_SUBST(LIBTCB)
|
||||
if test "$with_tcb" != "no"; then
|
||||
AC_CHECK_HEADERS(tcb.h, [tcb_header="yes"], [tcb_header="no"])
|
||||
if test "$tcb_header$with_tcb" = "noyes" ; then
|
||||
AC_MSG_ERROR([tcb.h is missing])
|
||||
elif test "$tcb_header" = "yes" ; then
|
||||
AC_CHECK_LIB(tcb, tcb_is_suspect, [tcb_lib="yes"], [tcb_lib="no"])
|
||||
if test "$tcb_lib$with_tcb" = "noyes" ; then
|
||||
AC_MSG_ERROR([libtcb not found])
|
||||
elif test "$tcb_lib" = "no" ; then
|
||||
with_tcb="no"
|
||||
else
|
||||
AC_DEFINE(WITH_TCB, 1, [Build shadow with tcb support (incomplete)])
|
||||
LIBTCB="-ltcb"
|
||||
with_tcb="yes"
|
||||
fi
|
||||
else
|
||||
with_tcb="no"
|
||||
fi
|
||||
fi
|
||||
AM_CONDITIONAL(WITH_TCB, test x$with_tcb = xyes)
|
||||
|
||||
AC_SUBST(LIBPAM)
|
||||
if test "$with_libpam" != "no"; then
|
||||
AC_CHECK_LIB(pam, pam_start,
|
||||
@@ -629,9 +503,8 @@ AC_CONFIG_FILES([
|
||||
doc/Makefile
|
||||
man/Makefile
|
||||
man/config.xml
|
||||
man/po/Makefile
|
||||
man/po/Makefile.in
|
||||
man/cs/Makefile
|
||||
man/da/Makefile
|
||||
man/de/Makefile
|
||||
man/es/Makefile
|
||||
man/fi/Makefile
|
||||
@@ -668,12 +541,8 @@ if test "$with_libpam" = "yes"; then
|
||||
echo " suid account management tools: $enable_acct_tools_setuid"
|
||||
fi
|
||||
echo " SELinux support: $with_selinux"
|
||||
echo " ACL support: $with_acl"
|
||||
echo " Extended Attributes support: $with_attr"
|
||||
echo " tcb support (incomplete): $with_tcb"
|
||||
echo " shadow group support: $enable_shadowgrp"
|
||||
echo " S/Key support: $with_skey"
|
||||
echo " SHA passwords encryption: $with_sha_crypt"
|
||||
echo " nscd support: $with_nscd"
|
||||
echo " subordinate IDs support: $enable_subids"
|
||||
echo
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
PKG=shadow
|
||||
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
|
||||
|
||||
deb:: check_cheese
|
||||
|
||||
include /usr/share/quilt/quilt.debbuild.mk
|
||||
|
||||
check_cheese:
|
||||
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
|
||||
echo ""; \
|
||||
echo " ** **"; \
|
||||
echo " ** Warning: not a cheesy release! **"; \
|
||||
echo " ** **"; \
|
||||
echo ""; \
|
||||
exit 1; \
|
||||
}
|
||||
Vendored
-36
@@ -1,36 +0,0 @@
|
||||
shadow (1:4.0.15-5) unstable; urgency=low
|
||||
|
||||
* commands passed in argument to su must use su's -c option and must quote
|
||||
the command if it contains a space, as in:
|
||||
su - root -c "ls -l /"
|
||||
The following commands won't work anymore:
|
||||
su - root -c ls -l /
|
||||
su - root "ls -l /"
|
||||
su - root ls -l /
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
|
||||
|
||||
shadow (1:4.0.14-1) unstable; urgency=low
|
||||
|
||||
* passwd does not support the -f, -s, and -g options anymore. You should use
|
||||
the chfn, chsh and gpasswd utilities instead.
|
||||
* login now distributes the nologin utility, which can be used as a shell
|
||||
to politely refuse a login
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
|
||||
|
||||
shadow (1:4.0.12-1) unstable; urgency=low
|
||||
|
||||
CLOSE_SESSIONS and other variables are not used anymore in
|
||||
/etc/login/defs.
|
||||
As shadow utilities which use this file now warn about unknown
|
||||
entries there, administrators should remove such unknown entries.
|
||||
The supplied login.defs file does not include them anymore.
|
||||
|
||||
dpasswd is no more distributed by upstream. Login do not support
|
||||
dialup password anymore. Re-introducing this functionality in
|
||||
upstream is not trivial.
|
||||
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
|
||||
|
||||
Vendored
-62
@@ -1,62 +0,0 @@
|
||||
Read this file first for a brief overview of the new versions of login
|
||||
and passwd.
|
||||
|
||||
|
||||
---Shadow passwords
|
||||
|
||||
The command `shadowconfig on' will turn on shadow password support.
|
||||
`shadowconfig off' will turn it back off. If you turn on shadow
|
||||
password support, you'll gain the ability to set password ages and
|
||||
expirations with chage(1).
|
||||
|
||||
NOTE: If you use the nscd package, you may have problems with a
|
||||
slight delay in updating the password information. You may notice
|
||||
this during upgrades of certain packages that try to add a system
|
||||
user and then access the users information immediately afterwards.
|
||||
To avoid this, it is suggested that you stop the nscd daemon before
|
||||
upgrades, then restart it again.
|
||||
|
||||
---General configuration
|
||||
|
||||
Most of the configuration for the shadow utilities is in
|
||||
/etc/login.defs. See login.defs(5). The defaults are quite
|
||||
reasonable.
|
||||
|
||||
Also see the /etc/pam.d/* files for each program to configure the PAM
|
||||
support. PAM documentation is available in several formats in the
|
||||
libpam-doc package.
|
||||
|
||||
|
||||
---MD5 Encryption
|
||||
|
||||
This is enabled now using the /etc/pam.d/* files. Examples are given.
|
||||
|
||||
|
||||
---Adding users and groups
|
||||
|
||||
Though you may add users and groups with the SysV type commands,
|
||||
useradd and groupadd, I recommend you add them with Debian adduser
|
||||
version 3+. adduser gives you more configuration and conforms to the
|
||||
Debian UID and GID allocation.
|
||||
|
||||
Editing user and group parameters can be done with usermod and
|
||||
groupmod. Removing users and groups can be done with userdel and
|
||||
groupdel.
|
||||
|
||||
|
||||
--- Group administration
|
||||
|
||||
Local group allocation is much easier. With gpasswd(1) you can
|
||||
designate users to administer groups. They can then securely add or
|
||||
remove users from the group.
|
||||
|
||||
|
||||
--- What to read next?
|
||||
|
||||
Read the manpages, the other files in this directory, and the Shadow
|
||||
Password HOWTO (included in the doc-linux package). A large portion
|
||||
of these files deals with getting shadow installed. You can, of
|
||||
course, ignore those parts.
|
||||
|
||||
Also, the libpam-doc package will go a long way to allowing you to take
|
||||
full advantage of the PAM authentication scheme.
|
||||
Vendored
-17
@@ -1,17 +0,0 @@
|
||||
This package uses quilt to patch the upstream source.
|
||||
|
||||
You can find some info on how to generate the patched source, add a new
|
||||
modification, and remove an existing modification on:
|
||||
/usr/share/doc/quilt/README.source
|
||||
|
||||
================================================================================
|
||||
|
||||
To package a new upstream release, you can use the Makefile:
|
||||
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
|
||||
|
||||
================================================================================
|
||||
|
||||
A testsuite is also available. Instruction on how to run this testsuite
|
||||
are available on:
|
||||
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
|
||||
|
||||
Vendored
-19
@@ -1,19 +0,0 @@
|
||||
Things that should be done:
|
||||
* Verify the files left in debian/tmp
|
||||
+ e.g. /etc/default/adduser should be installed
|
||||
* Check the build system: rebuilding the package twoce in the same tree
|
||||
doubles the size of the diff.gz file
|
||||
|
||||
Other points (not related to the release of a syncronized shadow):
|
||||
* compare the source with the usages and man pages
|
||||
+ probably add a sentence to chsh/chfn's manpages about authentication
|
||||
required for ordinary users
|
||||
* do something (a tool) for the variables in login.defs
|
||||
In Debian, some tools are not compiled with the PAM support, so upstream
|
||||
getdef.c won't be OK.
|
||||
It should be nice to see in each man page the set of variables used.
|
||||
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
|
||||
with the debugging informations. This may be used to extract the set of
|
||||
variables used in Debian/for each tools.
|
||||
* verify all the patches around (I've found patches for at least RedHat,
|
||||
OWL, LFS, Mandriva, Gentoo; are they already applied?)
|
||||
Vendored
-25
@@ -1,25 +0,0 @@
|
||||
This described the usertags used by the team.
|
||||
|
||||
For usertags documentation, see
|
||||
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
|
||||
|
||||
All bugs tagged by team members must be tagged with
|
||||
"user pkg-shadow-devel@lists.alioth.debian.org"
|
||||
|
||||
Tags list
|
||||
---------
|
||||
|
||||
toclose: This bug has been announced to be closed in case no more news
|
||||
or information is received from the bug submitter or someone
|
||||
else until the delay specified in the limits_YYYYMMDD tag
|
||||
|
||||
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
|
||||
bugs can be closed without other action in case no news
|
||||
is received
|
||||
|
||||
manpages-replace A bug reported angainst a manpages-xx package to indicate
|
||||
conflicting man pages. This tag can be used to tune the
|
||||
Replaces fields.
|
||||
|
||||
su-transition: This bug is related to the su transition (#276419)
|
||||
|
||||
Vendored
-3828
File diff suppressed because it is too large
Load Diff
Vendored
-1
@@ -1 +0,0 @@
|
||||
10
|
||||
Vendored
-77
@@ -1,77 +0,0 @@
|
||||
Source: shadow
|
||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Uploaders: Christian Perrier <bubulle@debian.org>,
|
||||
Balint Reczey <balint@balintreczey.hu>,
|
||||
Serge Hallyn <serge@hallyn.com>
|
||||
Section: admin
|
||||
Priority: required
|
||||
Build-Depends: dh-autoreconf,
|
||||
gettext,
|
||||
libpam0g-dev,
|
||||
debhelper (>= 10~),
|
||||
quilt,
|
||||
xsltproc,
|
||||
docbook-xsl,
|
||||
docbook-xml,
|
||||
libxml2-utils,
|
||||
cdbs,
|
||||
libselinux1-dev [linux-any],
|
||||
libsemanage1-dev [linux-any],
|
||||
gnome-doc-utils,
|
||||
bison,
|
||||
libaudit-dev [linux-any]
|
||||
Standards-Version: 3.9.5
|
||||
Vcs-Browser: https://anonscm.debian.org/git/pkg-shadow/shadow.git
|
||||
Vcs-Git: https://anonscm.debian.org/git/pkg-shadow/shadow.git
|
||||
Homepage: https://github.com/shadow-maint/shadow
|
||||
|
||||
Package: passwd
|
||||
Architecture: any
|
||||
Multi-Arch: foreign
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-modules
|
||||
Replaces: manpages-tr (<< 1.0.5),
|
||||
manpages-zh (<< 1.5.1-1)
|
||||
Description: change and administer password and group data
|
||||
This package includes passwd, chsh, chfn, and many other programs to
|
||||
maintain password and group data.
|
||||
.
|
||||
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
|
||||
|
||||
Package: login
|
||||
Architecture: any
|
||||
Essential: yes
|
||||
Pre-Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-runtime,
|
||||
libpam-modules (>= 1.1.8-1)
|
||||
Breaks: coreutils (<< 8.21~) [hurd-any],
|
||||
passwd (<< 1:4.1.5.1-2~) [hurd-any],
|
||||
hurd (<< 20140206~) [hurd-any]
|
||||
Conflicts: gnunet (<< 0.7.0c-2),
|
||||
amavisd-new (<< 2.3.3-8),
|
||||
python-4suite (<< 0.99cvs20060405-1),
|
||||
backupninja (<< 0.9.3-5),
|
||||
echolot (<< 2.1.8-4)
|
||||
Replaces: manpages-de (<< 0.5-3),
|
||||
manpages-tr (<< 1.0.5),
|
||||
manpages-zh (<< 1.5.1-1),
|
||||
passwd (<< 1:4.1.5.1-2~) [hurd-any],
|
||||
coreutils (<< 8.21~) [hurd-any],
|
||||
hurd (<< 20140206~) [hurd-any]
|
||||
Description: system login tools
|
||||
These tools are required to be able to login and use your system. The
|
||||
login program invokes your user shell and enables command execution. The
|
||||
newgrp program is used to change your effective group ID (useful for
|
||||
workgroup type situations). The su program allows changing your effective
|
||||
user ID (useful being able to execute commands as another user).
|
||||
|
||||
Package: uidmap
|
||||
Architecture: any
|
||||
Priority: optional
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends}
|
||||
Description: programs to help use subuids
|
||||
These programs help unprivileged users to create uid and gid mappings in
|
||||
user namespaces.
|
||||
Vendored
-103
@@ -1,103 +0,0 @@
|
||||
This is Debian GNU/Linux's prepackaged version of the shadow utilities.
|
||||
|
||||
It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
|
||||
As of May 2007, this site is no longer available.
|
||||
|
||||
Copyright:
|
||||
|
||||
Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
This source code is currently archived on ftp.uu.net in the
|
||||
comp.sources.misc portion of the USENET archives. You may also contact
|
||||
the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
|
||||
any questions regarding this package.
|
||||
|
||||
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
|
||||
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
|
||||
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
|
||||
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
|
||||
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
|
||||
LOSS OF INFORMATION OR MACHINE RESOURCES.
|
||||
|
||||
Special thanks are due to Chip Rosenthal for his fine testing efforts;
|
||||
to Steve Simmons for his work in porting this code to BSD; and to Bill
|
||||
Kennedy for his contributions of LaserJet printer time and energies.
|
||||
Also, thanks for Dennis L. Mumaugh for the initial shadow password
|
||||
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
|
||||
V Release 4 changes. Effort in porting to SunOS has been contributed
|
||||
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
|
||||
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
|
||||
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
|
||||
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
|
||||
for taking over the Linux port of this software.
|
||||
|
||||
Source files: login_access.c, login_desrpc.c, login_krb.c are derived
|
||||
from the logdaemon-5.0 package, which is under the following license:
|
||||
|
||||
/************************************************************************
|
||||
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
|
||||
* may be covered by other copyrights (as noted in the file itself.)
|
||||
*
|
||||
* This material was originally written and compiled by Wietse Venema at
|
||||
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
|
||||
* 1992, 1993, 1994 and 1995.
|
||||
*
|
||||
* Redistribution and use in source and binary forms are permitted
|
||||
* provided that this entire copyright notice is duplicated in all such
|
||||
* copies.
|
||||
*
|
||||
* This software is provided "as is" and without any expressed or implied
|
||||
* warranties, including, without limitation, the implied warranties of
|
||||
* merchantibility and fitness for any particular purpose.
|
||||
************************************************************************/
|
||||
|
||||
Some parts substantially in src/su.c derived from an ancestor of
|
||||
su for GNU. Run a shell with substitute user and group IDs.
|
||||
Copyright (C) 1992-2003 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
On Debian GNU/Linux systems, the complete text of the GNU General Public
|
||||
License can be found in '/usr/share/common-licenses/GPL-2'
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
.so man8/cppw.8
|
||||
Vendored
-27
@@ -1,27 +0,0 @@
|
||||
.TH CPPW 8 "7 Apr 2005"
|
||||
.SH NAME
|
||||
cppw, cpgr \- copy with locking the given file to the password or group file
|
||||
.SH SYNOPSIS
|
||||
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
|
||||
.br
|
||||
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
|
||||
|
||||
.SH DESCRIPTION
|
||||
.BR cppw " and " cpgr
|
||||
will copy, with locking, the given file to
|
||||
.IR /etc/passwd " and " /etc/group ", respectively."
|
||||
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
|
||||
.IR /etc/shadow " and " /etc/gshadow ", respectively."
|
||||
|
||||
With the \fB\-h\fR flag, the commands display a short help message and exit
|
||||
silently.
|
||||
.SH "SEE ALSO"
|
||||
.BR vipw (8),
|
||||
.BR vigr (8),
|
||||
.BR group (5),
|
||||
.BR passwd (5),
|
||||
.BR shadow (5),
|
||||
.BR gshadow (5)
|
||||
.SH AUTHOR
|
||||
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
|
||||
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
|
||||
Vendored
-94
@@ -1,94 +0,0 @@
|
||||
Build-Depends:
|
||||
==============
|
||||
* autoconf
|
||||
* automake1.9
|
||||
works with 1.7 or 1.9 (at least)
|
||||
* libtool
|
||||
* gettext
|
||||
POT, PO, GMO regenerated?
|
||||
* libpam0g-dev
|
||||
OK
|
||||
* debhelper (>= 4.1.16)
|
||||
* po-debconf
|
||||
OK
|
||||
* quilt
|
||||
patch system
|
||||
* dpkg-dev (>= 1.13.5)
|
||||
* xsltproc
|
||||
used to generate the manpages
|
||||
* docbook-xsl
|
||||
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
|
||||
* docbook-xml
|
||||
manpages/docbook.xsl includes html/docbook.xsl
|
||||
(But it is not strictly needed. The generated manpages are identical.
|
||||
Without it, a warning is generated.)
|
||||
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
|
||||
* libxml2-utils
|
||||
needed by the JH_CHECK_XML_CATALOG macros
|
||||
* cdbs
|
||||
used in debian/rules
|
||||
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
|
||||
* gnome-doc-utils (>= 0.4.3-1)
|
||||
xml2po, 0.4.3-1 needed for the -l switch.
|
||||
|
||||
passwd Depends:
|
||||
===============
|
||||
* ${shlibs:Depends}
|
||||
OK
|
||||
* ${loginpam}
|
||||
- hurd
|
||||
login
|
||||
libpam-modules (>= 0.72-5)
|
||||
- other archs
|
||||
+ login (>= 970502-1)
|
||||
login is needed because some passwd utils need /etc/login.defs
|
||||
login is Essential, so this is just to enforce the version
|
||||
+ libpam-modules (>= 0.72-5)
|
||||
* debianutils (>= 2.15.2)
|
||||
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
|
||||
/etc/shell was forgotten and introduced in debianutils in 2.15.2
|
||||
|
||||
passwd Conflicts:
|
||||
=================
|
||||
|
||||
passwd Replaces:
|
||||
================
|
||||
Some of the passwd man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
|
||||
All those packages have been updated during sarge->etch. So these Replaces
|
||||
should be removed after lenny release
|
||||
* manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
login Pre-Depends:
|
||||
==================
|
||||
* ${shlibs:Depends}
|
||||
* libpam-runtime (>= 0.76-14)
|
||||
sarge contained 0.76-22
|
||||
|
||||
Why Pre-Depends? (because it's an essential package?)
|
||||
|
||||
login Depends:
|
||||
==============
|
||||
* libpam-modules (>= 0.72-5)
|
||||
libpam-modules is needed.
|
||||
potato contained 0.72-9
|
||||
|
||||
login Conflicts:
|
||||
================
|
||||
|
||||
login Replaces:
|
||||
===============
|
||||
* Some of the login man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
|
||||
Those are packages that have been updated during sarge->etch. These
|
||||
Replaces should be removed after lenny
|
||||
- manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
Vendored
-340
@@ -1,340 +0,0 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the login package.
|
||||
#
|
||||
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
|
||||
# If unspecified, some arbitrary (and possibly incorrect) value will
|
||||
# be assumed. All other items are optional - if not specified then
|
||||
# the described action or option will be inhibited.
|
||||
#
|
||||
# Comment lines (lines beginning with "#") and blank lines are ignored.
|
||||
#
|
||||
# Modified for Linux. --marekm
|
||||
|
||||
# REQUIRED for useradd/userdel/usermod
|
||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
|
||||
# MAIL_DIR takes precedence.
|
||||
#
|
||||
# Essentially:
|
||||
# - MAIL_DIR defines the location of users mail spool files
|
||||
# (for mbox use) by appending the username to MAIL_DIR as defined
|
||||
# below.
|
||||
# - MAIL_FILE defines the location of the users mail spool files as the
|
||||
# fully-qualified filename obtained by prepending the user home
|
||||
# directory before $MAIL_FILE
|
||||
#
|
||||
# NOTE: This is no more used for setting up users MAIL environment variable
|
||||
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
|
||||
# job of the pam_mail PAM modules
|
||||
# See default PAM configuration files provided for
|
||||
# login, su, etc.
|
||||
#
|
||||
# This is a temporary situation: setting these variables will soon
|
||||
# move to /etc/default/useradd and the variables will then be
|
||||
# no more supported
|
||||
MAIL_DIR /var/mail
|
||||
#MAIL_FILE .mail
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/faillog login failure info.
|
||||
# This option conflicts with the pam_tally PAM module.
|
||||
#
|
||||
FAILLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
#
|
||||
# WARNING: Unknown usernames may become world readable.
|
||||
# See #290803 and #298773 for details about how this could become a security
|
||||
# concern
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
# Enable logging of successful logins
|
||||
#
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
# If defined, all su activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
# If defined, login failures will be logged here in a utmp format
|
||||
# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
#
|
||||
FTMP_FILE /var/log/btmp
|
||||
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
# example, if this is defined as "su" then a "ps" will display the
|
||||
# command is "-su". If not defined, then "ps" would display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
SU_NAME su
|
||||
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
#
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a "write" program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP to the group number and
|
||||
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
|
||||
# TTYPERM to either 622 or 600.
|
||||
#
|
||||
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
|
||||
# However, the default and recommended value for TTYPERM is still 0600
|
||||
# to not allow anyone to write to anyone else console or terminal
|
||||
|
||||
# Users can still allow other people to write them by issuing
|
||||
# the "mesg y" command.
|
||||
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
#
|
||||
# Login configuration initializations:
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
# UMASK Default "umask" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
#
|
||||
# UMASK is the default umask value for pam_umask and is used by
|
||||
# useradd and newusers to set the mode of the new home directories.
|
||||
# 022 is the "historical" value in Debian for UMASK
|
||||
# 027, or even 077, could be considered better for privacy
|
||||
# There is no One True Answer here : each sysadmin must make up his/her
|
||||
# mind.
|
||||
#
|
||||
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
|
||||
# for private user groups, i. e. the uid is the same as gid, and username is
|
||||
# the same as the primary group name: for these, the user permissions will be
|
||||
# used as group permissions, e. g. 022 will become 002.
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
UMASK 022
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_UID_MIN 100
|
||||
#SYS_UID_MAX 999
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_GID_MIN 100
|
||||
#SYS_GID_MAX 999
|
||||
|
||||
#
|
||||
# Max number of login retries if password is bad. This will most likely be
|
||||
# overriden by PAM, since the default pam_unix module has it's own built
|
||||
# in of 3 retries. However, this is a safe fallback in case you are using
|
||||
# an authentication module that does not enforce PAM_MAXTRIES.
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
# Max time in seconds for login
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
#
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default in no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
# If set to yes, userdel will remove the user's group if it contains no
|
||||
# more members, and useradd will create by default a group with the name
|
||||
# of the user.
|
||||
#
|
||||
# Other former uses of this variable such as setting the umask when
|
||||
# user==primary group are not used in PAM environments, such as Debian
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
#
|
||||
# Instead of the real user shell, the program specified by this parameter
|
||||
# will be launched, although its visible name (argv[0]) will be the shell's.
|
||||
# The program may do whatever it wants (logging, additional authentification,
|
||||
# banner, ...) before running the actual shell.
|
||||
#
|
||||
# FAKE_SHELL /bin/fakeshell
|
||||
|
||||
#
|
||||
# If defined, either full pathname of a file containing device names or
|
||||
# a ":" delimited list of device names. Root logins will be allowed only
|
||||
# upon these devices.
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE /etc/consoles
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
# List of groups to add to the user's supplementary group set
|
||||
# when logging in on the console (as determined by the CONSOLE
|
||||
# setting). Default is none.
|
||||
#
|
||||
# Use with caution - it is possible for users to gain permanent
|
||||
# access to these groups, even when not logged in on the console.
|
||||
# How to do it is left as an exercise for the reader...
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
|
||||
#
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
||||
# which don't understand the new algorithm. Default is "no".
|
||||
#
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD.
|
||||
#
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
# If set to MD5 , MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
# Overrides the MD5_CRYPT_ENAB option
|
||||
#
|
||||
# Note: It is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
ENCRYPT_METHOD SHA512
|
||||
|
||||
#
|
||||
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute forcing the password.
|
||||
# But note also that it more CPU resources will be needed to authenticate
|
||||
# users.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000).
|
||||
# The values must be inside the 1000-999999999 range.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
# SHA_CRYPT_MIN_ROUNDS 5000
|
||||
# SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
################# OBSOLETED BY PAM ##############
|
||||
# #
|
||||
# These options are now handled by PAM. Please #
|
||||
# edit the appropriate file in /etc/pam.d/ to #
|
||||
# enable the equivelants of them.
|
||||
#
|
||||
###############
|
||||
|
||||
#MOTD_FILE
|
||||
#DIALUPS_CHECK_ENAB
|
||||
#LASTLOG_ENAB
|
||||
#MAIL_CHECK_ENAB
|
||||
#OBSCURE_CHECKS_ENAB
|
||||
#PORTTIME_CHECKS_ENAB
|
||||
#SU_WHEEL_ONLY
|
||||
#CRACKLIB_DICTPATH
|
||||
#PASS_CHANGE_TRIES
|
||||
#PASS_ALWAYS_WARN
|
||||
#ENVIRON_FILE
|
||||
#NOLOGINS_FILE
|
||||
#ISSUE_FILE
|
||||
#PASS_MIN_LEN
|
||||
#PASS_MAX_LEN
|
||||
#ULIMIT
|
||||
#ENV_HZ
|
||||
#CHFN_AUTH
|
||||
#CHSH_AUTH
|
||||
#FAIL_DELAY
|
||||
|
||||
################# OBSOLETED #######################
|
||||
# #
|
||||
# These options are no more handled by shadow. #
|
||||
# #
|
||||
# Shadow utilities will display a warning if they #
|
||||
# still appear. #
|
||||
# #
|
||||
###################################################
|
||||
|
||||
# CLOSE_SESSIONS
|
||||
# LOGIN_STRING
|
||||
# NO_PASSWORD_CONSOLE
|
||||
# QMAIL_DIR
|
||||
|
||||
|
||||
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
Vendored
-25
@@ -1,25 +0,0 @@
|
||||
usr/share/locale/*/LC_MESSAGES/shadow.mo
|
||||
usr/share/man/*/man1/login.1
|
||||
usr/share/man/*/man1/newgrp.1
|
||||
usr/share/man/*/man1/sg.1
|
||||
usr/share/man/*/man1/su.1
|
||||
usr/share/man/*/man5/faillog.5
|
||||
usr/share/man/*/man5/login.defs.5
|
||||
usr/share/man/*/man8/faillog.8
|
||||
usr/share/man/*/man8/lastlog.8
|
||||
usr/share/man/*/man8/nologin.8
|
||||
usr/share/man/man1/login.1
|
||||
usr/share/man/man1/newgrp.1
|
||||
usr/share/man/man1/sg.1
|
||||
usr/share/man/man1/su.1
|
||||
usr/share/man/man5/faillog.5
|
||||
usr/share/man/man5/login.defs.5
|
||||
usr/share/man/man8/faillog.8
|
||||
usr/share/man/man8/lastlog.8
|
||||
usr/share/man/man8/nologin.8
|
||||
usr/sbin/nologin
|
||||
usr/bin/faillog
|
||||
usr/bin/lastlog
|
||||
usr/bin/newgrp
|
||||
bin/login
|
||||
bin/su
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/bin/newgrp usr/bin/sg
|
||||
Vendored
-3
@@ -1,3 +0,0 @@
|
||||
login: setuid-binary usr/bin/newgrp 4755 root/root
|
||||
login: setuid-binary bin/su 4755 root/root
|
||||
login: possible-missing-colon-in-closes l667:closes bug 336321
|
||||
Vendored
-116
@@ -1,116 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `login' service
|
||||
#
|
||||
|
||||
# Enforce a minimal delay in case of failure (in microseconds).
|
||||
# (Replaces the `FAIL_DELAY' setting from login.defs)
|
||||
# Note that other modules may require another minimal delay. (for example,
|
||||
# to disable any delay, you should add the nodelay option to pam_unix)
|
||||
auth optional pam_faildelay.so delay=3000000
|
||||
|
||||
# Outputs an issue file prior to each login prompt (Replaces the
|
||||
# ISSUE_FILE option from login.defs). Uncomment for use
|
||||
# auth required pam_issue.so issue=/etc/issue
|
||||
|
||||
# Disallows root logins except on tty's listed in /etc/securetty
|
||||
# (Replaces the `CONSOLE' setting from login.defs)
|
||||
#
|
||||
# With the default control of this module:
|
||||
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
|
||||
# root will not be prompted for a password on insecure lines.
|
||||
# if an invalid username is entered, a password is prompted (but login
|
||||
# will eventually be rejected)
|
||||
#
|
||||
# You can change it to a "requisite" module if you think root may mis-type
|
||||
# her login and should not be prompted for a password in that case. But
|
||||
# this will leave the system as vulnerable to user enumeration attacks.
|
||||
#
|
||||
# You can change it to a "required" module if you think it permits to
|
||||
# guess valid user names of your system (invalid user names are considered
|
||||
# as possibly being root on insecure lines), but root passwords may be
|
||||
# communicated over insecure lines.
|
||||
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
|
||||
|
||||
# Disallows other than root logins when /etc/nologin exists
|
||||
# (Replaces the `NOLOGINS_FILE' option from login.defs)
|
||||
auth requisite pam_nologin.so
|
||||
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without this it is possible
|
||||
# that a module could execute code in the wrong domain.
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
|
||||
# Sets the loginuid process attribute
|
||||
session required pam_loginuid.so
|
||||
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Standard Un*x authentication.
|
||||
@include common-auth
|
||||
|
||||
# This allows certain extra groups to be granted to a user
|
||||
# based on things like time of day, tty, service, and user.
|
||||
# Please edit /etc/security/group.conf to fit your needs
|
||||
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
|
||||
auth optional pam_group.so
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restraint on logins.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# Uncomment and edit /etc/security/access.conf if you need to
|
||||
# set access limits.
|
||||
# (Replaces /etc/login.access file)
|
||||
# account required pam_access.so
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# Prints the last login info upon successful login
|
||||
# (Replaces the `LASTLOG_ENAB' option from login.defs)
|
||||
session optional pam_lastlog.so
|
||||
|
||||
# Prints the message of the day upon successful login.
|
||||
# (Replaces the `MOTD_FILE' option in login.defs)
|
||||
# This includes a dynamically generated part from /run/motd.dynamic
|
||||
# and a static (admin-editable) part from /etc/motd.
|
||||
session optional pam_motd.so motd=/run/motd.dynamic
|
||||
session optional pam_motd.so noupdate
|
||||
|
||||
# Prints the status of the user's mailbox upon successful login
|
||||
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
|
||||
#
|
||||
# This also defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
session optional pam_mail.so standard
|
||||
|
||||
# Create a new session keyring.
|
||||
session optional pam_keyinit.so force revoke
|
||||
|
||||
# Standard Un*x account and session
|
||||
@include common-account
|
||||
@include common-session
|
||||
@include common-password
|
||||
Vendored
-56
@@ -1,56 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if test "$1" = configure
|
||||
then
|
||||
if test -f /etc/init.d/logoutd
|
||||
then
|
||||
if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd"
|
||||
then
|
||||
echo "removing logoutd cruft"
|
||||
rm /etc/init.d/logoutd
|
||||
update-rc.d logoutd remove
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
|
||||
|
||||
if [ "$1" = "configure" ]; then
|
||||
# Install faillog during initial installs only
|
||||
if [ "$2" = "" ] && [ ! -f /var/log/faillog ] ; then
|
||||
touch /var/log/faillog
|
||||
chown root:root /var/log/faillog
|
||||
chmod 644 /var/log/faillog
|
||||
fi
|
||||
|
||||
# Create subuid/subgid if missing
|
||||
if [ ! -e /etc/subuid ]; then
|
||||
touch /etc/subuid
|
||||
chown root:root /etc/subuid
|
||||
chmod 644 /etc/subuid
|
||||
fi
|
||||
|
||||
if [ ! -e /etc/subgid ]; then
|
||||
touch /etc/subgid
|
||||
chown root:root /etc/subgid
|
||||
chmod 644 /etc/subgid
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create subuid/subgid if missing
|
||||
if [ ! -e /etc/subuid ]; then
|
||||
touch /etc/subuid
|
||||
chown root:root /etc/subuid
|
||||
chmod 644 /etc/subuid
|
||||
fi
|
||||
|
||||
if [ ! -e /etc/subgid ]; then
|
||||
touch /etc/subgid
|
||||
chown root:root /etc/subgid
|
||||
chmod 644 /etc/subgid
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-52
@@ -1,52 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
#
|
||||
# see: dh_installdeb(1)
|
||||
|
||||
set -e
|
||||
|
||||
# summary of how this script can be called:
|
||||
# * <new-preinst> `install'
|
||||
# * <new-preinst> `install' <old-version>
|
||||
# * <new-preinst> `upgrade' <old-version>
|
||||
# * <old-preinst> `abort-upgrade' <new-version>
|
||||
#
|
||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||
# the debian-policy package
|
||||
|
||||
remove_md5() {
|
||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
||||
cp $1 $1.pre-upgrade
|
||||
sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
||||
&& mv $1.post-upgrade $1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
install|upgrade)
|
||||
if [ "x$2" != "x" ] ; then
|
||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
||||
remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
|
||||
fi
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
abort-upgrade)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "preinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
Vendored
-61
@@ -1,61 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `su' service
|
||||
#
|
||||
|
||||
# This allows root to su without passwords (normal operation)
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# Uncomment this to force users to be a member of group root
|
||||
# before they can use `su'. You can also add "group=foo"
|
||||
# to the end of this line if you want to use a group other
|
||||
# than the default "root" (but this may have side effect of
|
||||
# denying "root" user, unless she's a member of "foo" or explicitly
|
||||
# permitted earlier by e.g. "sufficient pam_rootok.so").
|
||||
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
|
||||
# auth required pam_wheel.so
|
||||
|
||||
# Uncomment this if you want wheel members to be able to
|
||||
# su without a password.
|
||||
# auth sufficient pam_wheel.so trust
|
||||
|
||||
# Uncomment this if you want members of a specific group to not
|
||||
# be allowed to use su at all.
|
||||
# auth required pam_wheel.so deny group=nosu
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restrainst on su usage.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
#
|
||||
# "nopen" stands to avoid reporting new mail when su'ing to another user
|
||||
session optional pam_mail.so nopen
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chage' service
|
||||
#
|
||||
|
||||
# This allows root to change password aging being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chfn' service
|
||||
#
|
||||
|
||||
# This allows root to change user infomation without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chpasswd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-20
@@ -1,20 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chsh' service
|
||||
#
|
||||
|
||||
# This will not allow a user to change their shell unless
|
||||
# their current one is listed in /etc/shells. This keeps
|
||||
# accounts with special shells from changing them.
|
||||
auth required pam_shells.so
|
||||
|
||||
# This allows root to change user shell without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
Vendored
-9
@@ -1,9 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
cd /var/backups || exit 0
|
||||
|
||||
for FILE in passwd group shadow gshadow; do
|
||||
test -f /etc/$FILE || continue
|
||||
cmp -s $FILE.bak /etc/$FILE && continue
|
||||
cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
|
||||
done
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
etc/default
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
debian/passwd.expire.cron
|
||||
Vendored
-57
@@ -1,57 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# passwd.expire.cron: sample expiry notification script for use as a cronjob
|
||||
#
|
||||
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
|
||||
# for use, distribution, modification, etc.
|
||||
#
|
||||
# Usage:
|
||||
# edit the listed options, including the actual email, then rename to
|
||||
# /etc/cron.daily/passwd
|
||||
#
|
||||
# If your users don't have a valid login shell (ie. they are ftp or mail
|
||||
# users only), they will need some other way to change their password
|
||||
# (telnet will work since login will handle password aging, or a poppasswd
|
||||
# program, if they are mail users).
|
||||
|
||||
# <CONFIG> #
|
||||
|
||||
# should be same as /etc/adduser.conf
|
||||
$LOW_UID=1000;
|
||||
$HIGH_UID=29999;
|
||||
|
||||
# this let's the MTA handle the domain,
|
||||
# set it manually if you want. Make sure
|
||||
# you also add the @ like "\@domain.com"
|
||||
$MAIL_DOM="";
|
||||
|
||||
# </CONFIG> #
|
||||
|
||||
# Set the current day reference
|
||||
$curdays = int(time() / (60 * 60 * 24));
|
||||
|
||||
# Now go through the list
|
||||
|
||||
open(SH, "< /etc/shadow");
|
||||
while (<SH>) {
|
||||
@shent = split(':', $_);
|
||||
@userent = getpwnam($shent[0]);
|
||||
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
|
||||
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
|
||||
$shent[4] != -1 && $shent[4] != 0 &&
|
||||
$shent[5] != -1 && $shent[5] != 0) {
|
||||
$daysleft = ($shent[2] + $shent[4]) - $curdays;
|
||||
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
|
||||
if ($daysleft < 0) { next; }
|
||||
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
|
||||
print MAIL <<EOF;
|
||||
Your account will expire in $daysleft $days. Please change your password before
|
||||
then or your account will expire
|
||||
EOF
|
||||
close (MAIL);
|
||||
# This makes sure we also get a list of almost expired users
|
||||
print "$shent[0]'s account will expire in $daysleft days\n";
|
||||
}
|
||||
}
|
||||
@userent = getpwent();
|
||||
}
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupadd' service
|
||||
#
|
||||
|
||||
# This allows root to add groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupmod' service
|
||||
#
|
||||
|
||||
# This allows root to modify groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-80
@@ -1,80 +0,0 @@
|
||||
usr/bin/chage
|
||||
usr/bin/chfn
|
||||
usr/bin/chsh
|
||||
usr/bin/expiry
|
||||
usr/bin/gpasswd
|
||||
usr/bin/passwd
|
||||
usr/sbin/chpasswd
|
||||
usr/sbin/chgpasswd
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/groupmems
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
usr/sbin/grpunconv
|
||||
usr/sbin/newusers
|
||||
usr/sbin/pwck
|
||||
usr/sbin/pwconv
|
||||
usr/sbin/pwunconv
|
||||
usr/sbin/useradd
|
||||
usr/sbin/userdel
|
||||
usr/sbin/usermod
|
||||
usr/sbin/vipw
|
||||
usr/share/man/*/man1/chage.1
|
||||
usr/share/man/*/man1/chfn.1
|
||||
usr/share/man/*/man1/chsh.1
|
||||
usr/share/man/*/man1/expiry.1
|
||||
usr/share/man/*/man1/gpasswd.1
|
||||
usr/share/man/*/man1/passwd.1
|
||||
usr/share/man/*/man5/passwd.5
|
||||
usr/share/man/*/man5/shadow.5
|
||||
usr/share/man/*/man5/gshadow.5
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
usr/share/man/*/man8/grpunconv.8
|
||||
usr/share/man/*/man8/newusers.8
|
||||
usr/share/man/*/man8/pwck.8
|
||||
usr/share/man/*/man8/pwconv.8
|
||||
usr/share/man/*/man8/pwunconv.8
|
||||
usr/share/man/*/man8/useradd.8
|
||||
usr/share/man/*/man8/userdel.8
|
||||
usr/share/man/*/man8/usermod.8
|
||||
usr/share/man/*/man8/vigr.8
|
||||
usr/share/man/*/man8/vipw.8
|
||||
usr/share/man/man1/chage.1
|
||||
usr/share/man/man1/chfn.1
|
||||
usr/share/man/man1/chsh.1
|
||||
usr/share/man/man1/expiry.1
|
||||
usr/share/man/man1/gpasswd.1
|
||||
usr/share/man/man1/passwd.1
|
||||
usr/share/man/man5/passwd.5
|
||||
usr/share/man/man5/shadow.5
|
||||
usr/share/man/man5/gshadow.5
|
||||
usr/share/man/man5/subuid.5
|
||||
usr/share/man/man5/subgid.5
|
||||
usr/share/man/man5/subgid.5
|
||||
usr/share/man/man5/subuid.5
|
||||
usr/share/man/man8/chgpasswd.8
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
usr/share/man/man8/grpunconv.8
|
||||
usr/share/man/man8/newusers.8
|
||||
usr/share/man/man8/pwck.8
|
||||
usr/share/man/man8/pwconv.8
|
||||
usr/share/man/man8/pwunconv.8
|
||||
usr/share/man/man8/useradd.8
|
||||
usr/share/man/man8/userdel.8
|
||||
usr/share/man/man8/usermod.8
|
||||
usr/share/man/man8/vigr.8
|
||||
usr/share/man/man8/vipw.8
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/sbin/vipw usr/sbin/vigr
|
||||
usr/sbin/cppw usr/sbin/cpgr
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
passwd: setgid-binary usr/bin/chage 2755 root/shadow
|
||||
passwd: setuid-binary usr/bin/chfn 4755 root/root
|
||||
passwd: setuid-binary usr/bin/chsh 4755 root/root
|
||||
passwd: setgid-binary usr/bin/expiry 2755 root/shadow
|
||||
passwd: setuid-binary usr/bin/gpasswd 4755 root/root
|
||||
passwd: setuid-binary usr/bin/passwd 4755 root/root
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'newusers' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `passwd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-44
@@ -1,44 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
# Fix permissions on various log files from old versions of the debian
|
||||
# installer, some unrelated to passwd but we decided to put the fix
|
||||
# here since there was no better place. This can safely be removed
|
||||
# after etch is released.
|
||||
if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
|
||||
for log in /var/log/base-config* \
|
||||
$(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
|
||||
if [ -e "$log" ]; then
|
||||
chmod 600 "$log"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
|
||||
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
|
||||
then
|
||||
groupadd -g 42 shadow || (
|
||||
cat <<EOF
|
||||
Group ID 42 has been allocated for the shadow group. You have either
|
||||
used 42 yourself or created a shadow group with a different ID.
|
||||
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
|
||||
Note that both user and group IDs in the range 0-99 are globally
|
||||
allocated by the Debian project and must be the same on every Debian
|
||||
system.
|
||||
EOF
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# Run shadowconfig only on new installs
|
||||
[ -z "$2" ] && shadowconfig on
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-51
@@ -1,51 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
#
|
||||
# see: dh_installdeb(1)
|
||||
|
||||
set -e
|
||||
|
||||
# summary of how this script can be called:
|
||||
# * <new-preinst> `install'
|
||||
# * <new-preinst> `install' <old-version>
|
||||
# * <new-preinst> `upgrade' <old-version>
|
||||
# * <old-preinst> `abort-upgrade' <new-version>
|
||||
#
|
||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||
# the debian-policy package
|
||||
|
||||
remove_md5() {
|
||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
||||
cp $1 $1.pre-upgrade
|
||||
sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
||||
&& mv $1.post-upgrade $1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
install|upgrade)
|
||||
if [ "x$2" != "x" ] ; then
|
||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
||||
remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
||||
abort-upgrade)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "preinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# If a password operation is in progress and we lose power, stale lockfiles
|
||||
# can be left behind. Clear them on boot.
|
||||
r! /etc/gshadow.lock
|
||||
r! /etc/shadow.lock
|
||||
r! /etc/passwd.lock
|
||||
r! /etc/group.lock
|
||||
r! /etc/subuid.lock
|
||||
r! /etc/subgid.lock
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'useradd' service
|
||||
#
|
||||
|
||||
# This allows root to add users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'userdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
@@ -1,44 +0,0 @@
|
||||
From bdd68116b7c5f3cbb29ea4fe3bb81e338e9544f7 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Kainz <simon@familiekainz.at>
|
||||
Date: Wed, 18 Jan 2017 17:24:04 +0100
|
||||
Subject: [PATCH 1/2] Typos fix in german translation of man pages
|
||||
|
||||
Reported to Debian BTS in #734609
|
||||
---
|
||||
man/po/de.po | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/man/po/de.po b/man/po/de.po
|
||||
index b4d7218..340e15d 100644
|
||||
--- a/man/po/de.po
|
||||
+++ b/man/po/de.po
|
||||
@@ -3087,7 +3087,7 @@ msgstr "5"
|
||||
#: limits.5.xml:61(refmiscinfo) gshadow.5.xml:48(refmiscinfo)
|
||||
#: faillog.5.xml:59(refmiscinfo)
|
||||
msgid "File Formats and Conversions"
|
||||
-msgstr "Dateiformate und -konvertierung"
|
||||
+msgstr "Dateiformate und konvertierung"
|
||||
|
||||
#: suauth.5.xml:65(refpurpose)
|
||||
msgid "detailed su control file"
|
||||
@@ -4370,7 +4370,7 @@ msgstr ""
|
||||
|
||||
#: shadow.5.xml:235(para)
|
||||
msgid "An empty field means that the account will never expire."
|
||||
-msgstr "Ein leeren Feld bedeutet, dass das Konto nicht verfallen wird."
|
||||
+msgstr "Ein leeres Feld bedeutet, dass das Konto nicht verfallen wird."
|
||||
|
||||
#: shadow.5.xml:238(para)
|
||||
msgid ""
|
||||
@@ -6961,7 +6961,7 @@ msgid ""
|
||||
"contents of this file should be a message indicating why logins are "
|
||||
"inhibited."
|
||||
msgstr ""
|
||||
-"Falls angegeben, der Name einer Datei, dessen Existenz Anmeldungen außer von "
|
||||
+"Falls angegeben, der Name einer Datei, deren Existenz Anmeldungen außer von "
|
||||
"Root verhindert. Der Inhalt der Datei sollte die Gründe enthalten, weshalb "
|
||||
"Anmeldungen untersagt sind."
|
||||
|
||||
--
|
||||
2.1.4
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
From 578d495f91af8dc5dd774d4310ca06f7013712e7 Mon Sep 17 00:00:00 2001
|
||||
From: Micah Anderson <micah@riseup.net>
|
||||
Date: Wed, 18 Jan 2017 18:06:05 +0100
|
||||
Subject: [PATCH 2/2] Last bits of enabling subuids
|
||||
|
||||
This patch has been carried by Debian, originally
|
||||
submitted to BTS in #739981
|
||||
---
|
||||
src/newusers.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/newusers.c b/src/newusers.c
|
||||
index 724cbb4..0c0cfe4 100644
|
||||
--- a/src/newusers.c
|
||||
+++ b/src/newusers.c
|
||||
@@ -988,8 +988,8 @@ int main (int argc, char **argv)
|
||||
is_shadow_grp = sgr_file_present ();
|
||||
#endif
|
||||
#ifdef ENABLE_SUBIDS
|
||||
- is_sub_uid = sub_uid_file_present ();
|
||||
- is_sub_gid = sub_gid_file_present ();
|
||||
+ is_sub_uid = sub_uid_file_present () && !rflg;
|
||||
+ is_sub_gid = sub_gid_file_present () && !rflg;
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
open_files ();
|
||||
--
|
||||
2.1.4
|
||||
|
||||
-3048
File diff suppressed because it is too large
Load Diff
-1481
File diff suppressed because it is too large
Load Diff
-1050
File diff suppressed because it is too large
Load Diff
-13703
File diff suppressed because it is too large
Load Diff
-98
@@ -1,98 +0,0 @@
|
||||
From 8a122a90fa2afe39f2b1e56c5d45ea20f486bf0b Mon Sep 17 00:00:00 2001
|
||||
From: Lars Bahner <bahner@debian.org>
|
||||
Date: Thu, 19 Jan 2017 17:50:24 +0100
|
||||
Subject: [PATCH 7/7] Fix some spelling issues in the Norwegian translation
|
||||
|
||||
---
|
||||
po/nb.po | 13 +++++++------
|
||||
po/nl.po | 8 ++++----
|
||||
2 files changed, 11 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/po/nb.po b/po/nb.po
|
||||
index d42a864..7ad1ecb 100644
|
||||
--- a/po/nb.po
|
||||
+++ b/po/nb.po
|
||||
@@ -7,12 +7,13 @@
|
||||
# Bjørn Steensrud <bjornst@powertech.no>, 2006.
|
||||
# Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2009, 2012.
|
||||
# Hans Fredrik Nordhaug <hans@nordhaug.priv.no>, 2012.
|
||||
+# Lars Bahner <bahner@debian.org>, 2015
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: shadow 4.0.17\n"
|
||||
"Report-Msgid-Bugs-To: pkg-shadow-devel@lists.alioth.debian.org\n"
|
||||
"POT-Creation-Date: 2016-09-18 14:03-0500\n"
|
||||
-"PO-Revision-Date: 2012-01-18 17:19+0100\n"
|
||||
+"PO-Revision-Date: 2015-09-30 18:15+0100\n"
|
||||
"Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n"
|
||||
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
|
||||
"Language: nb\n"
|
||||
@@ -20,7 +21,7 @@ msgstr ""
|
||||
"Content-Type: text/plain; charset=UTF-8\n"
|
||||
"Content-Transfer-Encoding: 8bit\n"
|
||||
"Plural-Forms: nplurals=2; plural=(n != 1);\n"
|
||||
-"X-Generator: Lokalize 1.2\n"
|
||||
+"X-Generator: Poedit 1.7.5\n"
|
||||
|
||||
#, c-format
|
||||
msgid ""
|
||||
@@ -48,10 +49,9 @@ msgstr "feil med oppsettet - ukjent element «%s» (kontakt administrator)\n"
|
||||
msgid "%s: nscd did not terminate normally (signal %d)\n"
|
||||
msgstr "%s: nscd avsluttet ikke normallt (signal %d)\n"
|
||||
|
||||
-#, fuzzy, c-format
|
||||
-#| msgid "%s: nscd exited with status %d"
|
||||
+#, c-format
|
||||
msgid "%s: nscd exited with status %d\n"
|
||||
-msgstr "%s: nscd avsluttet med status %d"
|
||||
+msgstr "%s: nscd avsluttet med status %d\n"
|
||||
|
||||
msgid "Password: "
|
||||
msgstr "Passord: "
|
||||
@@ -415,8 +415,9 @@ msgstr "passwd: %s\n"
|
||||
msgid "passwd: password unchanged\n"
|
||||
msgstr "passwd: passordet er uendret\n"
|
||||
|
||||
+#, fuzzy
|
||||
msgid "passwd: password updated successfully\n"
|
||||
-msgstr "passwd: passorder ble oppdatert\n"
|
||||
+msgstr "passwd: passordet ble oppdatert\n"
|
||||
|
||||
#, c-format
|
||||
msgid "Incorrect password for %s.\n"
|
||||
diff --git a/po/nl.po b/po/nl.po
|
||||
index 923c1d1..6cbabdd 100644
|
||||
--- a/po/nl.po
|
||||
+++ b/po/nl.po
|
||||
@@ -745,7 +745,7 @@ msgstr "%s: ongeldige naam: '%s'\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s: room number with non-ASCII characters: '%s'\n"
|
||||
-msgstr "%s: kamernummer bevat niet-ASCII tekens: '%s'"
|
||||
+msgstr "%s: kamernummer bevat niet-ASCII tekens: '%s'\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s: invalid room number: '%s'\n"
|
||||
@@ -1571,7 +1571,7 @@ msgstr "Ongeldig wachtwoord.\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s: failure forking: %s\n"
|
||||
-msgstr "%s: nieuw proces beginnen is mislukt: %s"
|
||||
+msgstr "%s: nieuw proces beginnen is mislukt: %s\n"
|
||||
|
||||
#, c-format
|
||||
msgid "%s: GID '%lu' does not exist\n"
|
||||
@@ -2633,8 +2633,8 @@ msgstr "Kon bestand niet vergrendelen"
|
||||
msgid "Couldn't make backup"
|
||||
msgstr "Kon geen reservekopie maken"
|
||||
|
||||
-#| msgid "Unable to open group file\n"
|
||||
-msgid "failed to open scratch file"
|
||||
+#| msgid "Unable to open group file"
|
||||
+msgid "failed to open scratch file\n"
|
||||
msgstr "initieel bestand openen is mislukt\n"
|
||||
|
||||
#| msgid "%s: fields too long\n"
|
||||
--
|
||||
2.1.4
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
From 08fd4b69e84364677a10e519ccb25b71710ee686 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Thu, 23 Feb 2017 09:47:29 -0600
|
||||
Subject: [PATCH] su: properly clear child PID
|
||||
|
||||
If su is compiled with PAM support, it is possible for any local user
|
||||
to send SIGKILL to other processes with root privileges. There are
|
||||
only two conditions. First, the user must be able to perform su with
|
||||
a successful login. This does NOT have to be the root user, even using
|
||||
su with the same id is enough, e.g. "su $(whoami)". Second, SIGKILL
|
||||
can only be sent to processes which were executed after the su process.
|
||||
It is not possible to send SIGKILL to processes which were already
|
||||
running. I consider this as a security vulnerability, because I was
|
||||
able to write a proof of concept which unlocked a screen saver of
|
||||
another user this way.
|
||||
---
|
||||
src/su.c | 19 +++++++++++++++++--
|
||||
1 file changed, 17 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -363,11 +363,13 @@
|
||||
/* wake child when resumed */
|
||||
kill (pid, SIGCONT);
|
||||
stop = false;
|
||||
+ } else {
|
||||
+ pid_child = 0;
|
||||
}
|
||||
} while (!stop);
|
||||
}
|
||||
|
||||
- if (0 != caught) {
|
||||
+ if (0 != caught && 0 != pid_child) {
|
||||
(void) fputs ("\n", stderr);
|
||||
(void) fputs (_("Session terminated, terminating shell..."),
|
||||
stderr);
|
||||
@@ -377,9 +379,22 @@
|
||||
snprintf (wait_msg, 256, _(" ...waiting for child to terminate.\n"));
|
||||
|
||||
(void) signal (SIGALRM, kill_child);
|
||||
+ (void) signal (SIGCHLD, catch_signals);
|
||||
(void) alarm (2);
|
||||
|
||||
- (void) wait (&status);
|
||||
+ sigemptyset (&ourset);
|
||||
+ if ((sigaddset (&ourset, SIGALRM) != 0)
|
||||
+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
|
||||
+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
|
||||
+ kill_child (0);
|
||||
+ } else {
|
||||
+ while (0 == waitpid (pid_child, &status, WNOHANG)) {
|
||||
+ sigsuspend (&ourset);
|
||||
+ }
|
||||
+ pid_child = 0;
|
||||
+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
|
||||
+ }
|
||||
+
|
||||
(void) fputs (_(" ...terminated.\n"), stderr);
|
||||
}
|
||||
|
||||
-55
@@ -1,55 +0,0 @@
|
||||
Goal: Log login failures to the btmp file
|
||||
|
||||
Notes:
|
||||
* I'm not sure login should add an entry in the FTMP file when PAM is used.
|
||||
(but nothing in /etc/login.defs indicates that the failure is not logged)
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -834,6 +834,24 @@ int main (int argc, char **argv)
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if (getdef_str("FTMP_FILE") != NULL) {
|
||||
+#ifdef USE_UTMPX
|
||||
+ struct utmpx *failent =
|
||||
+ prepare_utmpx (failent_user,
|
||||
+ tty,
|
||||
+ /* FIXME: or fromhost? */hostname,
|
||||
+ utent);
|
||||
+#else /* !USE_UTMPX */
|
||||
+ struct utmp *failent =
|
||||
+ prepare_utmp (failent_user,
|
||||
+ tty,
|
||||
+ hostname,
|
||||
+ utent);
|
||||
+#endif /* !USE_UTMPX */
|
||||
+ failtmp (failent_user, failent);
|
||||
+ free (failent);
|
||||
+ }
|
||||
+
|
||||
if (failcount >= retries) {
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -57,7 +57,6 @@ struct itemdef {
|
||||
{"ENVIRON_FILE", NULL}, \
|
||||
{"ENV_TZ", NULL}, \
|
||||
{"FAILLOG_ENAB", NULL}, \
|
||||
- {"FTMP_FILE", NULL}, \
|
||||
{"ISSUE_FILE", NULL}, \
|
||||
{"LASTLOG_ENAB", NULL}, \
|
||||
{"LOGIN_STRING", NULL}, \
|
||||
@@ -88,6 +87,7 @@ static struct itemdef def_table[] = {
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
+ {"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
{"GID_MIN", NULL},
|
||||
{"HUSHLOGIN_FILE", NULL},
|
||||
-3119
File diff suppressed because it is too large
Load Diff
@@ -1,29 +0,0 @@
|
||||
From 7d82f203eeec881c584b2fa06539b39e82985d97 Mon Sep 17 00:00:00 2001
|
||||
From: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
Date: Sun, 14 May 2017 17:58:10 +0200
|
||||
Subject: [PATCH] Reset pid_child only if waitpid was successful.
|
||||
|
||||
Do not reset the pid_child to 0 if the child process is still
|
||||
running. This else-condition can be reached with pid being -1,
|
||||
therefore explicitly test this condition.
|
||||
|
||||
This is a regression fix for CVE-2017-2616. If su receives a
|
||||
signal like SIGTERM, it is not propagated to the child.
|
||||
|
||||
Reported-by: Radu Duta <raduduta@gmail.com>
|
||||
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
|
||||
---
|
||||
src/su.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
--- a/src/su.c
|
||||
+++ b/src/su.c
|
||||
@@ -363,7 +363,7 @@ static void prepare_pam_close_session (v
|
||||
/* wake child when resumed */
|
||||
kill (pid, SIGCONT);
|
||||
stop = false;
|
||||
- } else {
|
||||
+ } else if ( (pid_t)-1 != pid) {
|
||||
pid_child = 0;
|
||||
}
|
||||
} while (!stop);
|
||||
Vendored
-282
@@ -1,282 +0,0 @@
|
||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
||||
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
||||
##
|
||||
## All lines beginning with `## DP:' are a description of the patch.
|
||||
## DP: Add cppw / cpgr
|
||||
|
||||
@DPATCH@
|
||||
Index: shadow-4.4/src/cppw.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ shadow-4.4/src/cppw.c
|
||||
@@ -0,0 +1,238 @@
|
||||
+/*
|
||||
+ cppw, cpgr copy with locking given file over the password or group file
|
||||
+ with -s will copy with locking given file over shadow or gshadow file
|
||||
+
|
||||
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
|
||||
+
|
||||
+ Based on vipw, vigr by:
|
||||
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
|
||||
+
|
||||
+ This program is free software; you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; either version 2 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful, but
|
||||
+ WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program; if not, write to the Free Software
|
||||
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+
|
||||
+ */
|
||||
+
|
||||
+#include <config.h>
|
||||
+#include "defines.h"
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <unistd.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <signal.h>
|
||||
+#include <utime.h>
|
||||
+#include "exitcodes.h"
|
||||
+#include "prototypes.h"
|
||||
+#include "pwio.h"
|
||||
+#include "shadowio.h"
|
||||
+#include "groupio.h"
|
||||
+#include "sgroupio.h"
|
||||
+
|
||||
+
|
||||
+const char *Prog;
|
||||
+
|
||||
+const char *filename, *filenewname;
|
||||
+static bool filelocked = false;
|
||||
+static int (*unlock) (void);
|
||||
+
|
||||
+/* local function prototypes */
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
|
||||
+static void cppwexit (const char *msg, int syserr, int ret);
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void));
|
||||
+
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
|
||||
+{
|
||||
+ struct utimbuf ub;
|
||||
+ FILE *bkfp;
|
||||
+ int c;
|
||||
+ mode_t mask;
|
||||
+
|
||||
+ mask = umask (077);
|
||||
+ bkfp = fopen (dest, "w");
|
||||
+ (void) umask (mask);
|
||||
+ if (NULL == bkfp) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ rewind (fp);
|
||||
+ while ((c = getc (fp)) != EOF) {
|
||||
+ if (putc (c, bkfp) == EOF) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ( (c != EOF)
|
||||
+ || (fflush (bkfp) != 0)) {
|
||||
+ (void) fclose (bkfp);
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if ( (fsync (fileno (bkfp)) != 0)
|
||||
+ || (fclose (bkfp) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ub.actime = sb->st_atime;
|
||||
+ ub.modtime = sb->st_mtime;
|
||||
+ if ( (utime (dest, &ub) != 0)
|
||||
+ || (chmod (dest, sb->st_mode) != 0)
|
||||
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void cppwexit (const char *msg, int syserr, int ret)
|
||||
+{
|
||||
+ int err = errno;
|
||||
+ if (filelocked) {
|
||||
+ (*unlock) ();
|
||||
+ }
|
||||
+ if (NULL != msg) {
|
||||
+ fprintf (stderr, "%s: %s", Prog, msg);
|
||||
+ if (0 != syserr) {
|
||||
+ fprintf (stderr, ": %s", strerror (err));
|
||||
+ }
|
||||
+ (void) fputs ("\n", stderr);
|
||||
+ }
|
||||
+ if (NULL != filename) {
|
||||
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
|
||||
+ } else {
|
||||
+ fprintf (stderr, _("%s: no changes\n"), Prog);
|
||||
+ }
|
||||
+
|
||||
+ exit (ret);
|
||||
+}
|
||||
+
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void))
|
||||
+{
|
||||
+ struct stat st1;
|
||||
+ FILE *f;
|
||||
+ char filenew[1024];
|
||||
+
|
||||
+ snprintf (filenew, sizeof filenew, "%s.new", file);
|
||||
+ unlock = file_unlock;
|
||||
+ filename = file;
|
||||
+ filenewname = filenew;
|
||||
+
|
||||
+ if (access (file, F_OK) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ if (file_lock () == 0) {
|
||||
+ cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
+ }
|
||||
+ filelocked = true;
|
||||
+
|
||||
+ /* file to copy has same owners, perm */
|
||||
+ if (stat (file, &st1) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ f = fopen (in_file, "r");
|
||||
+ if (NULL == f) {
|
||||
+ cppwexit (in_file, 1, 1);
|
||||
+ }
|
||||
+ if (create_copy (f, filenew, &st1) != 0) {
|
||||
+ cppwexit (_("Couldn't make copy"), errno, 1);
|
||||
+ }
|
||||
+
|
||||
+ /* XXX - here we should check filenew for errors; if there are any,
|
||||
+ * fail w/ an appropriate error code and let the user manually fix
|
||||
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
|
||||
+ * stolen from '--marekm's comment) */
|
||||
+
|
||||
+ if (rename (filenew, file) != 0) {
|
||||
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
|
||||
+ Prog, filenew, strerror (errno));
|
||||
+ cppwexit (NULL,0,1);
|
||||
+ }
|
||||
+
|
||||
+ (*file_unlock) ();
|
||||
+}
|
||||
+
|
||||
+int main (int argc, char **argv)
|
||||
+{
|
||||
+ int flag;
|
||||
+ bool cpshadow = false;
|
||||
+ char *in_file;
|
||||
+ int e = E_USAGE;
|
||||
+ bool do_cppw = true;
|
||||
+
|
||||
+ (void) setlocale (LC_ALL, "");
|
||||
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
+ (void) textdomain (PACKAGE);
|
||||
+
|
||||
+ Prog = Basename (argv[0]);
|
||||
+ if (strcmp (Prog, "cpgr") == 0) {
|
||||
+ do_cppw = false;
|
||||
+ }
|
||||
+
|
||||
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
|
||||
+ switch (flag) {
|
||||
+ case 'p':
|
||||
+ do_cppw = true;
|
||||
+ break;
|
||||
+ case 'g':
|
||||
+ do_cppw = false;
|
||||
+ break;
|
||||
+ case 's':
|
||||
+ cpshadow = true;
|
||||
+ break;
|
||||
+ case 'h':
|
||||
+ e = E_SUCCESS;
|
||||
+ /*pass through*/
|
||||
+ default:
|
||||
+ (void) fputs (_("Usage:\n\
|
||||
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
|
||||
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
|
||||
+"), (E_SUCCESS != e) ? stderr : stdout);
|
||||
+ exit (e);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (argc != optind + 1) {
|
||||
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
|
||||
+ }
|
||||
+
|
||||
+ in_file = argv[optind];
|
||||
+
|
||||
+ if (do_cppw) {
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
|
||||
+ } else {
|
||||
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
|
||||
+ }
|
||||
+ } else {
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
|
||||
+ } else
|
||||
+#endif /* SHADOWGRP */
|
||||
+ {
|
||||
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
Index: shadow-4.4/src/Makefile.am
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/Makefile.am
|
||||
+++ shadow-4.4/src/Makefile.am
|
||||
@@ -29,6 +29,7 @@ if ENABLE_SUBIDS
|
||||
ubin_PROGRAMS += newgidmap newuidmap
|
||||
endif
|
||||
usbin_PROGRAMS = \
|
||||
+ cppw \
|
||||
chgpasswd \
|
||||
chpasswd \
|
||||
groupadd \
|
||||
@@ -90,6 +91,7 @@ chfn_LDADD = $(LDADD) $(LIBPAM) $(LI
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
||||
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
||||
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
Index: shadow-4.4/po/POTFILES.in
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/po/POTFILES.in
|
||||
+++ shadow-4.4/po/POTFILES.in
|
||||
@@ -85,6 +85,7 @@ src/chfn.c
|
||||
src/chgpasswd.c
|
||||
src/chpasswd.c
|
||||
src/chsh.c
|
||||
+src/cppw.c
|
||||
src/expiry.c
|
||||
src/faillog.c
|
||||
src/gpasswd.c
|
||||
Vendored
-64
@@ -1,64 +0,0 @@
|
||||
Goal: Add selinux support to cppw
|
||||
|
||||
Fix:
|
||||
|
||||
Status wrt upstream: cppw is not available upstream.
|
||||
The patch was made based on the
|
||||
302_vim_selinux_support patch. It needs to be
|
||||
reviewed by an SE-Linux aware person.
|
||||
|
||||
Depends on 401_cppw_src.dpatch
|
||||
|
||||
Index: git/src/cppw.c
|
||||
===================================================================
|
||||
--- git.orig/src/cppw.c
|
||||
+++ git/src/cppw.c
|
||||
@@ -34,6 +34,9 @@
|
||||
#include <sys/types.h>
|
||||
#include <signal.h>
|
||||
#include <utime.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#endif /* WITH_SELINUX */
|
||||
#include "exitcodes.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
@@ -139,6 +142,22 @@
|
||||
if (access (file, F_OK) != 0) {
|
||||
cppwexit (file, 1, 1);
|
||||
}
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* if SE Linux is enabled then set the context of all new files
|
||||
+ * to be the context of the file we are editing */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ security_context_t passwd_context=NULL;
|
||||
+ int ret = 0;
|
||||
+ if (getfilecon (file, &passwd_context) < 0) {
|
||||
+ cppwexit (_("Couldn't get file context"), errno, 1);
|
||||
+ }
|
||||
+ ret = setfscreatecon (passwd_context);
|
||||
+ freecon (passwd_context);
|
||||
+ if (0 != ret) {
|
||||
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
if (file_lock () == 0) {
|
||||
cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
}
|
||||
@@ -167,6 +186,15 @@
|
||||
cppwexit (NULL,0,1);
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* unset the fscreatecon */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ if (setfscreatecon (NULL)) {
|
||||
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
+
|
||||
(*file_unlock) ();
|
||||
}
|
||||
|
||||
-88
@@ -1,88 +0,0 @@
|
||||
Goal: Re-enable logging and displaying failures on login when login is
|
||||
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
|
||||
faillog file if it does not exist on postinst (as on Woody).
|
||||
Depends: 008_login_more_LOG_UNKFAIL_ENAB
|
||||
Fixes: #192849
|
||||
|
||||
Note: It could be removed if pam_tally could report the number of failures
|
||||
preceding a successful login.
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -131,9 +131,9 @@ static void update_utmp (const char *use
|
||||
const char *host,
|
||||
/*@null@*/const struct utmp *utent);
|
||||
|
||||
-#ifndef USE_PAM
|
||||
static struct faillog faillog;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
static void bad_time_notify (void);
|
||||
static void check_nologin (bool login_to_root);
|
||||
#else
|
||||
@@ -794,6 +794,9 @@ int main (int argc, char **argv)
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
failcount, fromhost, failent_user));
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
fprintf (stderr,
|
||||
_("Maximum number of tries exceeded (%u)\n"),
|
||||
failcount);
|
||||
@@ -811,6 +814,14 @@ int main (int argc, char **argv)
|
||||
pam_strerror (pamh, retcode)));
|
||||
failed = true;
|
||||
}
|
||||
+ if ( (NULL != pwd)
|
||||
+ && getdef_bool("FAILLOG_ENAB")
|
||||
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
|
||||
+ SYSLOG((LOG_CRIT,
|
||||
+ "exceeded failure limit for `%s' %s",
|
||||
+ failent_user, fromhost));
|
||||
+ failed = 1;
|
||||
+ }
|
||||
|
||||
if (!failed) {
|
||||
break;
|
||||
@@ -834,6 +845,10 @@ int main (int argc, char **argv)
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
+
|
||||
if (getdef_str("FTMP_FILE") != NULL) {
|
||||
#ifdef USE_UTMPX
|
||||
struct utmpx *failent =
|
||||
@@ -1288,6 +1303,7 @@ int main (int argc, char **argv)
|
||||
*/
|
||||
#ifndef USE_PAM
|
||||
motd (); /* print the message of the day */
|
||||
+#endif
|
||||
if ( getdef_bool ("FAILLOG_ENAB")
|
||||
&& (0 != faillog.fail_cnt)) {
|
||||
failprint (&faillog);
|
||||
@@ -1300,6 +1316,7 @@ int main (int argc, char **argv)
|
||||
username, (int) faillog.fail_cnt));
|
||||
}
|
||||
}
|
||||
+#ifndef USE_PAM
|
||||
if ( getdef_bool ("LASTLOG_ENAB")
|
||||
&& (ll.ll_time != 0)) {
|
||||
time_t ll_time = ll.ll_time;
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -86,6 +86,7 @@ static struct itemdef def_table[] = {
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
+ {"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
-101
@@ -1,101 +0,0 @@
|
||||
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
|
||||
job to set a delay...or not
|
||||
|
||||
Fixes: #87648
|
||||
|
||||
Status wrt upstream: Forwarded but not applied yet
|
||||
|
||||
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -525,7 +525,6 @@ int main (int argc, char **argv)
|
||||
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
|
||||
char ptime[80];
|
||||
#endif
|
||||
- unsigned int delay;
|
||||
unsigned int retries;
|
||||
bool subroot = false;
|
||||
#ifndef USE_PAM
|
||||
@@ -546,6 +545,7 @@ int main (int argc, char **argv)
|
||||
pid_t child;
|
||||
char *pam_user = NULL;
|
||||
#else
|
||||
+ unsigned int delay;
|
||||
struct spwd *spwd = NULL;
|
||||
#endif
|
||||
/*
|
||||
@@ -708,7 +708,6 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
environ = newenvp; /* make new environment active */
|
||||
- delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
|
||||
|
||||
#ifdef USE_PAM
|
||||
@@ -724,8 +723,7 @@ int main (int argc, char **argv)
|
||||
|
||||
/*
|
||||
* hostname & tty are either set to NULL or their correct values,
|
||||
- * depending on how much we know. We also set PAM's fail delay to
|
||||
- * ours.
|
||||
+ * depending on how much we know.
|
||||
*
|
||||
* PAM_RHOST and PAM_TTY are used for authentication, only use
|
||||
* information coming from login or from the caller (e.g. no utmp)
|
||||
@@ -734,10 +732,6 @@ int main (int argc, char **argv)
|
||||
PAM_FAIL_CHECK;
|
||||
retcode = pam_set_item (pamh, PAM_TTY, tty);
|
||||
PAM_FAIL_CHECK;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- retcode = pam_fail_delay (pamh, 1000000 * delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
-#endif
|
||||
/* if fflg, then the user has already been authenticated */
|
||||
if (!fflg) {
|
||||
unsigned int failcount = 0;
|
||||
@@ -778,12 +772,6 @@ int main (int argc, char **argv)
|
||||
bool failed = false;
|
||||
|
||||
failcount++;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- if (delay > 0) {
|
||||
- retcode = pam_fail_delay(pamh, 1000000*delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
- }
|
||||
-#endif
|
||||
|
||||
retcode = pam_authenticate (pamh, 0);
|
||||
|
||||
@@ -1106,14 +1094,17 @@ int main (int argc, char **argv)
|
||||
free (username);
|
||||
username = NULL;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
/*
|
||||
* Wait a while (a la SVR4 /usr/bin/login) before attempting
|
||||
* to login the user again. If the earlier alarm occurs
|
||||
* before the sleep() below completes, login will exit.
|
||||
*/
|
||||
+ delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
if (delay > 0) {
|
||||
(void) sleep (delay);
|
||||
}
|
||||
+#endif
|
||||
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -85,7 +85,6 @@ static struct itemdef def_table[] = {
|
||||
{"ENV_PATH", NULL},
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
- {"FAIL_DELAY", NULL},
|
||||
{"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
-66
@@ -1,66 +0,0 @@
|
||||
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
||||
|
||||
Fixes: #166793
|
||||
|
||||
Index: shadow-4.4/lib/commonio.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/commonio.c
|
||||
+++ shadow-4.4/lib/commonio.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
+#include <grp.h>
|
||||
#include "nscd.h"
|
||||
#ifdef WITH_TCB
|
||||
#include <tcb.h>
|
||||
@@ -966,12 +967,23 @@ int commonio_close (struct commonio_db *
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
+ struct group *grp;
|
||||
/*
|
||||
* Default permissions for new [g]shadow files.
|
||||
*/
|
||||
sb.st_mode = db->st_mode;
|
||||
sb.st_uid = db->st_uid;
|
||||
sb.st_gid = db->st_gid;
|
||||
+
|
||||
+ /*
|
||||
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
||||
+ */
|
||||
+ if (sb.st_gid == 0) {
|
||||
+ if ((grp = getgrnam("shadow")) != NULL)
|
||||
+ sb.st_gid = grp->gr_gid;
|
||||
+ else
|
||||
+ sb.st_gid = 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
Index: shadow-4.4/lib/sgroupio.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/sgroupio.c
|
||||
+++ shadow-4.4/lib/sgroupio.c
|
||||
@@ -228,7 +228,7 @@ static struct commonio_db gshadow_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
Index: shadow-4.4/lib/shadowio.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/shadowio.c
|
||||
+++ shadow-4.4/lib/shadowio.c
|
||||
@@ -104,7 +104,7 @@ static struct commonio_db shadow_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif /* WITH_SELINUX */
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
Vendored
-201
@@ -1,201 +0,0 @@
|
||||
Goal: Document the shadowconfig utility
|
||||
|
||||
Status wrt upstream: The shadowconfig utility is debian specific.
|
||||
Its man page also (but it used to be distributed)
|
||||
|
||||
Index: git/man/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8
|
||||
@@ -0,0 +1,41 @@
|
||||
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||
+.de Sh \" Subsection
|
||||
+.br
|
||||
+.if t .Sp
|
||||
+.ne 5
|
||||
+.PP
|
||||
+\fB\\$1\fR
|
||||
+.PP
|
||||
+..
|
||||
+.de Sp \" Vertical space (when we can't use .PP)
|
||||
+.if t .sp .5v
|
||||
+.if n .sp
|
||||
+..
|
||||
+.de Ip \" List item
|
||||
+.br
|
||||
+.ie \\n(.$>=3 .ne \\$3
|
||||
+.el .ne 3
|
||||
+.IP "\\$1" \\$2
|
||||
+..
|
||||
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
|
||||
+.SH NAME
|
||||
+shadowconfig \- toggle shadow passwords on and off
|
||||
+.SH "SYNOPSIS"
|
||||
+.ad l
|
||||
+.hy 0
|
||||
+.HP 13
|
||||
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
|
||||
+.ad
|
||||
+.hy
|
||||
+
|
||||
+.SH "DESCRIPTION"
|
||||
+
|
||||
+.PP
|
||||
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
|
||||
+
|
||||
+.PP
|
||||
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
|
||||
+
|
||||
+.PP
|
||||
+Note that turning shadow passwords off and on again will lose all password aging information\&.
|
||||
+
|
||||
Index: git/man/shadowconfig.8.xml
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8.xml
|
||||
@@ -0,0 +1,52 @@
|
||||
+<?xml version="1.0" encoding="UTF-8"?>
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
||||
+<refentry id='shadowconfig.8'>
|
||||
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
|
||||
+ <refentryinfo>
|
||||
+ <date>19 Apr 1997</date>
|
||||
+ </refentryinfo>
|
||||
+ <refmeta>
|
||||
+ <refentrytitle>shadowconfig</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum>
|
||||
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
|
||||
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
|
||||
+ </refmeta>
|
||||
+ <refnamediv id='name'>
|
||||
+ <refname>shadowconfig</refname>
|
||||
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
|
||||
+ </refnamediv>
|
||||
+
|
||||
+ <refsynopsisdiv id='synopsis'>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>shadowconfig</command>
|
||||
+ <group choice='plain'>
|
||||
+ <arg choice='plain'><replaceable>on</replaceable></arg>
|
||||
+ <arg choice='plain'><replaceable>off</replaceable></arg>
|
||||
+ </group>
|
||||
+ </cmdsynopsis>
|
||||
+ </refsynopsisdiv>
|
||||
+
|
||||
+ <refsect1 id='description'>
|
||||
+ <title>DESCRIPTION</title>
|
||||
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
|
||||
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
|
||||
+ passwords off. <command>shadowconfig</command> will print an error
|
||||
+ message and exit with a nonzero code if it finds anything awry. If
|
||||
+ that happens, you should correct the error and run it again. Turning
|
||||
+ shadow passwords on when they are already on, or off when they are
|
||||
+ already off, is harmless.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
|
||||
+ brief introduction
|
||||
+ to shadow passwords and related features.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>Note that turning shadow passwords off and on again will lose all
|
||||
+ password
|
||||
+ aging information.
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+</refentry>
|
||||
Index: git/man/fr/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/fr/shadowconfig.8
|
||||
@@ -0,0 +1,26 @@
|
||||
+.\" This file was generated with po4a. Translate the source file.
|
||||
+.\"
|
||||
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
|
||||
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
|
||||
+.SH NOM
|
||||
+shadowconfig \- active ou désactive les mots de passe cachés
|
||||
+.SH SYNOPSIS
|
||||
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
|
||||
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
|
||||
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
|
||||
+de recommencer.
|
||||
+
|
||||
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
|
||||
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
|
||||
+
|
||||
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
|
||||
+mots de passe cachés et à leurs fonctionnalités.
|
||||
+
|
||||
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
|
||||
+conséquence la perte des informations d'âge sur les mots de passe.
|
||||
+.SH TRADUCTION
|
||||
+Nicolas FRANÇOIS, 2004.
|
||||
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
|
||||
Index: git/man/ja/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/ja/shadowconfig.8
|
||||
@@ -0,0 +1,25 @@
|
||||
+.\" all right reserved,
|
||||
+.\" Translated Tue Oct 30 11:59:11 JST 2001
|
||||
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
|
||||
+.\"
|
||||
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
|
||||
+.SH 名前
|
||||
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
|
||||
+.SH 書式
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH 説明
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+は shadow パスワードを有効にする。
|
||||
+.B shadowconfig off
|
||||
+は shadow パスワードを無効にする。
|
||||
+.B shadowconfig
|
||||
+は何らかの間違いがあると、エラーメッセージを表示し、
|
||||
+ゼロではない返り値を返す。
|
||||
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
|
||||
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
|
||||
+すでにオフの場合にオフに設定しても、何の影響もない。
|
||||
+
|
||||
+.I /usr/share/doc/passwd/README.debian.gz
|
||||
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
|
||||
Index: git/man/pl/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/pl/shadowconfig.8
|
||||
@@ -0,0 +1,27 @@
|
||||
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
|
||||
+.\" {PTM/WK/1999-09-14}
|
||||
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
|
||||
+.SH NAZWA
|
||||
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
|
||||
+.SH SKŁADNIA
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH OPIS
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
|
||||
+.B shadowconfig off
|
||||
+wyłącza dodatkowe pliki haseł i grup.
|
||||
+.B shadowconfig
|
||||
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
|
||||
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
|
||||
+.\" if it finds anything awry.
|
||||
+i uruchomić program ponownie.
|
||||
+
|
||||
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
|
||||
+gdy jest wyłączona jest nieszkodliwe.
|
||||
+
|
||||
+Przeczytaj
|
||||
+.IR /usr/share/doc/passwd/README.debian.gz ,
|
||||
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
|
||||
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
|
||||
-40
@@ -1,40 +0,0 @@
|
||||
Goal: Recommend using adduser and deluser.
|
||||
|
||||
Fixes: #406046
|
||||
|
||||
Status wrt upstream: Debian specific patch.
|
||||
|
||||
Index: git/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/useradd.8.xml
|
||||
+++ git/man/useradd.8.xml
|
||||
@@ -105,6 +105,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>useradd</command> is a low level utility for adding
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>adduser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
When invoked without the <option>-D</option> option, the
|
||||
<command>useradd</command> command creates a new user account using
|
||||
the values specified on the command line plus the default values from
|
||||
Index: git/man/userdel.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/userdel.8.xml
|
||||
+++ git/man/userdel.8.xml
|
||||
@@ -83,6 +83,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>userdel</command> is a low level utility for removing
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>deluser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
The <command>userdel</command> command modifies the system account
|
||||
files, deleting all entries that refer to the user name <emphasis
|
||||
remap='I'>LOGIN</emphasis>. The named user must exist.
|
||||
Vendored
-106
@@ -1,106 +0,0 @@
|
||||
Goal: Relaxed usernames/groupnames checking patch.
|
||||
|
||||
Status wrt upstream: Debian specific. Not to be used upstream
|
||||
|
||||
Details:
|
||||
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
|
||||
characters and don't start with '-', '+', or '~'. This patch is more
|
||||
restrictive than original Karl's version. closes: #264879
|
||||
Also closes: #377844
|
||||
|
||||
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
|
||||
|
||||
I can't come up with a good justification as to why characters other
|
||||
than ':'s and '\0's should be disallowed in group and usernames (other
|
||||
than '-' as the leading character). Thus, the maintenance tools don't
|
||||
anymore. closes: #79682, #166798, #171179
|
||||
|
||||
Index: git/libmisc/chkname.c
|
||||
===================================================================
|
||||
--- git.orig/libmisc/chkname.c
|
||||
+++ git/libmisc/chkname.c
|
||||
@@ -48,6 +48,7 @@
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
+#if 0
|
||||
/*
|
||||
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
*/
|
||||
@@ -66,6 +67,26 @@
|
||||
return false;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
+ /*
|
||||
+ * POSIX indicate that usernames are composed of characters from the
|
||||
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
|
||||
+ * should not be used as the first character of a portable user name.
|
||||
+ *
|
||||
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
|
||||
+ */
|
||||
+ if ( ('\0' == *name)
|
||||
+ || ('-' == *name)
|
||||
+ || ('~' == *name)
|
||||
+ || ('+' == *name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ do {
|
||||
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ name++;
|
||||
+ } while ('\0' != *name);
|
||||
|
||||
return true;
|
||||
}
|
||||
Index: git/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/useradd.8.xml
|
||||
+++ git/man/useradd.8.xml
|
||||
@@ -633,12 +633,20 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
- Usernames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that usernames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space: ' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
|
||||
+ ('/') may break the default algorithm for the definition of the
|
||||
+ user's home directory.
|
||||
+ </para>
|
||||
+ <para>
|
||||
Usernames may only be up to 32 characters long.
|
||||
</para>
|
||||
</refsect1>
|
||||
Index: git/man/groupadd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/groupadd.8.xml
|
||||
+++ git/man/groupadd.8.xml
|
||||
@@ -256,12 +256,18 @@
|
||||
<refsect1 id='caveats'>
|
||||
<title>CAVEATS</title>
|
||||
<para>
|
||||
- Groupnames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that groupnames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space:' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.).
|
||||
+ </para>
|
||||
+ <para>
|
||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||
</para>
|
||||
<para>
|
||||
-20
@@ -1,20 +0,0 @@
|
||||
Index: git/src/Makefile.am
|
||||
===================================================================
|
||||
--- git.orig/src/Makefile.am
|
||||
+++ git/src/Makefile.am
|
||||
@@ -23,7 +23,6 @@
|
||||
# $prefix/bin and $prefix/sbin, no install-data hacks...)
|
||||
|
||||
bin_PROGRAMS = groups login su
|
||||
-sbin_PROGRAMS = nologin
|
||||
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
|
||||
if ENABLE_SUBIDS
|
||||
ubin_PROGRAMS += newgidmap newuidmap
|
||||
@@ -41,6 +40,7 @@
|
||||
grpunconv \
|
||||
logoutd \
|
||||
newusers \
|
||||
+ nologin \
|
||||
pwck \
|
||||
pwconv \
|
||||
pwunconv \
|
||||
@@ -1,50 +0,0 @@
|
||||
Goal: Concatenate the non-su arguments and provide them to the shell with
|
||||
the -c option
|
||||
Fixes: #317264
|
||||
see also #276419
|
||||
|
||||
Status wrt upstream: This is a Debian specific patch.
|
||||
|
||||
Note: the fix of the man page is still missing.
|
||||
(to be taken from the trunk)
|
||||
|
||||
Index: shadow-4.4/src/su.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/su.c
|
||||
+++ shadow-4.4/src/su.c
|
||||
@@ -1155,6 +1155,35 @@ int main (int argc, char **argv)
|
||||
argv[0] = "-c";
|
||||
argv[1] = command;
|
||||
}
|
||||
+ /* On Debian, the arguments are concatenated and the
|
||||
+ * resulting string is always given to the shell with its
|
||||
+ * -c option.
|
||||
+ */
|
||||
+ {
|
||||
+ char **parg;
|
||||
+ unsigned int cmd_len = 0;
|
||||
+ char *cmd = NULL;
|
||||
+ if (strcmp(argv[0], "-c") != 0) {
|
||||
+ argv--;
|
||||
+ argv[0] = "-c";
|
||||
+ }
|
||||
+ /* Now argv[0] is always -c, and other arguments
|
||||
+ * can be concatenated
|
||||
+ */
|
||||
+ cmd_len = 1; /* finale '\0' */
|
||||
+ for (parg = &argv[1]; *parg; parg++) {
|
||||
+ cmd_len += strlen (*parg) + 1;
|
||||
+ }
|
||||
+ cmd = (char *) xmalloc (sizeof (char) * cmd_len);
|
||||
+ cmd[0] = '\0';
|
||||
+ for (parg = &argv[1]; *parg; parg++) {
|
||||
+ strcat (cmd, " ");
|
||||
+ strcat (cmd, *parg);
|
||||
+ }
|
||||
+ cmd[cmd_len - 1] = '\0';
|
||||
+ argv[1] = &cmd[1]; /* do not take first space */
|
||||
+ argv[2] = NULL;
|
||||
+ }
|
||||
/*
|
||||
* Use the shell and create an argv
|
||||
* with the rest of the command line included.
|
||||
@@ -1,52 +0,0 @@
|
||||
Goal: Do not concatenate the additional arguments, and support an
|
||||
environment variable to revert to the old Debian's su behavior.
|
||||
|
||||
This patch needs the su_arguments_are_concatenated patch.
|
||||
|
||||
This patch, and su_arguments_are_concatenated should be dropped after
|
||||
Etch.
|
||||
|
||||
Status wrt upstream: This patch is Debian specific.
|
||||
|
||||
Index: shadow-4.4/src/su.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/su.c
|
||||
+++ shadow-4.4/src/su.c
|
||||
@@ -104,6 +104,19 @@ static char caller_name[BUFSIZ];
|
||||
/* If nonzero, change some environment vars to indicate the user su'd to. */
|
||||
static bool change_environment = true;
|
||||
|
||||
+/*
|
||||
+ * If nonzero, keep the old Debian behavior:
|
||||
+ * * concatenate all the arguments and provide them to the -c option of
|
||||
+ * the shell
|
||||
+ * * If there are some additional arguments, but no -c, add a -c
|
||||
+ * argument anyway
|
||||
+ * Drawbacks:
|
||||
+ * * you can't provide options to the shell (other than -c)
|
||||
+ * * you can't rely on the argument count
|
||||
+ * See http://bugs.debian.org/276419
|
||||
+ */
|
||||
+static int old_debian_behavior;
|
||||
+
|
||||
#ifdef USE_PAM
|
||||
static char kill_msg[256];
|
||||
static char wait_msg[256];
|
||||
@@ -952,6 +965,8 @@ int main (int argc, char **argv)
|
||||
int ret;
|
||||
#endif /* USE_PAM */
|
||||
|
||||
+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL);
|
||||
+
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
@@ -1159,7 +1174,7 @@ int main (int argc, char **argv)
|
||||
* resulting string is always given to the shell with its
|
||||
* -c option.
|
||||
*/
|
||||
- {
|
||||
+ if (old_debian_behavior) {
|
||||
char **parg;
|
||||
unsigned int cmd_len = 0;
|
||||
char *cmd = NULL;
|
||||
Vendored
-47
@@ -1,47 +0,0 @@
|
||||
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
|
||||
|
||||
Note: useradd.8 needs to be regenerated.
|
||||
|
||||
Status wrt upstream: not included as this is just specific
|
||||
backward compatibility for Debian
|
||||
|
||||
Index: shadow-4.4/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/man/useradd.8.xml
|
||||
+++ shadow-4.4/man/useradd.8.xml
|
||||
@@ -329,6 +329,11 @@
|
||||
databases are reset to avoid reusing the entry from a previously
|
||||
deleted user.
|
||||
</para>
|
||||
+ <para>
|
||||
+ For the compatibility with previous Debian's
|
||||
+ <command>useradd</command>, the <option>-O</option> option is
|
||||
+ also supported.
|
||||
+ </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
Index: shadow-4.4/src/useradd.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/useradd.c
|
||||
+++ shadow-4.4/src/useradd.c
|
||||
@@ -1056,9 +1056,9 @@ static void process_flags (int argc, cha
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1181,6 +1181,7 @@ static void process_flags (int argc, cha
|
||||
kflg = true;
|
||||
break;
|
||||
case 'K':
|
||||
+ case 'O': /* compatibility with previous Debian useradd */
|
||||
/*
|
||||
* override login.defs defaults (-K name=value)
|
||||
* example: -K UID_MIN=100 -K UID_MAX=499
|
||||
-81
@@ -1,81 +0,0 @@
|
||||
--- a/debian/passwd.install
|
||||
+++ b/debian/passwd.install
|
||||
@@ -9,6 +9,7 @@
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
+usr/sbin/groupmems
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
@@ -33,6 +34,7 @@
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
+usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
@@ -59,6 +61,7 @@
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
+usr/share/man/man8/groupmems.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
--- a/debian/passwd.postinst
|
||||
+++ b/debian/passwd.postinst
|
||||
@@ -31,6 +31,24 @@
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
|
||||
+ then
|
||||
+ groupadd -g 99 groupmems || (
|
||||
+ cat <<EOF
|
||||
+************************ TESTSUITE *****************************
|
||||
+Group ID 99 has been allocated for the groupmems group. You have either
|
||||
+used 99 yourself or created a groupmems group with a different ID.
|
||||
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
+
|
||||
+Note that both user and group IDs in the range 0-99 are globally
|
||||
+allocated by the Debian project and must be the same on every Debian
|
||||
+system.
|
||||
+EOF
|
||||
+ exit 1
|
||||
+ )
|
||||
+# FIXME
|
||||
+ chgrp groupmems /usr/sbin/groupmems
|
||||
+ fi
|
||||
;;
|
||||
esac
|
||||
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -60,6 +60,7 @@
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
+ dh_installpam -p passwd --name=groupmems
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# login is not built on The Hurd, but some utilities of passwd depends on
|
||||
# /etc/login.defs.
|
||||
@@ -87,3 +88,6 @@
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
|
||||
+ chmod u+s debian/passwd/usr/sbin/groupmems
|
||||
+ chmod o-x debian/passwd/usr/sbin/groupmems
|
||||
--- /dev/null
|
||||
+++ b/debian/passwd.groupmems.pam
|
||||
@@ -0,0 +1,8 @@
|
||||
+# The PAM configuration file for the Shadow 'groupmod' service
|
||||
+#
|
||||
+
|
||||
+# This allows root to modify groups without being prompted for a password
|
||||
+auth sufficient pam_rootok.so
|
||||
+
|
||||
+@include common-auth
|
||||
+@include common-account
|
||||
Vendored
-76
@@ -1,76 +0,0 @@
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
DEFS =
|
||||
|
||||
noinst_LTLIBRARIES = libshadow.la
|
||||
--- a/libmisc/Makefile.am
|
||||
+++ b/libmisc/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = -I$(top_srcdir)/lib
|
||||
|
||||
noinst_LIBRARIES = libmisc.a
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -7,6 +7,8 @@
|
||||
suidperms = 4755
|
||||
sgidperms = 2755
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = \
|
||||
-I${top_srcdir}/lib \
|
||||
-I$(top_srcdir)/libmisc
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -40,6 +40,12 @@
|
||||
endif
|
||||
export CFLAGS
|
||||
|
||||
+clean:: clean_gcov
|
||||
+
|
||||
+clean_gcov:
|
||||
+ find . -name "*.gcda" -delete
|
||||
+ find . -name "*.gcno" -delete
|
||||
+
|
||||
# Add extras to the install process:
|
||||
binary-install/login::
|
||||
dh_installpam -p login
|
||||
--- a/lib/defines.h
|
||||
+++ b/lib/defines.h
|
||||
@@ -174,23 +174,9 @@
|
||||
trust the formatted time received from the unix domain (or worse,
|
||||
UDP) socket. -MM */
|
||||
/* Avoid translated PAM error messages: Set LC_ALL to "C".
|
||||
+ * This is disabled for coverage testing
|
||||
* --Nekral */
|
||||
-#define SYSLOG(x) \
|
||||
- do { \
|
||||
- char *old_locale = setlocale (LC_ALL, NULL); \
|
||||
- char *saved_locale = NULL; \
|
||||
- if (NULL != old_locale) { \
|
||||
- saved_locale = strdup (old_locale); \
|
||||
- } \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, "C"); \
|
||||
- } \
|
||||
- syslog x ; \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, saved_locale); \
|
||||
- free (saved_locale); \
|
||||
- } \
|
||||
- } while (false)
|
||||
+#define SYSLOG(x) syslog x
|
||||
#else /* !ENABLE_NLS */
|
||||
#define SYSLOG(x) syslog x
|
||||
#endif /* !ENABLE_NLS */
|
||||
Vendored
-43
@@ -1,43 +0,0 @@
|
||||
Origin: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952
|
||||
Reviewed-by: Sylvain Beucler <beuc@debian.org>
|
||||
Last-Update: 2021-03-16
|
||||
|
||||
From 954e3d2e7113e9ac06632aee3c69b8d818cc8952 Mon Sep 17 00:00:00 2001
|
||||
From: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
Date: Fri, 31 Mar 2017 16:25:06 +0200
|
||||
Subject: [PATCH] Fix buffer overflow if NULL line is present in db.
|
||||
|
||||
If ptr->line == NULL for an entry, the first cycle will exit,
|
||||
but the second one will happily write past entries buffer.
|
||||
We actually do not want to exit the first cycle prematurely
|
||||
on ptr->line == NULL.
|
||||
Signed-off-by: Tomas Mraz <tmraz@fedoraproject.org>
|
||||
---
|
||||
lib/commonio.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
Index: shadow-4.4/lib/commonio.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/commonio.c
|
||||
+++ shadow-4.4/lib/commonio.c
|
||||
@@ -755,16 +755,16 @@ commonio_sort (struct commonio_db *db, i
|
||||
for (ptr = db->head;
|
||||
(NULL != ptr)
|
||||
#if KEEP_NIS_AT_END
|
||||
- && (NULL != ptr->line)
|
||||
- && ( ('+' != ptr->line[0])
|
||||
- && ('-' != ptr->line[0]))
|
||||
+ && ((NULL == ptr->line)
|
||||
+ || (('+' != ptr->line[0])
|
||||
+ && ('-' != ptr->line[0])))
|
||||
#endif
|
||||
;
|
||||
ptr = ptr->next) {
|
||||
n++;
|
||||
}
|
||||
#if KEEP_NIS_AT_END
|
||||
- if ((NULL != ptr) && (NULL != ptr->line)) {
|
||||
+ if (NULL != ptr) {
|
||||
nis = ptr;
|
||||
}
|
||||
#endif
|
||||
Vendored
-73
@@ -1,73 +0,0 @@
|
||||
Small intro to the system for numbering the patches here...
|
||||
|
||||
-The 00xx-... patches are forwarded to upstream's git repository
|
||||
|
||||
-The 0xx_... series of patches are patches isolated from the latest
|
||||
version of the shadow Debian package not using quilt in order to
|
||||
separate upstream from Debian-specific stuff.
|
||||
|
||||
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
|
||||
|
||||
-The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has
|
||||
adopted Debian translations, it is very likely that these patches
|
||||
will become useless when we will have synced with upstream
|
||||
|
||||
-The 2xx series are patches for manual pages translations to upstream
|
||||
4.0.18.1.
|
||||
|
||||
-The 3xx series are patches which have been temporarily applied to
|
||||
Debian's shadow while we *know* they have been applied upstream as well
|
||||
These patches should NOT be kept when we will sync with upstream
|
||||
|
||||
-The 4xx series are patches which have been applied to Debian's shadow
|
||||
and have NOT been accepted and/or applied upstream. These patches MUST be kept
|
||||
even after resynced with upstream
|
||||
|
||||
-The 5xx series are patches which are applied to Debian's shadow
|
||||
and will never be proposed upstream because they're too specific
|
||||
This list SHOULD BE AS SHORT AS POSSIBLE
|
||||
|
||||
In short, while we are working towards synchronisation with upstream,
|
||||
our goal is to make 0xx patches disappear by moving them either to 3xx
|
||||
series (things already implemented upstream) or to 4xx series
|
||||
(Debian-specific patches).
|
||||
|
||||
|
||||
Short HOWTO for quilt
|
||||
=====================
|
||||
|
||||
The quilt system can be assimilated to a Pile Of Patches management system.
|
||||
Patches live in debian/patches, the working directory is "."
|
||||
|
||||
The basic commands are (abbreviation accepted):
|
||||
quilt push (asks to apply the next patch in the pile)
|
||||
quilt pop (removes the current patch and go up in the pile)
|
||||
quilt refresh (take the current changes in tree onto the patch)
|
||||
|
||||
When a file is changed by a patch, quilt saves it somewhere under .pc on
|
||||
application. This is how it can refresh it afterward (comparing the version
|
||||
in .pc and the one you currently have in your working dir).
|
||||
|
||||
There are three common pitfalls with quilt:
|
||||
- doing "quilt pop" without doing "quilt refresh". The version of current
|
||||
dir is replaced with the version of the .pc dir. Your changes are lost.
|
||||
Quilt wont let you do so, but you can force it with '-f' if you're fool.
|
||||
- editing a file with is not in the patch yet. Quilt didn't do any previous
|
||||
backup.
|
||||
Use "quilt add" to add files to patches.
|
||||
Set $EDITOR and use "quilt edit" to edit a file, and add it onto the
|
||||
patch if needed.
|
||||
- If you update your working directory, patches may not revert cleanly.
|
||||
It is thus recommended to use "quilt pop -a" before updating with
|
||||
"svn up".
|
||||
If you forget (and run into trouble), you may want to remove the whole
|
||||
shadow-?.?.? directory. If you use the makefile which is in the upper
|
||||
directory (trunk/), shadow-?.?.?/debian/patches is a link to
|
||||
debian/patches, so this dirctory does not contain any valuable info.
|
||||
|
||||
The documentation is quite well done, I think. "quilt -h" will list you the
|
||||
commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is
|
||||
a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete
|
||||
manual, with tutorial.
|
||||
|
||||
|
||||
Vendored
-32
@@ -1,32 +0,0 @@
|
||||
0001-Typos-fix-in-german-translation-of-man-pages.patch
|
||||
0002-Last-bits-of-enabling-subuids.patch
|
||||
0003-Dutch-translation-update.patch
|
||||
0004-Updated-Czech-translation.patch
|
||||
0005-Update-for-German-man-pages.patch
|
||||
0006-French-manpage-translation.patch
|
||||
0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
|
||||
0008-su-properly-clear-child-PID.patch
|
||||
301-Reset-pid_child-only-if-waitpid-was-successful.patch
|
||||
|
||||
# These patches are only for the testsuite:
|
||||
#900_testsuite_groupmems
|
||||
#901_testsuite_gcov
|
||||
|
||||
503_shadowconfig.8
|
||||
008_login_log_failure_in_FTMP
|
||||
429_login_FAILLOG_ENAB
|
||||
401_cppw_src.dpatch
|
||||
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
|
||||
402_cppw_selinux
|
||||
506_relaxed_usernames
|
||||
542_useradd-O_option
|
||||
463_login_delay_obeys_to_PAM
|
||||
523_su_arguments_are_concatenated
|
||||
523_su_arguments_are_no_more_concatenated_by_default
|
||||
508_nologin_in_usr_sbin
|
||||
505_useradd_recommend_adduser
|
||||
501_commonio_group_shadow
|
||||
# does not apply cleanly, please merge at upstream
|
||||
1010_vietnamese_translation
|
||||
|
||||
CVE-2017-12424.patch
|
||||
Vendored
-98
@@ -1,98 +0,0 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- mode: makefile; coding: utf-8 -*-
|
||||
|
||||
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
|
||||
|
||||
# Enable PIE, BINDNOW, and possible future flags.
|
||||
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
||||
DPKG_EXPORT_BUILDFLAGS = 1
|
||||
include /usr/share/dpkg/buildflags.mk
|
||||
|
||||
# Call autoreconf since we need to regenerate all the autofoo files
|
||||
include /usr/share/cdbs/1/rules/autoreconf.mk
|
||||
include /usr/share/cdbs/1/rules/debhelper.mk
|
||||
# Specify where dh_install will find the files that it needs to move:
|
||||
DEB_DH_INSTALL_SOURCEDIR=debian/tmp
|
||||
# Specify the destination of shadow's "make install"
|
||||
# (This is only needed on The Hurd, where only one package is built. On
|
||||
# the other arch, DEB_DESTDIR already points to debian/tmp)
|
||||
DEB_DESTDIR=$(CURDIR)/debian/tmp
|
||||
|
||||
include /usr/share/cdbs/1/class/autotools.mk
|
||||
|
||||
# Adds extra options when calling the configure script:
|
||||
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared \
|
||||
--without-libcrack \
|
||||
--mandir=/usr/share/man \
|
||||
--with-libpam \
|
||||
--enable-shadowgrp \
|
||||
--enable-man \
|
||||
--disable-account-tools-setuid \
|
||||
--with-group-name-max-length=32 \
|
||||
--without-acl \
|
||||
--without-attr \
|
||||
--without-tcb \
|
||||
SHELL=/bin/sh
|
||||
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
|
||||
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
|
||||
endif
|
||||
|
||||
# Set the default editor for vipw/vigr
|
||||
CFLAGS += -DDEFAULT_EDITOR=\\\"sensible-editor\\\"
|
||||
|
||||
# Add extras to the install process:
|
||||
binary-install/login::
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# /bin/login is provided by the hurd package.
|
||||
rm -f debian/login/bin/login
|
||||
endif
|
||||
ifneq ($(DEB_HOST_ARCH_OS),linux)
|
||||
sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
|
||||
endif
|
||||
dh_installpam -p login
|
||||
dh_installpam -p login --name=su
|
||||
install -c -m 444 debian/login.defs debian/login/etc/login.defs
|
||||
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
|
||||
dh_lintian -p login
|
||||
|
||||
binary-install/passwd::
|
||||
install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8
|
||||
install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
|
||||
install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
|
||||
install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
|
||||
# Distribute the pam.d files; unless for the commands with disabled PAM
|
||||
# support
|
||||
dh_installpam -p passwd --name=passwd
|
||||
dh_installpam -p passwd --name=chfn
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
|
||||
install -d debian/passwd/sbin
|
||||
install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
|
||||
install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
|
||||
install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
|
||||
dh_lintian -p passwd
|
||||
|
||||
binary-predeb/uidmap::
|
||||
chmod u+s debian/uidmap/usr/bin/newuidmap
|
||||
chmod u+s debian/uidmap/usr/bin/newgidmap
|
||||
|
||||
binary-predeb/login::
|
||||
# No real need for login to be setuid root
|
||||
# chmod u+s debian/login/bin/login
|
||||
chmod u+s debian/login/bin/su
|
||||
chmod u+s debian/login/usr/bin/newgrp
|
||||
|
||||
binary-predeb/passwd::
|
||||
chmod u+s debian/passwd/usr/bin/chfn
|
||||
chmod u+s debian/passwd/usr/bin/chsh
|
||||
chmod u+s debian/passwd/usr/bin/gpasswd
|
||||
chmod u+s debian/passwd/usr/bin/passwd
|
||||
chgrp shadow debian/passwd/usr/bin/chage
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
|
||||
clean::
|
||||
sed -i 's/# Linux only # //' debian/login.pam
|
||||
Vendored
-71
@@ -1,71 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
com0
|
||||
|
||||
# Standard consoles
|
||||
tty1
|
||||
tty2
|
||||
tty3
|
||||
tty4
|
||||
tty5
|
||||
tty6
|
||||
tty7
|
||||
tty8
|
||||
tty9
|
||||
tty10
|
||||
tty11
|
||||
tty12
|
||||
tty13
|
||||
tty14
|
||||
tty15
|
||||
tty16
|
||||
tty17
|
||||
tty18
|
||||
tty19
|
||||
tty20
|
||||
tty21
|
||||
tty22
|
||||
tty23
|
||||
tty24
|
||||
tty25
|
||||
tty26
|
||||
tty27
|
||||
tty28
|
||||
tty29
|
||||
tty30
|
||||
tty31
|
||||
tty32
|
||||
tty33
|
||||
tty34
|
||||
tty35
|
||||
tty36
|
||||
tty37
|
||||
tty38
|
||||
tty39
|
||||
tty40
|
||||
tty41
|
||||
tty42
|
||||
tty43
|
||||
tty44
|
||||
tty45
|
||||
tty46
|
||||
tty47
|
||||
tty48
|
||||
tty49
|
||||
tty50
|
||||
tty51
|
||||
tty52
|
||||
tty53
|
||||
tty54
|
||||
tty55
|
||||
tty56
|
||||
tty57
|
||||
tty58
|
||||
tty59
|
||||
tty60
|
||||
tty61
|
||||
tty62
|
||||
tty63
|
||||
Vendored
-24
@@ -1,24 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
ttyd0
|
||||
ttyd1
|
||||
|
||||
# Standard consoles
|
||||
ttyv0
|
||||
ttyv1
|
||||
ttyv2
|
||||
ttyv3
|
||||
ttyv4
|
||||
ttyv5
|
||||
ttyv6
|
||||
ttyv7
|
||||
ttyva
|
||||
ttyvb
|
||||
ttyvc
|
||||
ttyvd
|
||||
ttyve
|
||||
ttyvf
|
||||
|
||||
Vendored
-12
@@ -1,12 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
tty00
|
||||
|
||||
# Standard consoles
|
||||
ttyE0
|
||||
ttyE1
|
||||
ttyE2
|
||||
ttyE3
|
||||
Vendored
-412
@@ -1,412 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
|
||||
console
|
||||
|
||||
# Local X displays (allows empty passwords with pam_unix's nullok_secure)
|
||||
:0
|
||||
:0.0
|
||||
:0.1
|
||||
:1
|
||||
:1.0
|
||||
:1.1
|
||||
:2
|
||||
:2.0
|
||||
:2.1
|
||||
:3
|
||||
:3.0
|
||||
:3.1
|
||||
#...
|
||||
|
||||
|
||||
# ==========================================================
|
||||
#
|
||||
# TTYs sorted by major number according to Documentation/devices.txt
|
||||
#
|
||||
# ==========================================================
|
||||
|
||||
# Virtual consoles
|
||||
tty1
|
||||
tty2
|
||||
tty3
|
||||
tty4
|
||||
tty5
|
||||
tty6
|
||||
tty7
|
||||
tty8
|
||||
tty9
|
||||
tty10
|
||||
tty11
|
||||
tty12
|
||||
tty13
|
||||
tty14
|
||||
tty15
|
||||
tty16
|
||||
tty17
|
||||
tty18
|
||||
tty19
|
||||
tty20
|
||||
tty21
|
||||
tty22
|
||||
tty23
|
||||
tty24
|
||||
tty25
|
||||
tty26
|
||||
tty27
|
||||
tty28
|
||||
tty29
|
||||
tty30
|
||||
tty31
|
||||
tty32
|
||||
tty33
|
||||
tty34
|
||||
tty35
|
||||
tty36
|
||||
tty37
|
||||
tty38
|
||||
tty39
|
||||
tty40
|
||||
tty41
|
||||
tty42
|
||||
tty43
|
||||
tty44
|
||||
tty45
|
||||
tty46
|
||||
tty47
|
||||
tty48
|
||||
tty49
|
||||
tty50
|
||||
tty51
|
||||
tty52
|
||||
tty53
|
||||
tty54
|
||||
tty55
|
||||
tty56
|
||||
tty57
|
||||
tty58
|
||||
tty59
|
||||
tty60
|
||||
tty61
|
||||
tty62
|
||||
tty63
|
||||
|
||||
# UART serial ports
|
||||
ttyS0
|
||||
ttyS1
|
||||
ttyS2
|
||||
ttyS3
|
||||
ttyS4
|
||||
ttyS5
|
||||
#...ttyS191
|
||||
|
||||
# Serial Mux devices (Linux/PA-RISC only)
|
||||
ttyB0
|
||||
ttyB1
|
||||
#...
|
||||
|
||||
# Chase serial card
|
||||
ttyH0
|
||||
ttyH1
|
||||
#...
|
||||
|
||||
# Cyclades serial cards
|
||||
ttyC0
|
||||
ttyC1
|
||||
#...ttyC31
|
||||
|
||||
# Digiboard serial cards
|
||||
ttyD0
|
||||
ttyD1
|
||||
#...
|
||||
|
||||
# Stallion serial cards
|
||||
ttyE0
|
||||
ttyE1
|
||||
#...ttyE255
|
||||
|
||||
# Specialix serial cards
|
||||
ttyX0
|
||||
ttyX1
|
||||
#...
|
||||
|
||||
# Comtrol Rocketport serial cards
|
||||
ttyR0
|
||||
ttyR1
|
||||
#...
|
||||
|
||||
# SDL RISCom serial cards
|
||||
ttyL0
|
||||
ttyL1
|
||||
#...
|
||||
|
||||
# Hayes ESP serial card
|
||||
ttyP0
|
||||
ttyP1
|
||||
#...
|
||||
|
||||
# Computone IntelliPort II serial card
|
||||
ttyF0
|
||||
ttyF1
|
||||
#...ttyF255
|
||||
|
||||
# Specialix IO8+ serial card
|
||||
ttyW0
|
||||
ttyW1
|
||||
#...
|
||||
|
||||
# Comtrol VS-1000 serial controller
|
||||
ttyV0
|
||||
ttyV1
|
||||
#...
|
||||
|
||||
# ISI serial card
|
||||
ttyM0
|
||||
ttyM1
|
||||
#...
|
||||
|
||||
# Technology Concepts serial card
|
||||
ttyT0
|
||||
ttyT1
|
||||
#...
|
||||
|
||||
# Specialix RIO serial card
|
||||
ttySR0
|
||||
ttySR1
|
||||
#...ttySR511
|
||||
|
||||
# Chase Research AT/PCI-Fast serial card
|
||||
ttyCH0
|
||||
ttyCH1
|
||||
#...ttyCH63
|
||||
|
||||
# Moxa Intellio serial card
|
||||
ttyMX0
|
||||
ttyMX1
|
||||
#...ttyMX127
|
||||
|
||||
# SmartIO serial card
|
||||
ttySI0
|
||||
ttySI1
|
||||
#...
|
||||
|
||||
# USB dongles
|
||||
ttyUSB0
|
||||
ttyUSB1
|
||||
ttyUSB2
|
||||
#...
|
||||
|
||||
# LinkUp Systems L72xx UARTs
|
||||
ttyLU0
|
||||
ttyLU1
|
||||
ttyLU2
|
||||
ttyLU3
|
||||
|
||||
# StrongARM builtin serial ports
|
||||
ttySA0
|
||||
ttySA1
|
||||
ttySA2
|
||||
|
||||
# SCI serial port (SuperH) ports and SC26xx serial ports
|
||||
ttySC0
|
||||
ttySC1
|
||||
ttySC2
|
||||
ttySC3
|
||||
ttySC4
|
||||
ttySC5
|
||||
ttySC6
|
||||
ttySC7
|
||||
ttySC8
|
||||
ttySC9
|
||||
|
||||
# ARM "AMBA" serial ports
|
||||
ttyAM0
|
||||
ttyAM1
|
||||
ttyAM2
|
||||
ttyAM3
|
||||
ttyAM4
|
||||
ttyAM5
|
||||
ttyAM6
|
||||
ttyAM7
|
||||
ttyAM8
|
||||
ttyAM9
|
||||
ttyAM10
|
||||
ttyAM11
|
||||
ttyAM12
|
||||
ttyAM13
|
||||
ttyAM14
|
||||
ttyAM15
|
||||
|
||||
# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
|
||||
ttyAMA0
|
||||
ttyAMA1
|
||||
ttyAMA2
|
||||
ttyAMA3
|
||||
|
||||
# DataBooster serial ports
|
||||
ttyDB0
|
||||
ttyDB1
|
||||
ttyDB2
|
||||
ttyDB3
|
||||
ttyDB4
|
||||
ttyDB5
|
||||
ttyDB6
|
||||
ttyDB7
|
||||
|
||||
# SGI Altix console ports
|
||||
ttySG0
|
||||
|
||||
# Motorola i.MX ports
|
||||
ttySMX0
|
||||
ttySMX1
|
||||
ttySMX2
|
||||
|
||||
# Marvell MPSC ports
|
||||
ttyMM0
|
||||
ttyMM1
|
||||
|
||||
# PPC CPM (SCC or SMC) ports
|
||||
ttyCPM0
|
||||
ttyCPM1
|
||||
ttyCPM2
|
||||
ttyCPM3
|
||||
ttyCPM4
|
||||
ttyCPM5
|
||||
|
||||
# Altix serial cards
|
||||
ttyIOC0
|
||||
ttyIOC1
|
||||
#...ttyIOC31
|
||||
|
||||
# NEC VR4100 series SIU
|
||||
ttyVR0
|
||||
|
||||
# NEC VR4100 series SSIU
|
||||
ttyVR1
|
||||
|
||||
# Altix ioc4 serial cards
|
||||
ttyIOC84
|
||||
ttyIOC85
|
||||
#...ttyIOC115
|
||||
|
||||
# Altix ioc3 serial cards
|
||||
ttySIOC0
|
||||
ttySIOC1
|
||||
#...ttySIOC31
|
||||
|
||||
# PPC PSC ports
|
||||
ttyPSC0
|
||||
ttyPSC1
|
||||
ttyPSC2
|
||||
ttyPSC3
|
||||
ttyPSC4
|
||||
ttyPSC5
|
||||
|
||||
# ATMEL serial ports
|
||||
ttyAT0
|
||||
ttyAT1
|
||||
#...ttyAT15
|
||||
|
||||
# Hilscher netX serial port
|
||||
ttyNX0
|
||||
ttyNX1
|
||||
#...ttyNX15
|
||||
|
||||
# Xilinx uartlite - port
|
||||
ttyUL0
|
||||
ttyUL1
|
||||
ttyUL2
|
||||
ttyUL3
|
||||
|
||||
# Xen virtual console - port 0
|
||||
xvc0
|
||||
|
||||
# pmac_zilog - port
|
||||
ttyPZ0
|
||||
ttyPZ1
|
||||
ttyPZ2
|
||||
ttyPZ3
|
||||
|
||||
# TX39/49 serial port
|
||||
ttyTX0
|
||||
ttyTX1
|
||||
ttyTX2
|
||||
ttyTX3
|
||||
ttyTX4
|
||||
ttyTX5
|
||||
ttyTX6
|
||||
ttyTX7
|
||||
|
||||
# SC26xx serial ports (see SCI serial ports (SuperH))
|
||||
|
||||
# MAX3100 serial ports
|
||||
ttyMAX0
|
||||
ttyMAX1
|
||||
ttyMAX2
|
||||
ttyMAX3
|
||||
|
||||
# OMAP serial ports
|
||||
ttyO0
|
||||
ttyO1
|
||||
ttyO2
|
||||
ttyO3
|
||||
|
||||
# User space serial ports
|
||||
ttyU0
|
||||
ttyU1
|
||||
|
||||
# A2232 serial card
|
||||
ttyY0
|
||||
ttyY1
|
||||
|
||||
# IBM 3270 terminal Unix tty access
|
||||
3270/tty1
|
||||
3270/tty2
|
||||
#...
|
||||
|
||||
# IBM iSeries/pSeries virtual console
|
||||
hvc0
|
||||
hvc1
|
||||
#...
|
||||
#IBM pSeries console ports
|
||||
hvsi0
|
||||
hvsi1
|
||||
hvsi2
|
||||
|
||||
# Equinox SST multi-port serial boards
|
||||
ttyEQ0
|
||||
ttyEQ1
|
||||
#...ttyEQ1027
|
||||
|
||||
# ==========================================================
|
||||
#
|
||||
# Not in Documentation/Devices.txt
|
||||
#
|
||||
# ==========================================================
|
||||
|
||||
# Embedded Freescale i.MX ports
|
||||
ttymxc0
|
||||
ttymxc1
|
||||
ttymxc2
|
||||
ttymxc3
|
||||
ttymxc4
|
||||
ttymxc5
|
||||
|
||||
# LXC (Linux Containers)
|
||||
lxc/console
|
||||
lxc/tty1
|
||||
lxc/tty2
|
||||
lxc/tty3
|
||||
lxc/tty4
|
||||
|
||||
# Serial Console for MIPS Swarm
|
||||
duart0
|
||||
duart1
|
||||
|
||||
# s390 and s390x ports in LPAR mode
|
||||
ttysclp0
|
||||
|
||||
# ODROID XU4 serial console
|
||||
ttySAC0
|
||||
ttySAC1
|
||||
ttySAC2
|
||||
ttySAC3
|
||||
Vendored
-49
@@ -1,49 +0,0 @@
|
||||
#!/bin/sh
|
||||
# turn shadow passwords on or off on a Debian system
|
||||
|
||||
set -e
|
||||
|
||||
shadowon () {
|
||||
set -e
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwconv
|
||||
grpconv
|
||||
chown root:root /etc/passwd /etc/group
|
||||
chmod 644 /etc/passwd /etc/group
|
||||
chown root:shadow /etc/shadow /etc/gshadow
|
||||
chmod 640 /etc/shadow /etc/gshadow
|
||||
}
|
||||
|
||||
shadowoff () {
|
||||
set -e
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwunconv
|
||||
grpunconv
|
||||
# sometimes the passwd perms get munged
|
||||
chown root:root /etc/passwd /etc/group
|
||||
chmod 644 /etc/passwd /etc/group
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
"on")
|
||||
if shadowon ; then
|
||||
echo Shadow passwords are now on.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 on\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
"off")
|
||||
if shadowoff ; then
|
||||
echo Shadow passwords are now off.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 off\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo Usage: $0 on \| off
|
||||
;;
|
||||
esac
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
3.0 (quilt)
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
usr/bin/newuidmap
|
||||
usr/bin/newgidmap
|
||||
usr/share/man/man1/newuidmap.1
|
||||
usr/share/man/man1/newgidmap.1
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
uidmap: setuid-binary usr/bin/newgidmap 4755 root/root
|
||||
uidmap: setuid-binary usr/bin/newuidmap 4755 root/root
|
||||
Vendored
-8196
File diff suppressed because it is too large
Load Diff
Vendored
-37
@@ -1,37 +0,0 @@
|
||||
# Default values for useradd(8)
|
||||
#
|
||||
# The SHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
# Similar to DHSELL in adduser. However, we use "sh" here because
|
||||
# useradd is a low level utility and should be as general
|
||||
# as possible
|
||||
SHELL=/bin/sh
|
||||
#
|
||||
# The default group for users
|
||||
# 100=users on Debian systems
|
||||
# Same as USERS_GID in adduser
|
||||
# This argument is used when the -n flag is specified.
|
||||
# The default behavior (when -n and -g are not specified) is to create a
|
||||
# primary user group with the same name as the user being added to the
|
||||
# system.
|
||||
# GROUP=100
|
||||
#
|
||||
# The default home directory. Same as DHOME for adduser
|
||||
# HOME=/home
|
||||
#
|
||||
# The number of days after a password expires until the account
|
||||
# is permanently disabled
|
||||
# INACTIVE=-1
|
||||
#
|
||||
# The default expire date
|
||||
# EXPIRE=
|
||||
#
|
||||
# The SKEL variable specifies the directory containing "skeletal" user
|
||||
# files; in other words, files such as a sample .profile that will be
|
||||
# copied to the new user's home directory when it is created.
|
||||
# SKEL=/etc/skel
|
||||
#
|
||||
# Defines whether the mail spool should be created while
|
||||
# creating the account
|
||||
# CREATE_MAIL_SPOOL=yes
|
||||
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
version=4
|
||||
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadow-$1.tar.gz%" \
|
||||
https://github.com/shadow-maint/shadow/tags \
|
||||
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
|
||||
+50
-64
@@ -6,18 +6,18 @@
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
# Note: When PAM is used, some modules may enforce a minimum delay (e.g.
|
||||
# pam_unix(8) enforces a 2s delay)
|
||||
# Note: When PAM is used, some modules may enfore a minimal delay (e.g.
|
||||
# pam_unix enforces a 2s delay)
|
||||
#
|
||||
FAIL_DELAY 3
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/faillog login(1) failure info.
|
||||
# Enable logging and display of /var/log/faillog login failure info.
|
||||
#
|
||||
FAILLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
@@ -27,7 +27,7 @@ LOG_UNKFAIL_ENAB no
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/lastlog login(1) time info.
|
||||
# Enable logging and display of /var/log/lastlog login time info.
|
||||
#
|
||||
LASTLOG_ENAB yes
|
||||
|
||||
@@ -50,13 +50,13 @@ OBSCURE_CHECKS_ENAB yes
|
||||
PORTTIME_CHECKS_ENAB yes
|
||||
|
||||
#
|
||||
# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
|
||||
# Enable setting of ulimit, umask, and niceness from passwd gecos field.
|
||||
#
|
||||
QUOTAS_ENAB yes
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
@@ -64,13 +64,13 @@ SYSLOG_SG_ENAB yes
|
||||
#
|
||||
# If defined, either full pathname of a file containing device names or
|
||||
# a ":" delimited list of device names. Root logins will be allowed only
|
||||
# from these devices.
|
||||
# upon these devices.
|
||||
#
|
||||
CONSOLE /etc/securetty
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
# If defined, all su(1) activity is logged to this file.
|
||||
# If defined, all su activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
@@ -82,33 +82,33 @@ MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
# If defined, this file will be output before each login(1) prompt.
|
||||
# If defined, this file will be output before each login prompt.
|
||||
#
|
||||
#ISSUE_FILE /etc/issue
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format similar to "vt100 tty01".
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
# If defined, login(1) failures will be logged here in a utmp format.
|
||||
# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
|
||||
# If defined, login failures will be logged here in a utmp format.
|
||||
# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
#
|
||||
FTMP_FILE /var/log/btmp
|
||||
|
||||
#
|
||||
# If defined, name of file whose presence will inhibit non-root
|
||||
# logins. The content of this file should be a message indicating
|
||||
# If defined, name of file whose presence which will inhibit non-root
|
||||
# logins. The contents of this file should be a message indicating
|
||||
# why logins are inhibited.
|
||||
#
|
||||
NOLOGINS_FILE /etc/nologin
|
||||
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
# example, if this is defined as "su" then ps(1) will display the
|
||||
# command as "-su". If not defined, then ps(1) will display the
|
||||
# example, if this is defined as "su" then a "ps" will display the
|
||||
# command is "-su". If not defined, then "ps" would display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
SU_NAME su
|
||||
@@ -158,10 +158,10 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a write(1) program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP as the number of such group
|
||||
# and TTYPERM as 0620. Otherwise leave TTYGROUP commented out and
|
||||
# set TTYPERM to either 622 or 600.
|
||||
# If you have a "write" program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP to the group number and
|
||||
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
|
||||
# TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
@@ -183,13 +183,12 @@ ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
#ULIMIT 2097152
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# Default initial "umask" value for non-PAM enabled systems.
|
||||
# UMASK is also used by useradd and newusers to set the mode of new home
|
||||
# directories.
|
||||
# 022 is the default value, but 027, or even 077, could be considered
|
||||
# for increased privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up his/her mind.
|
||||
# better for privacy. There is no One True Answer here: each sysadmin
|
||||
# must make up her mind.
|
||||
UMASK 022
|
||||
|
||||
#
|
||||
@@ -214,43 +213,35 @@ PASS_WARN_AGE 7
|
||||
SU_WHEEL_ONLY no
|
||||
|
||||
#
|
||||
# If compiled with cracklib support, sets the path to the dictionaries
|
||||
# If compiled with cracklib support, where are the dictionaries
|
||||
#
|
||||
CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
SYS_UID_MIN 101
|
||||
SYS_UID_MAX 999
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
SUB_UID_COUNT 65536
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
SYS_GID_MIN 101
|
||||
SYS_GID_MAX 999
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
SUB_GID_COUNT 65536
|
||||
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
# Max number of login retries if password is bad
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
# Max time in seconds for login(1)
|
||||
# Max time in seconds for login
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
@@ -272,12 +263,12 @@ PASS_ALWAYS_WARN yes
|
||||
#PASS_MAX_LEN 8
|
||||
|
||||
#
|
||||
# Require password before chfn(1)/chsh(1) can make any changes.
|
||||
# Require password before chfn/chsh can make any changes.
|
||||
#
|
||||
CHFN_AUTH yes
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
@@ -302,13 +293,13 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD.
|
||||
#
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to MD5 , MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
@@ -323,12 +314,12 @@ CHFN_RESTRICT rwh
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
# However, more CPU resources will be needed to authenticate users if
|
||||
# this value is increased.
|
||||
# With a lot of rounds, it is more difficult to brute forcing the password.
|
||||
# But note also that it more CPU resources will be needed to authenticate
|
||||
# users.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000).
|
||||
# The values must be within the 1000-999999999 range.
|
||||
# The values must be inside the 1000-999999999 range.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
@@ -337,18 +328,18 @@ CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
# List of groups to add to the user's supplementary group set
|
||||
# when logging in from the console (as determined by the CONSOLE
|
||||
# when logging in on the console (as determined by the CONSOLE
|
||||
# setting). Default is none.
|
||||
#
|
||||
# Use with caution - it is possible for users to gain permanent
|
||||
# access to these groups, even when not logged in from the console.
|
||||
# access to these groups, even when not logged in on the console.
|
||||
# How to do it is left as an exercise for the reader...
|
||||
#
|
||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is no.
|
||||
# Default in no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
|
||||
@@ -370,14 +361,14 @@ ENVIRON_FILE /etc/environment
|
||||
# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
|
||||
# the same as gid, and username is the same as the primary group name.
|
||||
#
|
||||
# This also enables userdel(8) to remove user groups if no members exist.
|
||||
# This also enables userdel to remove user groups if no members exist.
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
#
|
||||
# If set to a non-zero number, the shadow utilities will make sure that
|
||||
# If set to a non-nul number, the shadow utilities will make sure that
|
||||
# groups never have more than this number of users on one line.
|
||||
# This permits to support split groups (groups split into multiple lines,
|
||||
# This permit to support split groups (groups split into multiple lines,
|
||||
# with the same group ID, to avoid limitation of the line length in the
|
||||
# group file).
|
||||
#
|
||||
@@ -386,15 +377,10 @@ USERGROUPS_ENAB yes
|
||||
#MAX_MEMBERS_PER_GROUP 0
|
||||
|
||||
#
|
||||
# If useradd(8) should create home directories for users by default (non
|
||||
# system users only).
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
# If useradd should create home directories for users by default (non
|
||||
# system users only)
|
||||
# This option is overridden with the -M or -m flags on the useradd command
|
||||
# line.
|
||||
#
|
||||
#CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
||||
# missing.
|
||||
#
|
||||
#FORCE_SHADOW yes
|
||||
|
||||
@@ -14,7 +14,6 @@ libshadow_la_SOURCES = \
|
||||
encrypt.c \
|
||||
exitcodes.h \
|
||||
faillog.h \
|
||||
fields.c \
|
||||
fputsx.c \
|
||||
getdef.c \
|
||||
getdef.h \
|
||||
@@ -39,10 +38,6 @@ libshadow_la_SOURCES = \
|
||||
pwio.c \
|
||||
pwio.h \
|
||||
pwmem.c \
|
||||
subordinateio.h \
|
||||
subordinateio.c \
|
||||
selinux.c \
|
||||
semanage.c \
|
||||
sgetgrent.c \
|
||||
sgetpwent.c \
|
||||
sgetspent.c \
|
||||
@@ -52,13 +47,8 @@ libshadow_la_SOURCES = \
|
||||
shadowio.c \
|
||||
shadowio.h \
|
||||
shadowmem.c \
|
||||
spawn.c \
|
||||
utent.c
|
||||
|
||||
if WITH_TCB
|
||||
libshadow_la_SOURCES += tcbfuncs.c tcbfuncs.h
|
||||
endif
|
||||
|
||||
# These files are unneeded for some reason, listed in
|
||||
# order of appearance:
|
||||
#
|
||||
|
||||
+84
-213
@@ -2,7 +2,7 @@
|
||||
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
|
||||
* Copyright (c) 1996 - 2001, Marek Michałkiewicz
|
||||
* Copyright (c) 2001 - 2006, Tomasz Kłoczko
|
||||
* Copyright (c) 2007 - 2011, Nicolas François
|
||||
* Copyright (c) 2007 - 2009, Nicolas François
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -45,16 +45,16 @@
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
#include "nscd.h"
|
||||
#ifdef WITH_TCB
|
||||
#include <tcb.h>
|
||||
#endif /* WITH_TCB */
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
#endif
|
||||
#include "prototypes.h"
|
||||
#include "commonio.h"
|
||||
|
||||
/* local function prototypes */
|
||||
static int lrename (const char *, const char *);
|
||||
static int check_link_count (const char *file);
|
||||
static int do_lock_file (const char *file, const char *lock, bool log);
|
||||
static int do_lock_file (const char *file, const char *lock);
|
||||
static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
|
||||
const char *name,
|
||||
const char *mode,
|
||||
@@ -132,7 +132,7 @@ static int check_link_count (const char *file)
|
||||
}
|
||||
|
||||
|
||||
static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
static int do_lock_file (const char *file, const char *lock)
|
||||
{
|
||||
int fd;
|
||||
pid_t pid;
|
||||
@@ -142,11 +142,6 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
|
||||
fd = open (file, O_CREAT | O_EXCL | O_WRONLY, 0600);
|
||||
if (-1 == fd) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: %s: %s\n",
|
||||
Prog, file, strerror (errno));
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -154,11 +149,6 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
snprintf (buf, sizeof buf, "%lu", (unsigned long) pid);
|
||||
len = (ssize_t) strlen (buf) + 1;
|
||||
if (write (fd, buf, (size_t) len) != len) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: %s: %s\n",
|
||||
Prog, file, strerror (errno));
|
||||
}
|
||||
(void) close (fd);
|
||||
unlink (file);
|
||||
return 0;
|
||||
@@ -167,22 +157,12 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
|
||||
if (link (file, lock) == 0) {
|
||||
retval = check_link_count (file);
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: %s: lock file already used\n",
|
||||
Prog, file);
|
||||
}
|
||||
unlink (file);
|
||||
return retval;
|
||||
}
|
||||
|
||||
fd = open (lock, O_RDWR);
|
||||
if (-1 == fd) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: %s: %s\n",
|
||||
Prog, lock, strerror (errno));
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
@@ -190,60 +170,29 @@ static int do_lock_file (const char *file, const char *lock, bool log)
|
||||
len = read (fd, buf, sizeof (buf) - 1);
|
||||
close (fd);
|
||||
if (len <= 0) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: existing lock file %s without a PID\n",
|
||||
Prog, lock);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
buf[len] = '\0';
|
||||
if (get_pid (buf, &pid) == 0) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: existing lock file %s with an invalid PID '%s'\n",
|
||||
Prog, lock, buf);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
if (kill (pid, 0) == 0) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: lock %s already used by PID %lu\n",
|
||||
Prog, lock, (unsigned long) pid);
|
||||
}
|
||||
unlink (file);
|
||||
errno = EEXIST;
|
||||
return 0;
|
||||
}
|
||||
if (unlink (lock) != 0) {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: cannot get lock %s: %s\n",
|
||||
Prog, lock, strerror (errno));
|
||||
}
|
||||
unlink (file);
|
||||
return 0;
|
||||
}
|
||||
|
||||
retval = 0;
|
||||
if (link (file, lock) == 0) {
|
||||
retval = check_link_count (file);
|
||||
if ((0==retval) && log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: %s: lock file already used\n",
|
||||
Prog, file);
|
||||
}
|
||||
} else {
|
||||
if (log) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: cannot get lock %s: %s\n",
|
||||
Prog, lock, strerror (errno));
|
||||
}
|
||||
if ((link (file, lock) == 0) && (check_link_count (file) != 0)) {
|
||||
retval = 1;
|
||||
}
|
||||
|
||||
unlink (file);
|
||||
@@ -270,21 +219,21 @@ static /*@null@*/ /*@dependent@*/FILE *fopen_set_perms (
|
||||
if (fchown (fileno (fp), sb->st_uid, sb->st_gid) != 0) {
|
||||
goto fail;
|
||||
}
|
||||
#else /* !HAVE_FCHOWN */
|
||||
#else
|
||||
if (chown (name, sb->st_mode) != 0) {
|
||||
goto fail;
|
||||
}
|
||||
#endif /* !HAVE_FCHOWN */
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_FCHMOD
|
||||
if (fchmod (fileno (fp), sb->st_mode & 0664) != 0) {
|
||||
goto fail;
|
||||
}
|
||||
#else /* !HAVE_FCHMOD */
|
||||
#else
|
||||
if (chmod (name, sb->st_mode & 0664) != 0) {
|
||||
goto fail;
|
||||
}
|
||||
#endif /* !HAVE_FCHMOD */
|
||||
#endif
|
||||
return fp;
|
||||
|
||||
fail:
|
||||
@@ -376,7 +325,7 @@ bool commonio_present (const struct commonio_db *db)
|
||||
}
|
||||
|
||||
|
||||
int commonio_lock_nowait (struct commonio_db *db, bool log)
|
||||
int commonio_lock_nowait (struct commonio_db *db)
|
||||
{
|
||||
char file[1024];
|
||||
char lock[1024];
|
||||
@@ -388,7 +337,7 @@ int commonio_lock_nowait (struct commonio_db *db, bool log)
|
||||
snprintf (file, sizeof file, "%s.%lu",
|
||||
db->filename, (unsigned long) getpid ());
|
||||
snprintf (lock, sizeof lock, "%s.lock", db->filename);
|
||||
if (do_lock_file (file, lock, log) != 0) {
|
||||
if (do_lock_file (file, lock) != 0) {
|
||||
db->locked = true;
|
||||
lock_count++;
|
||||
return 1;
|
||||
@@ -412,22 +361,17 @@ int commonio_lock (struct commonio_db *db)
|
||||
*/
|
||||
if (0 == lock_count) {
|
||||
if (lckpwdf () == -1) {
|
||||
if (geteuid () != 0) {
|
||||
(void) fprintf (stderr,
|
||||
"%s: Permission denied.\n",
|
||||
Prog);
|
||||
}
|
||||
return 0; /* failure */
|
||||
}
|
||||
}
|
||||
|
||||
if (commonio_lock_nowait (db, true) != 0) {
|
||||
if (commonio_lock_nowait (db) != 0) {
|
||||
return 1; /* success */
|
||||
}
|
||||
|
||||
ulckpwdf ();
|
||||
return 0; /* failure */
|
||||
#else /* !HAVE_LCKPWDF */
|
||||
#else
|
||||
int i;
|
||||
|
||||
/*
|
||||
@@ -444,18 +388,16 @@ int commonio_lock (struct commonio_db *db)
|
||||
if (i > 0) {
|
||||
sleep (LOCK_SLEEP); /* delay between retries */
|
||||
}
|
||||
if (commonio_lock_nowait (db, i==LOCK_TRIES-1) != 0) {
|
||||
if (commonio_lock_nowait (db) != 0) {
|
||||
return 1; /* success */
|
||||
}
|
||||
/* no unnecessary retries on "permission denied" errors */
|
||||
if (geteuid () != 0) {
|
||||
(void) fprintf (stderr, "%s: Permission denied.\n",
|
||||
Prog);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
return 0; /* failure */
|
||||
#endif /* !HAVE_LCKPWDF */
|
||||
#endif
|
||||
}
|
||||
|
||||
static void dec_lock_count (void)
|
||||
@@ -472,7 +414,7 @@ static void dec_lock_count (void)
|
||||
}
|
||||
#ifdef HAVE_LCKPWDF
|
||||
ulckpwdf ();
|
||||
#endif /* HAVE_LCKPWDF */
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -591,7 +533,6 @@ int commonio_open (struct commonio_db *db, int mode)
|
||||
void *eptr = NULL;
|
||||
int flags = mode;
|
||||
size_t buflen;
|
||||
int fd;
|
||||
int saved_errno;
|
||||
|
||||
mode &= ~O_CREAT;
|
||||
@@ -608,31 +549,11 @@ int commonio_open (struct commonio_db *db, int mode)
|
||||
return 0;
|
||||
}
|
||||
|
||||
db->head = NULL;
|
||||
db->tail = NULL;
|
||||
db->head = db->tail = NULL;
|
||||
db->cursor = NULL;
|
||||
db->changed = false;
|
||||
|
||||
fd = open (db->filename,
|
||||
(db->readonly ? O_RDONLY : O_RDWR)
|
||||
| O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
|
||||
saved_errno = errno;
|
||||
db->fp = NULL;
|
||||
if (fd >= 0) {
|
||||
#ifdef WITH_TCB
|
||||
if (tcb_is_suspect (fd) != 0) {
|
||||
(void) close (fd);
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
#endif /* WITH_TCB */
|
||||
db->fp = fdopen (fd, db->readonly ? "r" : "r+");
|
||||
saved_errno = errno;
|
||||
if (NULL == db->fp) {
|
||||
(void) close (fd);
|
||||
}
|
||||
}
|
||||
errno = saved_errno;
|
||||
db->fp = fopen (db->filename, db->readonly ? "r" : "r+");
|
||||
|
||||
/*
|
||||
* If O_CREAT was specified and the file didn't exist, it will be
|
||||
@@ -647,7 +568,16 @@ int commonio_open (struct commonio_db *db, int mode)
|
||||
}
|
||||
|
||||
/* Do not inherit fd in spawned processes (e.g. nscd) */
|
||||
fcntl (fileno (db->fp), F_SETFD, FD_CLOEXEC);
|
||||
fcntl(fileno(db->fp), F_SETFD, FD_CLOEXEC);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
db->scontext = NULL;
|
||||
if ((is_selinux_enabled () > 0) && (!db->readonly)) {
|
||||
if (fgetfilecon (fileno (db->fp), &db->scontext) < 0) {
|
||||
goto cleanup_errno;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
buflen = BUFLEN;
|
||||
buf = (char *) malloc (buflen);
|
||||
@@ -733,6 +663,12 @@ int commonio_open (struct commonio_db *db, int mode)
|
||||
cleanup_errno:
|
||||
saved_errno = errno;
|
||||
free_linked_list (db);
|
||||
#ifdef WITH_SELINUX
|
||||
if (db->scontext != NULL) {
|
||||
freecon (db->scontext);
|
||||
db->scontext = NULL;
|
||||
}
|
||||
#endif
|
||||
fclose (db->fp);
|
||||
db->fp = NULL;
|
||||
errno = saved_errno;
|
||||
@@ -747,26 +683,10 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
|
||||
{
|
||||
struct commonio_entry **entries, *ptr;
|
||||
size_t n = 0, i;
|
||||
#if KEEP_NIS_AT_END
|
||||
struct commonio_entry *nis = NULL;
|
||||
#endif
|
||||
|
||||
for (ptr = db->head;
|
||||
(NULL != ptr)
|
||||
#if KEEP_NIS_AT_END
|
||||
&& (NULL != ptr->line)
|
||||
&& ( ('+' != ptr->line[0])
|
||||
&& ('-' != ptr->line[0]))
|
||||
#endif
|
||||
;
|
||||
ptr = ptr->next) {
|
||||
for (ptr = db->head; NULL != ptr; ptr = ptr->next) {
|
||||
n++;
|
||||
}
|
||||
#if KEEP_NIS_AT_END
|
||||
if ((NULL != ptr) && (NULL != ptr->line)) {
|
||||
nis = ptr;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (n <= 1) {
|
||||
return 0;
|
||||
@@ -778,40 +698,18 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
|
||||
}
|
||||
|
||||
n = 0;
|
||||
for (ptr = db->head;
|
||||
#if KEEP_NIS_AT_END
|
||||
nis != ptr;
|
||||
#else
|
||||
NULL != ptr;
|
||||
#endif
|
||||
/*@ -nullderef @*/
|
||||
ptr = ptr->next
|
||||
/*@ +nullderef @*/
|
||||
) {
|
||||
entries[n] = ptr;
|
||||
n++;
|
||||
for (ptr = db->head; NULL != ptr; ptr = ptr->next) {
|
||||
entries[n++] = ptr;
|
||||
}
|
||||
qsort (entries, n, sizeof (struct commonio_entry *), cmp);
|
||||
|
||||
/* Take care of the head and tail separately */
|
||||
db->head = entries[0];
|
||||
n--;
|
||||
#if KEEP_NIS_AT_END
|
||||
if (NULL == nis)
|
||||
#endif
|
||||
{
|
||||
db->tail = entries[n];
|
||||
}
|
||||
db->tail = entries[--n];
|
||||
db->head->prev = NULL;
|
||||
db->head->next = entries[1];
|
||||
entries[n]->prev = entries[n - 1];
|
||||
#if KEEP_NIS_AT_END
|
||||
entries[n]->next = nis;
|
||||
#else
|
||||
entries[n]->next = NULL;
|
||||
#endif
|
||||
db->tail->prev = entries[n - 1];
|
||||
db->tail->next = NULL;
|
||||
|
||||
/* Now other elements have prev and next entries */
|
||||
for (i = 1; i < n; i++) {
|
||||
entries[i]->prev = entries[i - 1];
|
||||
entries[i]->next = entries[i + 1];
|
||||
@@ -826,8 +724,7 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
|
||||
/*
|
||||
* Sort entries in db according to order in another.
|
||||
*/
|
||||
int commonio_sort_wrt (struct commonio_db *shadow,
|
||||
const struct commonio_db *passwd)
|
||||
int commonio_sort_wrt (struct commonio_db *shadow, struct commonio_db *passwd)
|
||||
{
|
||||
struct commonio_entry *head = NULL, *pw_ptr, *spw_ptr;
|
||||
const char *name;
|
||||
@@ -914,6 +811,10 @@ int commonio_close (struct commonio_db *db)
|
||||
int errors = 0;
|
||||
struct stat sb;
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
/*@null@*/security_context_t old_context = NULL;
|
||||
#endif
|
||||
|
||||
if (!db->isopen) {
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
@@ -921,7 +822,7 @@ int commonio_close (struct commonio_db *db)
|
||||
db->isopen = false;
|
||||
|
||||
if (!db->changed || db->readonly) {
|
||||
(void) fclose (db->fp);
|
||||
fclose (db->fp);
|
||||
db->fp = NULL;
|
||||
goto success;
|
||||
}
|
||||
@@ -933,21 +834,27 @@ int commonio_close (struct commonio_db *db)
|
||||
memzero (&sb, sizeof sb);
|
||||
if (NULL != db->fp) {
|
||||
if (fstat (fileno (db->fp), &sb) != 0) {
|
||||
(void) fclose (db->fp);
|
||||
fclose (db->fp);
|
||||
db->fp = NULL;
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (db->scontext != NULL) {
|
||||
if (getfscreatecon (&old_context) < 0) {
|
||||
errors++;
|
||||
goto fail;
|
||||
}
|
||||
if (setfscreatecon (db->scontext) < 0) {
|
||||
errors++;
|
||||
goto fail;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Create backup file.
|
||||
*/
|
||||
snprintf (buf, sizeof buf, "%s-", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (buf) != 0) {
|
||||
errors++;
|
||||
}
|
||||
#endif
|
||||
if (create_backup (buf, db->fp) != 0) {
|
||||
errors++;
|
||||
}
|
||||
@@ -956,11 +863,6 @@ int commonio_close (struct commonio_db *db)
|
||||
errors++;
|
||||
}
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (reset_selinux_file_context () != 0) {
|
||||
errors++;
|
||||
}
|
||||
#endif
|
||||
if (errors != 0) {
|
||||
db->fp = NULL;
|
||||
goto fail;
|
||||
@@ -968,20 +870,15 @@ int commonio_close (struct commonio_db *db)
|
||||
} else {
|
||||
/*
|
||||
* Default permissions for new [g]shadow files.
|
||||
* (passwd and group always exist...)
|
||||
*/
|
||||
sb.st_mode = db->st_mode;
|
||||
sb.st_uid = db->st_uid;
|
||||
sb.st_gid = db->st_gid;
|
||||
sb.st_mode = 0400;
|
||||
sb.st_uid = 0;
|
||||
sb.st_gid = 0;
|
||||
}
|
||||
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (set_selinux_file_context (buf) != 0) {
|
||||
errors++;
|
||||
}
|
||||
#endif
|
||||
|
||||
db->fp = fopen_set_perms (buf, "w", &sb);
|
||||
if (NULL == db->fp) {
|
||||
goto fail;
|
||||
@@ -998,9 +895,9 @@ int commonio_close (struct commonio_db *db)
|
||||
if (fsync (fileno (db->fp)) != 0) {
|
||||
errors++;
|
||||
}
|
||||
#else /* !HAVE_FSYNC */
|
||||
#else
|
||||
sync ();
|
||||
#endif /* !HAVE_FSYNC */
|
||||
#endif
|
||||
if (fclose (db->fp) != 0) {
|
||||
errors++;
|
||||
}
|
||||
@@ -1016,18 +913,25 @@ int commonio_close (struct commonio_db *db)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (reset_selinux_file_context () != 0) {
|
||||
goto fail;
|
||||
}
|
||||
#endif
|
||||
|
||||
nscd_need_reload = true;
|
||||
goto success;
|
||||
fail:
|
||||
errors++;
|
||||
success:
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
if (db->scontext != NULL) {
|
||||
if (NULL != old_context) {
|
||||
if (setfscreatecon (old_context) < 0) {
|
||||
errors++;
|
||||
}
|
||||
freecon (old_context);
|
||||
old_context = NULL;
|
||||
}
|
||||
freecon (db->scontext);
|
||||
db->scontext = NULL;
|
||||
}
|
||||
#endif
|
||||
free_linked_list (db);
|
||||
return errors == 0;
|
||||
}
|
||||
@@ -1058,7 +962,7 @@ static /*@dependent@*/ /*@null@*/struct commonio_entry *find_entry_by_name (
|
||||
struct commonio_db *db,
|
||||
const char *name)
|
||||
{
|
||||
return next_entry_by_name (db, db->head, name);
|
||||
return next_entry_by_name(db, db->head, name);
|
||||
}
|
||||
|
||||
|
||||
@@ -1080,7 +984,6 @@ int commonio_update (struct commonio_db *db, const void *eptr)
|
||||
if (NULL != p) {
|
||||
if (next_entry_by_name (db, p->next, db->ops->getname (eptr)) != NULL) {
|
||||
fprintf (stderr, _("Multiple entries named '%s' in %s. Please fix this with pwck or grpck.\n"), db->ops->getname (eptr), db->filename);
|
||||
db->ops->free (nentry);
|
||||
return 0;
|
||||
}
|
||||
db->ops->free (p->eptr);
|
||||
@@ -1105,46 +1008,14 @@ int commonio_update (struct commonio_db *db, const void *eptr)
|
||||
|
||||
#if KEEP_NIS_AT_END
|
||||
add_one_entry_nis (db, p);
|
||||
#else /* !KEEP_NIS_AT_END */
|
||||
#else
|
||||
add_one_entry (db, p);
|
||||
#endif /* !KEEP_NIS_AT_END */
|
||||
#endif
|
||||
|
||||
db->changed = true;
|
||||
return 1;
|
||||
}
|
||||
|
||||
#ifdef ENABLE_SUBIDS
|
||||
int commonio_append (struct commonio_db *db, const void *eptr)
|
||||
{
|
||||
struct commonio_entry *p;
|
||||
void *nentry;
|
||||
|
||||
if (!db->isopen || db->readonly) {
|
||||
errno = EINVAL;
|
||||
return 0;
|
||||
}
|
||||
nentry = db->ops->dup (eptr);
|
||||
if (NULL == nentry) {
|
||||
errno = ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
/* new entry */
|
||||
p = (struct commonio_entry *) malloc (sizeof *p);
|
||||
if (NULL == p) {
|
||||
db->ops->free (nentry);
|
||||
errno = ENOMEM;
|
||||
return 0;
|
||||
}
|
||||
|
||||
p->eptr = nentry;
|
||||
p->line = NULL;
|
||||
p->changed = true;
|
||||
add_one_entry (db, p);
|
||||
|
||||
db->changed = true;
|
||||
return 1;
|
||||
}
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
|
||||
void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p)
|
||||
{
|
||||
|
||||
+6
-16
@@ -2,7 +2,7 @@
|
||||
* Copyright (c) 1990 - 1994, Julianne Frances Haugh
|
||||
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
||||
* Copyright (c) 2001 - 2005, Tomasz Kłoczko
|
||||
* Copyright (c) 2007 - 2010, Nicolas François
|
||||
* Copyright (c) 2007 - 2008, Nicolas François
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -123,17 +123,10 @@ struct commonio_db {
|
||||
#ifdef WITH_SELINUX
|
||||
/*@null@*/security_context_t scontext;
|
||||
#endif
|
||||
/*
|
||||
* Default permissions and owner for newly created data file.
|
||||
*/
|
||||
mode_t st_mode;
|
||||
uid_t st_uid;
|
||||
gid_t st_gid;
|
||||
/*
|
||||
* Head, tail, current position in linked list.
|
||||
*/
|
||||
/*@owned@*/ /*@null@*/struct commonio_entry *head;
|
||||
/*@dependent@*/ /*@null@*/struct commonio_entry *tail;
|
||||
/*@owned@*/ /*@null@*/struct commonio_entry *head, *tail;
|
||||
/*@dependent@*/ /*@null@*/struct commonio_entry *cursor;
|
||||
|
||||
/*
|
||||
@@ -148,23 +141,20 @@ struct commonio_db {
|
||||
extern int commonio_setname (struct commonio_db *, const char *);
|
||||
extern bool commonio_present (const struct commonio_db *db);
|
||||
extern int commonio_lock (struct commonio_db *);
|
||||
extern int commonio_lock_nowait (struct commonio_db *, bool log);
|
||||
extern int commonio_lock_nowait (struct commonio_db *);
|
||||
extern int commonio_open (struct commonio_db *, int);
|
||||
extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
|
||||
extern int commonio_update (struct commonio_db *, const void *);
|
||||
#ifdef ENABLE_SUBIDS
|
||||
extern int commonio_append (struct commonio_db *, const void *);
|
||||
#endif /* ENABLE_SUBIDS */
|
||||
extern int commonio_remove (struct commonio_db *, const char *);
|
||||
extern int commonio_rewind (struct commonio_db *);
|
||||
extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);
|
||||
extern int commonio_close (struct commonio_db *);
|
||||
extern int commonio_unlock (struct commonio_db *);
|
||||
extern void commonio_del_entry (struct commonio_db *,
|
||||
const struct commonio_entry *);
|
||||
const struct commonio_entry *);
|
||||
extern int commonio_sort_wrt (struct commonio_db *shadow,
|
||||
const struct commonio_db *passwd);
|
||||
struct commonio_db *passwd);
|
||||
extern int commonio_sort (struct commonio_db *db,
|
||||
int (*cmp) (const void *, const void *));
|
||||
int (*cmp) (const void *, const void *));
|
||||
|
||||
#endif
|
||||
|
||||
+1
-1
@@ -177,7 +177,7 @@ char *strchr (), *strrchr (), *strtok ();
|
||||
* --Nekral */
|
||||
#define SYSLOG(x) \
|
||||
do { \
|
||||
char *old_locale = setlocale (LC_ALL, NULL); \
|
||||
char *old_locale = setlocale(LC_ALL, NULL); \
|
||||
char *saved_locale = NULL; \
|
||||
if (NULL != old_locale) { \
|
||||
saved_locale = strdup (old_locale); \
|
||||
|
||||
+12
-11
@@ -2,7 +2,7 @@
|
||||
* Copyright (c) 1990 - 1993, Julianne Frances Haugh
|
||||
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
||||
* Copyright (c) 2005 , Tomasz Kłoczko
|
||||
* Copyright (c) 2007 - 2010, Nicolas François
|
||||
* Copyright (c) 2007 - 2008, Nicolas François
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -40,26 +40,27 @@
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
|
||||
/*@exposed@*//*@null@*/char *pw_encrypt (const char *clear, const char *salt)
|
||||
char *pw_encrypt (const char *clear, const char *salt)
|
||||
{
|
||||
static char cipher[128];
|
||||
char *cp;
|
||||
|
||||
cp = crypt (clear, salt);
|
||||
if (NULL == cp) {
|
||||
if (!cp) {
|
||||
/*
|
||||
* Single Unix Spec: crypt() may return a null pointer,
|
||||
* and set errno to indicate an error. In this case return
|
||||
* the NULL so the caller can handle appropriately.
|
||||
* and set errno to indicate an error. The caller doesn't
|
||||
* expect us to return NULL, so...
|
||||
*/
|
||||
return NULL;
|
||||
perror ("crypt");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/* Some crypt() do not return NULL if the algorithm is not
|
||||
/* The GNU crypt does not return NULL if the algorithm is not
|
||||
* supported, and return a DES encrypted password. */
|
||||
if ((NULL != salt) && (salt[0] == '$') && (strlen (cp) <= 13))
|
||||
{
|
||||
/*@observer@*/const char *method;
|
||||
const char *method;
|
||||
switch (salt[1])
|
||||
{
|
||||
case '1':
|
||||
@@ -78,9 +79,9 @@
|
||||
method = &nummethod[0];
|
||||
}
|
||||
}
|
||||
(void) fprintf (stderr,
|
||||
_("crypt method not supported by libcrypt? (%s)\n"),
|
||||
method);
|
||||
fprintf (stderr,
|
||||
_("crypt method not supported by libcrypt? (%s)\n"),
|
||||
method);
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
|
||||
+29
-62
@@ -49,32 +49,6 @@ struct itemdef {
|
||||
/*@null@*/char *value; /* value given, or NULL if no value */
|
||||
};
|
||||
|
||||
#define PAMDEFS \
|
||||
{"CHFN_AUTH", NULL}, \
|
||||
{"CHSH_AUTH", NULL}, \
|
||||
{"CRACKLIB_DICTPATH", NULL}, \
|
||||
{"ENV_HZ", NULL}, \
|
||||
{"ENVIRON_FILE", NULL}, \
|
||||
{"ENV_TZ", NULL}, \
|
||||
{"FAILLOG_ENAB", NULL}, \
|
||||
{"FTMP_FILE", NULL}, \
|
||||
{"ISSUE_FILE", NULL}, \
|
||||
{"LASTLOG_ENAB", NULL}, \
|
||||
{"LOGIN_STRING", NULL}, \
|
||||
{"MAIL_CHECK_ENAB", NULL}, \
|
||||
{"MOTD_FILE", NULL}, \
|
||||
{"NOLOGINS_FILE", NULL}, \
|
||||
{"OBSCURE_CHECKS_ENAB", NULL}, \
|
||||
{"PASS_ALWAYS_WARN", NULL}, \
|
||||
{"PASS_CHANGE_TRIES", NULL}, \
|
||||
{"PASS_MAX_LEN", NULL}, \
|
||||
{"PASS_MIN_LEN", NULL}, \
|
||||
{"PORTTIME_CHECKS_ENAB", NULL}, \
|
||||
{"QUOTAS_ENAB", NULL}, \
|
||||
{"SU_WHEEL_ONLY", NULL}, \
|
||||
{"ULIMIT", NULL},
|
||||
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
@@ -107,12 +81,6 @@ static struct itemdef def_table[] = {
|
||||
{"SHA_CRYPT_MAX_ROUNDS", NULL},
|
||||
{"SHA_CRYPT_MIN_ROUNDS", NULL},
|
||||
#endif
|
||||
{"SUB_GID_COUNT", NULL},
|
||||
{"SUB_GID_MAX", NULL},
|
||||
{"SUB_GID_MIN", NULL},
|
||||
{"SUB_UID_COUNT", NULL},
|
||||
{"SUB_UID_MAX", NULL},
|
||||
{"SUB_UID_MIN", NULL},
|
||||
{"SULOG_FILE", NULL},
|
||||
{"SU_NAME", NULL},
|
||||
{"SYS_GID_MAX", NULL},
|
||||
@@ -128,28 +96,37 @@ static struct itemdef def_table[] = {
|
||||
{"USERDEL_CMD", NULL},
|
||||
{"USERGROUPS_ENAB", NULL},
|
||||
#ifndef USE_PAM
|
||||
PAMDEFS
|
||||
{"CHFN_AUTH", NULL},
|
||||
{"CHSH_AUTH", NULL},
|
||||
{"CRACKLIB_DICTPATH", NULL},
|
||||
{"ENV_HZ", NULL},
|
||||
{"ENVIRON_FILE", NULL},
|
||||
{"ENV_TZ", NULL},
|
||||
{"FAILLOG_ENAB", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
{"ISSUE_FILE", NULL},
|
||||
{"LASTLOG_ENAB", NULL},
|
||||
{"LOGIN_STRING", NULL},
|
||||
{"MAIL_CHECK_ENAB", NULL},
|
||||
{"MOTD_FILE", NULL},
|
||||
{"NOLOGINS_FILE", NULL},
|
||||
{"OBSCURE_CHECKS_ENAB", NULL},
|
||||
{"PASS_ALWAYS_WARN", NULL},
|
||||
{"PASS_CHANGE_TRIES", NULL},
|
||||
{"PASS_MAX_LEN", NULL},
|
||||
{"PASS_MIN_LEN", NULL},
|
||||
{"PORTTIME_CHECKS_ENAB", NULL},
|
||||
{"QUOTAS_ENAB", NULL},
|
||||
{"SU_WHEEL_ONLY", NULL},
|
||||
{"ULIMIT", NULL},
|
||||
#endif
|
||||
#ifdef USE_SYSLOG
|
||||
{"SYSLOG_SG_ENAB", NULL},
|
||||
{"SYSLOG_SU_ENAB", NULL},
|
||||
#endif
|
||||
#ifdef WITH_TCB
|
||||
{"TCB_AUTH_GROUP", NULL},
|
||||
{"TCB_SYMLINKS", NULL},
|
||||
{"USE_TCB", NULL},
|
||||
#endif
|
||||
{"FORCE_SHADOW", NULL},
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
#define NUMKNOWNDEFS (sizeof(knowndef_table)/sizeof(knowndef_table[0]))
|
||||
static struct itemdef knowndef_table[] = {
|
||||
#ifdef USE_PAM
|
||||
PAMDEFS
|
||||
#endif
|
||||
};
|
||||
|
||||
#ifndef LOGINDEFS
|
||||
#define LOGINDEFS "/etc/login.defs"
|
||||
#endif
|
||||
@@ -409,17 +386,10 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
|
||||
* Item was never found.
|
||||
*/
|
||||
|
||||
for (ptr = knowndef_table; NULL != ptr->name; ptr++) {
|
||||
if (strcmp (ptr->name, name) == 0) {
|
||||
goto out;
|
||||
}
|
||||
}
|
||||
fprintf (stderr,
|
||||
_("configuration error - unknown item '%s' (notify administrator)\n"),
|
||||
name);
|
||||
SYSLOG ((LOG_CRIT, "unknown configuration item `%s'", name));
|
||||
|
||||
out:
|
||||
return (struct itemdef *) NULL;
|
||||
}
|
||||
|
||||
@@ -435,26 +405,23 @@ static void def_load (void)
|
||||
FILE *fp;
|
||||
char buf[1024], *name, *value, *s;
|
||||
|
||||
/*
|
||||
* Set the initialized flag.
|
||||
* (do it early to prevent recursion in putdef_str())
|
||||
*/
|
||||
def_loaded = true;
|
||||
|
||||
/*
|
||||
* Open the configuration definitions file.
|
||||
*/
|
||||
fp = fopen (def_fname, "r");
|
||||
if (NULL == fp) {
|
||||
if (errno == ENOENT)
|
||||
return;
|
||||
|
||||
int err = errno;
|
||||
SYSLOG ((LOG_CRIT, "cannot open login definitions %s [%s]",
|
||||
def_fname, strerror (err)));
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the initialized flag.
|
||||
* (do it early to prevent recursion in putdef_str())
|
||||
*/
|
||||
def_loaded = true;
|
||||
|
||||
/*
|
||||
* Go through all of the lines in the file.
|
||||
*/
|
||||
|
||||
+6
-3
@@ -44,19 +44,22 @@
|
||||
*/
|
||||
int getulong (const char *numstr, /*@out@*/unsigned long int *result)
|
||||
{
|
||||
unsigned long int val;
|
||||
long long int val;
|
||||
char *endptr;
|
||||
|
||||
errno = 0;
|
||||
val = strtoul (numstr, &endptr, 0);
|
||||
val = strtoll (numstr, &endptr, 0);
|
||||
if ( ('\0' == *numstr)
|
||||
|| ('\0' != *endptr)
|
||||
|| (ERANGE == errno)
|
||||
/*@+ignoresigns@*/
|
||||
|| (val != (unsigned long int)val)
|
||||
/*@=ignoresigns@*/
|
||||
) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
*result = val;
|
||||
*result = (unsigned long int)val;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
+8
-48
@@ -3,7 +3,7 @@
|
||||
* Copyright (c) 1996 - 2000, Marek Michałkiewicz
|
||||
* Copyright (c) 2001 , Michał Moskal
|
||||
* Copyright (c) 2005 , Tomasz Kłoczko
|
||||
* Copyright (c) 2007 - 2010, Nicolas François
|
||||
* Copyright (c) 2007 - 2009, Nicolas François
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -80,23 +80,6 @@ static int group_put (const void *ent, FILE * file)
|
||||
{
|
||||
const struct group *gr = ent;
|
||||
|
||||
if ( (NULL == gr)
|
||||
|| (valid_field (gr->gr_name, ":\n") == -1)
|
||||
|| (valid_field (gr->gr_passwd, ":\n") == -1)
|
||||
|| (gr->gr_gid == (gid_t)-1)) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* FIXME: fail also if gr->gr_mem == NULL ?*/
|
||||
if (NULL != gr->gr_mem) {
|
||||
size_t i;
|
||||
for (i = 0; NULL != gr->gr_mem[i]; i++) {
|
||||
if (valid_field (gr->gr_mem[i], ",:\n") == -1) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return (putgrent (gr, file) == -1) ? -1 : 0;
|
||||
}
|
||||
|
||||
@@ -130,9 +113,6 @@ static /*@owned@*/struct commonio_db group_db = {
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
0644, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
NULL, /* tail */
|
||||
NULL, /* cursor */
|
||||
@@ -333,7 +313,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
|
||||
/* Concatenate the 2 lines */
|
||||
new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
|
||||
new_line = (char *)malloc (new_line_len + 1);
|
||||
new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*));
|
||||
if (NULL == new_line) {
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
@@ -356,7 +336,7 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
members++;
|
||||
}
|
||||
}
|
||||
new_members = (char **)calloc ( (members+1), sizeof(char*) );
|
||||
new_members = (char **)malloc ( (members+1) * sizeof(char*) );
|
||||
if (NULL == new_members) {
|
||||
free (new_line);
|
||||
errno = ENOMEM;
|
||||
@@ -365,8 +345,6 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
for (i=0; NULL != gptr1->gr_mem[i]; i++) {
|
||||
new_members[i] = gptr1->gr_mem[i];
|
||||
}
|
||||
/* NULL termination enforced by above calloc */
|
||||
|
||||
members = i;
|
||||
for (i=0; NULL != gptr2->gr_mem[i]; i++) {
|
||||
char **pmember = new_members;
|
||||
@@ -404,19 +382,15 @@ static int split_groups (unsigned int max_members)
|
||||
struct commonio_entry *new;
|
||||
struct group *new_gptr;
|
||||
unsigned int members = 0;
|
||||
unsigned int i;
|
||||
|
||||
/* Check if this group must be split */
|
||||
if (!gr->changed) {
|
||||
if (!gr->changed)
|
||||
continue;
|
||||
}
|
||||
if (NULL == gptr) {
|
||||
if (NULL == gptr)
|
||||
continue;
|
||||
}
|
||||
for (members = 0; NULL != gptr->gr_mem[members]; members++);
|
||||
if (members <= max_members) {
|
||||
if (members <= max_members)
|
||||
continue;
|
||||
}
|
||||
|
||||
new = (struct commonio_entry *) malloc (sizeof *new);
|
||||
if (NULL == new) {
|
||||
@@ -434,23 +408,9 @@ static int split_groups (unsigned int max_members)
|
||||
new->changed = true;
|
||||
|
||||
/* Enforce the maximum number of members on gptr */
|
||||
for (i = max_members; NULL != gptr->gr_mem[i]; i++) {
|
||||
free (gptr->gr_mem[i]);
|
||||
gptr->gr_mem[i] = NULL;
|
||||
}
|
||||
/* Shift all the members */
|
||||
gptr->gr_mem[max_members] = NULL;
|
||||
/* The number of members in new_gptr will be check later */
|
||||
for (i = 0; NULL != new_gptr->gr_mem[i + max_members]; i++) {
|
||||
if (NULL != new_gptr->gr_mem[i]) {
|
||||
free (new_gptr->gr_mem[i]);
|
||||
}
|
||||
new_gptr->gr_mem[i] = new_gptr->gr_mem[i + max_members];
|
||||
new_gptr->gr_mem[i + max_members] = NULL;
|
||||
}
|
||||
for (; NULL != new_gptr->gr_mem[i]; i++) {
|
||||
free (new_gptr->gr_mem[i]);
|
||||
new_gptr->gr_mem[i] = NULL;
|
||||
}
|
||||
new_gptr->gr_mem = &new_gptr->gr_mem[max_members];
|
||||
|
||||
/* insert the new entry in the list */
|
||||
new->prev = gr;
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user