Compare commits
1898 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 6fbc11ce21 | |||
| ff2baed5db | |||
| 94da3dc5c8 | |||
| 9df58a7545 | |||
| 5b017af90d | |||
| a7a7a1fdea | |||
| ca0ccaba27 | |||
| 8f1836bad9 | |||
| 61fc90b268 | |||
| 1d5a926cc2 | |||
| 7f5a14817d | |||
| 9bf01bf010 | |||
| 358bd9b359 | |||
| dd50014055 | |||
| a84b0cafdd | |||
| a4dee3d1ad | |||
| 340729bbe8 | |||
| 4518826376 | |||
| aa38e0da9a | |||
| ef45bb2496 | |||
| edec2d057d | |||
| 66897b6f6d | |||
| af064545bf | |||
| 9ab9e6f331 | |||
| 65c2617140 | |||
| 24468e4525 | |||
| df11d701e1 | |||
| d2fa8c5d4b | |||
| e01bad7d3c | |||
| 4c4896f0d5 | |||
| 5fadb341c3 | |||
| 29ee91ae7d | |||
| 5533eb40d1 | |||
| 533d2bab3d | |||
| f68f813073 | |||
| 7edb32e75f | |||
| acf11efe54 | |||
| a887847ca2 | |||
| c17f5ec460 | |||
| df5dafe049 | |||
| 3c32fd4a29 | |||
| ecb6f0c3e3 | |||
| 169e14c7ac | |||
| 316fa38dbc | |||
| 884895ae25 | |||
| 464456fa31 | |||
| bab349b46e | |||
| 46a72bc342 | |||
| ee43f47f45 | |||
| 71c6165dcd | |||
| 51c1fc93e3 | |||
| 17887b216d | |||
| 01eab0c3b9 | |||
| 6b65c6aeae | |||
| 3fb292f3c7 | |||
| a8bf8af5aa | |||
| d8c8e8b4b6 | |||
| 930e76ad0d | |||
| 83b5a746d9 | |||
| a7f8176be6 | |||
| 1b4db814ea | |||
| 9ae9ca833a | |||
| 66f87b8caf | |||
| bba85fcae3 | |||
| a0104a9ed8 | |||
| 112e015f05 | |||
| e6246599eb | |||
| 1d049b6aed | |||
| 37e2a687e3 | |||
| a113b87c45 | |||
| b999d48941 | |||
| 2cb54158b8 | |||
| 420943657c | |||
| 4911773b77 | |||
| 980c804153 | |||
| 578947e661 | |||
| 5e87ff0615 | |||
| d409947e9a | |||
| ba527c728e | |||
| 50bb452dd1 | |||
| 90ac3a3207 | |||
| 684de2abff | |||
| 44faa3b796 | |||
| 138682fd30 | |||
| 373dd2dc3d | |||
| 3ea09ae998 | |||
| 115aeef1c4 | |||
| 2883ff6ad5 | |||
| c3b6417226 | |||
| eceedf43cf | |||
| 6f8dd000f6 | |||
| 2e46882a9b | |||
| 5917347c6f | |||
| 7d5732cb49 | |||
| 1a8d386288 | |||
| 0f26591422 | |||
| cd1bd8bf4c | |||
| b84b918464 | |||
| 00f573fce2 | |||
| 9951b1f569 | |||
| 0094abea6e | |||
| 8781aff637 | |||
| a5e3dbb0e3 | |||
| 29bd7e1929 | |||
| e1a4b6e57b | |||
| 5884ba907c | |||
| 64fe2f7db6 | |||
| 3bdf723bab | |||
| 9126425a21 | |||
| bfbd83239e | |||
| d9d1bb4acb | |||
| 5d3a785c55 | |||
| eeab0bebfa | |||
| d611d54ed4 | |||
| 1fb1486c8a | |||
| d83866d006 | |||
| 14ebc92d8c | |||
| 45986f8dc8 | |||
| 561ba96ec7 | |||
| cfad7327a5 | |||
| 316bc6b3f4 | |||
| ac53650da5 | |||
| 94c52130be | |||
| ee2b88b7b1 | |||
| 1955170a14 | |||
| 9fdd176e45 | |||
| bae65562ef | |||
| 95d1e146b2 | |||
| fcb7222b1a | |||
| 5d491ef9da | |||
| c0ce911b5e | |||
| 673c2a6f9a | |||
| 2cffa14105 | |||
| c485cfabd8 | |||
| 3b3c8001fe | |||
| 5f2e4b18f8 | |||
| 2cc8c2c0dc | |||
| d5b3092331 | |||
| 89f7b0868c | |||
| 87253ca906 | |||
| 7296cbdbfe | |||
| a8f26262cf | |||
| f28ad4b251 | |||
| 5620c5ab5d | |||
| 23fd6cb1da | |||
| a881a2c8d4 | |||
| 60fc4bbf57 | |||
| 7903a1b767 | |||
| 4dbca60435 | |||
| a168d046f3 | |||
| 08489a4e22 | |||
| 0d66002c95 | |||
| e8ab31d009 | |||
| ee1952424d | |||
| b6c1a8579e | |||
| 64ddc26bbf | |||
| 4e65be1211 | |||
| 9be164101d | |||
| 48b2c4bff4 | |||
| 7a16f4582d | |||
| b10cba0e0a | |||
| d3b95d1d26 | |||
| 04b950b824 | |||
| 4145b98314 | |||
| 52a38d5509 | |||
| a6769c050b | |||
| d172cccd07 | |||
| 945eb8f50b | |||
| c11132a3a1 | |||
| 32726af23a | |||
| 1c78e3f3b8 | |||
| 9151e673e4 | |||
| 042d6c48b3 | |||
| cdd3ebfcf1 | |||
| faaa8daffb | |||
| e108f473ec | |||
| f100b5ea7e | |||
| 8690c74d6a | |||
| 788374bd8c | |||
| d755279fad | |||
| fb7906760e | |||
| 1a7960421e | |||
| 56845ad1c1 | |||
| 1e0450dfb1 | |||
| 46f6d77c55 | |||
| 17deaa39f5 | |||
| f243d4077d | |||
| f741583f1a | |||
| 1586a91909 | |||
| de8a22a2f4 | |||
| 19d5ec6921 | |||
| 9f34a68dba | |||
| 0c1cbaede8 | |||
| e363962dd2 | |||
| 659684836d | |||
| 19699033bf | |||
| 011c5155fa | |||
| c18ec76e85 | |||
| b261fbd7bb | |||
| c0a22d7b56 | |||
| 4f275ec75b | |||
| 1528ae16a0 | |||
| d069726634 | |||
| 2aa73f7823 | |||
| c71d787454 | |||
| c1eecc94ec | |||
| 917e9af67b | |||
| 6e6ef6fd57 | |||
| 6e26b9a42c | |||
| 85c27fd775 | |||
| 4efcee14e4 | |||
| e4a5d4de87 | |||
| 4502d89d87 | |||
| b2b259a985 | |||
| 1640d73997 | |||
| 1b4d4b6708 | |||
| 22591a77b2 | |||
| 1161388b2b | |||
| 4fb8cf2f6b | |||
| db0d48471e | |||
| b949241d12 | |||
| 4dfd1519ac | |||
| 59e64f8b82 | |||
| 7ac5cc7dd0 | |||
| 2c24c012bd | |||
| cc8be680ca | |||
| 3084e71acb | |||
| a92f55b609 | |||
| daa8d1141e | |||
| 360f12cd44 | |||
| e570b8ded4 | |||
| bd4a6c9966 | |||
| 4049c0e69e | |||
| 05823ad867 | |||
| 82d767d121 | |||
| 6e2c6ffdf7 | |||
| 5762d08f4f | |||
| 61bb0aa943 | |||
| 2f1e13ff7a | |||
| 653d22c3e9 | |||
| 8f008f8319 | |||
| e538a4e2a3 | |||
| 29050eadb5 | |||
| f3ef11056f | |||
| ae0229549d | |||
| 2e1652fdec | |||
| 72ba5c4de7 | |||
| d2a516a75d | |||
| 725e83ac21 | |||
| 3f84cb3699 | |||
| d65129f3c8 | |||
| 57f9d5ae9c | |||
| 2ecea675ee | |||
| f64c88d629 | |||
| 3c608e56f6 | |||
| f54a68ac76 | |||
| 3bb7c43694 | |||
| 61ba4bf46e | |||
| 184f9d40e6 | |||
| f3afeb9c04 | |||
| 2a2c8190ec | |||
| 45154f1d68 | |||
| 7861eaa5ec | |||
| f0a63185c9 | |||
| 7d8ca29bea | |||
| e4fbf98b18 | |||
| f4d95eecc0 | |||
| 900943192f | |||
| b9163f6348 | |||
| 0530588266 | |||
| b26f73f427 | |||
| e2068416c9 | |||
| a2d23700e4 | |||
| 0857837e64 | |||
| d15f2c6214 | |||
| 6eb0500d3d | |||
| 7b8c4952a8 | |||
| 4beca611fb | |||
| 1aa30ba551 | |||
| fc5cd8840e | |||
| ec2b9f59f7 | |||
| 799f30b08d | |||
| bf90350fe7 | |||
| c017dd73aa | |||
| 9195f6085d | |||
| 057cbaa4ae | |||
| aa2957e62a | |||
| 50eafd769b | |||
| cecae46ccf | |||
| 0b5574c28a | |||
| c237be820b | |||
| eee4152981 | |||
| 2afa955401 | |||
| 704f28df98 | |||
| edbdb4bf03 | |||
| d3195c6b5f | |||
| 8fcb361fb8 | |||
| f870cc7eab | |||
| 03e5751102 | |||
| 05b55446da | |||
| f1db2383fc | |||
| cd10be6c91 | |||
| 2b5ba27ff8 | |||
| fa96d1bb78 | |||
| 23afb3fd07 | |||
| 6f05b866bc | |||
| 603d949ed5 | |||
| 4ce849a5ed | |||
| 7b0116c5b4 | |||
| a52a8d8a5d | |||
| 75936bf9f7 | |||
| 0d00d3eecf | |||
| 93ee4927bc | |||
| 5570ec21b4 | |||
| 5530a47d76 | |||
| fc0057ff35 | |||
| ec309dcac8 | |||
| ee0e0f9943 | |||
| 7f842bdf4f | |||
| 7c96d6cbcc | |||
| 5eb9ed0aaf | |||
| 94c1763f71 | |||
| 1304a3106b | |||
| a9c38f4902 | |||
| e2bdb4ff83 | |||
| 41accaf963 | |||
| 5f37d13405 | |||
| 745bcb5406 | |||
| 1f4f00acad | |||
| 905e14ee83 | |||
| f8d47df43b | |||
| 934bfa5969 | |||
| 00d1ab6454 | |||
| 019048c555 | |||
| 6223c40c2d | |||
| e7c09ab3df | |||
| 75fa697526 | |||
| 771a3624f5 | |||
| 7fed07f1e9 | |||
| 7180f03376 | |||
| 2aefca0f2e | |||
| 7e8aa5429a | |||
| 2be8650d2c | |||
| 495125415b | |||
| 1def4ef49d | |||
| bb67476209 | |||
| e8373305b4 | |||
| 275ffe2e01 | |||
| a210d898b6 | |||
| 8bce7fc016 | |||
| 39cecdab06 | |||
| a7fee9db00 | |||
| d4e630b8cc | |||
| 82b92af086 | |||
| c23e851074 | |||
| c2333946c0 | |||
| 2c6782b501 | |||
| c2f5088067 | |||
| 8195a2b5d8 | |||
| 2798e35d86 | |||
| d1753cc25d | |||
| a5ded26850 | |||
| d51420bb01 | |||
| aec025dbf6 | |||
| 95257d63a1 | |||
| 9cfc91a935 | |||
| 13873a8799 | |||
| cc6eaf9584 | |||
| 1a164919f1 | |||
| 3bdad35e9f | |||
| 275ac4c5e0 | |||
| 504a89d25b | |||
| 42666a6b03 | |||
| c786f4887f | |||
| 75f4b049a6 | |||
| 907025eb40 | |||
| 66d71aafb7 | |||
| 317939e821 | |||
| 1340beed16 | |||
| e9045e9f55 | |||
| 69371ba2c2 | |||
| dbe0b96404 | |||
| 43e65fdd46 | |||
| 5d6f4f8ea4 | |||
| b63c830547 | |||
| 927c2f06a3 | |||
| 40a16a1b04 | |||
| 6be3ac560b | |||
| b661b913b5 | |||
| b273c4d19f | |||
| 7ebfb5c90f | |||
| 3abd71c526 | |||
| dc90c77285 | |||
| 2f71935616 | |||
| 941e94f1d2 | |||
| 4be8077a56 | |||
| aef33a89c2 | |||
| 1ddde00b1d | |||
| f66bd259cf | |||
| ea34d36d62 | |||
| b5403415f7 | |||
| a8ca723277 | |||
| 14f44bd9c9 | |||
| c9281b5bb9 | |||
| ce737cf543 | |||
| e8723c375f | |||
| 6b14946d81 | |||
| 597bb764f1 | |||
| f406d16b7b | |||
| 58baa7aa61 | |||
| f140c3a0e5 | |||
| 99d0164837 | |||
| 143f479869 | |||
| 7864e1edf5 | |||
| ed6107c8c5 | |||
| d4d8ab87ac | |||
| af89454645 | |||
| e10346124f | |||
| 0d3d7722c1 | |||
| 72ba55b056 | |||
| 82cfc819a8 | |||
| 699edaab3b | |||
| a342b207b2 | |||
| ee163bed33 | |||
| f4b544786c | |||
| d7fa77f03b | |||
| a9b8e7aaa3 | |||
| 0419fc4f5f | |||
| 7de49dec7b | |||
| 0398323a60 | |||
| 8b4f07692e | |||
| dffc624b37 | |||
| d1bad25f40 | |||
| 229f243ca0 | |||
| 91f972bb59 | |||
| 493009ac91 | |||
| 0355e4e930 | |||
| 8184041c7e | |||
| 1d336d3a1e | |||
| 991ce97170 | |||
| bf480028f5 | |||
| ab9427420e | |||
| 07e462f01f | |||
| 7eb6a4b3a4 | |||
| 471a2df3a6 | |||
| 7e398a169b | |||
| 7bb81f6c3e | |||
| c56d59c90b | |||
| 791ebc58dd | |||
| 3f63005e91 | |||
| f7a00a2334 | |||
| 6a2f349ec5 | |||
| 4f667bb442 | |||
| 22294bfac8 | |||
| 07e67e1350 | |||
| 660ed49daf | |||
| fad23b25a1 | |||
| 6b74294844 | |||
| 11a564b6bd | |||
| 939386aabb | |||
| 01ed010aed | |||
| 52ec0ba938 | |||
| 4f8310dfde | |||
| 263f37a69b | |||
| 56483122b6 | |||
| 16362e289b | |||
| 586a8f9e9e | |||
| a9249dbb0a | |||
| 47733f1a0f | |||
| bb02ec3261 | |||
| c3689fa60b | |||
| dc0947da78 | |||
| 427b60f288 | |||
| 902aad57af | |||
| 6afd7859f8 | |||
| cfce9890fb | |||
| 4b98379ce1 | |||
| ee3d411024 | |||
| 40d1598165 | |||
| 97961b8bee | |||
| fcd5b38caf | |||
| 052e9105f7 | |||
| 4375be4642 | |||
| 5ebb35654b | |||
| a83124dade | |||
| f729486b33 | |||
| d1eae4c7e3 | |||
| 9b6beb496a | |||
| 6e0fa02fd0 | |||
| f19f67c39c | |||
| 823735750a | |||
| 68b6e6d2be | |||
| e19c7200eb | |||
| be3a05eab2 | |||
| 5e38d92a95 | |||
| 5204a15f95 | |||
| 680a4985ea | |||
| dfce564026 | |||
| 52c2bb51fb | |||
| 6b14a0d08c | |||
| 395914c162 | |||
| 8e2010a26c | |||
| 86498400da | |||
| abffa73776 | |||
| 0cbbdb32c4 | |||
| 79fa4f3343 | |||
| ab50cd2bd8 | |||
| 27f67dcad0 | |||
| 6a1dea6602 | |||
| 657271eb04 | |||
| 2db82460b1 | |||
| 07c6e99725 | |||
| f77e9d0d80 | |||
| a996fac57b | |||
| 8228f99c36 | |||
| 41b5cc2d20 | |||
| d1f5c949a9 | |||
| 29025e40f4 | |||
| 1d6673a166 | |||
| fba0a83c03 | |||
| 7195eb991d | |||
| 9f4653b0df | |||
| 99fbf50fa2 | |||
| ee15c8717f | |||
| 37b4c8737f | |||
| 1d969818fd | |||
| 4ca259adaa | |||
| 11e132c8eb | |||
| 8402479e16 | |||
| aa35a8e46e | |||
| 51d181ca58 | |||
| 1bc0a303dc | |||
| 43211abb65 | |||
| 8acf9cd11d | |||
| fe71812b1d | |||
| a013f8519b | |||
| c0e7dcd2fd | |||
| 5d6c314304 | |||
| c5fc8dd75d | |||
| ad694905be | |||
| 6c4e2931ef | |||
| fd39a24b34 | |||
| ccc65bfde7 | |||
| f13f60504a | |||
| 33d3e28a7f | |||
| 69798dde65 | |||
| ad6730687f | |||
| e7d57e1a77 | |||
| f9b8a95b92 | |||
| 5cd1d6e287 | |||
| 59910c45d5 | |||
| a8b11f5c18 | |||
| d562701538 | |||
| 9866af3777 | |||
| 391a384715 | |||
| 5ba95d4c53 | |||
| 291b28ac52 | |||
| 0fce70b091 | |||
| c5c94a1d2c | |||
| 289913e5ff | |||
| e770e87035 | |||
| 248d5fd870 | |||
| 7fa666b909 | |||
| 27db71370a | |||
| a632c4047e | |||
| cc873b51c3 | |||
| 5c46f26505 | |||
| b70e0a466f | |||
| d7ac25f813 | |||
| 1af98ea784 | |||
| 2be243c143 | |||
| 1e51ab0b23 | |||
| a845c67c60 | |||
| 756700ddf3 | |||
| da18e77e9a | |||
| 38e7ec3316 | |||
| ee792a8fa1 | |||
| 1f8e2dcda2 | |||
| f103e6263d | |||
| 031279dfb2 | |||
| 2a58111fc1 | |||
| d346c7c6a7 | |||
| 1a86dc913f | |||
| 1e6b107d99 | |||
| 8806b07bd2 | |||
| ff60398b1c | |||
| 32e2ef34a3 | |||
| 91b60a955c | |||
| 3d10e75117 | |||
| 915e78ee2d | |||
| 9031103c24 | |||
| 3db03960be | |||
| afa1c65d32 | |||
| 41aa36a0a3 | |||
| e568b9e435 | |||
| 36ef489fe1 | |||
| 65741533ca | |||
| 93ce5304fe | |||
| 355e31d19d | |||
| 24cfe44b07 | |||
| db38a728d1 | |||
| 4ad827768e | |||
| b04c2d7e99 | |||
| cb550dae17 | |||
| 56c7096000 | |||
| b0bcb01888 | |||
| f7257fafe1 | |||
| 616ed68b48 | |||
| 7e96d749e4 | |||
| 885692e3c5 | |||
| bbb2a1522f | |||
| ae00a3579c | |||
| fa69d08d13 | |||
| 7d5d9c1841 | |||
| 80907f451b | |||
| f4f6300499 | |||
| d6f18c207e | |||
| 35c0b2cb47 | |||
| d07e4b8e32 | |||
| 0762426c4d | |||
| 5cd975acbf | |||
| ae69e6da5a | |||
| 647c22c85a | |||
| 1edc2153bb | |||
| bf56a7097e | |||
| a6418fb0df | |||
| 401d72d609 | |||
| a1352582df | |||
| 2e239f44cf | |||
| 5b22b11454 | |||
| 91d5c24f58 | |||
| e9a8ffbb51 | |||
| 1b9b5ec306 | |||
| f596cd113c | |||
| 2e075ad91b | |||
| fd55bd5d4a | |||
| 604c7d72d9 | |||
| 738ebc04b9 | |||
| 8dfd253b9c | |||
| 2a08642cdc | |||
| 3aa2765d59 | |||
| 12235612b5 | |||
| 39b17ee5d5 | |||
| 37bda83dfc | |||
| 16ea6678ef | |||
| a7118480af | |||
| 41705d4532 | |||
| b98658bd11 | |||
| 50916c195b | |||
| a61ecc3177 | |||
| 627ebe09ed | |||
| 2adab29e61 | |||
| fb41fb8c46 | |||
| 738eac8669 | |||
| 82afbc40ce | |||
| 00694672cd | |||
| fa2afc96ac | |||
| 42cb56a3a0 | |||
| b5e7ede8b7 | |||
| c859ad91c4 | |||
| 5dead2b296 | |||
| 6573e0175f | |||
| 96816f495e | |||
| 9f13b4fdaa | |||
| 5f143879df | |||
| 785231657c | |||
| b9ecd1cf42 | |||
| 4a4549c49b | |||
| 3e85eafb4c | |||
| e3343c1d9b | |||
| 297141c6c4 | |||
| 589a773f7e | |||
| f634cd3e2c | |||
| 8eaa6f8b4c | |||
| 9ee294ba70 | |||
| d945d61e42 | |||
| f8f0886248 | |||
| 87bb724151 | |||
| 205e8b5137 | |||
| a9b8fdc3c9 | |||
| 321e3ed02c | |||
| 63e6dc6b11 | |||
| a96a8861dd | |||
| 24875bb422 | |||
| 74073db5db | |||
| fe0a5b6ee3 | |||
| 12875d2687 | |||
| 489432d742 | |||
| 750093a3ed | |||
| a01499179f | |||
| 6ba7fd7d13 | |||
| 1737e6e0ec | |||
| 3f649c5504 | |||
| 9bdcf8fa15 | |||
| 7f9e196903 | |||
| 8bcb2c1e71 | |||
| 79db09da98 | |||
| 8f64190223 | |||
| ce684e236c | |||
| d1534c53f7 | |||
| 19b672c3a4 | |||
| a979e7d14d | |||
| 4654150518 | |||
| 0921785ca2 | |||
| b60e8b6b45 | |||
| 538336a332 | |||
| 5c1279d803 | |||
| 61939960cc | |||
| ee7af4d7e2 | |||
| b8355dba15 | |||
| 5d661e366b | |||
| 787fbd3fab | |||
| c671c3a738 | |||
| 69fe59a632 | |||
| ba65b06b4a | |||
| 4da0573bf7 | |||
| 4e75bb57bb | |||
| c527c0196b | |||
| a326ffa435 | |||
| 0f448edf19 | |||
| 9b6b06cd03 | |||
| d7d0b06a41 | |||
| 72fa8afa07 | |||
| 1e75786616 | |||
| 1db4402dbb | |||
| 59e1947950 | |||
| f8b8aaf5e4 | |||
| 613dc54ac5 | |||
| a1591f77e8 | |||
| 102253834a | |||
| dd85562fac | |||
| 90cc7f0f1d | |||
| bb00d1630a | |||
| a5188d2f05 | |||
| 6547cbda6f | |||
| 79919f184c | |||
| e6b23e1431 | |||
| b0c0a94c66 | |||
| 76b51939aa | |||
| 91fc51387c | |||
| 009125484e | |||
| 8112a12521 | |||
| 69307a1f2b | |||
| e68e07d095 | |||
| 851245107d | |||
| e88d1f5803 | |||
| 988f7334ad | |||
| 80fd2969c9 | |||
| 13b74243a6 | |||
| c7035dbe9c | |||
| 8f78169a52 | |||
| 5766499b85 | |||
| 4fd672c5b9 | |||
| fca3b5cdc9 | |||
| 8fa9bedcf7 | |||
| 44869516d3 | |||
| 06d5369fdb | |||
| 71f7f777ec | |||
| 3a37388d43 | |||
| 4c1d96e8e0 | |||
| f9bd143012 | |||
| 98e42fa944 | |||
| ab6c366668 | |||
| fc656ad7bd | |||
| 1353c71054 | |||
| 566fbac1ef | |||
| 496002abc9 | |||
| e8dd48ac09 | |||
| 08b4253001 | |||
| 1a87c69854 | |||
| 861773bf77 | |||
| 01e88bda16 | |||
| 5e45ac1688 | |||
| 10396f9536 | |||
| 0c571784a3 | |||
| 7646230de2 | |||
| 42e72c418d | |||
| 37eec13774 | |||
| f28f5f3af4 | |||
| 6e357e14fc | |||
| d0d01ffb00 | |||
| 916977c5bb | |||
| af8ff8c1ca | |||
| 3d2f164dca | |||
| c357e94283 | |||
| 7f165aab7f | |||
| 956d68c870 | |||
| 61ebff6d97 | |||
| 0b1397b33b | |||
| a121b9b659 | |||
| 43033b65ad | |||
| 0c6159650d | |||
| 7b562d96b3 | |||
| 988ec76cf8 | |||
| 87e15d7b82 | |||
| 77c1b2a369 | |||
| b0db85bc04 | |||
| cbd90eed74 | |||
| 35f0a2e951 | |||
| 614c79defc | |||
| fef6f9379a | |||
| fe29344b33 | |||
| 2c0f3ef707 | |||
| aebddca35d | |||
| 620ee81b7e | |||
| e76a5df932 | |||
| 7fb1063ccd | |||
| 811288df64 | |||
| 31906409c8 | |||
| b05783da32 | |||
| 54302f6006 | |||
| 2a32262725 | |||
| e35a7fbd89 | |||
| c55311aa6d | |||
| 3704745289 | |||
| eae8b63d4f | |||
| 349efcb0a6 | |||
| 46d697cded | |||
| 53e0ff91d3 | |||
| a362a68f53 | |||
| 332a50c273 | |||
| 790dbb07fc | |||
| f59a69f4b6 | |||
| efcbbc3d74 | |||
| a0503bc3a1 | |||
| 82c1a583f8 | |||
| fcfa81283e | |||
| fba5cad820 | |||
| 5bdf239a66 | |||
| 408a30f0ba | |||
| c8f45eda53 | |||
| 2ba18ea4a9 | |||
| a45b272a2f | |||
| 5ad0d896f1 | |||
| 9efd6a53d2 | |||
| 18fdfee274 | |||
| a6ac4dda75 | |||
| 29c3763f9c | |||
| c694843da5 | |||
| 432faba3e1 | |||
| 70e1a5c9b6 | |||
| 61c1d100dc | |||
| 3508f7dccc | |||
| d4158bdf77 | |||
| 1bcf2ffb59 | |||
| 87ac185752 | |||
| 22fbd774dc | |||
| a87e747049 | |||
| f3bea401e9 | |||
| 2ce68e8aec | |||
| bf66861e3f | |||
| 131e95ffaf | |||
| ca10b825c7 | |||
| 2ed05e548b | |||
| 8156c3b0be | |||
| d2a822fe39 | |||
| 5298ac3dd9 | |||
| c49371e423 | |||
| 76f7ae8d7d | |||
| e312f007b8 | |||
| 239bb04b18 | |||
| 4d2bee2e23 | |||
| a24058d660 | |||
| 70d9bc6233 | |||
| 5fa86c2b42 | |||
| a8586cbce7 | |||
| acc3423c96 | |||
| ceddfa340d | |||
| 8675b74bf4 | |||
| b4a3ab4082 | |||
| 0b4b3d63da | |||
| 774f8a073a | |||
| 6b46161f2d | |||
| 08a212ccae | |||
| 64a9f33ffa | |||
| bc0f4fa509 | |||
| 681c1d12b5 | |||
| ce156b578f | |||
| 4e32b9fea9 | |||
| fb631fa4eb | |||
| ac305b82a4 | |||
| 5a56996eef | |||
| af7b9b8b62 | |||
| 554d4f6b95 | |||
| 80a30dfe6f | |||
| cab74eddef | |||
| 42590e062f | |||
| 3fdefd3e40 | |||
| 192fa18195 | |||
| 60a7cc9d7c | |||
| e27f4a91b9 | |||
| ca1bb50c24 | |||
| 8d136297c4 | |||
| 2c400eff94 | |||
| 5d9c298e9d | |||
| 689a7197a0 | |||
| 413bb19543 | |||
| db337babbc | |||
| 46861e6bd8 | |||
| 84f5ca951c | |||
| 1c97cf5c83 | |||
| 9a7f5c6b16 | |||
| b5200cf753 | |||
| 686ac847aa | |||
| e075442345 | |||
| c7258f22d8 | |||
| 304b0ec202 | |||
| 52238dd6a7 | |||
| 66e39884e2 | |||
| d548bf4742 | |||
| 1675ca3378 | |||
| 77459dc27d | |||
| ffd3e43ad8 | |||
| 95bc6eb7b2 | |||
| 06c81b67c2 | |||
| c3f109556a | |||
| f481938cc5 | |||
| 4b15eefd3c | |||
| b9df8b5817 | |||
| ac52639b77 | |||
| a51954203e | |||
| 021066a980 | |||
| a1cac18ac3 | |||
| 2a3b84b888 | |||
| f703b686da | |||
| 682eedb167 | |||
| 3511b1de80 | |||
| 2f85113366 | |||
| b23443630c | |||
| 7585fa0fe9 | |||
| 1ba2139d5c | |||
| f67403ba01 | |||
| 996e842149 | |||
| c2bb947c14 | |||
| d4fc74e43c | |||
| a1dd26d2d6 | |||
| 503976fc6a | |||
| dab1523df5 | |||
| a65c2c9b18 | |||
| 5331930716 | |||
| 96c7b12bc4 | |||
| 5dd5f51700 | |||
| df7abc5447 | |||
| db7370d242 | |||
| a8e9fc86eb | |||
| a402c4db3b | |||
| 780af2653a | |||
| 9372111aaa | |||
| 9fda9f5c28 | |||
| 80135cdc17 | |||
| 6aa874a0a0 | |||
| d1dac25379 | |||
| 526e7ac972 | |||
| fa7bae1210 | |||
| d60f0a1a10 | |||
| 78230efd01 | |||
| 8411a8e8b4 | |||
| 295106b6a8 | |||
| 29381bf9d6 | |||
| 5a5cf15430 | |||
| 884a2de437 | |||
| 5349c79d12 | |||
| 9ee627fe02 | |||
| 1def19ecea | |||
| dc857372ed | |||
| 730fc8fc33 | |||
| fafe281d31 | |||
| f98b47eb55 | |||
| e3e64317e8 | |||
| f2c8017df4 | |||
| bf9036d27a | |||
| 87da822c7f | |||
| 47a57bced1 | |||
| 1dc04372df | |||
| 27153ae92b | |||
| 28d7f83c87 | |||
| c1052e2df2 | |||
| c9121d025f | |||
| 0e2a3979f4 | |||
| 186ea0e203 | |||
| f47d9eba94 | |||
| 7368452e49 | |||
| 635ef3bbf8 | |||
| b46fd9a2b4 | |||
| a62e781248 | |||
| 32ef9c2135 | |||
| f2d6449374 | |||
| 7b532f0b44 | |||
| af96cba0cc | |||
| a684cadbb6 | |||
| 6c85ca9661 | |||
| de60b7b2de | |||
| d8c9236a18 | |||
| 2bb7007fcb | |||
| 4c7d798307 | |||
| 3cb730bcfe | |||
| 1b0a32d71c | |||
| 915ec6531a | |||
| 1df7433e44 | |||
| 0bd396011a | |||
| 6405b58a98 | |||
| 9d977dba8e | |||
| ad7a108d60 | |||
| fca6aeeea2 | |||
| 5b8ff14caf | |||
| a438c2f184 | |||
| 66cb5b33ad | |||
| c28c443d8f | |||
| 93358ac3de | |||
| 0667aee3cc | |||
| 2297508f13 | |||
| 1a04bbb044 | |||
| cf31f05cfb | |||
| 2b290e7abb | |||
| a324a7f13f | |||
| eb4097180b | |||
| 8d7e1faebf | |||
| c0311206c8 | |||
| 4b2f537795 | |||
| 4d49f543dd | |||
| d400af51fa | |||
| c8d2175981 | |||
| 11c7543c76 | |||
| 29d4533047 | |||
| c813e692a2 | |||
| 65e32d850c | |||
| 9f2ce12b28 | |||
| f4860274be | |||
| 6b17118e72 | |||
| 54a0762bbb | |||
| 1e3f19ad89 | |||
| 5b73a0492d | |||
| 9fa519c983 | |||
| c71e7861ed | |||
| f3df48ab4f | |||
| 5df1f2f683 | |||
| 0833bc3cc0 | |||
| b18d46e68d | |||
| d1f92a2225 | |||
| a279244709 | |||
| b12db09e31 | |||
| 4d6385633f | |||
| 8c060833c8 | |||
| 70c9eeff05 | |||
| f91b828708 | |||
| 828e9d095e | |||
| bab84a13ff | |||
| 49f0d8b680 | |||
| 4976708c00 | |||
| 761cdf5dfc | |||
| 2fb1dbfcd1 | |||
| 8b3029e430 | |||
| f8aef607ae | |||
| bbae92e76f | |||
| c89eb6d7eb | |||
| 70cf08329b | |||
| a7b3bcb43c | |||
| 18b7c8d188 | |||
| f34a638b38 | |||
| e48fb58753 | |||
| 18fc4505d3 | |||
| ee4e367ea8 | |||
| 7034a913fd | |||
| e3ebd2c736 | |||
| 25d67da1da | |||
| 7e17182e4c | |||
| 7e0008a2d7 | |||
| a21809cdae | |||
| 3dcaaf87e7 | |||
| f3c7ca59c5 | |||
| ba98ffe152 | |||
| abddd42aa0 | |||
| 118303b9da | |||
| f74d7a9fd0 | |||
| 12a9942732 | |||
| a109ff1d85 | |||
| 3766b78eba | |||
| 614e95af39 | |||
| 05e4cf9aae | |||
| d2c11f8bee | |||
| c04189bfb6 | |||
| 6c5e97e745 | |||
| 687ae4f4a8 | |||
| 87b56b19fb | |||
| 190a6e7687 | |||
| 046fe0cfe0 | |||
| 81e1dbc90e | |||
| 281721cd15 | |||
| 0fcae007a0 | |||
| 6b3266f228 | |||
| ce4152c817 | |||
| 73877b22c4 | |||
| bf3e8f290c | |||
| 81a4edb776 | |||
| 399f453b4d | |||
| 8e6c4b2e07 | |||
| 4507bd32af | |||
| e9a14b2409 | |||
| cd6a300222 | |||
| 978b3ef881 | |||
| da693710f6 | |||
| 71656e3cba | |||
| 72d75d50d9 | |||
| cdf963b2b3 | |||
| 6598f82111 | |||
| de11907053 | |||
| 8075d27e32 | |||
| 7109072b8f | |||
| cf4aea18b4 | |||
| 7bbaec8fed | |||
| 68b7aad535 | |||
| f86b2704d5 | |||
| c59126a817 | |||
| b4899946ef | |||
| 76ea48bb64 | |||
| 0802405344 | |||
| 0c7df2f9a0 | |||
| 77f81fa0b6 | |||
| 8851893412 | |||
| aa2fee4969 | |||
| d7b55ce2bb | |||
| 38a50366bc | |||
| 307f703b99 | |||
| 306f19b805 | |||
| 421085672b | |||
| b6dc6082ab | |||
| a3be8ff055 | |||
| c9119dc6bb | |||
| cfeacc4d67 | |||
| 7cc0389757 | |||
| 2bdcb9c33d | |||
| 7ae6b8fc34 | |||
| 82779cd336 | |||
| 82ed690817 | |||
| 130553a578 | |||
| 1355d5d3eb | |||
| fa33bb9d0e | |||
| 0ebc407246 | |||
| 2c950c5cb5 | |||
| 2722e6bb68 | |||
| ce4e0b78bc | |||
| 5d1795062f | |||
| b6cc69cd8f | |||
| 10e78fbd8e | |||
| e3e99974f8 | |||
| e069125a2c | |||
| 0528803da6 | |||
| e5e00ce9d6 | |||
| 69b276a712 | |||
| 5c04fe9b61 | |||
| 9c050c54ef | |||
| 3a07026740 | |||
| 538db04950 | |||
| e2b778a38e | |||
| 85bc9c1d1a | |||
| 501ae11f51 | |||
| eb6cb5311b | |||
| e3a5f66059 | |||
| fd4b6cc52a | |||
| 93ccc35ff0 | |||
| ccc49e8841 | |||
| 7fc596fb8a | |||
| b0fe7d3a0b | |||
| 6461841ccd | |||
| 75e65f72c2 | |||
| 2cba7fdfcd | |||
| 9ddc88dd9d | |||
| bc8456425d | |||
| 7eab6d9958 | |||
| 2bf3f0c03c | |||
| 9eea2344fc | |||
| 538600ef48 | |||
| 2ebd2a08ff | |||
| 6713942f83 | |||
| c6f5ce280f | |||
| 9aad7a3783 | |||
| a22551d56b | |||
| d6f96fa07e | |||
| 5a0715fd6c | |||
| 717110d355 | |||
| d5c6257ac2 | |||
| 88fce52fbf | |||
| 8f3ee46325 | |||
| aa035f9853 | |||
| b2f5629de8 | |||
| db98798134 | |||
| d4227e75cd | |||
| e6c015e0d0 | |||
| 44db9db053 | |||
| 4c2ed7b52e | |||
| 6f571dbfc6 | |||
| a363e1c51f | |||
| b684ea837d | |||
| d4eced9b84 | |||
| a674a2e6fd | |||
| 276e406c0f | |||
| 7ac0323c7b | |||
| 95c78ce92b | |||
| 21c692d23f | |||
| 5b194e290c | |||
| 22fb4fe019 | |||
| 62c8e79676 | |||
| e4e3bd5175 | |||
| eb18ee624f | |||
| 6298ca94cb | |||
| 7c9270d7a5 | |||
| 5f9226b14b | |||
| 9320075030 | |||
| ca032792bd | |||
| abb95d5aab | |||
| dcd480ffd9 | |||
| 68cdac68cb | |||
| e1307ea789 | |||
| 52fe9f62f6 | |||
| f42160862a | |||
| 1b631c42ef | |||
| 0afd6a8312 | |||
| 4ac21ca652 | |||
| dbbae8dcd3 | |||
| eed5fc7179 | |||
| b8c5483b85 | |||
| 4f12c31e3b | |||
| 53543b9b6a | |||
| afafd0f683 | |||
| d65354efcf | |||
| d3abd86df5 | |||
| 838f39d0fd | |||
| 4589ba350f | |||
| 92143eb7b9 | |||
| c9679b7954 | |||
| 5fc99a117b | |||
| 87ba782106 | |||
| dd8a09ce8d | |||
| ba7dde0168 | |||
| 3a03794bb6 | |||
| fe753e24a3 | |||
| 42a4604461 | |||
| a70898fc28 | |||
| 186eef69dc | |||
| c3a380ade8 | |||
| 936bd6a191 | |||
| 73d36f5ece | |||
| 00431d772e | |||
| a22c7e731a | |||
| 398cf8ee6f | |||
| e50ff5c7b5 | |||
| 906e8c0001 | |||
| 2fa4cedb1e | |||
| 47210d9a1a | |||
| d1881d1b56 | |||
| 6713a2ce67 | |||
| f626317e90 | |||
| 56327f6298 | |||
| 7d05c4a2b0 | |||
| 232bcafd7c | |||
| c82cfebd5e | |||
| 07a6bcaa77 | |||
| fe0e4f635e | |||
| 815ffb7d3e | |||
| 7f8c48834f | |||
| 0a6ce91369 | |||
| 71dda8b648 | |||
| 2296db3db6 | |||
| 1e798b640d | |||
| e91899c0da | |||
| 6099bda088 | |||
| 43e4d608ae | |||
| ef32209fd7 | |||
| 55b2e44814 | |||
| 6bb86709ee | |||
| ce6dca81bc | |||
| d7ffaf94b1 | |||
| c573f432fe | |||
| 7cb33ba636 | |||
| 182731d6eb | |||
| f79fd32208 | |||
| b3c68f1692 | |||
| ef1a2a82dd | |||
| 269d4c55dd | |||
| 91c8e1bf0d | |||
| c8626c09af | |||
| cac7d1a495 | |||
| 3cbda4157b | |||
| 46ce06791a | |||
| 462e8a3d90 | |||
| cd9e4d1b2b | |||
| e31af5f255 | |||
| a0dae7557c | |||
| 836bf643b0 | |||
| f9e4c7ca02 | |||
| a31782497c | |||
| 47f937ac13 | |||
| be8d08fda6 | |||
| 7dea133b55 | |||
| 63f0e5e2c0 | |||
| fdb577e0a0 | |||
| 45544f42b9 | |||
| 0452fa2458 | |||
| 2b92b0f305 | |||
| e43c3aed67 | |||
| 6aa98c17bd | |||
| a9f1ce0db1 | |||
| d48973bbc8 | |||
| 3879f07fa8 | |||
| 3ea7f76c17 | |||
| 827f8882bc | |||
| 24a7015f64 | |||
| 2a267ca05f | |||
| e41460cae5 | |||
| 5e2b49dad4 | |||
| 5038f6687b | |||
| 8b98a2e829 | |||
| 46466a8fcc | |||
| 4e0d734598 | |||
| 8cfe8db1fb | |||
| 5ae74603da | |||
| 747664ad4f | |||
| 9e31065b5e | |||
| 004fb5f9c2 | |||
| da62edb4e0 | |||
| adc4729ffa | |||
| 64d0313c5b | |||
| 94b414861d | |||
| 9305161183 | |||
| 297fa24b90 | |||
| 3ca3362283 | |||
| 4f38c8d201 | |||
| 964f68630a | |||
| caed1add3a | |||
| 77020623ed | |||
| d264017684 | |||
| 383ea561f8 | |||
| ef5e803875 | |||
| 22de221c21 | |||
| 6f88bcf581 | |||
| 6ce26e12f5 | |||
| 09869159f7 | |||
| 14839257ac | |||
| f16c6bd7dd | |||
| a24aff2148 | |||
| fc6d8e933b | |||
| c6364944d4 | |||
| 70ef747a56 | |||
| 3d7aa44c8e | |||
| c249832df1 | |||
| 3169455653 | |||
| f7122499a6 | |||
| cc7ac94641 | |||
| 7f9dfde0dc | |||
| 2533c87bd6 | |||
| 6fef9f5178 | |||
| f9ac07f455 | |||
| 175e361a4d | |||
| 53bedaa4c1 | |||
| 1ebf7842f5 | |||
| f14452ec3c | |||
| 78c0edb7c1 | |||
| f2b4efff20 | |||
| 11003f5842 | |||
| c638c3cc3d | |||
| a2982f0d4e | |||
| 639b2bd8e5 | |||
| 7069324a20 | |||
| 9d331bb32b | |||
| bc0657d13c | |||
| 712ed48a62 | |||
| 66afec21d1 | |||
| b94825bbad | |||
| 06d2a32a3e | |||
| 623d9e2ab3 | |||
| cb8d416b37 | |||
| de9bee0354 | |||
| ae75a8c0c1 | |||
| 8098f63998 | |||
| 2303ddd0de | |||
| b5b636b8b7 | |||
| a665e829ae | |||
| 6124b59aff | |||
| 9c41a8ad38 | |||
| cda1f9a23d | |||
| 0219d72f48 | |||
| d99423405c | |||
| eeb9592ded | |||
| 0120fc10e1 | |||
| b9ac46305f | |||
| ec9e63b7de | |||
| a917ba4fb9 | |||
| 9c69fe73b1 | |||
| 63228ac1c6 | |||
| a071d72e48 | |||
| 7ab3a97dfe | |||
| ae7aeda621 | |||
| 0d6b2221ab | |||
| 337a97ceab | |||
| 461d69522f | |||
| 537496c019 | |||
| 300f7416c4 | |||
| 243809af3a | |||
| 3fed00196c | |||
| fb4271bdf9 | |||
| 6a17c2b27f | |||
| c7302b61ef | |||
| 8a8072a563 | |||
| 4196525702 | |||
| 4d7d6a1a9f | |||
| 2542732a0c | |||
| 7baffa5e74 | |||
| 10ebb14481 | |||
| 8e82ae234e | |||
| 17cb7c754e | |||
| 70bf7cca33 | |||
| f89cf0cf20 | |||
| 1dd0a7e836 | |||
| 1de80f9457 | |||
| b345316e49 | |||
| e8a2633984 | |||
| 5c9143c432 | |||
| 9dda0ada5f | |||
| 57144e2820 | |||
| d7a926d69a | |||
| 0a5fad05a8 | |||
| ad135f478a | |||
| f2b518a31f | |||
| 231bb00904 | |||
| f7a256fc19 | |||
| eca5208c20 | |||
| 9a6f0d3969 | |||
| fed294e11e | |||
| 04af9cb9f8 | |||
| 32b424e507 | |||
| d94602add8 | |||
| e33e2b7d79 | |||
| 78c59b7261 | |||
| 8377303981 | |||
| a8a614c515 | |||
| b1a0769d3d | |||
| 1b808e62df | |||
| 5af8a5d74d | |||
| d1290c0d5d | |||
| bded00fd11 | |||
| a2242f6f1b | |||
| 9e07fec6ba | |||
| d44f1dfeca | |||
| 987d853aa9 | |||
| e0579449d8 | |||
| 1b2618d688 | |||
| 6ea65c8992 | |||
| 52cfc3372b | |||
| 528346cb3b | |||
| f43a4659c6 | |||
| 2a2b2b3aa4 | |||
| db479122f3 | |||
| 4160d8c1fb | |||
| dead78e4d9 | |||
| 7ce94164c7 | |||
| 77f722ae9d | |||
| 93e2f66a60 | |||
| 2a5c015cd1 | |||
| dc641054a1 | |||
| 23ac189d48 | |||
| 29e71bf1b3 | |||
| 7ec4a64cdb | |||
| c81db0b178 | |||
| bb824221a4 | |||
| ca2636f08a | |||
| 18c914f086 | |||
| ed52b88b92 | |||
| 280fcebae8 | |||
| 80ef1db3b3 | |||
| a8bc585e33 | |||
| 1599d3d128 | |||
| a5f949165a | |||
| ead95673a5 | |||
| 132eb55983 | |||
| f08833fba2 | |||
| f8679b385a | |||
| ae5db5d36b | |||
| fdae41eb63 | |||
| 25433a17e7 | |||
| 737806a53a | |||
| feb2e41181 | |||
| 6e9078f16c | |||
| 4e01ea6c33 | |||
| 65ed10d75c | |||
| aed929ae90 | |||
| 04190741e7 | |||
| 72cfa974d8 | |||
| a1ae1c4fba | |||
| e21f90fd68 | |||
| be7c51d27a | |||
| 7344e055be | |||
| 57f713e426 | |||
| 5672b53263 | |||
| e899b34160 | |||
| 3755086645 | |||
| ae99674e9b | |||
| 28a9441f4f | |||
| 8c229ea473 | |||
| 3dd5866244 | |||
| 96f7a7588f | |||
| 01f9705dd5 | |||
| 1b246725c5 | |||
| de239d9b01 | |||
| f4b9f1b2e0 | |||
| 926aeec06a | |||
| 934ac07b06 | |||
| 0d1be15e0f | |||
| 294e3a632e | |||
| 229e6cbdd8 | |||
| 53561134a9 | |||
| 7535467358 | |||
| 20153121be | |||
| caf3f2603e | |||
| 03e5a3a181 | |||
| ae8cbbc34d | |||
| b082ebead2 | |||
| 85febc5729 | |||
| e663f6c0b4 | |||
| 8a1abbe80b | |||
| 39c9007f67 | |||
| ee268550d9 | |||
| e5b7987764 | |||
| 06691758e8 | |||
| 1d63dfd1d4 | |||
| 9d6d2de4d3 | |||
| 9104a7a4a4 | |||
| 1520a0ae3e | |||
| 7b22265d4e | |||
| 116a76e528 | |||
| 93177a5615 | |||
| 0c867d23ad | |||
| 5c6f68cd8f | |||
| d85b926a14 | |||
| 8289eabc55 | |||
| 58176a821d | |||
| 4cdbd1fa1d | |||
| 0e07f3e48d | |||
| 569a3b8e59 | |||
| 747e174bec | |||
| ff49a02023 | |||
| 9c7ddf94c9 | |||
| 050364aba2 | |||
| 23e8564812 | |||
| 462be08456 | |||
| db0dddc6e9 | |||
| cea5c823a1 | |||
| 5a4848c8cc | |||
| 6cf5b05493 | |||
| f8a95f7ca1 | |||
| e94d2da45e | |||
| 8d440a2a52 | |||
| 616ad5252d | |||
| 8d9c39789b | |||
| bbb9470661 | |||
| f11bbd3b70 | |||
| 239b2d7bee | |||
| 2040826791 | |||
| 83b7153b40 | |||
| 53b075a760 | |||
| b8ce324a66 | |||
| 99dc2b1abf | |||
| 96bca84ca4 | |||
| b7d372d8e3 | |||
| 867034e3ba | |||
| 3c800f5880 | |||
| 11864d22b4 | |||
| 1ff4e28748 | |||
| d590d0ccee | |||
| 94b3b98196 | |||
| 1d76eb6ef7 | |||
| 631fa3b4f3 | |||
| 6f45325d6e | |||
| e700196c17 | |||
| 53ecd8e0c0 | |||
| 97d7df1ef4 | |||
| 376d990101 | |||
| 4c2f65d7d0 | |||
| 92d8cbb26c | |||
| 7080370042 | |||
| a9ae2a8710 | |||
| 94266e1360 | |||
| f6e79f59be | |||
| 27ed5ec8b9 | |||
| f9f420b107 | |||
| 1c2f4f0428 | |||
| 42a5b75c5a | |||
| 6ac97a708c | |||
| d022527b71 | |||
| 3ad9a439d5 | |||
| ef2c12e560 | |||
| 6912ac253a | |||
| a3501dfd95 | |||
| 09a95ed70a | |||
| d0de685c7a | |||
| 72713d0b73 | |||
| b681e50ff2 | |||
| bb8af02978 | |||
| bca732693b | |||
| 0dccafcd23 | |||
| b25feca14c | |||
| 0aaddfaf29 | |||
| 3d82d5e452 | |||
| 612820cb9a | |||
| f6f6eeda8e | |||
| 83b9a376a2 | |||
| ca9fbc0d8e | |||
| 1ec694eae7 | |||
| b9a00ea0ee | |||
| 0cc661a2cf | |||
| d6cabcde78 | |||
| 4c9686df0c | |||
| ce4e74c1b9 | |||
| 3709183127 | |||
| 9a67b445b1 | |||
| ca035a53a0 | |||
| f031095d9f | |||
| 7ed7e14dee | |||
| 4af02cb083 | |||
| ce3c44b0f7 | |||
| c086f6c931 | |||
| ca468cb988 | |||
| 3d04ff4037 | |||
| 7279ff37f3 | |||
| d0b984528a | |||
| e448d1acb1 | |||
| f09b1404eb | |||
| db38d0b104 | |||
| 3b7497b063 | |||
| d1bee8b593 | |||
| 99230a30ad | |||
| 623010396c | |||
| 098173e1df | |||
| 67b9c423fe | |||
| b040f047fd | |||
| 8c4efbb8ce | |||
| 9923513271 | |||
| 60a422b284 | |||
| 3c890a55d8 | |||
| 37ccc0a3d4 | |||
| a7cbfedc85 | |||
| 2d771a97b7 | |||
| 6ca79a36b0 | |||
| 388dcee3e4 | |||
| 8563319b8b | |||
| 9fe450e216 | |||
| 28cd038c35 | |||
| 8dc959ea1f | |||
| f54464bcf6 | |||
| 05651a338e | |||
| 908e2cbcc7 | |||
| b9eec1ea49 | |||
| 566b357f99 | |||
| dc1dccd9e2 | |||
| 8dc4ca297c | |||
| 605a338216 | |||
| 6d09b4ce4d | |||
| 147c37789a | |||
| ffa34c5afd | |||
| da37da30e1 | |||
| b4f6b853f8 | |||
| cc1f6c10be | |||
| 08e09354b2 | |||
| 0b6b9fe090 | |||
| 83b546beef | |||
| b4071939e0 | |||
| 0a4424ef00 | |||
| 18a654d13b | |||
| b8650378c1 | |||
| 9a9a9c0414 | |||
| 523392dc0b | |||
| ed1dd1bb99 | |||
| 6987e6f12a | |||
| 9c79c77de4 | |||
| 7f5a4e15c6 | |||
| 6bc43fea06 | |||
| cc4b37f65c | |||
| dfb6416a5b | |||
| bfa8ef3e75 | |||
| b58df6280d | |||
| 641d73ab83 | |||
| a77eb6b49d | |||
| c919701466 | |||
| c81bf3e06f | |||
| 586181bf71 | |||
| 55d581d041 | |||
| f429f3e38d | |||
| 7b05484494 | |||
| 5714adb090 | |||
| ac7693ef7b | |||
| 5cbc86b7d9 | |||
| b44a6c316d | |||
| f5461ff01e | |||
| b77cef01a9 | |||
| 3a48f0954c | |||
| fd970ab62c | |||
| e663c696c2 | |||
| 65d0682647 | |||
| 3935d32676 | |||
| c57e8983ff | |||
| a840bc8c99 | |||
| 20dfe6ba98 | |||
| 60c167838f | |||
| d6ee05ef93 | |||
| 34ed03d978 | |||
| 82ab505d1a | |||
| 8418f76979 | |||
| 15989f16f7 | |||
| 9ac8c65e37 | |||
| 462794685f | |||
| 8c4d98edc1 | |||
| 6c6a220b2e | |||
| 50452e30fc | |||
| 713d777c61 | |||
| 5a00c2a03e | |||
| 0f7f0ea467 | |||
| 7fd329721a | |||
| 4183905c3a | |||
| b75fe4940b | |||
| cb041d775f | |||
| a428137884 | |||
| ece64e4195 | |||
| 8ed5ead77b | |||
| 1683c26db3 | |||
| 543b693547 | |||
| fabc69e9d8 | |||
| 971c43c0e5 | |||
| 6831c45533 | |||
| 0e400eae56 | |||
| 4d606cc690 | |||
| ee5c48d51c | |||
| 6ffc0f820a | |||
| afbf2094a8 | |||
| 2e782e3d7d | |||
| e1e619074c | |||
| a99bec34a9 | |||
| 963bfaf521 | |||
| 43b10b311a | |||
| 1cc6fd0d16 | |||
| acba134aae | |||
| add1c18b2e | |||
| d8d8f70b0e | |||
| f0ccf72107 | |||
| d316ba1b87 | |||
| ba1e26e25f | |||
| e15fbb905c | |||
| a0488ccac2 | |||
| b2c58c81ed | |||
| 905596ced5 | |||
| 3dbf1efbc3 | |||
| 08dadcb2b7 | |||
| f171d63b5b | |||
| a34110320f | |||
| 46ae2113b6 | |||
| 6f7ed628e2 | |||
| fd0b22cb55 | |||
| 9aa40bb96d | |||
| 1d4b67c773 | |||
| cda805ff4e | |||
| a30c0a8192 | |||
| 6e3ad7a275 | |||
| 5cb462d767 | |||
| 63a4e65ca1 | |||
| 90de228897 | |||
| 0b695f5a76 | |||
| eb23bbfd98 | |||
| e406b7fe4a | |||
| c214b26ee6 | |||
| 65f536165d | |||
| b8d8d0de00 | |||
| cfc3378a0b | |||
| 39e5c0a1ab | |||
| d16cc1ea89 | |||
| 6a0a7171d2 | |||
| 398c993e67 | |||
| 221856ccc2 | |||
| 9cf3af04f7 | |||
| 03047a3980 | |||
| ecc11d5542 | |||
| 03118ffb9b | |||
| dcedc12f36 | |||
| 9adfc136b6 | |||
| ea63711c2c | |||
| 69525890db | |||
| 0b13ea5676 | |||
| ce579ac6d2 | |||
| cd1089e6f0 | |||
| 311f4baa27 | |||
| 7b50ff67f9 | |||
| a8aa7028f4 | |||
| 722941eae1 | |||
| 0743a7236d | |||
| 85463e754d | |||
| 5e438aa46c | |||
| 1f4488f963 | |||
| 225b096838 | |||
| 8e568ef697 | |||
| 24cfb1c158 | |||
| cbb2911b7f | |||
| a9f2f60c68 | |||
| 1bcf56c8b2 | |||
| 77bfba3017 | |||
| 7eed43550c | |||
| 0fd1ed4517 | |||
| 7503c8a029 | |||
| be972d7db3 | |||
| fb6cb07a60 | |||
| 5bcc89ffe7 | |||
| e47ee90033 | |||
| f16a859ff8 | |||
| ae5f08b1cb | |||
| 5d2ca8b240 | |||
| 90ef765c2e | |||
| ca875647b9 | |||
| e39a941413 | |||
| 87b5ce3036 | |||
| af045a0733 | |||
| 488184394e | |||
| 71392cdc8f | |||
| 4aafb131ca | |||
| 6c2e7c124f | |||
| 24e742d202 | |||
| 326074388c | |||
| 9afe59af3e | |||
| 7ecdf9b71f | |||
| 0325483ee4 | |||
| b370e1502e | |||
| 07c2610170 | |||
| c2ebdc4b5d | |||
| 449f17385a | |||
| e163c5fe9c | |||
| f55e00dc4e | |||
| e0edb7db17 | |||
| 690f7aee2e | |||
| 8d527f156d | |||
| 15f43716c1 | |||
| b2120265fd | |||
| fb3b2ddbff | |||
| 0f09d5378a | |||
| f9de15fdcf | |||
| 1bdb92706e | |||
| 6a051e1544 | |||
| 6a73df0b18 | |||
| 8609e24880 | |||
| 4bb174fa8c | |||
| a8856cbfbd | |||
| afbacaaba4 | |||
| 16285e6768 | |||
| 93acdeb8ff | |||
| 3ada732dc0 | |||
| e942010304 | |||
| 4e796db54f | |||
| 5e8dbee79a | |||
| 600347a7e8 | |||
| 84b79dd20d | |||
| 4750ec187b | |||
| c8933a922b | |||
| 6487e675b2 | |||
| 30d15b861f | |||
| d059ef6780 | |||
| d254707b96 | |||
| f0a3e8b09e | |||
| 3d67951f15 | |||
| e3f303fdb5 | |||
| 756b6812a6 | |||
| 9873619e22 | |||
| 79bf2081fe | |||
| 0d93a36930 | |||
| c187b2be78 | |||
| 5e20c4359f | |||
| 8a78a8d68c | |||
| 0fa9083026 | |||
| 591830e43b | |||
| 24178ad677 | |||
| 8451bed8b0 | |||
| e89f3546f2 | |||
| 1de90a599c | |||
| b48129fcbb | |||
| 8c50e06102 | |||
| 7c47e0fde3 | |||
| 8e167d28af | |||
| 0ee095abd8 | |||
| 164b557066 | |||
| b0e078d9c8 | |||
| e637799f9b | |||
| effd479bff | |||
| 4903ce068e | |||
| 37dc61340b | |||
| 9db6abfa42 | |||
| 3bc4996775 | |||
| 8fee8c57ae | |||
| 4e3fe42600 | |||
| d6e9891ad7 | |||
| be1f391d2a | |||
| 5cd76a407a | |||
| efd7efa9f1 | |||
| 446e664caa | |||
| 45c6603cc8 | |||
| 9c72ed9062 |
@@ -18,7 +18,6 @@ Makefile.in
|
||||
/aclocal.m4
|
||||
/autom4te.cache
|
||||
/compile
|
||||
/config.cache
|
||||
/config.guess
|
||||
/config.h
|
||||
/config.h.in
|
||||
@@ -46,5 +45,4 @@ Makefile.in
|
||||
/po/stamp-po
|
||||
|
||||
/shadow.spec
|
||||
/shadow-*.tar.*
|
||||
/libmisc/getdate.c
|
||||
|
||||
-20
@@ -1,20 +0,0 @@
|
||||
sudo: false
|
||||
|
||||
language: c
|
||||
|
||||
compiler:
|
||||
- gcc
|
||||
- clang
|
||||
|
||||
addons:
|
||||
apt:
|
||||
packages:
|
||||
- autopoint
|
||||
- xsltproc
|
||||
|
||||
script:
|
||||
- ./autogen.sh --without-selinux --disable-man
|
||||
- grep ENABLE_ config.status
|
||||
- make
|
||||
|
||||
# vim:et:ts=2:sw=2
|
||||
@@ -1,84 +1,3 @@
|
||||
2016-05-17 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Release 4.5
|
||||
|
||||
2016-05-17 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
|
||||
preventing SIGTERM to su from being propagated to the job.
|
||||
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
|
||||
* Merge Russian translation updates from Yuri Kozlov
|
||||
* Fix missing close of subuid file on error
|
||||
|
||||
2016-02-23 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
|
||||
the equivalent of util-linux CVE-2017-2616.
|
||||
|
||||
2016-02-08 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Update Kazakh translations
|
||||
* Consult configuration before calculating subuids
|
||||
* Remove misplaced semicolon
|
||||
|
||||
2016-01-29 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Patch from Fedora to improve performance with SSSD, Winbind,
|
||||
or nss_ldap. (Tomas Mraz)
|
||||
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
|
||||
|
||||
2016-12-21 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
|
||||
* Fix readability in usermod error messages.
|
||||
* Reset user in tallylog
|
||||
* Add audit support to su
|
||||
|
||||
2016-12-02 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* changes since 4.4
|
||||
- Use sizeof rather than hardcoding snprintf args
|
||||
- Fix useradd improper default loading
|
||||
- Update Vietnamese translations
|
||||
- Update Polish translations
|
||||
- Remove non-POSIX chmod option in Makefile
|
||||
- Fix suidubins assignments
|
||||
- Fix --add-subuids etc spelling in manpages
|
||||
- Audit homedir ownership change.
|
||||
- Print error on selinux file context update failure
|
||||
- Keep original file perms when creating a backup
|
||||
|
||||
* (henceforth we'll update Changelog with each commit
|
||||
and proper credit)
|
||||
|
||||
2016-12-02 Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
* Changes since 4.2.1:
|
||||
- Documentation, error report and translations updates
|
||||
- Replace path_max with 32
|
||||
- User namespace support fixes/updates including:
|
||||
- Correct sanity checks in newXidmap
|
||||
- Fix building without subuid support
|
||||
- Add /etc/subuid support for UID matching
|
||||
- Support subuid for nonlocal users
|
||||
- Default to 65536 subuid allocations
|
||||
- Respect -r
|
||||
- Check for range overflows
|
||||
- Add tests from svn tree
|
||||
- Use AC_CHECK_SIZEOF for uid_t size checks
|
||||
- Accomodate missing /etc and login.defs
|
||||
- Support FORCE_SHADOW
|
||||
- Be more robust in hostile environment
|
||||
- Allow removing a primary group
|
||||
- Clear passwords on __pw_dup errors
|
||||
- Memory leak fix in commonio_update and get_map_ranges
|
||||
- Fix resource leak in syslog_sg
|
||||
- Fix user busy error at userdel
|
||||
- Support set/clear lastlog record via lastlog command
|
||||
- Add --no-create-home as longopt for -M
|
||||
- Fix signal races
|
||||
- Reduce syslog priority of common usage events
|
||||
|
||||
2013-08-25 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/vipw.c: After waitpid(), use errno only if waitpid returned
|
||||
|
||||
@@ -2,5 +2,7 @@
|
||||
|
||||
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
||||
|
||||
AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
|
||||
|
||||
SUBDIRS = po man libmisc lib src \
|
||||
contrib doc etc
|
||||
|
||||
@@ -117,6 +117,5 @@ Maintainers
|
||||
===========
|
||||
|
||||
Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
|
||||
Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
|
||||
Serge E. Hallyn <serge@hallyn.com> (2014-now)
|
||||
Nicolas François <nicolas.francois@centraliens.net> (2007-now)
|
||||
|
||||
|
||||
+2
-5
@@ -1,9 +1,6 @@
|
||||
dnl Process this file with autoconf to produce a configure script.
|
||||
AC_PREREQ([2.64])
|
||||
AC_INIT([shadow], [4.5], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
||||
[https://github.com/shadow-maint/shadow])
|
||||
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
|
||||
AM_SILENT_RULES([yes])
|
||||
AC_INIT
|
||||
AM_INIT_AUTOMAKE(shadow, 4.3.1)
|
||||
AC_CONFIG_HEADERS([config.h])
|
||||
|
||||
dnl Some hacks...
|
||||
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
PKG=shadow
|
||||
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
|
||||
|
||||
deb:: check_cheese
|
||||
|
||||
include /usr/share/quilt/quilt.debbuild.mk
|
||||
|
||||
check_cheese:
|
||||
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
|
||||
echo ""; \
|
||||
echo " ** **"; \
|
||||
echo " ** Warning: not a cheesy release! **"; \
|
||||
echo " ** **"; \
|
||||
echo ""; \
|
||||
exit 1; \
|
||||
}
|
||||
Vendored
-36
@@ -1,36 +0,0 @@
|
||||
shadow (1:4.0.15-5) unstable; urgency=low
|
||||
|
||||
* commands passed in argument to su must use su's -c option and must quote
|
||||
the command if it contains a space, as in:
|
||||
su - root -c "ls -l /"
|
||||
The following commands won't work anymore:
|
||||
su - root -c ls -l /
|
||||
su - root "ls -l /"
|
||||
su - root ls -l /
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
|
||||
|
||||
shadow (1:4.0.14-1) unstable; urgency=low
|
||||
|
||||
* passwd does not support the -f, -s, and -g options anymore. You should use
|
||||
the chfn, chsh and gpasswd utilities instead.
|
||||
* login now distributes the nologin utility, which can be used as a shell
|
||||
to politely refuse a login
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
|
||||
|
||||
shadow (1:4.0.12-1) unstable; urgency=low
|
||||
|
||||
CLOSE_SESSIONS and other variables are not used anymore in
|
||||
/etc/login/defs.
|
||||
As shadow utilities which use this file now warn about unknown
|
||||
entries there, administrators should remove such unknown entries.
|
||||
The supplied login.defs file does not include them anymore.
|
||||
|
||||
dpasswd is no more distributed by upstream. Login do not support
|
||||
dialup password anymore. Re-introducing this functionality in
|
||||
upstream is not trivial.
|
||||
|
||||
|
||||
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
|
||||
|
||||
Vendored
-62
@@ -1,62 +0,0 @@
|
||||
Read this file first for a brief overview of the new versions of login
|
||||
and passwd.
|
||||
|
||||
|
||||
---Shadow passwords
|
||||
|
||||
The command `shadowconfig on' will turn on shadow password support.
|
||||
`shadowconfig off' will turn it back off. If you turn on shadow
|
||||
password support, you'll gain the ability to set password ages and
|
||||
expirations with chage(1).
|
||||
|
||||
NOTE: If you use the nscd package, you may have problems with a
|
||||
slight delay in updating the password information. You may notice
|
||||
this during upgrades of certain packages that try to add a system
|
||||
user and then access the users information immediately afterwards.
|
||||
To avoid this, it is suggested that you stop the nscd daemon before
|
||||
upgrades, then restart it again.
|
||||
|
||||
---General configuration
|
||||
|
||||
Most of the configuration for the shadow utilities is in
|
||||
/etc/login.defs. See login.defs(5). The defaults are quite
|
||||
reasonable.
|
||||
|
||||
Also see the /etc/pam.d/* files for each program to configure the PAM
|
||||
support. PAM documentation is available in several formats in the
|
||||
libpam-doc package.
|
||||
|
||||
|
||||
---MD5 Encryption
|
||||
|
||||
This is enabled now using the /etc/pam.d/* files. Examples are given.
|
||||
|
||||
|
||||
---Adding users and groups
|
||||
|
||||
Though you may add users and groups with the SysV type commands,
|
||||
useradd and groupadd, I recommend you add them with Debian adduser
|
||||
version 3+. adduser gives you more configuration and conforms to the
|
||||
Debian UID and GID allocation.
|
||||
|
||||
Editing user and group parameters can be done with usermod and
|
||||
groupmod. Removing users and groups can be done with userdel and
|
||||
groupdel.
|
||||
|
||||
|
||||
--- Group administration
|
||||
|
||||
Local group allocation is much easier. With gpasswd(1) you can
|
||||
designate users to administer groups. They can then securely add or
|
||||
remove users from the group.
|
||||
|
||||
|
||||
--- What to read next?
|
||||
|
||||
Read the manpages, the other files in this directory, and the Shadow
|
||||
Password HOWTO (included in the doc-linux package). A large portion
|
||||
of these files deals with getting shadow installed. You can, of
|
||||
course, ignore those parts.
|
||||
|
||||
Also, the libpam-doc package will go a long way to allowing you to take
|
||||
full advantage of the PAM authentication scheme.
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
A testsuite is also available. Instruction on how to run this testsuite
|
||||
are available in tests/README
|
||||
|
||||
-- Balint Reczey <rbalint@ubuntu.com>, Sat, 12 Aug 2017 18:46:44 -0400
|
||||
Vendored
-19
@@ -1,19 +0,0 @@
|
||||
Things that should be done:
|
||||
* Verify the files left in debian/tmp
|
||||
+ e.g. /etc/default/adduser should be installed
|
||||
* Check the build system: rebuilding the package twoce in the same tree
|
||||
doubles the size of the diff.gz file
|
||||
|
||||
Other points (not related to the release of a syncronized shadow):
|
||||
* compare the source with the usages and man pages
|
||||
+ probably add a sentence to chsh/chfn's manpages about authentication
|
||||
required for ordinary users
|
||||
* do something (a tool) for the variables in login.defs
|
||||
In Debian, some tools are not compiled with the PAM support, so upstream
|
||||
getdef.c won't be OK.
|
||||
It should be nice to see in each man page the set of variables used.
|
||||
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
|
||||
with the debugging informations. This may be used to extract the set of
|
||||
variables used in Debian/for each tools.
|
||||
* verify all the patches around (I've found patches for at least RedHat,
|
||||
OWL, LFS, Mandriva, Gentoo; are they already applied?)
|
||||
Vendored
-25
@@ -1,25 +0,0 @@
|
||||
This described the usertags used by the team.
|
||||
|
||||
For usertags documentation, see
|
||||
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
|
||||
|
||||
All bugs tagged by team members must be tagged with
|
||||
"user pkg-shadow-devel@lists.alioth.debian.org"
|
||||
|
||||
Tags list
|
||||
---------
|
||||
|
||||
toclose: This bug has been announced to be closed in case no more news
|
||||
or information is received from the bug submitter or someone
|
||||
else until the delay specified in the limits_YYYYMMDD tag
|
||||
|
||||
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
|
||||
bugs can be closed without other action in case no news
|
||||
is received
|
||||
|
||||
manpages-replace A bug reported angainst a manpages-xx package to indicate
|
||||
conflicting man pages. This tag can be used to tune the
|
||||
Replaces fields.
|
||||
|
||||
su-transition: This bug is related to the su transition (#276419)
|
||||
|
||||
Vendored
-3849
File diff suppressed because it is too large
Load Diff
Vendored
-1
@@ -1 +0,0 @@
|
||||
10
|
||||
Vendored
-78
@@ -1,78 +0,0 @@
|
||||
Source: shadow
|
||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Uploaders: Christian Perrier <bubulle@debian.org>,
|
||||
Balint Reczey <rbalint@ubuntu.com>,
|
||||
Serge Hallyn <serge@hallyn.com>
|
||||
Section: admin
|
||||
Priority: required
|
||||
Build-Depends: dh-autoreconf,
|
||||
gettext,
|
||||
libpam0g-dev,
|
||||
debhelper (>= 10~),
|
||||
quilt,
|
||||
xsltproc,
|
||||
docbook-xsl,
|
||||
docbook-xml,
|
||||
libxml2-utils,
|
||||
cdbs,
|
||||
libselinux1-dev [linux-any],
|
||||
libsemanage1-dev [linux-any],
|
||||
gnome-doc-utils,
|
||||
bison,
|
||||
libaudit-dev [linux-any]
|
||||
Standards-Version: 3.9.5
|
||||
Vcs-Browser: https://anonscm.debian.org/git/pkg-shadow/shadow.git
|
||||
Vcs-Git: https://anonscm.debian.org/git/pkg-shadow/shadow.git
|
||||
Homepage: https://github.com/shadow-maint/shadow
|
||||
|
||||
Package: passwd
|
||||
Architecture: any
|
||||
Multi-Arch: foreign
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-modules
|
||||
Replaces: manpages-tr (<< 1.0.5),
|
||||
manpages-zh (<< 1.5.1-1)
|
||||
Description: change and administer password and group data
|
||||
This package includes passwd, chsh, chfn, and many other programs to
|
||||
maintain password and group data.
|
||||
.
|
||||
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
|
||||
|
||||
Package: login
|
||||
Architecture: any
|
||||
Essential: yes
|
||||
Pre-Depends: ${shlibs:Depends},
|
||||
${misc:Depends},
|
||||
libpam-runtime,
|
||||
libpam-modules (>= 1.1.8-1)
|
||||
Breaks: coreutils (<< 8.21~) [hurd-any],
|
||||
passwd (<< 1:4.1.5.1-2~) [hurd-any],
|
||||
hurd (<< 20140206~) [hurd-any],
|
||||
util-linux (<< 2.32-0.2~)
|
||||
Conflicts: gnunet (<< 0.7.0c-2),
|
||||
amavisd-new (<< 2.3.3-8),
|
||||
python-4suite (<< 0.99cvs20060405-1),
|
||||
backupninja (<< 0.9.3-5),
|
||||
echolot (<< 2.1.8-4)
|
||||
Replaces: manpages-de (<< 0.5-3),
|
||||
manpages-tr (<< 1.0.5),
|
||||
manpages-zh (<< 1.5.1-1),
|
||||
passwd (<< 1:4.1.5.1-2~) [hurd-any],
|
||||
coreutils (<< 8.21~) [hurd-any],
|
||||
hurd (<< 20140206~) [hurd-any]
|
||||
Description: system login tools
|
||||
These tools are required to be able to login and use your system. The
|
||||
login program invokes your user shell and enables command execution. The
|
||||
newgrp program is used to change your effective group ID (useful for
|
||||
workgroup type situations). The su program allows changing your effective
|
||||
user ID (useful being able to execute commands as another user).
|
||||
|
||||
Package: uidmap
|
||||
Architecture: any
|
||||
Priority: optional
|
||||
Depends: ${shlibs:Depends},
|
||||
${misc:Depends}
|
||||
Description: programs to help use subuids
|
||||
These programs help unprivileged users to create uid and gid mappings in
|
||||
user namespaces.
|
||||
Vendored
-103
@@ -1,103 +0,0 @@
|
||||
This is Debian GNU/Linux's prepackaged version of the shadow utilities.
|
||||
|
||||
It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
|
||||
As of May 2007, this site is no longer available.
|
||||
|
||||
Copyright:
|
||||
|
||||
Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
|
||||
All rights reserved.
|
||||
|
||||
Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
||||
may be used to endorse or promote products derived from this software
|
||||
without specific prior written permission.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
This source code is currently archived on ftp.uu.net in the
|
||||
comp.sources.misc portion of the USENET archives. You may also contact
|
||||
the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
|
||||
any questions regarding this package.
|
||||
|
||||
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
|
||||
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
|
||||
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
|
||||
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
|
||||
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
|
||||
LOSS OF INFORMATION OR MACHINE RESOURCES.
|
||||
|
||||
Special thanks are due to Chip Rosenthal for his fine testing efforts;
|
||||
to Steve Simmons for his work in porting this code to BSD; and to Bill
|
||||
Kennedy for his contributions of LaserJet printer time and energies.
|
||||
Also, thanks for Dennis L. Mumaugh for the initial shadow password
|
||||
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
|
||||
V Release 4 changes. Effort in porting to SunOS has been contributed
|
||||
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
|
||||
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
|
||||
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
|
||||
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
|
||||
for taking over the Linux port of this software.
|
||||
|
||||
Source files: login_access.c, login_desrpc.c, login_krb.c are derived
|
||||
from the logdaemon-5.0 package, which is under the following license:
|
||||
|
||||
/************************************************************************
|
||||
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
|
||||
* may be covered by other copyrights (as noted in the file itself.)
|
||||
*
|
||||
* This material was originally written and compiled by Wietse Venema at
|
||||
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
|
||||
* 1992, 1993, 1994 and 1995.
|
||||
*
|
||||
* Redistribution and use in source and binary forms are permitted
|
||||
* provided that this entire copyright notice is duplicated in all such
|
||||
* copies.
|
||||
*
|
||||
* This software is provided "as is" and without any expressed or implied
|
||||
* warranties, including, without limitation, the implied warranties of
|
||||
* merchantibility and fitness for any particular purpose.
|
||||
************************************************************************/
|
||||
|
||||
Some parts substantially in src/su.c derived from an ancestor of
|
||||
su for GNU. Run a shell with substitute user and group IDs.
|
||||
Copyright (C) 1992-2003 Free Software Foundation, Inc.
|
||||
|
||||
This program is free software; you can redistribute it and/or modify
|
||||
it under the terms of the GNU General Public License as published by
|
||||
the Free Software Foundation; either version 2, or (at your option)
|
||||
any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU General Public License for more details.
|
||||
|
||||
On Debian GNU/Linux systems, the complete text of the GNU General Public
|
||||
License can be found in '/usr/share/common-licenses/GPL-2'
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
.so man8/cppw.8
|
||||
Vendored
-27
@@ -1,27 +0,0 @@
|
||||
.TH CPPW 8 "7 Apr 2005"
|
||||
.SH NAME
|
||||
cppw, cpgr \- copy with locking the given file to the password or group file
|
||||
.SH SYNOPSIS
|
||||
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
|
||||
.br
|
||||
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
|
||||
|
||||
.SH DESCRIPTION
|
||||
.BR cppw " and " cpgr
|
||||
will copy, with locking, the given file to
|
||||
.IR /etc/passwd " and " /etc/group ", respectively."
|
||||
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
|
||||
.IR /etc/shadow " and " /etc/gshadow ", respectively."
|
||||
|
||||
With the \fB\-h\fR flag, the commands display a short help message and exit
|
||||
silently.
|
||||
.SH "SEE ALSO"
|
||||
.BR vipw (8),
|
||||
.BR vigr (8),
|
||||
.BR group (5),
|
||||
.BR passwd (5),
|
||||
.BR shadow (5),
|
||||
.BR gshadow (5)
|
||||
.SH AUTHOR
|
||||
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
|
||||
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
|
||||
Vendored
-94
@@ -1,94 +0,0 @@
|
||||
Build-Depends:
|
||||
==============
|
||||
* autoconf
|
||||
* automake1.9
|
||||
works with 1.7 or 1.9 (at least)
|
||||
* libtool
|
||||
* gettext
|
||||
POT, PO, GMO regenerated?
|
||||
* libpam0g-dev
|
||||
OK
|
||||
* debhelper (>= 4.1.16)
|
||||
* po-debconf
|
||||
OK
|
||||
* quilt
|
||||
patch system
|
||||
* dpkg-dev (>= 1.13.5)
|
||||
* xsltproc
|
||||
used to generate the manpages
|
||||
* docbook-xsl
|
||||
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
|
||||
* docbook-xml
|
||||
manpages/docbook.xsl includes html/docbook.xsl
|
||||
(But it is not strictly needed. The generated manpages are identical.
|
||||
Without it, a warning is generated.)
|
||||
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
|
||||
* libxml2-utils
|
||||
needed by the JH_CHECK_XML_CATALOG macros
|
||||
* cdbs
|
||||
used in debian/rules
|
||||
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
|
||||
* gnome-doc-utils (>= 0.4.3-1)
|
||||
xml2po, 0.4.3-1 needed for the -l switch.
|
||||
|
||||
passwd Depends:
|
||||
===============
|
||||
* ${shlibs:Depends}
|
||||
OK
|
||||
* ${loginpam}
|
||||
- hurd
|
||||
login
|
||||
libpam-modules (>= 0.72-5)
|
||||
- other archs
|
||||
+ login (>= 970502-1)
|
||||
login is needed because some passwd utils need /etc/login.defs
|
||||
login is Essential, so this is just to enforce the version
|
||||
+ libpam-modules (>= 0.72-5)
|
||||
* debianutils (>= 2.15.2)
|
||||
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
|
||||
/etc/shell was forgotten and introduced in debianutils in 2.15.2
|
||||
|
||||
passwd Conflicts:
|
||||
=================
|
||||
|
||||
passwd Replaces:
|
||||
================
|
||||
Some of the passwd man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
|
||||
All those packages have been updated during sarge->etch. So these Replaces
|
||||
should be removed after lenny release
|
||||
* manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
login Pre-Depends:
|
||||
==================
|
||||
* ${shlibs:Depends}
|
||||
* libpam-runtime (>= 0.76-14)
|
||||
sarge contained 0.76-22
|
||||
|
||||
Why Pre-Depends? (because it's an essential package?)
|
||||
|
||||
login Depends:
|
||||
==============
|
||||
* libpam-modules (>= 0.72-5)
|
||||
libpam-modules is needed.
|
||||
potato contained 0.72-9
|
||||
|
||||
login Conflicts:
|
||||
================
|
||||
|
||||
login Replaces:
|
||||
===============
|
||||
* Some of the login man pages are also distributed in some manpages* packages.
|
||||
Look at the debian/02/run test to optimize these dependencies.
|
||||
NOTE: Not all maintainers have been notified.
|
||||
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
|
||||
Those are packages that have been updated during sarge->etch. These
|
||||
Replaces should be removed after lenny
|
||||
- manpages-tr, manpages-zh
|
||||
Those packages are still in etch, so the Replaces should be kept even
|
||||
after lenny release
|
||||
|
||||
Vendored
-340
@@ -1,340 +0,0 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the login package.
|
||||
#
|
||||
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
|
||||
# If unspecified, some arbitrary (and possibly incorrect) value will
|
||||
# be assumed. All other items are optional - if not specified then
|
||||
# the described action or option will be inhibited.
|
||||
#
|
||||
# Comment lines (lines beginning with "#") and blank lines are ignored.
|
||||
#
|
||||
# Modified for Linux. --marekm
|
||||
|
||||
# REQUIRED for useradd/userdel/usermod
|
||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
|
||||
# MAIL_DIR takes precedence.
|
||||
#
|
||||
# Essentially:
|
||||
# - MAIL_DIR defines the location of users mail spool files
|
||||
# (for mbox use) by appending the username to MAIL_DIR as defined
|
||||
# below.
|
||||
# - MAIL_FILE defines the location of the users mail spool files as the
|
||||
# fully-qualified filename obtained by prepending the user home
|
||||
# directory before $MAIL_FILE
|
||||
#
|
||||
# NOTE: This is no more used for setting up users MAIL environment variable
|
||||
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
|
||||
# job of the pam_mail PAM modules
|
||||
# See default PAM configuration files provided for
|
||||
# login, su, etc.
|
||||
#
|
||||
# This is a temporary situation: setting these variables will soon
|
||||
# move to /etc/default/useradd and the variables will then be
|
||||
# no more supported
|
||||
MAIL_DIR /var/mail
|
||||
#MAIL_FILE .mail
|
||||
|
||||
#
|
||||
# Enable logging and display of /var/log/faillog login failure info.
|
||||
# This option conflicts with the pam_tally PAM module.
|
||||
#
|
||||
FAILLOG_ENAB yes
|
||||
|
||||
#
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
#
|
||||
# WARNING: Unknown usernames may become world readable.
|
||||
# See #290803 and #298773 for details about how this could become a security
|
||||
# concern
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
# Enable logging of successful logins
|
||||
#
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
# If defined, all su activity is logged to this file.
|
||||
#
|
||||
#SULOG_FILE /var/log/sulog
|
||||
|
||||
#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
# If defined, login failures will be logged here in a utmp format
|
||||
# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
#
|
||||
FTMP_FILE /var/log/btmp
|
||||
|
||||
#
|
||||
# If defined, the command name to display when running "su -". For
|
||||
# example, if this is defined as "su" then a "ps" will display the
|
||||
# command is "-su". If not defined, then "ps" would display the
|
||||
# name of the shell actually being run, e.g. something like "-sh".
|
||||
#
|
||||
SU_NAME su
|
||||
|
||||
#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
#
|
||||
# TTYGROUP Login tty will be assigned this group ownership.
|
||||
# TTYPERM Login tty will be set to this permission.
|
||||
#
|
||||
# If you have a "write" program which is "setgid" to a special group
|
||||
# which owns the terminals, define TTYGROUP to the group number and
|
||||
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
|
||||
# TTYPERM to either 622 or 600.
|
||||
#
|
||||
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
|
||||
# However, the default and recommended value for TTYPERM is still 0600
|
||||
# to not allow anyone to write to anyone else console or terminal
|
||||
|
||||
# Users can still allow other people to write them by issuing
|
||||
# the "mesg y" command.
|
||||
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
#
|
||||
# Login configuration initializations:
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
# UMASK Default "umask" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
#
|
||||
# UMASK is the default umask value for pam_umask and is used by
|
||||
# useradd and newusers to set the mode of the new home directories.
|
||||
# 022 is the "historical" value in Debian for UMASK
|
||||
# 027, or even 077, could be considered better for privacy
|
||||
# There is no One True Answer here : each sysadmin must make up his/her
|
||||
# mind.
|
||||
#
|
||||
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
|
||||
# for private user groups, i. e. the uid is the same as gid, and username is
|
||||
# the same as the primary group name: for these, the user permissions will be
|
||||
# used as group permissions, e. g. 022 will become 002.
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
UMASK 022
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_UID_MIN 100
|
||||
#SYS_UID_MAX 999
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
#SYS_GID_MIN 100
|
||||
#SYS_GID_MAX 999
|
||||
|
||||
#
|
||||
# Max number of login retries if password is bad. This will most likely be
|
||||
# overriden by PAM, since the default pam_unix module has it's own built
|
||||
# in of 3 retries. However, this is a safe fallback in case you are using
|
||||
# an authentication module that does not enforce PAM_MAXTRIES.
|
||||
#
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
# Max time in seconds for login
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
||||
#
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default in no.
|
||||
#
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
# If set to yes, userdel will remove the user's group if it contains no
|
||||
# more members, and useradd will create by default a group with the name
|
||||
# of the user.
|
||||
#
|
||||
# Other former uses of this variable such as setting the umask when
|
||||
# user==primary group are not used in PAM environments, such as Debian
|
||||
#
|
||||
USERGROUPS_ENAB yes
|
||||
|
||||
#
|
||||
# Instead of the real user shell, the program specified by this parameter
|
||||
# will be launched, although its visible name (argv[0]) will be the shell's.
|
||||
# The program may do whatever it wants (logging, additional authentification,
|
||||
# banner, ...) before running the actual shell.
|
||||
#
|
||||
# FAKE_SHELL /bin/fakeshell
|
||||
|
||||
#
|
||||
# If defined, either full pathname of a file containing device names or
|
||||
# a ":" delimited list of device names. Root logins will be allowed only
|
||||
# upon these devices.
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE /etc/consoles
|
||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
||||
|
||||
#
|
||||
# List of groups to add to the user's supplementary group set
|
||||
# when logging in on the console (as determined by the CONSOLE
|
||||
# setting). Default is none.
|
||||
#
|
||||
# Use with caution - it is possible for users to gain permanent
|
||||
# access to these groups, even when not logged in on the console.
|
||||
# How to do it is left as an exercise for the reader...
|
||||
#
|
||||
# This variable is used by login and su.
|
||||
#
|
||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
|
||||
#
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
||||
# which don't understand the new algorithm. Default is "no".
|
||||
#
|
||||
# This variable is deprecated. You should use ENCRYPT_METHOD.
|
||||
#
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
# If set to MD5 , MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
||||
# Overrides the MD5_CRYPT_ENAB option
|
||||
#
|
||||
# Note: It is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
ENCRYPT_METHOD SHA512
|
||||
|
||||
#
|
||||
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
#
|
||||
# Define the number of SHA rounds.
|
||||
# With a lot of rounds, it is more difficult to brute forcing the password.
|
||||
# But note also that it more CPU resources will be needed to authenticate
|
||||
# users.
|
||||
#
|
||||
# If not specified, the libc will choose the default number of rounds (5000).
|
||||
# The values must be inside the 1000-999999999 range.
|
||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
# If MIN > MAX, the highest value will be used.
|
||||
#
|
||||
# SHA_CRYPT_MIN_ROUNDS 5000
|
||||
# SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
################# OBSOLETED BY PAM ##############
|
||||
# #
|
||||
# These options are now handled by PAM. Please #
|
||||
# edit the appropriate file in /etc/pam.d/ to #
|
||||
# enable the equivelants of them.
|
||||
#
|
||||
###############
|
||||
|
||||
#MOTD_FILE
|
||||
#DIALUPS_CHECK_ENAB
|
||||
#LASTLOG_ENAB
|
||||
#MAIL_CHECK_ENAB
|
||||
#OBSCURE_CHECKS_ENAB
|
||||
#PORTTIME_CHECKS_ENAB
|
||||
#SU_WHEEL_ONLY
|
||||
#CRACKLIB_DICTPATH
|
||||
#PASS_CHANGE_TRIES
|
||||
#PASS_ALWAYS_WARN
|
||||
#ENVIRON_FILE
|
||||
#NOLOGINS_FILE
|
||||
#ISSUE_FILE
|
||||
#PASS_MIN_LEN
|
||||
#PASS_MAX_LEN
|
||||
#ULIMIT
|
||||
#ENV_HZ
|
||||
#CHFN_AUTH
|
||||
#CHSH_AUTH
|
||||
#FAIL_DELAY
|
||||
|
||||
################# OBSOLETED #######################
|
||||
# #
|
||||
# These options are no more handled by shadow. #
|
||||
# #
|
||||
# Shadow utilities will display a warning if they #
|
||||
# still appear. #
|
||||
# #
|
||||
###################################################
|
||||
|
||||
# CLOSE_SESSIONS
|
||||
# LOGIN_STRING
|
||||
# NO_PASSWORD_CONSOLE
|
||||
# QMAIL_DIR
|
||||
|
||||
|
||||
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
Vendored
-22
@@ -1,22 +0,0 @@
|
||||
usr/share/locale/*/LC_MESSAGES/shadow.mo
|
||||
usr/share/man/*/man1/login.1
|
||||
usr/share/man/*/man1/newgrp.1
|
||||
usr/share/man/*/man1/sg.1
|
||||
usr/share/man/*/man5/faillog.5
|
||||
usr/share/man/*/man5/login.defs.5
|
||||
usr/share/man/*/man8/faillog.8
|
||||
usr/share/man/*/man8/lastlog.8
|
||||
usr/share/man/*/man8/nologin.8
|
||||
usr/share/man/man1/login.1
|
||||
usr/share/man/man1/newgrp.1
|
||||
usr/share/man/man1/sg.1
|
||||
usr/share/man/man5/faillog.5
|
||||
usr/share/man/man5/login.defs.5
|
||||
usr/share/man/man8/faillog.8
|
||||
usr/share/man/man8/lastlog.8
|
||||
usr/share/man/man8/nologin.8
|
||||
usr/sbin/nologin
|
||||
usr/bin/faillog
|
||||
usr/bin/lastlog
|
||||
usr/bin/newgrp
|
||||
bin/login
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
usr/bin/newgrp usr/bin/sg
|
||||
Vendored
-3
@@ -1,3 +0,0 @@
|
||||
login: setuid-binary usr/bin/newgrp 4755 root/root
|
||||
login: setuid-binary bin/su 4755 root/root
|
||||
login: possible-missing-colon-in-closes l667:closes bug 336321
|
||||
Vendored
-116
@@ -1,116 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `login' service
|
||||
#
|
||||
|
||||
# Enforce a minimal delay in case of failure (in microseconds).
|
||||
# (Replaces the `FAIL_DELAY' setting from login.defs)
|
||||
# Note that other modules may require another minimal delay. (for example,
|
||||
# to disable any delay, you should add the nodelay option to pam_unix)
|
||||
auth optional pam_faildelay.so delay=3000000
|
||||
|
||||
# Outputs an issue file prior to each login prompt (Replaces the
|
||||
# ISSUE_FILE option from login.defs). Uncomment for use
|
||||
# auth required pam_issue.so issue=/etc/issue
|
||||
|
||||
# Disallows root logins except on tty's listed in /etc/securetty
|
||||
# (Replaces the `CONSOLE' setting from login.defs)
|
||||
#
|
||||
# With the default control of this module:
|
||||
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
|
||||
# root will not be prompted for a password on insecure lines.
|
||||
# if an invalid username is entered, a password is prompted (but login
|
||||
# will eventually be rejected)
|
||||
#
|
||||
# You can change it to a "requisite" module if you think root may mis-type
|
||||
# her login and should not be prompted for a password in that case. But
|
||||
# this will leave the system as vulnerable to user enumeration attacks.
|
||||
#
|
||||
# You can change it to a "required" module if you think it permits to
|
||||
# guess valid user names of your system (invalid user names are considered
|
||||
# as possibly being root on insecure lines), but root passwords may be
|
||||
# communicated over insecure lines.
|
||||
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
|
||||
|
||||
# Disallows other than root logins when /etc/nologin exists
|
||||
# (Replaces the `NOLOGINS_FILE' option from login.defs)
|
||||
auth requisite pam_nologin.so
|
||||
|
||||
# SELinux needs to be the first session rule. This ensures that any
|
||||
# lingering context has been cleared. Without this it is possible
|
||||
# that a module could execute code in the wrong domain.
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
||||
|
||||
# Sets the loginuid process attribute
|
||||
session required pam_loginuid.so
|
||||
|
||||
# SELinux needs to intervene at login time to ensure that the process
|
||||
# starts in the proper default security context. Only sessions which are
|
||||
# intended to run in the user's context should be run after this.
|
||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
||||
# When the module is present, "required" would be sufficient (When SELinux
|
||||
# is disabled, this returns success.)
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Standard Un*x authentication.
|
||||
@include common-auth
|
||||
|
||||
# This allows certain extra groups to be granted to a user
|
||||
# based on things like time of day, tty, service, and user.
|
||||
# Please edit /etc/security/group.conf to fit your needs
|
||||
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
|
||||
auth optional pam_group.so
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restraint on logins.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# Uncomment and edit /etc/security/access.conf if you need to
|
||||
# set access limits.
|
||||
# (Replaces /etc/login.access file)
|
||||
# account required pam_access.so
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# Prints the last login info upon successful login
|
||||
# (Replaces the `LASTLOG_ENAB' option from login.defs)
|
||||
session optional pam_lastlog.so
|
||||
|
||||
# Prints the message of the day upon successful login.
|
||||
# (Replaces the `MOTD_FILE' option in login.defs)
|
||||
# This includes a dynamically generated part from /run/motd.dynamic
|
||||
# and a static (admin-editable) part from /etc/motd.
|
||||
session optional pam_motd.so motd=/run/motd.dynamic
|
||||
session optional pam_motd.so noupdate
|
||||
|
||||
# Prints the status of the user's mailbox upon successful login
|
||||
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
|
||||
#
|
||||
# This also defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
session optional pam_mail.so standard
|
||||
|
||||
# Create a new session keyring.
|
||||
session optional pam_keyinit.so force revoke
|
||||
|
||||
# Standard Un*x account and session
|
||||
@include common-account
|
||||
@include common-session
|
||||
@include common-password
|
||||
Vendored
-56
@@ -1,56 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
if test "$1" = configure
|
||||
then
|
||||
if test -f /etc/init.d/logoutd
|
||||
then
|
||||
if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd"
|
||||
then
|
||||
echo "removing logoutd cruft"
|
||||
rm /etc/init.d/logoutd
|
||||
update-rc.d logoutd remove
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
|
||||
|
||||
if [ "$1" = "configure" ]; then
|
||||
# Install faillog during initial installs only
|
||||
if [ "$2" = "" ] && [ ! -f /var/log/faillog ] ; then
|
||||
touch /var/log/faillog
|
||||
chown root:root /var/log/faillog
|
||||
chmod 644 /var/log/faillog
|
||||
fi
|
||||
|
||||
# Create subuid/subgid if missing
|
||||
if [ ! -e /etc/subuid ]; then
|
||||
touch /etc/subuid
|
||||
chown root:root /etc/subuid
|
||||
chmod 644 /etc/subuid
|
||||
fi
|
||||
|
||||
if [ ! -e /etc/subgid ]; then
|
||||
touch /etc/subgid
|
||||
chown root:root /etc/subgid
|
||||
chmod 644 /etc/subgid
|
||||
fi
|
||||
fi
|
||||
|
||||
# Create subuid/subgid if missing
|
||||
if [ ! -e /etc/subuid ]; then
|
||||
touch /etc/subuid
|
||||
chown root:root /etc/subuid
|
||||
chmod 644 /etc/subuid
|
||||
fi
|
||||
|
||||
if [ ! -e /etc/subgid ]; then
|
||||
touch /etc/subgid
|
||||
chown root:root /etc/subgid
|
||||
chmod 644 /etc/subgid
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-52
@@ -1,52 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
#
|
||||
# see: dh_installdeb(1)
|
||||
|
||||
set -e
|
||||
|
||||
# summary of how this script can be called:
|
||||
# * <new-preinst> `install'
|
||||
# * <new-preinst> `install' <old-version>
|
||||
# * <new-preinst> `upgrade' <old-version>
|
||||
# * <old-preinst> `abort-upgrade' <new-version>
|
||||
#
|
||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||
# the debian-policy package
|
||||
|
||||
remove_md5() {
|
||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
||||
cp $1 $1.pre-upgrade
|
||||
sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
||||
&& mv $1.post-upgrade $1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
install|upgrade)
|
||||
if [ "x$2" != "x" ] ; then
|
||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
||||
remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
|
||||
fi
|
||||
fi
|
||||
|
||||
;;
|
||||
|
||||
abort-upgrade)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "preinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
Vendored
-61
@@ -1,61 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `su' service
|
||||
#
|
||||
|
||||
# This allows root to su without passwords (normal operation)
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# Uncomment this to force users to be a member of group root
|
||||
# before they can use `su'. You can also add "group=foo"
|
||||
# to the end of this line if you want to use a group other
|
||||
# than the default "root" (but this may have side effect of
|
||||
# denying "root" user, unless she's a member of "foo" or explicitly
|
||||
# permitted earlier by e.g. "sufficient pam_rootok.so").
|
||||
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
|
||||
# auth required pam_wheel.so
|
||||
|
||||
# Uncomment this if you want wheel members to be able to
|
||||
# su without a password.
|
||||
# auth sufficient pam_wheel.so trust
|
||||
|
||||
# Uncomment this if you want members of a specific group to not
|
||||
# be allowed to use su at all.
|
||||
# auth required pam_wheel.so deny group=nosu
|
||||
|
||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
||||
# time restrainst on su usage.
|
||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
||||
# as well as /etc/porttime)
|
||||
# account requisite pam_time.so
|
||||
|
||||
# This module parses environment configuration file(s)
|
||||
# and also allows you to use an extended config
|
||||
# file /etc/security/pam_env.conf.
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
# Defines the MAIL environment variable
|
||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
||||
# in /etc/login.defs to make sure that removing a user
|
||||
# also removes the user's mail spool file.
|
||||
# See comments in /etc/login.defs
|
||||
#
|
||||
# "nopen" stands to avoid reporting new mail when su'ing to another user
|
||||
session optional pam_mail.so nopen
|
||||
|
||||
# Sets up user limits according to /etc/security/limits.conf
|
||||
# (Replaces the use of /etc/limits in old login)
|
||||
session required pam_limits.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chage' service
|
||||
#
|
||||
|
||||
# This allows root to change password aging being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-16
@@ -1,16 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chfn' service
|
||||
#
|
||||
|
||||
# This allows root to change user infomation without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'chpasswd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-20
@@ -1,20 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `chsh' service
|
||||
#
|
||||
|
||||
# This will not allow a user to change their shell unless
|
||||
# their current one is listed in /etc/shells. This keeps
|
||||
# accounts with special shells from changing them.
|
||||
auth required pam_shells.so
|
||||
|
||||
# This allows root to change user shell without being
|
||||
# prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# The standard Unix authentication modules, used with
|
||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
||||
# /etc/shadow entries.
|
||||
@include common-auth
|
||||
@include common-account
|
||||
@include common-session
|
||||
|
||||
Vendored
-9
@@ -1,9 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
cd /var/backups || exit 0
|
||||
|
||||
for FILE in passwd group shadow gshadow; do
|
||||
test -f /etc/$FILE || continue
|
||||
cmp -s $FILE.bak /etc/$FILE && continue
|
||||
cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
|
||||
done
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/share/lintian/overrides
|
||||
etc/default
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
debian/passwd.expire.cron
|
||||
Vendored
-57
@@ -1,57 +0,0 @@
|
||||
#!/usr/bin/perl
|
||||
#
|
||||
# passwd.expire.cron: sample expiry notification script for use as a cronjob
|
||||
#
|
||||
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
|
||||
# for use, distribution, modification, etc.
|
||||
#
|
||||
# Usage:
|
||||
# edit the listed options, including the actual email, then rename to
|
||||
# /etc/cron.daily/passwd
|
||||
#
|
||||
# If your users don't have a valid login shell (ie. they are ftp or mail
|
||||
# users only), they will need some other way to change their password
|
||||
# (telnet will work since login will handle password aging, or a poppasswd
|
||||
# program, if they are mail users).
|
||||
|
||||
# <CONFIG> #
|
||||
|
||||
# should be same as /etc/adduser.conf
|
||||
$LOW_UID=1000;
|
||||
$HIGH_UID=29999;
|
||||
|
||||
# this let's the MTA handle the domain,
|
||||
# set it manually if you want. Make sure
|
||||
# you also add the @ like "\@domain.com"
|
||||
$MAIL_DOM="";
|
||||
|
||||
# </CONFIG> #
|
||||
|
||||
# Set the current day reference
|
||||
$curdays = int(time() / (60 * 60 * 24));
|
||||
|
||||
# Now go through the list
|
||||
|
||||
open(SH, "< /etc/shadow");
|
||||
while (<SH>) {
|
||||
@shent = split(':', $_);
|
||||
@userent = getpwnam($shent[0]);
|
||||
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
|
||||
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
|
||||
$shent[4] != -1 && $shent[4] != 0 &&
|
||||
$shent[5] != -1 && $shent[5] != 0) {
|
||||
$daysleft = ($shent[2] + $shent[4]) - $curdays;
|
||||
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
|
||||
if ($daysleft < 0) { next; }
|
||||
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
|
||||
print MAIL <<EOF;
|
||||
Your account will expire in $daysleft $days. Please change your password before
|
||||
then or your account will expire
|
||||
EOF
|
||||
close (MAIL);
|
||||
# This makes sure we also get a list of almost expired users
|
||||
print "$shent[0]'s account will expire in $daysleft days\n";
|
||||
}
|
||||
}
|
||||
@userent = getpwent();
|
||||
}
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupadd' service
|
||||
#
|
||||
|
||||
# This allows root to add groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupmod' service
|
||||
#
|
||||
|
||||
# This allows root to modify groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-80
@@ -1,80 +0,0 @@
|
||||
usr/bin/chage
|
||||
usr/bin/chfn
|
||||
usr/bin/chsh
|
||||
usr/bin/expiry
|
||||
usr/bin/gpasswd
|
||||
usr/bin/passwd
|
||||
usr/sbin/chpasswd
|
||||
usr/sbin/chgpasswd
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/groupmems
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
usr/sbin/grpunconv
|
||||
usr/sbin/newusers
|
||||
usr/sbin/pwck
|
||||
usr/sbin/pwconv
|
||||
usr/sbin/pwunconv
|
||||
usr/sbin/useradd
|
||||
usr/sbin/userdel
|
||||
usr/sbin/usermod
|
||||
usr/sbin/vipw
|
||||
usr/share/man/*/man1/chage.1
|
||||
usr/share/man/*/man1/chfn.1
|
||||
usr/share/man/*/man1/chsh.1
|
||||
usr/share/man/*/man1/expiry.1
|
||||
usr/share/man/*/man1/gpasswd.1
|
||||
usr/share/man/*/man1/passwd.1
|
||||
usr/share/man/*/man5/passwd.5
|
||||
usr/share/man/*/man5/shadow.5
|
||||
usr/share/man/*/man5/gshadow.5
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
usr/share/man/*/man8/grpunconv.8
|
||||
usr/share/man/*/man8/newusers.8
|
||||
usr/share/man/*/man8/pwck.8
|
||||
usr/share/man/*/man8/pwconv.8
|
||||
usr/share/man/*/man8/pwunconv.8
|
||||
usr/share/man/*/man8/useradd.8
|
||||
usr/share/man/*/man8/userdel.8
|
||||
usr/share/man/*/man8/usermod.8
|
||||
usr/share/man/*/man8/vigr.8
|
||||
usr/share/man/*/man8/vipw.8
|
||||
usr/share/man/man1/chage.1
|
||||
usr/share/man/man1/chfn.1
|
||||
usr/share/man/man1/chsh.1
|
||||
usr/share/man/man1/expiry.1
|
||||
usr/share/man/man1/gpasswd.1
|
||||
usr/share/man/man1/passwd.1
|
||||
usr/share/man/man5/passwd.5
|
||||
usr/share/man/man5/shadow.5
|
||||
usr/share/man/man5/gshadow.5
|
||||
usr/share/man/man5/subuid.5
|
||||
usr/share/man/man5/subgid.5
|
||||
usr/share/man/man5/subgid.5
|
||||
usr/share/man/man5/subuid.5
|
||||
usr/share/man/man8/chgpasswd.8
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
usr/share/man/man8/grpunconv.8
|
||||
usr/share/man/man8/newusers.8
|
||||
usr/share/man/man8/pwck.8
|
||||
usr/share/man/man8/pwconv.8
|
||||
usr/share/man/man8/pwunconv.8
|
||||
usr/share/man/man8/useradd.8
|
||||
usr/share/man/man8/userdel.8
|
||||
usr/share/man/man8/usermod.8
|
||||
usr/share/man/man8/vigr.8
|
||||
usr/share/man/man8/vipw.8
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
usr/sbin/vipw usr/sbin/vigr
|
||||
usr/sbin/cppw usr/sbin/cpgr
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
passwd: setgid-binary usr/bin/chage 2755 root/shadow
|
||||
passwd: setuid-binary usr/bin/chfn 4755 root/root
|
||||
passwd: setuid-binary usr/bin/chsh 4755 root/root
|
||||
passwd: setgid-binary usr/bin/expiry 2755 root/shadow
|
||||
passwd: setuid-binary usr/bin/gpasswd 4755 root/root
|
||||
passwd: setuid-binary usr/bin/passwd 4755 root/root
|
||||
Vendored
-5
@@ -1,5 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'newusers' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-6
@@ -1,6 +0,0 @@
|
||||
#
|
||||
# The PAM configuration file for the Shadow `passwd' service
|
||||
#
|
||||
|
||||
@include common-password
|
||||
|
||||
Vendored
-44
@@ -1,44 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
# Fix permissions on various log files from old versions of the debian
|
||||
# installer, some unrelated to passwd but we decided to put the fix
|
||||
# here since there was no better place. This can safely be removed
|
||||
# after etch is released.
|
||||
if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
|
||||
for log in /var/log/base-config* \
|
||||
$(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
|
||||
if [ -e "$log" ]; then
|
||||
chmod 600 "$log"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
|
||||
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
|
||||
then
|
||||
groupadd -g 42 shadow || (
|
||||
cat <<EOF
|
||||
Group ID 42 has been allocated for the shadow group. You have either
|
||||
used 42 yourself or created a shadow group with a different ID.
|
||||
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
|
||||
Note that both user and group IDs in the range 0-99 are globally
|
||||
allocated by the Debian project and must be the same on every Debian
|
||||
system.
|
||||
EOF
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
# Run shadowconfig only on new installs
|
||||
[ -z "$2" ] && shadowconfig on
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
Vendored
-51
@@ -1,51 +0,0 @@
|
||||
#! /bin/sh
|
||||
|
||||
#
|
||||
# see: dh_installdeb(1)
|
||||
|
||||
set -e
|
||||
|
||||
# summary of how this script can be called:
|
||||
# * <new-preinst> `install'
|
||||
# * <new-preinst> `install' <old-version>
|
||||
# * <new-preinst> `upgrade' <old-version>
|
||||
# * <old-preinst> `abort-upgrade' <new-version>
|
||||
#
|
||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
||||
# the debian-policy package
|
||||
|
||||
remove_md5() {
|
||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
||||
cp $1 $1.pre-upgrade
|
||||
sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
||||
&& mv $1.post-upgrade $1
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
install|upgrade)
|
||||
if [ "x$2" != "x" ] ; then
|
||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
||||
remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
|
||||
fi
|
||||
fi
|
||||
;;
|
||||
|
||||
abort-upgrade)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "preinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# If a password operation is in progress and we lose power, stale lockfiles
|
||||
# can be left behind. Clear them on boot.
|
||||
r! /etc/gshadow.lock
|
||||
r! /etc/shadow.lock
|
||||
r! /etc/passwd.lock
|
||||
r! /etc/group.lock
|
||||
r! /etc/subuid.lock
|
||||
r! /etc/subgid.lock
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'useradd' service
|
||||
#
|
||||
|
||||
# This allows root to add users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'userdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove users without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
Vendored
-8
@@ -1,8 +0,0 @@
|
||||
# The PAM configuration file for the Shadow 'groupdel' service
|
||||
#
|
||||
|
||||
# This allows root to remove groups without being prompted for a password
|
||||
auth sufficient pam_rootok.so
|
||||
|
||||
# checks for account validity
|
||||
account required pam_permit.so
|
||||
-183
@@ -1,183 +0,0 @@
|
||||
From 11fc74ffc7172c587bbd2a6399defbd53eab97c6 Mon Sep 17 00:00:00 2001
|
||||
From: Aleksa Sarai <asarai@suse.de>
|
||||
Date: Thu, 15 Feb 2018 23:49:40 +1100
|
||||
Subject: newgidmap: enforce setgroups=deny if self-mapping a group
|
||||
|
||||
This is necessary to match the kernel-side policy of "self-mapping in a
|
||||
user namespace is fine, but you cannot drop groups" -- a policy that was
|
||||
created in order to stop user namespaces from allowing trivial privilege
|
||||
escalation by dropping supplementary groups that were "blacklisted" from
|
||||
certain paths.
|
||||
|
||||
This is the simplest fix for the underlying issue, and effectively makes
|
||||
it so that unless a user has a valid mapping set in /etc/subgid (which
|
||||
only administrators can modify) -- and they are currently trying to use
|
||||
that mapping -- then /proc/$pid/setgroups will be set to deny. This
|
||||
workaround is only partial, because ideally it should be possible to set
|
||||
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
|
||||
administrators to further restrict newgidmap(1).
|
||||
|
||||
We also don't write anything in the "allow" case because "allow" is the
|
||||
default, and users may have already written "deny" even if they
|
||||
technically are allowed to use setgroups. And we don't write anything if
|
||||
the setgroups policy is already "deny".
|
||||
|
||||
Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
|
||||
Fixes: CVE-2018-7169
|
||||
Reported-by: Craig Furman <craig.furman89@gmail.com>
|
||||
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
||||
---
|
||||
src/newgidmap.c | 89 ++++++++++++++++++++++++++++++++++++++++++++-----
|
||||
1 file changed, 80 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/newgidmap.c b/src/newgidmap.c
|
||||
index b1e33513..59a2e75c 100644
|
||||
--- a/src/newgidmap.c
|
||||
+++ b/src/newgidmap.c
|
||||
@@ -46,32 +46,37 @@
|
||||
*/
|
||||
const char *Prog;
|
||||
|
||||
-static bool verify_range(struct passwd *pw, struct map_range *range)
|
||||
+
|
||||
+static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups)
|
||||
{
|
||||
/* An empty range is invalid */
|
||||
if (range->count == 0)
|
||||
return false;
|
||||
|
||||
- /* Test /etc/subgid */
|
||||
- if (have_sub_gids(pw->pw_name, range->lower, range->count))
|
||||
+ /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */
|
||||
+ if (have_sub_gids(pw->pw_name, range->lower, range->count)) {
|
||||
+ *allow_setgroups = true;
|
||||
return true;
|
||||
+ }
|
||||
|
||||
- /* Allow a process to map its own gid */
|
||||
- if ((range->count == 1) && (pw->pw_gid == range->lower))
|
||||
+ /* Allow a process to map its own gid. */
|
||||
+ if ((range->count == 1) && (pw->pw_gid == range->lower)) {
|
||||
+ /* noop -- if setgroups is enabled already we won't disable it. */
|
||||
return true;
|
||||
+ }
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
static void verify_ranges(struct passwd *pw, int ranges,
|
||||
- struct map_range *mappings)
|
||||
+ struct map_range *mappings, bool *allow_setgroups)
|
||||
{
|
||||
struct map_range *mapping;
|
||||
int idx;
|
||||
|
||||
mapping = mappings;
|
||||
for (idx = 0; idx < ranges; idx++, mapping++) {
|
||||
- if (!verify_range(pw, mapping)) {
|
||||
+ if (!verify_range(pw, mapping, allow_setgroups)) {
|
||||
fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"),
|
||||
Prog,
|
||||
mapping->upper,
|
||||
@@ -89,6 +94,70 @@ static void usage(void)
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
+void write_setgroups(int proc_dir_fd, bool allow_setgroups)
|
||||
+{
|
||||
+ int setgroups_fd;
|
||||
+ char *policy, policy_buffer[4096];
|
||||
+
|
||||
+ /*
|
||||
+ * Default is "deny", and any "allow" will out-rank a "deny". We don't
|
||||
+ * forcefully write an "allow" here because the process we are writing
|
||||
+ * mappings for may have already set themselves to "deny" (and "allow"
|
||||
+ * is the default anyway). So allow_setgroups == true is a noop.
|
||||
+ */
|
||||
+ policy = "deny\n";
|
||||
+ if (allow_setgroups)
|
||||
+ return;
|
||||
+
|
||||
+ setgroups_fd = openat(proc_dir_fd, "setgroups", O_RDWR|O_CLOEXEC);
|
||||
+ if (setgroups_fd < 0) {
|
||||
+ /*
|
||||
+ * If it's an ENOENT then we are on too old a kernel for the setgroups
|
||||
+ * code to exist. Emit a warning and bail on this.
|
||||
+ */
|
||||
+ if (ENOENT == errno) {
|
||||
+ fprintf(stderr, _("%s: kernel doesn't support setgroups restrictions\n"), Prog);
|
||||
+ goto out;
|
||||
+ }
|
||||
+ fprintf(stderr, _("%s: couldn't open process setgroups: %s\n"),
|
||||
+ Prog,
|
||||
+ strerror(errno));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Check whether the policy is already what we want. /proc/self/setgroups
|
||||
+ * is write-once, so attempting to write after it's already written to will
|
||||
+ * fail.
|
||||
+ */
|
||||
+ if (read(setgroups_fd, policy_buffer, sizeof(policy_buffer)) < 0) {
|
||||
+ fprintf(stderr, _("%s: failed to read setgroups: %s\n"),
|
||||
+ Prog,
|
||||
+ strerror(errno));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ if (!strncmp(policy_buffer, policy, strlen(policy)))
|
||||
+ goto out;
|
||||
+
|
||||
+ /* Write the policy. */
|
||||
+ if (lseek(setgroups_fd, 0, SEEK_SET) < 0) {
|
||||
+ fprintf(stderr, _("%s: failed to seek setgroups: %s\n"),
|
||||
+ Prog,
|
||||
+ strerror(errno));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+ if (dprintf(setgroups_fd, "%s", policy) < 0) {
|
||||
+ fprintf(stderr, _("%s: failed to setgroups %s policy: %s\n"),
|
||||
+ Prog,
|
||||
+ policy,
|
||||
+ strerror(errno));
|
||||
+ exit(EXIT_FAILURE);
|
||||
+ }
|
||||
+
|
||||
+out:
|
||||
+ close(setgroups_fd);
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* newgidmap - Set the gid_map for the specified process
|
||||
*/
|
||||
@@ -103,6 +172,7 @@ int main(int argc, char **argv)
|
||||
struct stat st;
|
||||
struct passwd *pw;
|
||||
int written;
|
||||
+ bool allow_setgroups = false;
|
||||
|
||||
Prog = Basename (argv[0]);
|
||||
|
||||
@@ -145,7 +215,7 @@ int main(int argc, char **argv)
|
||||
(unsigned long) getuid ()));
|
||||
return EXIT_FAILURE;
|
||||
}
|
||||
-
|
||||
+
|
||||
/* Get the effective uid and effective gid of the target process */
|
||||
if (fstat(proc_dir_fd, &st) < 0) {
|
||||
fprintf(stderr, _("%s: Could not stat directory for target %u\n"),
|
||||
@@ -177,8 +247,9 @@ int main(int argc, char **argv)
|
||||
if (!mappings)
|
||||
usage();
|
||||
|
||||
- verify_ranges(pw, ranges, mappings);
|
||||
+ verify_ranges(pw, ranges, mappings, &allow_setgroups);
|
||||
|
||||
+ write_setgroups(proc_dir_fd, allow_setgroups);
|
||||
write_mapping(proc_dir_fd, ranges, mappings, "gid_map");
|
||||
sub_gid_close();
|
||||
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@@ -1,142 +0,0 @@
|
||||
From cbfa2ff40ce629f55ddd67e3490c311dfcaa4462 Mon Sep 17 00:00:00 2001
|
||||
From: Alejandro Colomar <alx@kernel.org>
|
||||
Date: Sat, 10 Jun 2023 16:20:05 +0200
|
||||
Subject: gpasswd(1): Fix password leak
|
||||
|
||||
How to trigger this password leak?
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
When gpasswd(1) asks for the new password, it asks twice (as is usual
|
||||
for confirming the new password). Each of those 2 password prompts
|
||||
uses agetpass() to get the password. If the second agetpass() fails,
|
||||
the first password, which has been copied into the 'static' buffer
|
||||
'pass' via STRFCPY(), wasn't being zeroed.
|
||||
|
||||
agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
|
||||
can fail for any of the following reasons:
|
||||
|
||||
- malloc(3) or readpassphrase(3) failure.
|
||||
|
||||
These are going to be difficult to trigger. Maybe getting the system
|
||||
to the limits of memory utilization at that exact point, so that the
|
||||
next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
|
||||
About readpassphrase(3), ENFILE and EINTR seem the only plausible
|
||||
ones, and EINTR probably requires privilege or being the same user;
|
||||
but I wouldn't discard ENFILE so easily, if a process starts opening
|
||||
files.
|
||||
|
||||
- The password is longer than PASS_MAX.
|
||||
|
||||
The is plausible with physical access. However, at that point, a
|
||||
keylogger will be a much simpler attack.
|
||||
|
||||
And, the attacker must be able to know when the second password is being
|
||||
introduced, which is not going to be easy.
|
||||
|
||||
How to read the password after the leak?
|
||||
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||
|
||||
Provoking the leak yourself at the right point by entering a very long
|
||||
password is easy, and inspecting the process stack at that point should
|
||||
be doable. Try to find some consistent patterns.
|
||||
|
||||
Then, search for those patterns in free memory, right after the victim
|
||||
leaks their password.
|
||||
|
||||
Once you get the leak, a program should read all the free memory
|
||||
searching for patterns that gpasswd(1) leaves nearby the leaked
|
||||
password.
|
||||
|
||||
On 6/10/23 03:14, Seth Arnold wrote:
|
||||
> An attacker process wouldn't be able to use malloc(3) for this task.
|
||||
> There's a handful of tools available for userspace to allocate memory:
|
||||
>
|
||||
> - brk / sbrk
|
||||
> - mmap MAP_ANONYMOUS
|
||||
> - mmap /dev/zero
|
||||
> - mmap some other file
|
||||
> - shm_open
|
||||
> - shmget
|
||||
>
|
||||
> Most of these return only pages of zeros to a process. Using mmap of an
|
||||
> existing file, you can get some of the contents of the file demand-loaded
|
||||
> into the memory space on the first use.
|
||||
>
|
||||
> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
|
||||
> CONFIG_MMAP_ALLOW_UNINITIALIZED. This is rare.
|
||||
>
|
||||
> malloc(3) doesn't zero memory, to our collective frustration, but all the
|
||||
> garbage in the allocations is from previous allocations in the current
|
||||
> process. It isn't leftover from other processes.
|
||||
>
|
||||
> The avenues available for reading the memory:
|
||||
> - /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
|
||||
> - /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
|
||||
> - ptrace (requires ptrace privileges, mediated by YAMA)
|
||||
> - causing memory to be swapped to disk, and then inspecting the swap
|
||||
>
|
||||
> These all require a certain amount of privileges.
|
||||
|
||||
How to fix it?
|
||||
~~~~~~~~~~~~~~
|
||||
|
||||
memzero(), which internally calls explicit_bzero(3), or whatever
|
||||
alternative the system provides with a slightly different name, will
|
||||
make sure that the buffer is zeroed in memory, and optimizations are not
|
||||
allowed to impede this zeroing.
|
||||
|
||||
This is not really 100% effective, since compilers may place copies of
|
||||
the string somewhere hidden in the stack. Those copies won't get zeroed
|
||||
by explicit_bzero(3). However, that's arguably a compiler bug, since
|
||||
compilers should make everything possible to avoid optimizing strings
|
||||
that are later passed to explicit_bzero(3). But we all know that
|
||||
sometimes it's impossible to have perfect knowledge in the compiler, so
|
||||
this is plausible. Nevertheless, there's nothing we can do against such
|
||||
issues, except minimizing the time such passwords are stored in plain
|
||||
text.
|
||||
|
||||
Security concerns
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
We believe this isn't easy to exploit. Nevertheless, and since the fix
|
||||
is trivial, this fix should probably be applied soon, and backported to
|
||||
all supported distributions, to prevent someone else having more
|
||||
imagination than us to find a way.
|
||||
|
||||
Affected versions
|
||||
~~~~~~~~~~~~~~~~~
|
||||
|
||||
All. Bug introduced in shadow 19990709. That's the second commit in
|
||||
the git history.
|
||||
|
||||
Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
|
||||
Reported-by: Alejandro Colomar <alx@kernel.org>
|
||||
Cc: Serge Hallyn <serge@hallyn.com>
|
||||
Cc: Iker Pedrosa <ipedrosa@redhat.com>
|
||||
Cc: Seth Arnold <seth.arnold@canonical.com>
|
||||
Cc: Christian Brauner <christian@brauner.io>
|
||||
Cc: Balint Reczey <rbalint@debian.org>
|
||||
Cc: Sam James <sam@gentoo.org>
|
||||
Cc: David Runge <dvzrv@archlinux.org>
|
||||
Cc: Andreas Jaeger <aj@suse.de>
|
||||
Cc: <~hallyn/shadow@lists.sr.ht>
|
||||
Signed-off-by: Alejandro Colomar <alx@kernel.org>
|
||||
---
|
||||
src/gpasswd.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/gpasswd.c b/src/gpasswd.c
|
||||
index c4a492b1..cbbd8068 100644
|
||||
--- a/src/gpasswd.c
|
||||
+++ b/src/gpasswd.c
|
||||
@@ -917,6 +917,7 @@ static void change_passwd (struct group *gr)
|
||||
strzero (cp);
|
||||
cp = getpass (_("Re-enter new password: "));
|
||||
if (NULL == cp) {
|
||||
+ memzero (pass, sizeof pass);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@@ -1,45 +0,0 @@
|
||||
From b42c60bc8f026b250810a75bafe865338d734ec3 Mon Sep 17 00:00:00 2001
|
||||
From: tomspiderlabs <128755403+tomspiderlabs@users.noreply.github.com>
|
||||
Date: Thu, 23 Mar 2023 23:39:38 +0000
|
||||
Subject: Added control character check
|
||||
|
||||
Added control character check, returning -1 (to "err") if control characters are present.
|
||||
---
|
||||
lib/fields.c | 11 +++++++----
|
||||
1 file changed, 7 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index 649fae17..b8f13ba7 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -44,9 +44,9 @@
|
||||
*
|
||||
* The supplied field is scanned for non-printable and other illegal
|
||||
* characters.
|
||||
- * + -1 is returned if an illegal character is present.
|
||||
- * + 1 is returned if no illegal characters are present, but the field
|
||||
- * contains a non-printable character.
|
||||
+ * + -1 is returned if an illegal or control character is present.
|
||||
+ * + 1 is returned if no illegal or control characters are present,
|
||||
+ * but the field contains a non-printable character.
|
||||
* + 0 is returned otherwise.
|
||||
*/
|
||||
int valid_field (const char *field, const char *illegal)
|
||||
@@ -68,10 +68,13 @@ int valid_field (const char *field, const char *illegal)
|
||||
}
|
||||
|
||||
if (0 == err) {
|
||||
- /* Search if there are some non-printable characters */
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
if (!isprint (*cp)) {
|
||||
err = 1;
|
||||
+ }
|
||||
+ if (!iscntrl (*cp)) {
|
||||
+ err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
||||
-61
@@ -1,61 +0,0 @@
|
||||
From 261c9cd274f07361c304d3993e325fe29d4bad14 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Fri, 31 Mar 2023 14:46:50 +0200
|
||||
Subject: Overhaul valid_field()
|
||||
|
||||
e5905c4b ("Added control character check") introduced checking for
|
||||
control characters but had the logic inverted, so it rejects all
|
||||
characters that are not control ones.
|
||||
|
||||
Cast the character to `unsigned char` before passing to the character
|
||||
checking functions to avoid UB.
|
||||
|
||||
Use strpbrk(3) for the illegal character test and return early.
|
||||
---
|
||||
lib/fields.c | 24 ++++++++++--------------
|
||||
1 file changed, 10 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/lib/fields.c b/lib/fields.c
|
||||
index b8f13ba7..191257e8 100644
|
||||
--- a/lib/fields.c
|
||||
+++ b/lib/fields.c
|
||||
@@ -60,26 +60,22 @@ int valid_field (const char *field, const char *illegal)
|
||||
|
||||
/* For each character of field, search if it appears in the list
|
||||
* of illegal characters. */
|
||||
+ if (illegal && NULL != strpbrk (field, illegal)) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ /* Search if there are non-printable or control characters */
|
||||
for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (strchr (illegal, *cp) != NULL) {
|
||||
+ unsigned char c = *cp;
|
||||
+ if (!isprint (c)) {
|
||||
+ err = 1;
|
||||
+ }
|
||||
+ if (iscntrl (c)) {
|
||||
err = -1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
- if (0 == err) {
|
||||
- /* Search if there are non-printable or control characters */
|
||||
- for (cp = field; '\0' != *cp; cp++) {
|
||||
- if (!isprint (*cp)) {
|
||||
- err = 1;
|
||||
- }
|
||||
- if (!iscntrl (*cp)) {
|
||||
- err = -1;
|
||||
- break;
|
||||
- }
|
||||
- }
|
||||
- }
|
||||
-
|
||||
return err;
|
||||
}
|
||||
|
||||
--
|
||||
2.30.2
|
||||
|
||||
-55
@@ -1,55 +0,0 @@
|
||||
Goal: Log login failures to the btmp file
|
||||
|
||||
Notes:
|
||||
* I'm not sure login should add an entry in the FTMP file when PAM is used.
|
||||
(but nothing in /etc/login.defs indicates that the failure is not logged)
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -834,6 +834,24 @@ int main (int argc, char **argv)
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if (getdef_str("FTMP_FILE") != NULL) {
|
||||
+#ifdef USE_UTMPX
|
||||
+ struct utmpx *failent =
|
||||
+ prepare_utmpx (failent_user,
|
||||
+ tty,
|
||||
+ /* FIXME: or fromhost? */hostname,
|
||||
+ utent);
|
||||
+#else /* !USE_UTMPX */
|
||||
+ struct utmp *failent =
|
||||
+ prepare_utmp (failent_user,
|
||||
+ tty,
|
||||
+ hostname,
|
||||
+ utent);
|
||||
+#endif /* !USE_UTMPX */
|
||||
+ failtmp (failent_user, failent);
|
||||
+ free (failent);
|
||||
+ }
|
||||
+
|
||||
if (failcount >= retries) {
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -57,7 +57,6 @@ struct itemdef {
|
||||
{"ENVIRON_FILE", NULL}, \
|
||||
{"ENV_TZ", NULL}, \
|
||||
{"FAILLOG_ENAB", NULL}, \
|
||||
- {"FTMP_FILE", NULL}, \
|
||||
{"ISSUE_FILE", NULL}, \
|
||||
{"LASTLOG_ENAB", NULL}, \
|
||||
{"LOGIN_STRING", NULL}, \
|
||||
@@ -88,6 +87,7 @@ static struct itemdef def_table[] = {
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
+ {"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
{"GID_MIN", NULL},
|
||||
{"HUSHLOGIN_FILE", NULL},
|
||||
Vendored
-276
@@ -1,276 +0,0 @@
|
||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
||||
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
||||
##
|
||||
## All lines beginning with `## DP:' are a description of the patch.
|
||||
## DP: Add cppw / cpgr
|
||||
|
||||
@DPATCH@
|
||||
--- /dev/null
|
||||
+++ b/src/cppw.c
|
||||
@@ -0,0 +1,238 @@
|
||||
+/*
|
||||
+ cppw, cpgr copy with locking given file over the password or group file
|
||||
+ with -s will copy with locking given file over shadow or gshadow file
|
||||
+
|
||||
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
|
||||
+
|
||||
+ Based on vipw, vigr by:
|
||||
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
|
||||
+
|
||||
+ This program is free software; you can redistribute it and/or modify
|
||||
+ it under the terms of the GNU General Public License as published by
|
||||
+ the Free Software Foundation; either version 2 of the License, or
|
||||
+ (at your option) any later version.
|
||||
+
|
||||
+ This program is distributed in the hope that it will be useful, but
|
||||
+ WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+ General Public License for more details.
|
||||
+
|
||||
+ You should have received a copy of the GNU General Public License
|
||||
+ along with this program; if not, write to the Free Software
|
||||
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||
+
|
||||
+ */
|
||||
+
|
||||
+#include <config.h>
|
||||
+#include "defines.h"
|
||||
+
|
||||
+#include <errno.h>
|
||||
+#include <sys/stat.h>
|
||||
+#include <unistd.h>
|
||||
+#include <stdio.h>
|
||||
+#include <stdlib.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <signal.h>
|
||||
+#include <utime.h>
|
||||
+#include "exitcodes.h"
|
||||
+#include "prototypes.h"
|
||||
+#include "pwio.h"
|
||||
+#include "shadowio.h"
|
||||
+#include "groupio.h"
|
||||
+#include "sgroupio.h"
|
||||
+
|
||||
+
|
||||
+const char *Prog;
|
||||
+
|
||||
+const char *filename, *filenewname;
|
||||
+static bool filelocked = false;
|
||||
+static int (*unlock) (void);
|
||||
+
|
||||
+/* local function prototypes */
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
|
||||
+static void cppwexit (const char *msg, int syserr, int ret);
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void));
|
||||
+
|
||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
|
||||
+{
|
||||
+ struct utimbuf ub;
|
||||
+ FILE *bkfp;
|
||||
+ int c;
|
||||
+ mode_t mask;
|
||||
+
|
||||
+ mask = umask (077);
|
||||
+ bkfp = fopen (dest, "w");
|
||||
+ (void) umask (mask);
|
||||
+ if (NULL == bkfp) {
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ rewind (fp);
|
||||
+ while ((c = getc (fp)) != EOF) {
|
||||
+ if (putc (c, bkfp) == EOF) {
|
||||
+ break;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if ( (c != EOF)
|
||||
+ || (fflush (bkfp) != 0)) {
|
||||
+ (void) fclose (bkfp);
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if ( (fsync (fileno (bkfp)) != 0)
|
||||
+ || (fclose (bkfp) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ ub.actime = sb->st_atime;
|
||||
+ ub.modtime = sb->st_mtime;
|
||||
+ if ( (utime (dest, &ub) != 0)
|
||||
+ || (chmod (dest, sb->st_mode) != 0)
|
||||
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
|
||||
+ (void) unlink (dest);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+static void cppwexit (const char *msg, int syserr, int ret)
|
||||
+{
|
||||
+ int err = errno;
|
||||
+ if (filelocked) {
|
||||
+ (*unlock) ();
|
||||
+ }
|
||||
+ if (NULL != msg) {
|
||||
+ fprintf (stderr, "%s: %s", Prog, msg);
|
||||
+ if (0 != syserr) {
|
||||
+ fprintf (stderr, ": %s", strerror (err));
|
||||
+ }
|
||||
+ (void) fputs ("\n", stderr);
|
||||
+ }
|
||||
+ if (NULL != filename) {
|
||||
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
|
||||
+ } else {
|
||||
+ fprintf (stderr, _("%s: no changes\n"), Prog);
|
||||
+ }
|
||||
+
|
||||
+ exit (ret);
|
||||
+}
|
||||
+
|
||||
+static void cppwcopy (const char *file,
|
||||
+ const char *in_file,
|
||||
+ int (*file_lock) (void),
|
||||
+ int (*file_unlock) (void))
|
||||
+{
|
||||
+ struct stat st1;
|
||||
+ FILE *f;
|
||||
+ char filenew[1024];
|
||||
+
|
||||
+ snprintf (filenew, sizeof filenew, "%s.new", file);
|
||||
+ unlock = file_unlock;
|
||||
+ filename = file;
|
||||
+ filenewname = filenew;
|
||||
+
|
||||
+ if (access (file, F_OK) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ if (file_lock () == 0) {
|
||||
+ cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
+ }
|
||||
+ filelocked = true;
|
||||
+
|
||||
+ /* file to copy has same owners, perm */
|
||||
+ if (stat (file, &st1) != 0) {
|
||||
+ cppwexit (file, 1, 1);
|
||||
+ }
|
||||
+ f = fopen (in_file, "r");
|
||||
+ if (NULL == f) {
|
||||
+ cppwexit (in_file, 1, 1);
|
||||
+ }
|
||||
+ if (create_copy (f, filenew, &st1) != 0) {
|
||||
+ cppwexit (_("Couldn't make copy"), errno, 1);
|
||||
+ }
|
||||
+
|
||||
+ /* XXX - here we should check filenew for errors; if there are any,
|
||||
+ * fail w/ an appropriate error code and let the user manually fix
|
||||
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
|
||||
+ * stolen from '--marekm's comment) */
|
||||
+
|
||||
+ if (rename (filenew, file) != 0) {
|
||||
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
|
||||
+ Prog, filenew, strerror (errno));
|
||||
+ cppwexit (NULL,0,1);
|
||||
+ }
|
||||
+
|
||||
+ (*file_unlock) ();
|
||||
+}
|
||||
+
|
||||
+int main (int argc, char **argv)
|
||||
+{
|
||||
+ int flag;
|
||||
+ bool cpshadow = false;
|
||||
+ char *in_file;
|
||||
+ int e = E_USAGE;
|
||||
+ bool do_cppw = true;
|
||||
+
|
||||
+ (void) setlocale (LC_ALL, "");
|
||||
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
+ (void) textdomain (PACKAGE);
|
||||
+
|
||||
+ Prog = Basename (argv[0]);
|
||||
+ if (strcmp (Prog, "cpgr") == 0) {
|
||||
+ do_cppw = false;
|
||||
+ }
|
||||
+
|
||||
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
|
||||
+ switch (flag) {
|
||||
+ case 'p':
|
||||
+ do_cppw = true;
|
||||
+ break;
|
||||
+ case 'g':
|
||||
+ do_cppw = false;
|
||||
+ break;
|
||||
+ case 's':
|
||||
+ cpshadow = true;
|
||||
+ break;
|
||||
+ case 'h':
|
||||
+ e = E_SUCCESS;
|
||||
+ /*pass through*/
|
||||
+ default:
|
||||
+ (void) fputs (_("Usage:\n\
|
||||
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
|
||||
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
|
||||
+"), (E_SUCCESS != e) ? stderr : stdout);
|
||||
+ exit (e);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ if (argc != optind + 1) {
|
||||
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
|
||||
+ }
|
||||
+
|
||||
+ in_file = argv[optind];
|
||||
+
|
||||
+ if (do_cppw) {
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
|
||||
+ } else {
|
||||
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
|
||||
+ }
|
||||
+ } else {
|
||||
+#ifdef SHADOWGRP
|
||||
+ if (cpshadow) {
|
||||
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
|
||||
+ } else
|
||||
+#endif /* SHADOWGRP */
|
||||
+ {
|
||||
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -30,6 +30,7 @@
|
||||
ubin_PROGRAMS += newgidmap newuidmap
|
||||
endif
|
||||
usbin_PROGRAMS = \
|
||||
+ cppw \
|
||||
chgpasswd \
|
||||
chpasswd \
|
||||
groupadd \
|
||||
@@ -90,6 +91,7 @@
|
||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
||||
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
||||
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
|
||||
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
||||
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
||||
--- a/po/POTFILES.in
|
||||
+++ b/po/POTFILES.in
|
||||
@@ -85,6 +85,7 @@
|
||||
src/chgpasswd.c
|
||||
src/chpasswd.c
|
||||
src/chsh.c
|
||||
+src/cppw.c
|
||||
src/expiry.c
|
||||
src/faillog.c
|
||||
src/gpasswd.c
|
||||
Vendored
-64
@@ -1,64 +0,0 @@
|
||||
Goal: Add selinux support to cppw
|
||||
|
||||
Fix:
|
||||
|
||||
Status wrt upstream: cppw is not available upstream.
|
||||
The patch was made based on the
|
||||
302_vim_selinux_support patch. It needs to be
|
||||
reviewed by an SE-Linux aware person.
|
||||
|
||||
Depends on 401_cppw_src.dpatch
|
||||
|
||||
Index: git/src/cppw.c
|
||||
===================================================================
|
||||
--- git.orig/src/cppw.c
|
||||
+++ git/src/cppw.c
|
||||
@@ -34,6 +34,9 @@
|
||||
#include <sys/types.h>
|
||||
#include <signal.h>
|
||||
#include <utime.h>
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#endif /* WITH_SELINUX */
|
||||
#include "exitcodes.h"
|
||||
#include "prototypes.h"
|
||||
#include "pwio.h"
|
||||
@@ -139,6 +142,22 @@
|
||||
if (access (file, F_OK) != 0) {
|
||||
cppwexit (file, 1, 1);
|
||||
}
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* if SE Linux is enabled then set the context of all new files
|
||||
+ * to be the context of the file we are editing */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ security_context_t passwd_context=NULL;
|
||||
+ int ret = 0;
|
||||
+ if (getfilecon (file, &passwd_context) < 0) {
|
||||
+ cppwexit (_("Couldn't get file context"), errno, 1);
|
||||
+ }
|
||||
+ ret = setfscreatecon (passwd_context);
|
||||
+ freecon (passwd_context);
|
||||
+ if (0 != ret) {
|
||||
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
if (file_lock () == 0) {
|
||||
cppwexit (_("Couldn't lock file"), 0, 5);
|
||||
}
|
||||
@@ -167,6 +186,15 @@
|
||||
cppwexit (NULL,0,1);
|
||||
}
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ /* unset the fscreatecon */
|
||||
+ if (is_selinux_enabled () > 0) {
|
||||
+ if (setfscreatecon (NULL)) {
|
||||
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
|
||||
+ }
|
||||
+ }
|
||||
+#endif /* WITH_SELINUX */
|
||||
+
|
||||
(*file_unlock) ();
|
||||
}
|
||||
|
||||
-88
@@ -1,88 +0,0 @@
|
||||
Goal: Re-enable logging and displaying failures on login when login is
|
||||
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
|
||||
faillog file if it does not exist on postinst (as on Woody).
|
||||
Depends: 008_login_more_LOG_UNKFAIL_ENAB
|
||||
Fixes: #192849
|
||||
|
||||
Note: It could be removed if pam_tally could report the number of failures
|
||||
preceding a successful login.
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -131,9 +131,9 @@ static void update_utmp (const char *use
|
||||
const char *host,
|
||||
/*@null@*/const struct utmp *utent);
|
||||
|
||||
-#ifndef USE_PAM
|
||||
static struct faillog faillog;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
static void bad_time_notify (void);
|
||||
static void check_nologin (bool login_to_root);
|
||||
#else
|
||||
@@ -794,6 +794,9 @@ int main (int argc, char **argv)
|
||||
SYSLOG ((LOG_NOTICE,
|
||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
||||
failcount, fromhost, failent_user));
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
fprintf (stderr,
|
||||
_("Maximum number of tries exceeded (%u)\n"),
|
||||
failcount);
|
||||
@@ -811,6 +814,14 @@ int main (int argc, char **argv)
|
||||
pam_strerror (pamh, retcode)));
|
||||
failed = true;
|
||||
}
|
||||
+ if ( (NULL != pwd)
|
||||
+ && getdef_bool("FAILLOG_ENAB")
|
||||
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
|
||||
+ SYSLOG((LOG_CRIT,
|
||||
+ "exceeded failure limit for `%s' %s",
|
||||
+ failent_user, fromhost));
|
||||
+ failed = 1;
|
||||
+ }
|
||||
|
||||
if (!failed) {
|
||||
break;
|
||||
@@ -834,6 +845,10 @@ int main (int argc, char **argv)
|
||||
(void) puts ("");
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
||||
+ failure (pwd->pw_uid, tty, &faillog);
|
||||
+ }
|
||||
+
|
||||
if (getdef_str("FTMP_FILE") != NULL) {
|
||||
#ifdef USE_UTMPX
|
||||
struct utmpx *failent =
|
||||
@@ -1288,6 +1303,7 @@ int main (int argc, char **argv)
|
||||
*/
|
||||
#ifndef USE_PAM
|
||||
motd (); /* print the message of the day */
|
||||
+#endif
|
||||
if ( getdef_bool ("FAILLOG_ENAB")
|
||||
&& (0 != faillog.fail_cnt)) {
|
||||
failprint (&faillog);
|
||||
@@ -1300,6 +1316,7 @@ int main (int argc, char **argv)
|
||||
username, (int) faillog.fail_cnt));
|
||||
}
|
||||
}
|
||||
+#ifndef USE_PAM
|
||||
if ( getdef_bool ("LASTLOG_ENAB")
|
||||
&& (ll.ll_time != 0)) {
|
||||
time_t ll_time = ll.ll_time;
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -86,6 +86,7 @@ static struct itemdef def_table[] = {
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
{"FAIL_DELAY", NULL},
|
||||
+ {"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
{"GID_MAX", NULL},
|
||||
-101
@@ -1,101 +0,0 @@
|
||||
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
|
||||
job to set a delay...or not
|
||||
|
||||
Fixes: #87648
|
||||
|
||||
Status wrt upstream: Forwarded but not applied yet
|
||||
|
||||
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
|
||||
|
||||
Index: shadow-4.4/src/login.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/src/login.c
|
||||
+++ shadow-4.4/src/login.c
|
||||
@@ -525,7 +525,6 @@ int main (int argc, char **argv)
|
||||
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
|
||||
char ptime[80];
|
||||
#endif
|
||||
- unsigned int delay;
|
||||
unsigned int retries;
|
||||
bool subroot = false;
|
||||
#ifndef USE_PAM
|
||||
@@ -546,6 +545,7 @@ int main (int argc, char **argv)
|
||||
pid_t child;
|
||||
char *pam_user = NULL;
|
||||
#else
|
||||
+ unsigned int delay;
|
||||
struct spwd *spwd = NULL;
|
||||
#endif
|
||||
/*
|
||||
@@ -708,7 +708,6 @@ int main (int argc, char **argv)
|
||||
}
|
||||
|
||||
environ = newenvp; /* make new environment active */
|
||||
- delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
|
||||
|
||||
#ifdef USE_PAM
|
||||
@@ -724,8 +723,7 @@ int main (int argc, char **argv)
|
||||
|
||||
/*
|
||||
* hostname & tty are either set to NULL or their correct values,
|
||||
- * depending on how much we know. We also set PAM's fail delay to
|
||||
- * ours.
|
||||
+ * depending on how much we know.
|
||||
*
|
||||
* PAM_RHOST and PAM_TTY are used for authentication, only use
|
||||
* information coming from login or from the caller (e.g. no utmp)
|
||||
@@ -734,10 +732,6 @@ int main (int argc, char **argv)
|
||||
PAM_FAIL_CHECK;
|
||||
retcode = pam_set_item (pamh, PAM_TTY, tty);
|
||||
PAM_FAIL_CHECK;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- retcode = pam_fail_delay (pamh, 1000000 * delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
-#endif
|
||||
/* if fflg, then the user has already been authenticated */
|
||||
if (!fflg) {
|
||||
unsigned int failcount = 0;
|
||||
@@ -778,12 +772,6 @@ int main (int argc, char **argv)
|
||||
bool failed = false;
|
||||
|
||||
failcount++;
|
||||
-#ifdef HAS_PAM_FAIL_DELAY
|
||||
- if (delay > 0) {
|
||||
- retcode = pam_fail_delay(pamh, 1000000*delay);
|
||||
- PAM_FAIL_CHECK;
|
||||
- }
|
||||
-#endif
|
||||
|
||||
retcode = pam_authenticate (pamh, 0);
|
||||
|
||||
@@ -1106,14 +1094,17 @@ int main (int argc, char **argv)
|
||||
free (username);
|
||||
username = NULL;
|
||||
|
||||
+#ifndef USE_PAM
|
||||
/*
|
||||
* Wait a while (a la SVR4 /usr/bin/login) before attempting
|
||||
* to login the user again. If the earlier alarm occurs
|
||||
* before the sleep() below completes, login will exit.
|
||||
*/
|
||||
+ delay = getdef_unum ("FAIL_DELAY", 1);
|
||||
if (delay > 0) {
|
||||
(void) sleep (delay);
|
||||
}
|
||||
+#endif
|
||||
|
||||
(void) puts (_("Login incorrect"));
|
||||
|
||||
Index: shadow-4.4/lib/getdef.c
|
||||
===================================================================
|
||||
--- shadow-4.4.orig/lib/getdef.c
|
||||
+++ shadow-4.4/lib/getdef.c
|
||||
@@ -85,7 +85,6 @@ static struct itemdef def_table[] = {
|
||||
{"ENV_PATH", NULL},
|
||||
{"ENV_SUPATH", NULL},
|
||||
{"ERASECHAR", NULL},
|
||||
- {"FAIL_DELAY", NULL},
|
||||
{"FAILLOG_ENAB", NULL},
|
||||
{"FAKE_SHELL", NULL},
|
||||
{"FTMP_FILE", NULL},
|
||||
-60
@@ -1,60 +0,0 @@
|
||||
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
||||
|
||||
Fixes: #166793
|
||||
|
||||
--- a/lib/commonio.c
|
||||
+++ b/lib/commonio.c
|
||||
@@ -44,6 +44,7 @@
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
#include <signal.h>
|
||||
+#include <grp.h>
|
||||
#include "nscd.h"
|
||||
#ifdef WITH_TCB
|
||||
#include <tcb.h>
|
||||
@@ -963,12 +964,23 @@
|
||||
goto fail;
|
||||
}
|
||||
} else {
|
||||
+ struct group *grp;
|
||||
/*
|
||||
* Default permissions for new [g]shadow files.
|
||||
*/
|
||||
sb.st_mode = db->st_mode;
|
||||
sb.st_uid = db->st_uid;
|
||||
sb.st_gid = db->st_gid;
|
||||
+
|
||||
+ /*
|
||||
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
||||
+ */
|
||||
+ if (sb.st_gid == 0) {
|
||||
+ if ((grp = getgrnam("shadow")) != NULL)
|
||||
+ sb.st_gid = grp->gr_gid;
|
||||
+ else
|
||||
+ sb.st_gid = 0;
|
||||
+ }
|
||||
}
|
||||
|
||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
||||
--- a/lib/sgroupio.c
|
||||
+++ b/lib/sgroupio.c
|
||||
@@ -229,7 +229,7 @@
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
--- a/lib/shadowio.c
|
||||
+++ b/lib/shadowio.c
|
||||
@@ -105,7 +105,7 @@
|
||||
#ifdef WITH_SELINUX
|
||||
NULL, /* scontext */
|
||||
#endif /* WITH_SELINUX */
|
||||
- 0400, /* st_mode */
|
||||
+ 0440, /* st_mode */
|
||||
0, /* st_uid */
|
||||
0, /* st_gid */
|
||||
NULL, /* head */
|
||||
Vendored
-201
@@ -1,201 +0,0 @@
|
||||
Goal: Document the shadowconfig utility
|
||||
|
||||
Status wrt upstream: The shadowconfig utility is debian specific.
|
||||
Its man page also (but it used to be distributed)
|
||||
|
||||
Index: git/man/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8
|
||||
@@ -0,0 +1,41 @@
|
||||
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
||||
+.de Sh \" Subsection
|
||||
+.br
|
||||
+.if t .Sp
|
||||
+.ne 5
|
||||
+.PP
|
||||
+\fB\\$1\fR
|
||||
+.PP
|
||||
+..
|
||||
+.de Sp \" Vertical space (when we can't use .PP)
|
||||
+.if t .sp .5v
|
||||
+.if n .sp
|
||||
+..
|
||||
+.de Ip \" List item
|
||||
+.br
|
||||
+.ie \\n(.$>=3 .ne \\$3
|
||||
+.el .ne 3
|
||||
+.IP "\\$1" \\$2
|
||||
+..
|
||||
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
|
||||
+.SH NAME
|
||||
+shadowconfig \- toggle shadow passwords on and off
|
||||
+.SH "SYNOPSIS"
|
||||
+.ad l
|
||||
+.hy 0
|
||||
+.HP 13
|
||||
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
|
||||
+.ad
|
||||
+.hy
|
||||
+
|
||||
+.SH "DESCRIPTION"
|
||||
+
|
||||
+.PP
|
||||
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
|
||||
+
|
||||
+.PP
|
||||
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
|
||||
+
|
||||
+.PP
|
||||
+Note that turning shadow passwords off and on again will lose all password aging information\&.
|
||||
+
|
||||
Index: git/man/shadowconfig.8.xml
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/shadowconfig.8.xml
|
||||
@@ -0,0 +1,52 @@
|
||||
+<?xml version="1.0" encoding="UTF-8"?>
|
||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
||||
+<refentry id='shadowconfig.8'>
|
||||
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
|
||||
+ <refentryinfo>
|
||||
+ <date>19 Apr 1997</date>
|
||||
+ </refentryinfo>
|
||||
+ <refmeta>
|
||||
+ <refentrytitle>shadowconfig</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum>
|
||||
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
|
||||
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
|
||||
+ </refmeta>
|
||||
+ <refnamediv id='name'>
|
||||
+ <refname>shadowconfig</refname>
|
||||
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
|
||||
+ </refnamediv>
|
||||
+
|
||||
+ <refsynopsisdiv id='synopsis'>
|
||||
+ <cmdsynopsis>
|
||||
+ <command>shadowconfig</command>
|
||||
+ <group choice='plain'>
|
||||
+ <arg choice='plain'><replaceable>on</replaceable></arg>
|
||||
+ <arg choice='plain'><replaceable>off</replaceable></arg>
|
||||
+ </group>
|
||||
+ </cmdsynopsis>
|
||||
+ </refsynopsisdiv>
|
||||
+
|
||||
+ <refsect1 id='description'>
|
||||
+ <title>DESCRIPTION</title>
|
||||
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
|
||||
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
|
||||
+ passwords off. <command>shadowconfig</command> will print an error
|
||||
+ message and exit with a nonzero code if it finds anything awry. If
|
||||
+ that happens, you should correct the error and run it again. Turning
|
||||
+ shadow passwords on when they are already on, or off when they are
|
||||
+ already off, is harmless.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>
|
||||
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
|
||||
+ brief introduction
|
||||
+ to shadow passwords and related features.
|
||||
+ </para>
|
||||
+
|
||||
+ <para>Note that turning shadow passwords off and on again will lose all
|
||||
+ password
|
||||
+ aging information.
|
||||
+ </para>
|
||||
+ </refsect1>
|
||||
+</refentry>
|
||||
Index: git/man/fr/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/fr/shadowconfig.8
|
||||
@@ -0,0 +1,26 @@
|
||||
+.\" This file was generated with po4a. Translate the source file.
|
||||
+.\"
|
||||
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
|
||||
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
|
||||
+.SH NOM
|
||||
+shadowconfig \- active ou désactive les mots de passe cachés
|
||||
+.SH SYNOPSIS
|
||||
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
|
||||
+.SH DESCRIPTION
|
||||
+.PP
|
||||
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
|
||||
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
|
||||
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
|
||||
+de recommencer.
|
||||
+
|
||||
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
|
||||
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
|
||||
+
|
||||
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
|
||||
+mots de passe cachés et à leurs fonctionnalités.
|
||||
+
|
||||
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
|
||||
+conséquence la perte des informations d'âge sur les mots de passe.
|
||||
+.SH TRADUCTION
|
||||
+Nicolas FRANÇOIS, 2004.
|
||||
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
|
||||
Index: git/man/ja/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/ja/shadowconfig.8
|
||||
@@ -0,0 +1,25 @@
|
||||
+.\" all right reserved,
|
||||
+.\" Translated Tue Oct 30 11:59:11 JST 2001
|
||||
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
|
||||
+.\"
|
||||
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
|
||||
+.SH 名前
|
||||
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
|
||||
+.SH 書式
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH 説明
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+は shadow パスワードを有効にする。
|
||||
+.B shadowconfig off
|
||||
+は shadow パスワードを無効にする。
|
||||
+.B shadowconfig
|
||||
+は何らかの間違いがあると、エラーメッセージを表示し、
|
||||
+ゼロではない返り値を返す。
|
||||
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
|
||||
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
|
||||
+すでにオフの場合にオフに設定しても、何の影響もない。
|
||||
+
|
||||
+.I /usr/share/doc/passwd/README.debian.gz
|
||||
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
|
||||
Index: git/man/pl/shadowconfig.8
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ git/man/pl/shadowconfig.8
|
||||
@@ -0,0 +1,27 @@
|
||||
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
|
||||
+.\" {PTM/WK/1999-09-14}
|
||||
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
|
||||
+.SH NAZWA
|
||||
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
|
||||
+.SH SKŁADNIA
|
||||
+.B "shadowconfig"
|
||||
+.IR on " | " off
|
||||
+.SH OPIS
|
||||
+.PP
|
||||
+.B shadowconfig on
|
||||
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
|
||||
+.B shadowconfig off
|
||||
+wyłącza dodatkowe pliki haseł i grup.
|
||||
+.B shadowconfig
|
||||
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
|
||||
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
|
||||
+.\" if it finds anything awry.
|
||||
+i uruchomić program ponownie.
|
||||
+
|
||||
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
|
||||
+gdy jest wyłączona jest nieszkodliwe.
|
||||
+
|
||||
+Przeczytaj
|
||||
+.IR /usr/share/doc/passwd/README.debian.gz ,
|
||||
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
|
||||
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
|
||||
-40
@@ -1,40 +0,0 @@
|
||||
Goal: Recommend using adduser and deluser.
|
||||
|
||||
Fixes: #406046
|
||||
|
||||
Status wrt upstream: Debian specific patch.
|
||||
|
||||
Index: git/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/useradd.8.xml
|
||||
+++ git/man/useradd.8.xml
|
||||
@@ -105,6 +105,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>useradd</command> is a low level utility for adding
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>adduser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
When invoked without the <option>-D</option> option, the
|
||||
<command>useradd</command> command creates a new user account using
|
||||
the values specified on the command line plus the default values from
|
||||
Index: git/man/userdel.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/userdel.8.xml
|
||||
+++ git/man/userdel.8.xml
|
||||
@@ -83,6 +83,12 @@
|
||||
<refsect1 id='description'>
|
||||
<title>DESCRIPTION</title>
|
||||
<para>
|
||||
+ <command>userdel</command> is a low level utility for removing
|
||||
+ users. On Debian, administrators should usually use
|
||||
+ <citerefentry><refentrytitle>deluser</refentrytitle>
|
||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
||||
+ </para>
|
||||
+ <para>
|
||||
The <command>userdel</command> command modifies the system account
|
||||
files, deleting all entries that refer to the user name <emphasis
|
||||
remap='I'>LOGIN</emphasis>. The named user must exist.
|
||||
Vendored
-106
@@ -1,106 +0,0 @@
|
||||
Goal: Relaxed usernames/groupnames checking patch.
|
||||
|
||||
Status wrt upstream: Debian specific. Not to be used upstream
|
||||
|
||||
Details:
|
||||
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
|
||||
characters and don't start with '-', '+', or '~'. This patch is more
|
||||
restrictive than original Karl's version. closes: #264879
|
||||
Also closes: #377844
|
||||
|
||||
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
|
||||
|
||||
I can't come up with a good justification as to why characters other
|
||||
than ':'s and '\0's should be disallowed in group and usernames (other
|
||||
than '-' as the leading character). Thus, the maintenance tools don't
|
||||
anymore. closes: #79682, #166798, #171179
|
||||
|
||||
Index: git/libmisc/chkname.c
|
||||
===================================================================
|
||||
--- git.orig/libmisc/chkname.c
|
||||
+++ git/libmisc/chkname.c
|
||||
@@ -48,6 +48,7 @@
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
+#if 0
|
||||
/*
|
||||
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
*/
|
||||
@@ -66,6 +67,26 @@
|
||||
return false;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
+ /*
|
||||
+ * POSIX indicate that usernames are composed of characters from the
|
||||
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
|
||||
+ * should not be used as the first character of a portable user name.
|
||||
+ *
|
||||
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
|
||||
+ */
|
||||
+ if ( ('\0' == *name)
|
||||
+ || ('-' == *name)
|
||||
+ || ('~' == *name)
|
||||
+ || ('+' == *name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ do {
|
||||
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
|
||||
+ return false;
|
||||
+ }
|
||||
+ name++;
|
||||
+ } while ('\0' != *name);
|
||||
|
||||
return true;
|
||||
}
|
||||
Index: git/man/useradd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/useradd.8.xml
|
||||
+++ git/man/useradd.8.xml
|
||||
@@ -633,12 +633,20 @@
|
||||
</para>
|
||||
|
||||
<para>
|
||||
- Usernames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that usernames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space: ' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
|
||||
+ ('/') may break the default algorithm for the definition of the
|
||||
+ user's home directory.
|
||||
+ </para>
|
||||
+ <para>
|
||||
Usernames may only be up to 32 characters long.
|
||||
</para>
|
||||
</refsect1>
|
||||
Index: git/man/groupadd.8.xml
|
||||
===================================================================
|
||||
--- git.orig/man/groupadd.8.xml
|
||||
+++ git/man/groupadd.8.xml
|
||||
@@ -256,12 +256,18 @@
|
||||
<refsect1 id='caveats'>
|
||||
<title>CAVEATS</title>
|
||||
<para>
|
||||
- Groupnames must start with a lower case letter or an underscore,
|
||||
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
|
||||
followed by lower case letters, digits, underscores, or dashes.
|
||||
They can end with a dollar sign.
|
||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
||||
</para>
|
||||
<para>
|
||||
+ On Debian, the only constraints are that groupnames must neither start
|
||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
||||
+ colon (':'), a comma (','), or a whitespace (space:' ',
|
||||
+ end of line: '\n', tabulation: '\t', etc.).
|
||||
+ </para>
|
||||
+ <para>
|
||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
||||
</para>
|
||||
<para>
|
||||
-18
@@ -1,18 +0,0 @@
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -24,7 +24,6 @@
|
||||
# $prefix/bin and $prefix/sbin, no install-data hacks...)
|
||||
|
||||
bin_PROGRAMS = groups login su
|
||||
-sbin_PROGRAMS = nologin
|
||||
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
|
||||
if ENABLE_SUBIDS
|
||||
ubin_PROGRAMS += newgidmap newuidmap
|
||||
@@ -42,6 +41,7 @@
|
||||
grpunconv \
|
||||
logoutd \
|
||||
newusers \
|
||||
+ nologin \
|
||||
pwck \
|
||||
pwconv \
|
||||
pwunconv \
|
||||
Vendored
-43
@@ -1,43 +0,0 @@
|
||||
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
|
||||
|
||||
Note: useradd.8 needs to be regenerated.
|
||||
|
||||
Status wrt upstream: not included as this is just specific
|
||||
backward compatibility for Debian
|
||||
|
||||
--- a/man/useradd.8.xml
|
||||
+++ b/man/useradd.8.xml
|
||||
@@ -329,6 +329,11 @@
|
||||
databases are reset to avoid reusing the entry from a previously
|
||||
deleted user.
|
||||
</para>
|
||||
+ <para>
|
||||
+ For the compatibility with previous Debian's
|
||||
+ <command>useradd</command>, the <option>-O</option> option is
|
||||
+ also supported.
|
||||
+ </para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
<varlistentry>
|
||||
--- a/src/useradd.c
|
||||
+++ b/src/useradd.c
|
||||
@@ -1059,9 +1059,9 @@
|
||||
};
|
||||
while ((c = getopt_long (argc, argv,
|
||||
#ifdef WITH_SELINUX
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
|
||||
#else /* !WITH_SELINUX */
|
||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
|
||||
#endif /* !WITH_SELINUX */
|
||||
long_options, NULL)) != -1) {
|
||||
switch (c) {
|
||||
@@ -1184,6 +1184,7 @@
|
||||
kflg = true;
|
||||
break;
|
||||
case 'K':
|
||||
+ case 'O': /* compatibility with previous Debian useradd */
|
||||
/*
|
||||
* override login.defs defaults (-K name=value)
|
||||
* example: -K UID_MIN=100 -K UID_MAX=499
|
||||
-81
@@ -1,81 +0,0 @@
|
||||
--- a/debian/passwd.install
|
||||
+++ b/debian/passwd.install
|
||||
@@ -9,6 +9,7 @@
|
||||
usr/sbin/cppw
|
||||
usr/sbin/groupadd
|
||||
usr/sbin/groupdel
|
||||
+usr/sbin/groupmems
|
||||
usr/sbin/groupmod
|
||||
usr/sbin/grpck
|
||||
usr/sbin/grpconv
|
||||
@@ -33,6 +34,7 @@
|
||||
usr/share/man/*/man8/chpasswd.8
|
||||
usr/share/man/*/man8/groupadd.8
|
||||
usr/share/man/*/man8/groupdel.8
|
||||
+usr/share/man/*/man8/groupmems.8
|
||||
usr/share/man/*/man8/groupmod.8
|
||||
usr/share/man/*/man8/grpck.8
|
||||
usr/share/man/*/man8/grpconv.8
|
||||
@@ -59,6 +61,7 @@
|
||||
usr/share/man/man8/chpasswd.8
|
||||
usr/share/man/man8/groupadd.8
|
||||
usr/share/man/man8/groupdel.8
|
||||
+usr/share/man/man8/groupmems.8
|
||||
usr/share/man/man8/groupmod.8
|
||||
usr/share/man/man8/grpck.8
|
||||
usr/share/man/man8/grpconv.8
|
||||
--- a/debian/passwd.postinst
|
||||
+++ b/debian/passwd.postinst
|
||||
@@ -31,6 +31,24 @@
|
||||
exit 1
|
||||
)
|
||||
fi
|
||||
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
|
||||
+ then
|
||||
+ groupadd -g 99 groupmems || (
|
||||
+ cat <<EOF
|
||||
+************************ TESTSUITE *****************************
|
||||
+Group ID 99 has been allocated for the groupmems group. You have either
|
||||
+used 99 yourself or created a groupmems group with a different ID.
|
||||
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
||||
+
|
||||
+Note that both user and group IDs in the range 0-99 are globally
|
||||
+allocated by the Debian project and must be the same on every Debian
|
||||
+system.
|
||||
+EOF
|
||||
+ exit 1
|
||||
+ )
|
||||
+# FIXME
|
||||
+ chgrp groupmems /usr/sbin/groupmems
|
||||
+ fi
|
||||
;;
|
||||
esac
|
||||
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -60,6 +60,7 @@
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
+ dh_installpam -p passwd --name=groupmems
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# login is not built on The Hurd, but some utilities of passwd depends on
|
||||
# /etc/login.defs.
|
||||
@@ -87,3 +88,6 @@
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
|
||||
+ chmod u+s debian/passwd/usr/sbin/groupmems
|
||||
+ chmod o-x debian/passwd/usr/sbin/groupmems
|
||||
--- /dev/null
|
||||
+++ b/debian/passwd.groupmems.pam
|
||||
@@ -0,0 +1,8 @@
|
||||
+# The PAM configuration file for the Shadow 'groupmod' service
|
||||
+#
|
||||
+
|
||||
+# This allows root to modify groups without being prompted for a password
|
||||
+auth sufficient pam_rootok.so
|
||||
+
|
||||
+@include common-auth
|
||||
+@include common-account
|
||||
Vendored
-76
@@ -1,76 +0,0 @@
|
||||
--- a/lib/Makefile.am
|
||||
+++ b/lib/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
DEFS =
|
||||
|
||||
noinst_LTLIBRARIES = libshadow.la
|
||||
--- a/libmisc/Makefile.am
|
||||
+++ b/libmisc/Makefile.am
|
||||
@@ -1,6 +1,8 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = -I$(top_srcdir)/lib
|
||||
|
||||
noinst_LIBRARIES = libmisc.a
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -7,6 +7,8 @@
|
||||
suidperms = 4755
|
||||
sgidperms = 2755
|
||||
|
||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
||||
+
|
||||
INCLUDES = \
|
||||
-I${top_srcdir}/lib \
|
||||
-I$(top_srcdir)/libmisc
|
||||
--- a/debian/rules
|
||||
+++ b/debian/rules
|
||||
@@ -40,6 +40,12 @@
|
||||
endif
|
||||
export CFLAGS
|
||||
|
||||
+clean:: clean_gcov
|
||||
+
|
||||
+clean_gcov:
|
||||
+ find . -name "*.gcda" -delete
|
||||
+ find . -name "*.gcno" -delete
|
||||
+
|
||||
# Add extras to the install process:
|
||||
binary-install/login::
|
||||
dh_installpam -p login
|
||||
--- a/lib/defines.h
|
||||
+++ b/lib/defines.h
|
||||
@@ -174,23 +174,9 @@
|
||||
trust the formatted time received from the unix domain (or worse,
|
||||
UDP) socket. -MM */
|
||||
/* Avoid translated PAM error messages: Set LC_ALL to "C".
|
||||
+ * This is disabled for coverage testing
|
||||
* --Nekral */
|
||||
-#define SYSLOG(x) \
|
||||
- do { \
|
||||
- char *old_locale = setlocale (LC_ALL, NULL); \
|
||||
- char *saved_locale = NULL; \
|
||||
- if (NULL != old_locale) { \
|
||||
- saved_locale = strdup (old_locale); \
|
||||
- } \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, "C"); \
|
||||
- } \
|
||||
- syslog x ; \
|
||||
- if (NULL != saved_locale) { \
|
||||
- (void) setlocale (LC_ALL, saved_locale); \
|
||||
- free (saved_locale); \
|
||||
- } \
|
||||
- } while (false)
|
||||
+#define SYSLOG(x) syslog x
|
||||
#else /* !ENABLE_NLS */
|
||||
#define SYSLOG(x) syslog x
|
||||
#endif /* !ENABLE_NLS */
|
||||
Vendored
-22
@@ -1,22 +0,0 @@
|
||||
Small intro to the system for numbering the patches here...
|
||||
|
||||
-The 00xx-... patches are forwarded to upstream's git repository
|
||||
|
||||
-The 0xx_... series of patches are patches isolated from the latest
|
||||
version of the shadow Debian package not using quilt in order to
|
||||
separate upstream from Debian-specific stuff.
|
||||
|
||||
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
|
||||
|
||||
-The 4xx series are patches which have been applied to Debian's shadow
|
||||
and have NOT been accepted and/or applied upstream. These patches MUST be kept
|
||||
even after resynced with upstream
|
||||
|
||||
-The 5xx series are patches which are applied to Debian's shadow
|
||||
and will never be proposed upstream because they're too specific
|
||||
This list SHOULD BE AS SHORT AS POSSIBLE
|
||||
|
||||
In short, while we are working towards synchronisation with upstream,
|
||||
our goal is to make 0xx patches disappear by moving them either to 3xx
|
||||
series (things already implemented upstream) or to 4xx series
|
||||
(Debian-specific patches).
|
||||
Vendored
-20
@@ -1,20 +0,0 @@
|
||||
# These patches are only for the testsuite:
|
||||
#900_testsuite_groupmems
|
||||
#901_testsuite_gcov
|
||||
|
||||
503_shadowconfig.8
|
||||
008_login_log_failure_in_FTMP
|
||||
429_login_FAILLOG_ENAB
|
||||
401_cppw_src.dpatch
|
||||
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
|
||||
402_cppw_selinux
|
||||
506_relaxed_usernames
|
||||
542_useradd-O_option
|
||||
463_login_delay_obeys_to_PAM
|
||||
508_nologin_in_usr_sbin
|
||||
505_useradd_recommend_adduser
|
||||
501_commonio_group_shadow
|
||||
0001-newgidmap-enforce-setgroups-deny-if-self-mapping-a-g.patch
|
||||
0002-gpasswd-1-Fix-password-leak.patch
|
||||
0003-Added-control-character-check.patch
|
||||
0004-Overhaul-valid_field.patch
|
||||
Vendored
-96
@@ -1,96 +0,0 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- mode: makefile; coding: utf-8 -*-
|
||||
|
||||
DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
|
||||
|
||||
# Enable PIE, BINDNOW, and possible future flags.
|
||||
export DEB_BUILD_MAINT_OPTIONS = hardening=+all
|
||||
DPKG_EXPORT_BUILDFLAGS = 1
|
||||
include /usr/share/dpkg/buildflags.mk
|
||||
|
||||
# Call autoreconf since we need to regenerate all the autofoo files
|
||||
include /usr/share/cdbs/1/rules/autoreconf.mk
|
||||
include /usr/share/cdbs/1/rules/debhelper.mk
|
||||
# Specify where dh_install will find the files that it needs to move:
|
||||
DEB_DH_INSTALL_SOURCEDIR=debian/tmp
|
||||
# Specify the destination of shadow's "make install"
|
||||
# (This is only needed on The Hurd, where only one package is built. On
|
||||
# the other arch, DEB_DESTDIR already points to debian/tmp)
|
||||
DEB_DESTDIR=$(CURDIR)/debian/tmp
|
||||
|
||||
include /usr/share/cdbs/1/class/autotools.mk
|
||||
|
||||
# Adds extra options when calling the configure script:
|
||||
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared \
|
||||
--without-libcrack \
|
||||
--mandir=/usr/share/man \
|
||||
--with-libpam \
|
||||
--enable-shadowgrp \
|
||||
--enable-man \
|
||||
--disable-account-tools-setuid \
|
||||
--with-group-name-max-length=32 \
|
||||
--without-acl \
|
||||
--without-attr \
|
||||
--without-tcb \
|
||||
SHELL=/bin/sh
|
||||
ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE))
|
||||
DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE)
|
||||
endif
|
||||
|
||||
# Set the default editor for vipw/vigr
|
||||
CFLAGS += -DDEFAULT_EDITOR=\\\"sensible-editor\\\"
|
||||
|
||||
# Add extras to the install process:
|
||||
binary-install/login::
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# /bin/login is provided by the hurd package.
|
||||
rm -f debian/login/bin/login
|
||||
endif
|
||||
ifneq ($(DEB_HOST_ARCH_OS),linux)
|
||||
sed -i 's/session optional pam_keyinit.so/# Linux only # session optional pam_keyinit.so/' debian/login.pam
|
||||
endif
|
||||
dh_installpam -p login
|
||||
install -c -m 444 debian/login.defs debian/login/etc/login.defs
|
||||
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
|
||||
dh_lintian -p login
|
||||
|
||||
binary-install/passwd::
|
||||
install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8
|
||||
install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8
|
||||
install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8
|
||||
install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8
|
||||
# Distribute the pam.d files; unless for the commands with disabled PAM
|
||||
# support
|
||||
dh_installpam -p passwd --name=passwd
|
||||
dh_installpam -p passwd --name=chfn
|
||||
dh_installpam -p passwd --name=chsh
|
||||
dh_installpam -p passwd --name=chpasswd
|
||||
dh_installpam -p passwd --name=newusers
|
||||
install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd
|
||||
install -d debian/passwd/sbin
|
||||
install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig
|
||||
install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8
|
||||
install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8
|
||||
dh_lintian -p passwd
|
||||
|
||||
binary-predeb/uidmap::
|
||||
chmod u+s debian/uidmap/usr/bin/newuidmap
|
||||
chmod u+s debian/uidmap/usr/bin/newgidmap
|
||||
|
||||
binary-predeb/login::
|
||||
# No real need for login to be setuid root
|
||||
# chmod u+s debian/login/bin/login
|
||||
chmod u+s debian/login/usr/bin/newgrp
|
||||
|
||||
binary-predeb/passwd::
|
||||
chmod u+s debian/passwd/usr/bin/chfn
|
||||
chmod u+s debian/passwd/usr/bin/chsh
|
||||
chmod u+s debian/passwd/usr/bin/gpasswd
|
||||
chmod u+s debian/passwd/usr/bin/passwd
|
||||
chgrp shadow debian/passwd/usr/bin/chage
|
||||
chgrp shadow debian/passwd/usr/bin/expiry
|
||||
chmod g+s debian/passwd/usr/bin/chage
|
||||
chmod g+s debian/passwd/usr/bin/expiry
|
||||
|
||||
clean::
|
||||
sed -i 's/# Linux only # //' debian/login.pam
|
||||
Vendored
-71
@@ -1,71 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
com0
|
||||
|
||||
# Standard consoles
|
||||
tty1
|
||||
tty2
|
||||
tty3
|
||||
tty4
|
||||
tty5
|
||||
tty6
|
||||
tty7
|
||||
tty8
|
||||
tty9
|
||||
tty10
|
||||
tty11
|
||||
tty12
|
||||
tty13
|
||||
tty14
|
||||
tty15
|
||||
tty16
|
||||
tty17
|
||||
tty18
|
||||
tty19
|
||||
tty20
|
||||
tty21
|
||||
tty22
|
||||
tty23
|
||||
tty24
|
||||
tty25
|
||||
tty26
|
||||
tty27
|
||||
tty28
|
||||
tty29
|
||||
tty30
|
||||
tty31
|
||||
tty32
|
||||
tty33
|
||||
tty34
|
||||
tty35
|
||||
tty36
|
||||
tty37
|
||||
tty38
|
||||
tty39
|
||||
tty40
|
||||
tty41
|
||||
tty42
|
||||
tty43
|
||||
tty44
|
||||
tty45
|
||||
tty46
|
||||
tty47
|
||||
tty48
|
||||
tty49
|
||||
tty50
|
||||
tty51
|
||||
tty52
|
||||
tty53
|
||||
tty54
|
||||
tty55
|
||||
tty56
|
||||
tty57
|
||||
tty58
|
||||
tty59
|
||||
tty60
|
||||
tty61
|
||||
tty62
|
||||
tty63
|
||||
Vendored
-24
@@ -1,24 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
ttyd0
|
||||
ttyd1
|
||||
|
||||
# Standard consoles
|
||||
ttyv0
|
||||
ttyv1
|
||||
ttyv2
|
||||
ttyv3
|
||||
ttyv4
|
||||
ttyv5
|
||||
ttyv6
|
||||
ttyv7
|
||||
ttyva
|
||||
ttyvb
|
||||
ttyvc
|
||||
ttyvd
|
||||
ttyve
|
||||
ttyvf
|
||||
|
||||
Vendored
-12
@@ -1,12 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
console
|
||||
|
||||
# for people with serial port consoles
|
||||
tty00
|
||||
|
||||
# Standard consoles
|
||||
ttyE0
|
||||
ttyE1
|
||||
ttyE2
|
||||
ttyE3
|
||||
Vendored
-412
@@ -1,412 +0,0 @@
|
||||
# /etc/securetty: list of terminals on which root is allowed to login.
|
||||
# See securetty(5) and login(1).
|
||||
|
||||
console
|
||||
|
||||
# Local X displays (allows empty passwords with pam_unix's nullok_secure)
|
||||
:0
|
||||
:0.0
|
||||
:0.1
|
||||
:1
|
||||
:1.0
|
||||
:1.1
|
||||
:2
|
||||
:2.0
|
||||
:2.1
|
||||
:3
|
||||
:3.0
|
||||
:3.1
|
||||
#...
|
||||
|
||||
|
||||
# ==========================================================
|
||||
#
|
||||
# TTYs sorted by major number according to Documentation/devices.txt
|
||||
#
|
||||
# ==========================================================
|
||||
|
||||
# Virtual consoles
|
||||
tty1
|
||||
tty2
|
||||
tty3
|
||||
tty4
|
||||
tty5
|
||||
tty6
|
||||
tty7
|
||||
tty8
|
||||
tty9
|
||||
tty10
|
||||
tty11
|
||||
tty12
|
||||
tty13
|
||||
tty14
|
||||
tty15
|
||||
tty16
|
||||
tty17
|
||||
tty18
|
||||
tty19
|
||||
tty20
|
||||
tty21
|
||||
tty22
|
||||
tty23
|
||||
tty24
|
||||
tty25
|
||||
tty26
|
||||
tty27
|
||||
tty28
|
||||
tty29
|
||||
tty30
|
||||
tty31
|
||||
tty32
|
||||
tty33
|
||||
tty34
|
||||
tty35
|
||||
tty36
|
||||
tty37
|
||||
tty38
|
||||
tty39
|
||||
tty40
|
||||
tty41
|
||||
tty42
|
||||
tty43
|
||||
tty44
|
||||
tty45
|
||||
tty46
|
||||
tty47
|
||||
tty48
|
||||
tty49
|
||||
tty50
|
||||
tty51
|
||||
tty52
|
||||
tty53
|
||||
tty54
|
||||
tty55
|
||||
tty56
|
||||
tty57
|
||||
tty58
|
||||
tty59
|
||||
tty60
|
||||
tty61
|
||||
tty62
|
||||
tty63
|
||||
|
||||
# UART serial ports
|
||||
ttyS0
|
||||
ttyS1
|
||||
ttyS2
|
||||
ttyS3
|
||||
ttyS4
|
||||
ttyS5
|
||||
#...ttyS191
|
||||
|
||||
# Serial Mux devices (Linux/PA-RISC only)
|
||||
ttyB0
|
||||
ttyB1
|
||||
#...
|
||||
|
||||
# Chase serial card
|
||||
ttyH0
|
||||
ttyH1
|
||||
#...
|
||||
|
||||
# Cyclades serial cards
|
||||
ttyC0
|
||||
ttyC1
|
||||
#...ttyC31
|
||||
|
||||
# Digiboard serial cards
|
||||
ttyD0
|
||||
ttyD1
|
||||
#...
|
||||
|
||||
# Stallion serial cards
|
||||
ttyE0
|
||||
ttyE1
|
||||
#...ttyE255
|
||||
|
||||
# Specialix serial cards
|
||||
ttyX0
|
||||
ttyX1
|
||||
#...
|
||||
|
||||
# Comtrol Rocketport serial cards
|
||||
ttyR0
|
||||
ttyR1
|
||||
#...
|
||||
|
||||
# SDL RISCom serial cards
|
||||
ttyL0
|
||||
ttyL1
|
||||
#...
|
||||
|
||||
# Hayes ESP serial card
|
||||
ttyP0
|
||||
ttyP1
|
||||
#...
|
||||
|
||||
# Computone IntelliPort II serial card
|
||||
ttyF0
|
||||
ttyF1
|
||||
#...ttyF255
|
||||
|
||||
# Specialix IO8+ serial card
|
||||
ttyW0
|
||||
ttyW1
|
||||
#...
|
||||
|
||||
# Comtrol VS-1000 serial controller
|
||||
ttyV0
|
||||
ttyV1
|
||||
#...
|
||||
|
||||
# ISI serial card
|
||||
ttyM0
|
||||
ttyM1
|
||||
#...
|
||||
|
||||
# Technology Concepts serial card
|
||||
ttyT0
|
||||
ttyT1
|
||||
#...
|
||||
|
||||
# Specialix RIO serial card
|
||||
ttySR0
|
||||
ttySR1
|
||||
#...ttySR511
|
||||
|
||||
# Chase Research AT/PCI-Fast serial card
|
||||
ttyCH0
|
||||
ttyCH1
|
||||
#...ttyCH63
|
||||
|
||||
# Moxa Intellio serial card
|
||||
ttyMX0
|
||||
ttyMX1
|
||||
#...ttyMX127
|
||||
|
||||
# SmartIO serial card
|
||||
ttySI0
|
||||
ttySI1
|
||||
#...
|
||||
|
||||
# USB dongles
|
||||
ttyUSB0
|
||||
ttyUSB1
|
||||
ttyUSB2
|
||||
#...
|
||||
|
||||
# LinkUp Systems L72xx UARTs
|
||||
ttyLU0
|
||||
ttyLU1
|
||||
ttyLU2
|
||||
ttyLU3
|
||||
|
||||
# StrongARM builtin serial ports
|
||||
ttySA0
|
||||
ttySA1
|
||||
ttySA2
|
||||
|
||||
# SCI serial port (SuperH) ports and SC26xx serial ports
|
||||
ttySC0
|
||||
ttySC1
|
||||
ttySC2
|
||||
ttySC3
|
||||
ttySC4
|
||||
ttySC5
|
||||
ttySC6
|
||||
ttySC7
|
||||
ttySC8
|
||||
ttySC9
|
||||
|
||||
# ARM "AMBA" serial ports
|
||||
ttyAM0
|
||||
ttyAM1
|
||||
ttyAM2
|
||||
ttyAM3
|
||||
ttyAM4
|
||||
ttyAM5
|
||||
ttyAM6
|
||||
ttyAM7
|
||||
ttyAM8
|
||||
ttyAM9
|
||||
ttyAM10
|
||||
ttyAM11
|
||||
ttyAM12
|
||||
ttyAM13
|
||||
ttyAM14
|
||||
ttyAM15
|
||||
|
||||
# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU)
|
||||
ttyAMA0
|
||||
ttyAMA1
|
||||
ttyAMA2
|
||||
ttyAMA3
|
||||
|
||||
# DataBooster serial ports
|
||||
ttyDB0
|
||||
ttyDB1
|
||||
ttyDB2
|
||||
ttyDB3
|
||||
ttyDB4
|
||||
ttyDB5
|
||||
ttyDB6
|
||||
ttyDB7
|
||||
|
||||
# SGI Altix console ports
|
||||
ttySG0
|
||||
|
||||
# Motorola i.MX ports
|
||||
ttySMX0
|
||||
ttySMX1
|
||||
ttySMX2
|
||||
|
||||
# Marvell MPSC ports
|
||||
ttyMM0
|
||||
ttyMM1
|
||||
|
||||
# PPC CPM (SCC or SMC) ports
|
||||
ttyCPM0
|
||||
ttyCPM1
|
||||
ttyCPM2
|
||||
ttyCPM3
|
||||
ttyCPM4
|
||||
ttyCPM5
|
||||
|
||||
# Altix serial cards
|
||||
ttyIOC0
|
||||
ttyIOC1
|
||||
#...ttyIOC31
|
||||
|
||||
# NEC VR4100 series SIU
|
||||
ttyVR0
|
||||
|
||||
# NEC VR4100 series SSIU
|
||||
ttyVR1
|
||||
|
||||
# Altix ioc4 serial cards
|
||||
ttyIOC84
|
||||
ttyIOC85
|
||||
#...ttyIOC115
|
||||
|
||||
# Altix ioc3 serial cards
|
||||
ttySIOC0
|
||||
ttySIOC1
|
||||
#...ttySIOC31
|
||||
|
||||
# PPC PSC ports
|
||||
ttyPSC0
|
||||
ttyPSC1
|
||||
ttyPSC2
|
||||
ttyPSC3
|
||||
ttyPSC4
|
||||
ttyPSC5
|
||||
|
||||
# ATMEL serial ports
|
||||
ttyAT0
|
||||
ttyAT1
|
||||
#...ttyAT15
|
||||
|
||||
# Hilscher netX serial port
|
||||
ttyNX0
|
||||
ttyNX1
|
||||
#...ttyNX15
|
||||
|
||||
# Xilinx uartlite - port
|
||||
ttyUL0
|
||||
ttyUL1
|
||||
ttyUL2
|
||||
ttyUL3
|
||||
|
||||
# Xen virtual console - port 0
|
||||
xvc0
|
||||
|
||||
# pmac_zilog - port
|
||||
ttyPZ0
|
||||
ttyPZ1
|
||||
ttyPZ2
|
||||
ttyPZ3
|
||||
|
||||
# TX39/49 serial port
|
||||
ttyTX0
|
||||
ttyTX1
|
||||
ttyTX2
|
||||
ttyTX3
|
||||
ttyTX4
|
||||
ttyTX5
|
||||
ttyTX6
|
||||
ttyTX7
|
||||
|
||||
# SC26xx serial ports (see SCI serial ports (SuperH))
|
||||
|
||||
# MAX3100 serial ports
|
||||
ttyMAX0
|
||||
ttyMAX1
|
||||
ttyMAX2
|
||||
ttyMAX3
|
||||
|
||||
# OMAP serial ports
|
||||
ttyO0
|
||||
ttyO1
|
||||
ttyO2
|
||||
ttyO3
|
||||
|
||||
# User space serial ports
|
||||
ttyU0
|
||||
ttyU1
|
||||
|
||||
# A2232 serial card
|
||||
ttyY0
|
||||
ttyY1
|
||||
|
||||
# IBM 3270 terminal Unix tty access
|
||||
3270/tty1
|
||||
3270/tty2
|
||||
#...
|
||||
|
||||
# IBM iSeries/pSeries virtual console
|
||||
hvc0
|
||||
hvc1
|
||||
#...
|
||||
#IBM pSeries console ports
|
||||
hvsi0
|
||||
hvsi1
|
||||
hvsi2
|
||||
|
||||
# Equinox SST multi-port serial boards
|
||||
ttyEQ0
|
||||
ttyEQ1
|
||||
#...ttyEQ1027
|
||||
|
||||
# ==========================================================
|
||||
#
|
||||
# Not in Documentation/Devices.txt
|
||||
#
|
||||
# ==========================================================
|
||||
|
||||
# Embedded Freescale i.MX ports
|
||||
ttymxc0
|
||||
ttymxc1
|
||||
ttymxc2
|
||||
ttymxc3
|
||||
ttymxc4
|
||||
ttymxc5
|
||||
|
||||
# LXC (Linux Containers)
|
||||
lxc/console
|
||||
lxc/tty1
|
||||
lxc/tty2
|
||||
lxc/tty3
|
||||
lxc/tty4
|
||||
|
||||
# Serial Console for MIPS Swarm
|
||||
duart0
|
||||
duart1
|
||||
|
||||
# s390 and s390x ports in LPAR mode
|
||||
ttysclp0
|
||||
|
||||
# ODROID XU4 serial console
|
||||
ttySAC0
|
||||
ttySAC1
|
||||
ttySAC2
|
||||
ttySAC3
|
||||
Vendored
-49
@@ -1,49 +0,0 @@
|
||||
#!/bin/sh
|
||||
# turn shadow passwords on or off on a Debian system
|
||||
|
||||
set -e
|
||||
|
||||
shadowon () {
|
||||
set -e
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwconv
|
||||
grpconv
|
||||
chown root:root /etc/passwd /etc/group
|
||||
chmod 644 /etc/passwd /etc/group
|
||||
chown root:shadow /etc/shadow /etc/gshadow
|
||||
chmod 640 /etc/shadow /etc/gshadow
|
||||
}
|
||||
|
||||
shadowoff () {
|
||||
set -e
|
||||
pwck -q -r
|
||||
grpck -r
|
||||
pwunconv
|
||||
grpunconv
|
||||
# sometimes the passwd perms get munged
|
||||
chown root:root /etc/passwd /etc/group
|
||||
chmod 644 /etc/passwd /etc/group
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
"on")
|
||||
if shadowon ; then
|
||||
echo Shadow passwords are now on.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 on\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
"off")
|
||||
if shadowoff ; then
|
||||
echo Shadow passwords are now off.
|
||||
else
|
||||
echo Please correct the error and rerun \`$0 off\'
|
||||
exit 1
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
echo Usage: $0 on \| off
|
||||
;;
|
||||
esac
|
||||
Vendored
-1
@@ -1 +0,0 @@
|
||||
3.0 (quilt)
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
usr/bin/newuidmap
|
||||
usr/bin/newgidmap
|
||||
usr/share/man/man1/newuidmap.1
|
||||
usr/share/man/man1/newgidmap.1
|
||||
Vendored
-2
@@ -1,2 +0,0 @@
|
||||
uidmap: setuid-binary usr/bin/newgidmap 4755 root/root
|
||||
uidmap: setuid-binary usr/bin/newuidmap 4755 root/root
|
||||
Vendored
-8196
File diff suppressed because it is too large
Load Diff
Vendored
-37
@@ -1,37 +0,0 @@
|
||||
# Default values for useradd(8)
|
||||
#
|
||||
# The SHELL variable specifies the default login shell on your
|
||||
# system.
|
||||
# Similar to DHSELL in adduser. However, we use "sh" here because
|
||||
# useradd is a low level utility and should be as general
|
||||
# as possible
|
||||
SHELL=/bin/sh
|
||||
#
|
||||
# The default group for users
|
||||
# 100=users on Debian systems
|
||||
# Same as USERS_GID in adduser
|
||||
# This argument is used when the -n flag is specified.
|
||||
# The default behavior (when -n and -g are not specified) is to create a
|
||||
# primary user group with the same name as the user being added to the
|
||||
# system.
|
||||
# GROUP=100
|
||||
#
|
||||
# The default home directory. Same as DHOME for adduser
|
||||
# HOME=/home
|
||||
#
|
||||
# The number of days after a password expires until the account
|
||||
# is permanently disabled
|
||||
# INACTIVE=-1
|
||||
#
|
||||
# The default expire date
|
||||
# EXPIRE=
|
||||
#
|
||||
# The SKEL variable specifies the directory containing "skeletal" user
|
||||
# files; in other words, files such as a sample .profile that will be
|
||||
# copied to the new user's home directory when it is created.
|
||||
# SKEL=/etc/skel
|
||||
#
|
||||
# Defines whether the mail spool should be created while
|
||||
# creating the account
|
||||
# CREATE_MAIL_SPOOL=yes
|
||||
|
||||
Vendored
-4
@@ -1,4 +0,0 @@
|
||||
version=4
|
||||
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%shadow-$1.tar.gz%" \
|
||||
https://github.com/shadow-maint/shadow/tags \
|
||||
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
|
||||
+8
-5
@@ -301,12 +301,15 @@ static int create_backup (const char *backup, FILE * fp)
|
||||
struct utimbuf ub;
|
||||
FILE *bkfp;
|
||||
int c;
|
||||
mode_t mask;
|
||||
|
||||
if (fstat (fileno (fp), &sb) != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
bkfp = fopen_set_perms (backup, "w", &sb);
|
||||
mask = umask (077);
|
||||
bkfp = fopen (backup, "w");
|
||||
(void) umask (mask);
|
||||
if (NULL == bkfp) {
|
||||
return -1;
|
||||
}
|
||||
@@ -751,16 +754,16 @@ commonio_sort (struct commonio_db *db, int (*cmp) (const void *, const void *))
|
||||
for (ptr = db->head;
|
||||
(NULL != ptr)
|
||||
#if KEEP_NIS_AT_END
|
||||
&& ((NULL == ptr->line)
|
||||
|| (('+' != ptr->line[0])
|
||||
&& ('-' != ptr->line[0])))
|
||||
&& (NULL != ptr->line)
|
||||
&& ( ('+' != ptr->line[0])
|
||||
&& ('-' != ptr->line[0]))
|
||||
#endif
|
||||
;
|
||||
ptr = ptr->next) {
|
||||
n++;
|
||||
}
|
||||
#if KEEP_NIS_AT_END
|
||||
if (NULL != ptr) {
|
||||
if ((NULL != ptr) && (NULL != ptr->line)) {
|
||||
nis = ptr;
|
||||
}
|
||||
#endif
|
||||
|
||||
+2
-2
@@ -31,8 +31,8 @@
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
#ifndef COMMONIO_H
|
||||
#define COMMONIO_H
|
||||
#ifndef _COMMONIO_H
|
||||
#define _COMMONIO_H
|
||||
|
||||
#ifdef WITH_SELINUX
|
||||
#include <selinux/selinux.h>
|
||||
|
||||
@@ -148,7 +148,6 @@ static struct itemdef knowndef_table[] = {
|
||||
#ifdef USE_PAM
|
||||
PAMDEFS
|
||||
#endif
|
||||
{NULL, NULL}
|
||||
};
|
||||
|
||||
#ifndef LOGINDEFS
|
||||
|
||||
+2
-1
@@ -338,7 +338,8 @@ static /*@null@*/struct commonio_entry *merge_group_entries (
|
||||
errno = ENOMEM;
|
||||
return NULL;
|
||||
}
|
||||
snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
|
||||
snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
|
||||
new_line[new_line_len] = '\0';
|
||||
|
||||
/* Concatenate the 2 list of members */
|
||||
for (i=0; NULL != gptr1->gr_mem[i]; i++);
|
||||
|
||||
@@ -179,9 +179,6 @@ extern int getrange (char *range,
|
||||
unsigned long *min, bool *has_min,
|
||||
unsigned long *max, bool *has_max);
|
||||
|
||||
/* gettime.c */
|
||||
extern time_t gettime ();
|
||||
|
||||
/* get_uid.c */
|
||||
extern int get_uid (const char *uidstr, uid_t *uid);
|
||||
|
||||
|
||||
@@ -40,7 +40,6 @@
|
||||
#include "prototypes.h"
|
||||
#include "defines.h"
|
||||
#include "commonio.h"
|
||||
#include "getdef.h"
|
||||
#include "sgroupio.h"
|
||||
|
||||
/*@null@*/ /*@only@*/struct sgrp *__sgr_dup (const struct sgrp *sgent)
|
||||
|
||||
@@ -40,7 +40,6 @@
|
||||
#include <shadow.h>
|
||||
#include <stdio.h>
|
||||
#include "commonio.h"
|
||||
#include "getdef.h"
|
||||
#include "shadowio.h"
|
||||
#ifdef WITH_TCB
|
||||
#include <tcb.h>
|
||||
|
||||
+2
-2
@@ -31,8 +31,8 @@
|
||||
*/
|
||||
|
||||
/* $Id$ */
|
||||
#ifndef SHADOWIO_H
|
||||
#define SHADOWIO_H
|
||||
#ifndef _SHADOWIO_H
|
||||
#define _SHADOWIO_H
|
||||
|
||||
#include "defines.h"
|
||||
|
||||
|
||||
+1
-2
@@ -1,7 +1,7 @@
|
||||
|
||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
||||
|
||||
AM_CPPFLAGS = -I$(top_srcdir)/lib
|
||||
INCLUDES = -I$(top_srcdir)/lib
|
||||
|
||||
noinst_LIBRARIES = libmisc.a
|
||||
|
||||
@@ -31,7 +31,6 @@ libmisc_a_SOURCES = \
|
||||
getdate.y \
|
||||
getgr_nam_gid.c \
|
||||
getrange.c \
|
||||
gettime.c \
|
||||
hushed.c \
|
||||
idmapping.h \
|
||||
idmapping.c \
|
||||
|
||||
+125
-414
@@ -1,7 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
|
||||
* Copyright (c) 2008 - 2011, Nicolas François
|
||||
* Copyright (c) 2014, Red Hat, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -39,117 +38,6 @@
|
||||
#include "groupio.h"
|
||||
#include "getdef.h"
|
||||
|
||||
/*
|
||||
* get_ranges - Get the minimum and maximum ID ranges for the search
|
||||
*
|
||||
* This function will return the minimum and maximum ranges for IDs
|
||||
*
|
||||
* 0: The function completed successfully
|
||||
* EINVAL: The provided ranges are impossible (such as maximum < minimum)
|
||||
*
|
||||
* preferred_min: The special-case minimum value for a specifically-
|
||||
* requested ID, which may be lower than the standard min_id
|
||||
*/
|
||||
static int get_ranges (bool sys_group, gid_t *min_id, gid_t *max_id,
|
||||
gid_t *preferred_min)
|
||||
{
|
||||
gid_t gid_def_max = 0;
|
||||
|
||||
if (sys_group) {
|
||||
/* System groups */
|
||||
|
||||
/* A requested ID is allowed to be below the autoselect range */
|
||||
*preferred_min = (gid_t) 1;
|
||||
|
||||
/* Get the minimum ID range from login.defs or default to 101 */
|
||||
*min_id = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
|
||||
/*
|
||||
* If SYS_GID_MAX is unspecified, we should assume it to be one
|
||||
* less than the GID_MIN (which is reserved for non-system accounts)
|
||||
*/
|
||||
gid_def_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
*max_id = (gid_t) getdef_ulong ("SYS_GID_MAX",
|
||||
(unsigned long) gid_def_max);
|
||||
|
||||
/* Check that the ranges make sense */
|
||||
if (*max_id < *min_id) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: SYS_GID_MIN (%lu), "
|
||||
"GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) *min_id,
|
||||
getdef_ulong ("GID_MIN", 1000UL),
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
} else {
|
||||
/* Non-system groups */
|
||||
|
||||
/* Get the values from login.defs or use reasonable defaults */
|
||||
*min_id = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
|
||||
*max_id = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||
|
||||
/*
|
||||
* The preferred minimum should match the standard ID minimum
|
||||
* for non-system groups.
|
||||
*/
|
||||
*preferred_min = *min_id;
|
||||
|
||||
/* Check that the ranges make sense */
|
||||
if (*max_id < *min_id) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: GID_MIN (%lu), "
|
||||
"GID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) *min_id,
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* check_gid - See if the requested GID is available
|
||||
*
|
||||
* On success, return 0
|
||||
* If the ID is in use, return EEXIST
|
||||
* If the ID is outside the range, return ERANGE
|
||||
* In other cases, return errno from getgrgid()
|
||||
*/
|
||||
static int check_gid (const gid_t gid,
|
||||
const gid_t gid_min,
|
||||
const gid_t gid_max,
|
||||
bool *used_gids)
|
||||
{
|
||||
/* First test that the preferred ID is in the range */
|
||||
if (gid < gid_min || gid > gid_max) {
|
||||
return ERANGE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether we already detected this GID
|
||||
* using the gr_next() loop
|
||||
*/
|
||||
if (used_gids != NULL && used_gids[gid]) {
|
||||
return EEXIST;
|
||||
}
|
||||
/* Check if the GID exists according to NSS */
|
||||
errno = 0;
|
||||
if (getgrgid (gid) != NULL) {
|
||||
return EEXIST;
|
||||
} else {
|
||||
/* getgrgid() was NULL
|
||||
* we have to ignore errors as temporary
|
||||
* failures of remote user identity services
|
||||
* would completely block user/group creation
|
||||
*/
|
||||
}
|
||||
|
||||
/* If we've made it here, the GID must be available */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* find_new_gid - Find a new unused GID.
|
||||
*
|
||||
@@ -161,338 +49,161 @@ static int check_gid (const gid_t gid,
|
||||
* Return 0 on success, -1 if no unused GIDs are available.
|
||||
*/
|
||||
int find_new_gid (bool sys_group,
|
||||
gid_t *gid,
|
||||
/*@null@*/gid_t const *preferred_gid)
|
||||
gid_t *gid,
|
||||
/*@null@*/gid_t const *preferred_gid)
|
||||
{
|
||||
bool *used_gids;
|
||||
const struct group *grp;
|
||||
gid_t gid_min, gid_max, preferred_min;
|
||||
gid_t group_id, id;
|
||||
gid_t lowest_found, highest_found;
|
||||
int result;
|
||||
int nospam = 0;
|
||||
gid_t gid_min, gid_max, group_id;
|
||||
bool *used_gids;
|
||||
|
||||
assert(gid != NULL);
|
||||
assert (gid != NULL);
|
||||
|
||||
/*
|
||||
* First, figure out what ID range is appropriate for
|
||||
* automatic assignment
|
||||
*/
|
||||
result = get_ranges (sys_group, &gid_min, &gid_max, &preferred_min);
|
||||
if (result == EINVAL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if the preferred GID is available */
|
||||
if (preferred_gid) {
|
||||
result = check_gid (*preferred_gid, preferred_min, gid_max, NULL);
|
||||
if (result == 0) {
|
||||
/*
|
||||
* Make sure the GID isn't queued for use already
|
||||
*/
|
||||
if (gr_locate_gid (*preferred_gid) == NULL) {
|
||||
*gid = *preferred_gid;
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* gr_locate_gid() found the GID in an as-yet uncommitted
|
||||
* entry. We'll proceed below and auto-set a GID.
|
||||
*/
|
||||
} else if (result == EEXIST || result == ERANGE) {
|
||||
/*
|
||||
* Continue on below. At this time, we won't
|
||||
* treat these two cases differently.
|
||||
*/
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred. We should report
|
||||
* this and fail the group creation.
|
||||
* This differs from the automatic creation
|
||||
* behavior below, since if a specific GID was
|
||||
* requested and generated an error, the user is
|
||||
* more likely to want to stop and address the
|
||||
* issue.
|
||||
*/
|
||||
fprintf (stderr,
|
||||
_("%s: Encountered error attempting to use "
|
||||
"preferred GID: %s\n"),
|
||||
Prog, strerror (result));
|
||||
if (!sys_group) {
|
||||
gid_min = (gid_t) getdef_ulong ("GID_MIN", 1000UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MAX", 60000UL);
|
||||
if (gid_max < gid_min) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: GID_MIN (%lu), GID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) gid_min, (unsigned long) gid_max);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
|
||||
gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
|
||||
gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
|
||||
if (gid_max < gid_min) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: SYS_GID_MIN (%lu), GID_MIN (%lu), SYS_GID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) gid_min, getdef_ulong ("GID_MIN", 1000UL), (unsigned long) gid_max);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Search the entire group file,
|
||||
* looking for the next unused value.
|
||||
*
|
||||
* We first check the local database with gr_rewind/gr_next to find
|
||||
* all local values that are in use.
|
||||
*
|
||||
* We then compare the next free value to all databases (local and
|
||||
* remote) and iterate until we find a free one. If there are free
|
||||
* values beyond the lowest (system groups) or highest (non-system
|
||||
* groups), we will prefer those and avoid potentially reclaiming a
|
||||
* deleted group (which can be a security issue, since it may grant
|
||||
* access to files belonging to that former group).
|
||||
*
|
||||
* If there are no GIDs available at the end of the search, we will
|
||||
* have no choice but to iterate through the range looking for gaps.
|
||||
*
|
||||
*/
|
||||
|
||||
/* Create an array to hold all of the discovered GIDs */
|
||||
used_gids = malloc (sizeof (bool) * (gid_max +1));
|
||||
if (NULL == used_gids) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to allocate memory: %s\n"),
|
||||
Prog, strerror (errno));
|
||||
_("%s: failed to allocate memory: %s\n"),
|
||||
Prog, strerror (errno));
|
||||
return -1;
|
||||
}
|
||||
memset (used_gids, false, sizeof (bool) * (gid_max + 1));
|
||||
|
||||
/* First look for the lowest and highest value in the local database */
|
||||
(void) gr_rewind ();
|
||||
highest_found = gid_min;
|
||||
lowest_found = gid_max;
|
||||
while ((grp = gr_next ()) != NULL) {
|
||||
/*
|
||||
* Does this entry have a lower GID than the lowest we've found
|
||||
* so far?
|
||||
*/
|
||||
if ((grp->gr_gid <= lowest_found) && (grp->gr_gid >= gid_min)) {
|
||||
lowest_found = grp->gr_gid - 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Does this entry have a higher GID than the highest we've found
|
||||
* so far?
|
||||
*/
|
||||
if ((grp->gr_gid >= highest_found) && (grp->gr_gid <= gid_max)) {
|
||||
highest_found = grp->gr_gid + 1;
|
||||
}
|
||||
|
||||
/* create index of used GIDs */
|
||||
if (grp->gr_gid >= gid_min
|
||||
&& grp->gr_gid <= gid_max) {
|
||||
|
||||
used_gids[grp->gr_gid] = true;
|
||||
}
|
||||
if ( (NULL != preferred_gid)
|
||||
&& (*preferred_gid >= gid_min)
|
||||
&& (*preferred_gid <= gid_max)
|
||||
/* Check if the user exists according to NSS */
|
||||
&& (getgrgid (*preferred_gid) == NULL)
|
||||
/* Check also the local database in case of uncommitted
|
||||
* changes */
|
||||
&& (gr_locate_gid (*preferred_gid) == NULL)) {
|
||||
*gid = *preferred_gid;
|
||||
free (used_gids);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Search the entire group file,
|
||||
* looking for the largest unused value.
|
||||
*
|
||||
* We check the list of groups according to NSS (setgrent/getgrent),
|
||||
* but we also check the local database (gr_rewind/gr_next) in case
|
||||
* some groups were created but the changes were not committed yet.
|
||||
*/
|
||||
if (sys_group) {
|
||||
/*
|
||||
* For system groups, we want to start from the
|
||||
* top of the range and work downwards.
|
||||
gid_t id;
|
||||
/* setgrent / getgrent / endgrent can be very slow with
|
||||
* LDAP configurations (and many accounts).
|
||||
* Since there is a limited amount of IDs to be tested
|
||||
* for system accounts, we just check the existence
|
||||
* of IDs with getgrgid.
|
||||
*/
|
||||
|
||||
/*
|
||||
* At the conclusion of the gr_next() search, we will either
|
||||
* have a presumed-free GID or we will be at GID_MIN - 1.
|
||||
*/
|
||||
if (lowest_found < gid_min) {
|
||||
/*
|
||||
* In this case, a GID is in use at GID_MIN.
|
||||
*
|
||||
* We will reset the search to GID_MAX and proceed down
|
||||
* through all the GIDs (skipping those we detected with
|
||||
* used_gids) for a free one. It is a known issue that
|
||||
* this may result in reusing a previously-deleted GID,
|
||||
* so administrators should be instructed to use this
|
||||
* auto-detection with care (and prefer to assign GIDs
|
||||
* explicitly).
|
||||
*/
|
||||
lowest_found = gid_max;
|
||||
}
|
||||
|
||||
/* Search through all of the IDs in the range */
|
||||
for (id = lowest_found; id >= gid_min; id--) {
|
||||
result = check_gid (id, gid_min, gid_max, used_gids);
|
||||
if (result == 0) {
|
||||
/* This GID is available. Return it. */
|
||||
*gid = id;
|
||||
free (used_gids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This GID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system GID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available GIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later GID
|
||||
* will work properly.
|
||||
*/
|
||||
group_id = gid_max;
|
||||
for (id = gid_max; id >= gid_min; id--) {
|
||||
if (getgrgid (id) != NULL) {
|
||||
group_id = id - 1;
|
||||
used_gids[id] = true;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If we get all the way through the loop, try again from GID_MAX,
|
||||
* unless that was where we previously started. (NOTE: the worst-case
|
||||
* scenario here is that we will run through (GID_MAX - GID_MIN - 1)
|
||||
* cycles *again* if we fall into this case with lowest_found as
|
||||
* GID_MAX - 1, all groups in the range in use and maintained by
|
||||
* network services such as LDAP.)
|
||||
*/
|
||||
if (lowest_found != gid_max) {
|
||||
for (id = gid_max; id >= gid_min; id--) {
|
||||
result = check_gid (id, gid_min, gid_max, used_gids);
|
||||
if (result == 0) {
|
||||
/* This GID is available. Return it. */
|
||||
*gid = id;
|
||||
free (used_gids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This GID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system GID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available GIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later GID
|
||||
* will work properly.
|
||||
*/
|
||||
}
|
||||
(void) gr_rewind ();
|
||||
while ((grp = gr_next ()) != NULL) {
|
||||
if ((grp->gr_gid <= group_id) && (grp->gr_gid >= gid_min)) {
|
||||
group_id = grp->gr_gid - 1;
|
||||
}
|
||||
/* create index of used GIDs */
|
||||
if (grp->gr_gid <= gid_max) {
|
||||
used_gids[grp->gr_gid] = true;
|
||||
}
|
||||
}
|
||||
} else { /* !sys_group */
|
||||
/*
|
||||
* For non-system groups, we want to start from the
|
||||
* bottom of the range and work upwards.
|
||||
*/
|
||||
|
||||
/*
|
||||
* At the conclusion of the gr_next() search, we will either
|
||||
* have a presumed-free GID or we will be at GID_MAX + 1.
|
||||
*/
|
||||
if (highest_found > gid_max) {
|
||||
/*
|
||||
* In this case, a GID is in use at GID_MAX.
|
||||
*
|
||||
* We will reset the search to GID_MIN and proceed up
|
||||
* through all the GIDs (skipping those we detected with
|
||||
* used_gids) for a free one. It is a known issue that
|
||||
* this may result in reusing a previously-deleted GID,
|
||||
* so administrators should be instructed to use this
|
||||
* auto-detection with care (and prefer to assign GIDs
|
||||
* explicitly).
|
||||
*/
|
||||
highest_found = gid_min;
|
||||
}
|
||||
|
||||
/* Search through all of the IDs in the range */
|
||||
for (id = highest_found; id <= gid_max; id++) {
|
||||
result = check_gid (id, gid_min, gid_max, used_gids);
|
||||
if (result == 0) {
|
||||
/* This GID is available. Return it. */
|
||||
*gid = id;
|
||||
free (used_gids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This GID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique GID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available GIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later GID
|
||||
* will work properly.
|
||||
*/
|
||||
} else {
|
||||
group_id = gid_min;
|
||||
setgrent ();
|
||||
while ((grp = getgrent ()) != NULL) {
|
||||
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||
group_id = grp->gr_gid + 1;
|
||||
}
|
||||
/* create index of used GIDs */
|
||||
if (grp->gr_gid <= gid_max) {
|
||||
used_gids[grp->gr_gid] = true;
|
||||
}
|
||||
}
|
||||
endgrent ();
|
||||
|
||||
/*
|
||||
* If we get all the way through the loop, try again from GID_MIN,
|
||||
* unless that was where we previously started. (NOTE: the worst-case
|
||||
* scenario here is that we will run through (GID_MAX - GID_MIN - 1)
|
||||
* cycles *again* if we fall into this case with highest_found as
|
||||
* GID_MIN + 1, all groups in the range in use and maintained by
|
||||
* network services such as LDAP.)
|
||||
*/
|
||||
if (highest_found != gid_min) {
|
||||
for (id = gid_min; id <= gid_max; id++) {
|
||||
result = check_gid (id, gid_min, gid_max, used_gids);
|
||||
if (result == 0) {
|
||||
/* This GID is available. Return it. */
|
||||
*gid = id;
|
||||
free (used_gids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This GID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique GID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available GIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later GID
|
||||
* will work properly.
|
||||
*/
|
||||
}
|
||||
(void) gr_rewind ();
|
||||
while ((grp = gr_next ()) != NULL) {
|
||||
if ((grp->gr_gid >= group_id) && (grp->gr_gid <= gid_max)) {
|
||||
group_id = grp->gr_gid + 1;
|
||||
}
|
||||
/* create index of used GIDs */
|
||||
if (grp->gr_gid <= gid_max) {
|
||||
used_gids[grp->gr_gid] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If a group (resp. system group) with GID equal to GID_MAX (resp.
|
||||
* GID_MIN) exists, the above algorithm will give us GID_MAX+1
|
||||
* (resp. GID_MIN-1) even if not unique. Search for the first free
|
||||
* GID starting with GID_MIN (resp. GID_MAX).
|
||||
*/
|
||||
if (sys_group) {
|
||||
if (group_id < gid_min) {
|
||||
for (group_id = gid_max; group_id >= gid_min; group_id--) {
|
||||
if (false == used_gids[group_id]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (group_id < gid_min) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system GID (no more available GIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN,
|
||||
"no more available GID on the system"));
|
||||
free (used_gids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (group_id > gid_max) {
|
||||
for (group_id = gid_min; group_id <= gid_max; group_id++) {
|
||||
if (false == used_gids[group_id]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (group_id > gid_max) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique GID (no more available GIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available GID on the system"));
|
||||
free (used_gids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* The code reached here and found no available IDs in the range */
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique GID (no more available GIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available GIDs on the system"));
|
||||
free (used_gids);
|
||||
return -1;
|
||||
*gid = group_id;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
+125
-414
@@ -1,7 +1,6 @@
|
||||
/*
|
||||
* Copyright (c) 1991 - 1994, Julianne Frances Haugh
|
||||
* Copyright (c) 2008 - 2011, Nicolas François
|
||||
* Copyright (c) 2014, Red Hat, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
@@ -39,117 +38,6 @@
|
||||
#include "pwio.h"
|
||||
#include "getdef.h"
|
||||
|
||||
/*
|
||||
* get_ranges - Get the minimum and maximum ID ranges for the search
|
||||
*
|
||||
* This function will return the minimum and maximum ranges for IDs
|
||||
*
|
||||
* 0: The function completed successfully
|
||||
* EINVAL: The provided ranges are impossible (such as maximum < minimum)
|
||||
*
|
||||
* preferred_min: The special-case minimum value for a specifically-
|
||||
* requested ID, which may be lower than the standard min_id
|
||||
*/
|
||||
static int get_ranges (bool sys_user, uid_t *min_id, uid_t *max_id,
|
||||
uid_t *preferred_min)
|
||||
{
|
||||
uid_t uid_def_max = 0;
|
||||
|
||||
if (sys_user) {
|
||||
/* System users */
|
||||
|
||||
/* A requested ID is allowed to be below the autoselect range */
|
||||
*preferred_min = (uid_t) 1;
|
||||
|
||||
/* Get the minimum ID range from login.defs or default to 101 */
|
||||
*min_id = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
|
||||
|
||||
/*
|
||||
* If SYS_UID_MAX is unspecified, we should assume it to be one
|
||||
* less than the UID_MIN (which is reserved for non-system accounts)
|
||||
*/
|
||||
uid_def_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
|
||||
*max_id = (uid_t) getdef_ulong ("SYS_UID_MAX",
|
||||
(unsigned long) uid_def_max);
|
||||
|
||||
/* Check that the ranges make sense */
|
||||
if (*max_id < *min_id) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: SYS_UID_MIN (%lu), "
|
||||
"UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) *min_id,
|
||||
getdef_ulong ("UID_MIN", 1000UL),
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
} else {
|
||||
/* Non-system users */
|
||||
|
||||
/* Get the values from login.defs or use reasonable defaults */
|
||||
*min_id = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
*max_id = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
|
||||
/*
|
||||
* The preferred minimum should match the standard ID minimum
|
||||
* for non-system users.
|
||||
*/
|
||||
*preferred_min = *min_id;
|
||||
|
||||
/* Check that the ranges make sense */
|
||||
if (*max_id < *min_id) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: UID_MIN (%lu), "
|
||||
"UID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) *min_id,
|
||||
(unsigned long) *max_id);
|
||||
return EINVAL;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* check_uid - See if the requested UID is available
|
||||
*
|
||||
* On success, return 0
|
||||
* If the ID is in use, return EEXIST
|
||||
* If the ID is outside the range, return ERANGE
|
||||
* In other cases, return errno from getpwuid()
|
||||
*/
|
||||
static int check_uid(const uid_t uid,
|
||||
const uid_t uid_min,
|
||||
const uid_t uid_max,
|
||||
bool *used_uids)
|
||||
{
|
||||
/* First test that the preferred ID is in the range */
|
||||
if (uid < uid_min || uid > uid_max) {
|
||||
return ERANGE;
|
||||
}
|
||||
|
||||
/*
|
||||
* Check whether we already detected this UID
|
||||
* using the pw_next() loop
|
||||
*/
|
||||
if (used_uids != NULL && used_uids[uid]) {
|
||||
return EEXIST;
|
||||
}
|
||||
/* Check if the UID exists according to NSS */
|
||||
errno = 0;
|
||||
if (getpwuid(uid) != NULL) {
|
||||
return EEXIST;
|
||||
} else {
|
||||
/* getpwuid() was NULL
|
||||
* we have to ignore errors as temporary
|
||||
* failures of remote user identity services
|
||||
* would completely block user/group creation
|
||||
*/
|
||||
}
|
||||
|
||||
/* If we've made it here, the UID must be available */
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* find_new_uid - Find a new unused UID.
|
||||
*
|
||||
@@ -160,339 +48,162 @@ static int check_uid(const uid_t uid,
|
||||
*
|
||||
* Return 0 on success, -1 if no unused UIDs are available.
|
||||
*/
|
||||
int find_new_uid(bool sys_user,
|
||||
uid_t *uid,
|
||||
/*@null@*/uid_t const *preferred_uid)
|
||||
int find_new_uid (bool sys_user,
|
||||
uid_t *uid,
|
||||
/*@null@*/uid_t const *preferred_uid)
|
||||
{
|
||||
bool *used_uids;
|
||||
const struct passwd *pwd;
|
||||
uid_t uid_min, uid_max, preferred_min;
|
||||
uid_t user_id, id;
|
||||
uid_t lowest_found, highest_found;
|
||||
int result;
|
||||
int nospam = 0;
|
||||
uid_t uid_min, uid_max, user_id;
|
||||
bool *used_uids;
|
||||
|
||||
assert (uid != NULL);
|
||||
|
||||
/*
|
||||
* First, figure out what ID range is appropriate for
|
||||
* automatic assignment
|
||||
*/
|
||||
result = get_ranges (sys_user, &uid_min, &uid_max, &preferred_min);
|
||||
if (result == EINVAL) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Check if the preferred UID is available */
|
||||
if (preferred_uid) {
|
||||
result = check_uid (*preferred_uid, preferred_min, uid_max, NULL);
|
||||
if (result == 0) {
|
||||
/*
|
||||
* Make sure the UID isn't queued for use already
|
||||
*/
|
||||
if (pw_locate_uid (*preferred_uid) == NULL) {
|
||||
*uid = *preferred_uid;
|
||||
return 0;
|
||||
}
|
||||
/*
|
||||
* pw_locate_uid() found the UID in an as-yet uncommitted
|
||||
* entry. We'll proceed below and auto-set an UID.
|
||||
*/
|
||||
} else if (result == EEXIST || result == ERANGE) {
|
||||
/*
|
||||
* Continue on below. At this time, we won't
|
||||
* treat these two cases differently.
|
||||
*/
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred. We should report
|
||||
* this and fail the user creation.
|
||||
* This differs from the automatic creation
|
||||
* behavior below, since if a specific UID was
|
||||
* requested and generated an error, the user is
|
||||
* more likely to want to stop and address the
|
||||
* issue.
|
||||
*/
|
||||
fprintf (stderr,
|
||||
_("%s: Encountered error attempting to use "
|
||||
"preferred UID: %s\n"),
|
||||
Prog, strerror (result));
|
||||
if (!sys_user) {
|
||||
uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
||||
uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
||||
if (uid_max < uid_min) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: UID_MIN (%lu), UID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) uid_min, (unsigned long) uid_max);
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
uid_min = (uid_t) getdef_ulong ("SYS_UID_MIN", 101UL);
|
||||
uid_max = (uid_t) getdef_ulong ("UID_MIN", 1000UL) - 1;
|
||||
uid_max = (uid_t) getdef_ulong ("SYS_UID_MAX", (unsigned long) uid_max);
|
||||
if (uid_max < uid_min) {
|
||||
(void) fprintf (stderr,
|
||||
_("%s: Invalid configuration: SYS_UID_MIN (%lu), UID_MIN (%lu), SYS_UID_MAX (%lu)\n"),
|
||||
Prog, (unsigned long) uid_min, getdef_ulong ("UID_MIN", 1000UL), (unsigned long) uid_max);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Search the entire passwd file,
|
||||
* looking for the next unused value.
|
||||
*
|
||||
* We first check the local database with pw_rewind/pw_next to find
|
||||
* all local values that are in use.
|
||||
*
|
||||
* We then compare the next free value to all databases (local and
|
||||
* remote) and iterate until we find a free one. If there are free
|
||||
* values beyond the lowest (system users) or highest (non-system
|
||||
* users), we will prefer those and avoid potentially reclaiming a
|
||||
* deleted user (which can be a security issue, since it may grant
|
||||
* access to files belonging to that former user).
|
||||
*
|
||||
* If there are no UIDs available at the end of the search, we will
|
||||
* have no choice but to iterate through the range looking for gaps.
|
||||
*
|
||||
*/
|
||||
|
||||
/* Create an array to hold all of the discovered UIDs */
|
||||
used_uids = malloc (sizeof (bool) * (uid_max +1));
|
||||
if (NULL == used_uids) {
|
||||
fprintf (stderr,
|
||||
_("%s: failed to allocate memory: %s\n"),
|
||||
Prog, strerror (errno));
|
||||
_("%s: failed to allocate memory: %s\n"),
|
||||
Prog, strerror (errno));
|
||||
return -1;
|
||||
}
|
||||
memset (used_uids, false, sizeof (bool) * (uid_max + 1));
|
||||
|
||||
/* First look for the lowest and highest value in the local database */
|
||||
(void) pw_rewind ();
|
||||
highest_found = uid_min;
|
||||
lowest_found = uid_max;
|
||||
while ((pwd = pw_next ()) != NULL) {
|
||||
/*
|
||||
* Does this entry have a lower UID than the lowest we've found
|
||||
* so far?
|
||||
*/
|
||||
if ((pwd->pw_uid <= lowest_found) && (pwd->pw_uid >= uid_min)) {
|
||||
lowest_found = pwd->pw_uid - 1;
|
||||
}
|
||||
|
||||
/*
|
||||
* Does this entry have a higher UID than the highest we've found
|
||||
* so far?
|
||||
*/
|
||||
if ((pwd->pw_uid >= highest_found) && (pwd->pw_uid <= uid_max)) {
|
||||
highest_found = pwd->pw_uid + 1;
|
||||
}
|
||||
|
||||
/* create index of used UIDs */
|
||||
if (pwd->pw_uid >= uid_min
|
||||
&& pwd->pw_uid <= uid_max) {
|
||||
|
||||
used_uids[pwd->pw_uid] = true;
|
||||
}
|
||||
if ( (NULL != preferred_uid)
|
||||
&& (*preferred_uid >= uid_min)
|
||||
&& (*preferred_uid <= uid_max)
|
||||
/* Check if the user exists according to NSS */
|
||||
&& (getpwuid (*preferred_uid) == NULL)
|
||||
/* Check also the local database in case of uncommitted
|
||||
* changes */
|
||||
&& (pw_locate_uid (*preferred_uid) == NULL)) {
|
||||
*uid = *preferred_uid;
|
||||
free (used_uids);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Search the entire password file,
|
||||
* looking for the largest unused value.
|
||||
*
|
||||
* We check the list of users according to NSS (setpwent/getpwent),
|
||||
* but we also check the local database (pw_rewind/pw_next) in case
|
||||
* some users were created but the changes were not committed yet.
|
||||
*/
|
||||
if (sys_user) {
|
||||
/*
|
||||
* For system users, we want to start from the
|
||||
* top of the range and work downwards.
|
||||
uid_t id;
|
||||
/* setpwent / getpwent / endpwent can be very slow with
|
||||
* LDAP configurations (and many accounts).
|
||||
* Since there is a limited amount of IDs to be tested
|
||||
* for system accounts, we just check the existence
|
||||
* of IDs with getpwuid.
|
||||
*/
|
||||
|
||||
/*
|
||||
* At the conclusion of the pw_next() search, we will either
|
||||
* have a presumed-free UID or we will be at UID_MIN - 1.
|
||||
*/
|
||||
if (lowest_found < uid_min) {
|
||||
/*
|
||||
* In this case, an UID is in use at UID_MIN.
|
||||
*
|
||||
* We will reset the search to UID_MAX and proceed down
|
||||
* through all the UIDs (skipping those we detected with
|
||||
* used_uids) for a free one. It is a known issue that
|
||||
* this may result in reusing a previously-deleted UID,
|
||||
* so administrators should be instructed to use this
|
||||
* auto-detection with care (and prefer to assign UIDs
|
||||
* explicitly).
|
||||
*/
|
||||
lowest_found = uid_max;
|
||||
}
|
||||
|
||||
/* Search through all of the IDs in the range */
|
||||
for (id = lowest_found; id >= uid_min; id--) {
|
||||
result = check_uid (id, uid_min, uid_max, used_uids);
|
||||
if (result == 0) {
|
||||
/* This UID is available. Return it. */
|
||||
*uid = id;
|
||||
free (used_uids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This UID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system UID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available UIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later UID
|
||||
* will work properly.
|
||||
*/
|
||||
user_id = uid_max;
|
||||
for (id = uid_max; id >= uid_min; id--) {
|
||||
if (getpwuid (id) != NULL) {
|
||||
user_id = id - 1;
|
||||
used_uids[id] = true;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If we get all the way through the loop, try again from UID_MAX,
|
||||
* unless that was where we previously started. (NOTE: the worst-case
|
||||
* scenario here is that we will run through (UID_MAX - UID_MIN - 1)
|
||||
* cycles *again* if we fall into this case with lowest_found as
|
||||
* UID_MAX - 1, all users in the range in use and maintained by
|
||||
* network services such as LDAP.)
|
||||
*/
|
||||
if (lowest_found != uid_max) {
|
||||
for (id = uid_max; id >= uid_min; id--) {
|
||||
result = check_uid (id, uid_min, uid_max, used_uids);
|
||||
if (result == 0) {
|
||||
/* This UID is available. Return it. */
|
||||
*uid = id;
|
||||
free (used_uids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This UID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system UID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG((LOG_ERR,
|
||||
"Error checking available UIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later UID
|
||||
* will work properly.
|
||||
*/
|
||||
}
|
||||
(void) pw_rewind ();
|
||||
while ((pwd = pw_next ()) != NULL) {
|
||||
if ((pwd->pw_uid <= user_id) && (pwd->pw_uid >= uid_min)) {
|
||||
user_id = pwd->pw_uid - 1;
|
||||
}
|
||||
/* create index of used UIDs */
|
||||
if (pwd->pw_uid <= uid_max) {
|
||||
used_uids[pwd->pw_uid] = true;
|
||||
}
|
||||
}
|
||||
} else { /* !sys_user */
|
||||
/*
|
||||
* For non-system users, we want to start from the
|
||||
* bottom of the range and work upwards.
|
||||
*/
|
||||
|
||||
/*
|
||||
* At the conclusion of the pw_next() search, we will either
|
||||
* have a presumed-free UID or we will be at UID_MAX + 1.
|
||||
*/
|
||||
if (highest_found > uid_max) {
|
||||
/*
|
||||
* In this case, a UID is in use at UID_MAX.
|
||||
*
|
||||
* We will reset the search to UID_MIN and proceed up
|
||||
* through all the UIDs (skipping those we detected with
|
||||
* used_uids) for a free one. It is a known issue that
|
||||
* this may result in reusing a previously-deleted UID,
|
||||
* so administrators should be instructed to use this
|
||||
* auto-detection with care (and prefer to assign UIDs
|
||||
* explicitly).
|
||||
*/
|
||||
highest_found = uid_min;
|
||||
}
|
||||
|
||||
/* Search through all of the IDs in the range */
|
||||
for (id = highest_found; id <= uid_max; id++) {
|
||||
result = check_uid (id, uid_min, uid_max, used_uids);
|
||||
if (result == 0) {
|
||||
/* This UID is available. Return it. */
|
||||
*uid = id;
|
||||
free (used_uids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This UID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique UID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available UIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later UID
|
||||
* will work properly.
|
||||
*/
|
||||
} else {
|
||||
user_id = uid_min;
|
||||
setpwent ();
|
||||
while ((pwd = getpwent ()) != NULL) {
|
||||
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||
user_id = pwd->pw_uid + 1;
|
||||
}
|
||||
/* create index of used UIDs */
|
||||
if (pwd->pw_uid <= uid_max) {
|
||||
used_uids[pwd->pw_uid] = true;
|
||||
}
|
||||
}
|
||||
endpwent ();
|
||||
|
||||
/*
|
||||
* If we get all the way through the loop, try again from UID_MIN,
|
||||
* unless that was where we previously started. (NOTE: the worst-case
|
||||
* scenario here is that we will run through (UID_MAX - UID_MIN - 1)
|
||||
* cycles *again* if we fall into this case with highest_found as
|
||||
* UID_MIN + 1, all users in the range in use and maintained by
|
||||
* network services such as LDAP.)
|
||||
*/
|
||||
if (highest_found != uid_min) {
|
||||
for (id = uid_min; id <= uid_max; id++) {
|
||||
result = check_uid (id, uid_min, uid_max, used_uids);
|
||||
if (result == 0) {
|
||||
/* This UID is available. Return it. */
|
||||
*uid = id;
|
||||
free (used_uids);
|
||||
return 0;
|
||||
} else if (result == EEXIST) {
|
||||
/* This UID is in use, we'll continue to the next */
|
||||
} else {
|
||||
/*
|
||||
* An unexpected error occurred.
|
||||
*
|
||||
* Only report it the first time to avoid spamming
|
||||
* the logs
|
||||
*
|
||||
*/
|
||||
if (!nospam) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique UID (%s). "
|
||||
"Suppressing additional messages.\n"),
|
||||
Prog, strerror (result));
|
||||
SYSLOG ((LOG_ERR,
|
||||
"Error checking available UIDs: %s",
|
||||
strerror (result)));
|
||||
nospam = 1;
|
||||
}
|
||||
/*
|
||||
* We will continue anyway. Hopefully a later UID
|
||||
* will work properly.
|
||||
*/
|
||||
}
|
||||
(void) pw_rewind ();
|
||||
while ((pwd = pw_next ()) != NULL) {
|
||||
if ((pwd->pw_uid >= user_id) && (pwd->pw_uid <= uid_max)) {
|
||||
user_id = pwd->pw_uid + 1;
|
||||
}
|
||||
/* create index of used UIDs */
|
||||
if (pwd->pw_uid <= uid_max) {
|
||||
used_uids[pwd->pw_uid] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If a user (resp. system user) with UID equal to UID_MAX (resp.
|
||||
* UID_MIN) exists, the above algorithm will give us UID_MAX+1
|
||||
* (resp. UID_MIN-1) even if not unique. Search for the first free
|
||||
* UID starting with UID_MIN (resp. UID_MAX).
|
||||
*/
|
||||
if (sys_user) {
|
||||
if (user_id < uid_min) {
|
||||
for (user_id = uid_max; user_id >= uid_min; user_id--) {
|
||||
if (false == used_uids[user_id]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (user_id < uid_min ) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique system UID (no more available UIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN,
|
||||
"no more available UID on the system"));
|
||||
free (used_uids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
if (user_id > uid_max) {
|
||||
for (user_id = uid_min; user_id <= uid_max; user_id++) {
|
||||
if (false == used_uids[user_id]) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (user_id > uid_max) {
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique UID (no more available UIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available UID on the system"));
|
||||
free (used_uids);
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* The code reached here and found no available IDs in the range */
|
||||
fprintf (stderr,
|
||||
_("%s: Can't get unique UID (no more available UIDs)\n"),
|
||||
Prog);
|
||||
SYSLOG ((LOG_WARN, "no more available UIDs on the system"));
|
||||
free (used_uids);
|
||||
return -1;
|
||||
*uid = user_id;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,89 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2017, Chris Lamb
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. The name of the copyright holders or contributors may not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
||||
* PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#ident "$Id$"
|
||||
|
||||
#include <errno.h>
|
||||
#include <limits.h>
|
||||
#include <stdio.h>
|
||||
#include "defines.h"
|
||||
#include "prototypes.h"
|
||||
|
||||
/*
|
||||
* gettime() returns the time as the number of seconds since the Epoch
|
||||
*
|
||||
* Like time(), gettime() returns the time as the number of seconds since the
|
||||
* Epoch, 1970-01-01 00:00:00 +0000 (UTC), except that if the SOURCE_DATE_EPOCH
|
||||
* environment variable is exported it will use that instead.
|
||||
*/
|
||||
/*@observer@*/time_t gettime ()
|
||||
{
|
||||
char *endptr;
|
||||
char *source_date_epoch;
|
||||
time_t fallback;
|
||||
unsigned long long epoch;
|
||||
|
||||
fallback = time (NULL);
|
||||
source_date_epoch = getenv ("SOURCE_DATE_EPOCH");
|
||||
|
||||
if (!source_date_epoch)
|
||||
return fallback;
|
||||
|
||||
errno = 0;
|
||||
epoch = strtoull (source_date_epoch, &endptr, 10);
|
||||
if ((errno == ERANGE && (epoch == ULLONG_MAX || epoch == 0))
|
||||
|| (errno != 0 && epoch == 0)) {
|
||||
fprintf (stderr,
|
||||
_("Environment variable $SOURCE_DATE_EPOCH: strtoull: %s\n"),
|
||||
strerror(errno));
|
||||
} else if (endptr == source_date_epoch) {
|
||||
fprintf (stderr,
|
||||
_("Environment variable $SOURCE_DATE_EPOCH: No digits were found: %s\n"),
|
||||
endptr);
|
||||
} else if (*endptr != '\0') {
|
||||
fprintf (stderr,
|
||||
_("Environment variable $SOURCE_DATE_EPOCH: Trailing garbage: %s\n"),
|
||||
endptr);
|
||||
} else if (epoch > ULONG_MAX) {
|
||||
fprintf (stderr,
|
||||
_("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to %lu but was found to be: %llu\n"),
|
||||
ULONG_MAX, epoch);
|
||||
} else if (epoch > fallback) {
|
||||
fprintf (stderr,
|
||||
_("Environment variable $SOURCE_DATE_EPOCH: value must be smaller than or equal to the current time (%lu) but was found to be: %llu\n"),
|
||||
fallback, epoch);
|
||||
} else {
|
||||
/* Valid */
|
||||
return (time_t)epoch;
|
||||
}
|
||||
|
||||
return fallback;
|
||||
}
|
||||
@@ -170,9 +170,6 @@ static int user_busy_processes (const char *name, uid_t uid)
|
||||
proc = opendir ("/proc");
|
||||
if (proc == NULL) {
|
||||
perror ("opendir /proc");
|
||||
#ifdef ENABLE_SUBIDS
|
||||
sub_uid_close();
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
if (stat ("/", &sbroot) != 0) {
|
||||
|
||||
@@ -215,4 +215,5 @@ $(man_MANS):
|
||||
@echo "Error: you need to run configure with '--enable-man'"
|
||||
@echo " in order to regenerate man pages."
|
||||
@echo ""
|
||||
@false
|
||||
endif
|
||||
|
||||
@@ -42,11 +42,12 @@ man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
|
||||
-nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
|
||||
|
||||
clean-local:
|
||||
rm -rf man1 man3 man5 man8
|
||||
for d in man1 man3 man5 man8; do [ -d $$d ] && rmdir $$d; done
|
||||
|
||||
else
|
||||
$(man_MANS):
|
||||
@echo you need to run configure with --enable-man to generate man pages
|
||||
@false
|
||||
endif
|
||||
|
||||
man8/grpconv.8 man8/grpunconv.8 man8/pwunconv.8: man8/pwconv.8
|
||||
|
||||
@@ -14,6 +14,7 @@ include ../generate_mans.mak
|
||||
else
|
||||
$(man_MANS):
|
||||
@echo you need to run configure with --enable-man to generate man pages
|
||||
@false
|
||||
endif
|
||||
|
||||
CLEANFILES = .xml2po.mo $(EXTRA_DIST) $(addsuffix .xml,$(EXTRA_DIST)) config.xml
|
||||
|
||||
+172
-223
@@ -20,7 +20,7 @@
|
||||
msgid ""
|
||||
msgstr ""
|
||||
"Project-Id-Version: shadow-man\n"
|
||||
"POT-Creation-Date: 2016-09-18 14:03-0500\n"
|
||||
"POT-Creation-Date: 2013-08-23 01:54+0200\n"
|
||||
"PO-Revision-Date: 2013-08-23 01:35+0200\n"
|
||||
"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
|
||||
"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n"
|
||||
@@ -68,15 +68,16 @@ msgstr ""
|
||||
#: useradd.8.xml:62(surname) suauth.5.xml:45(surname) su.1.xml:62(surname)
|
||||
#: sg.1.xml:46(surname) shadow.5.xml:45(surname) shadow.3.xml:45(surname)
|
||||
#: pwconv.8.xml:51(surname) pwck.8.xml:51(surname) porttime.5.xml:45(surname)
|
||||
#: passwd.5.xml:45(surname) passwd.1.xml:52(surname) newusers.8.xml:60(surname)
|
||||
#: newgrp.1.xml:46(surname) logoutd.8.xml:45(surname)
|
||||
#: login.defs.5.xml:110(surname) login.access.5.xml:46(surname)
|
||||
#: login.1.xml:78(surname) limits.5.xml:47(surname) lastlog.8.xml:46(surname)
|
||||
#: grpck.8.xml:46(surname) groups.1.xml:45(surname) groupmod.8.xml:46(surname)
|
||||
#: passwd.5.xml:45(surname) passwd.1.xml:52(surname)
|
||||
#: newusers.8.xml:60(surname) newgrp.1.xml:46(surname)
|
||||
#: logoutd.8.xml:45(surname) login.defs.5.xml:110(surname)
|
||||
#: login.access.5.xml:46(surname) login.1.xml:78(surname)
|
||||
#: limits.5.xml:47(surname) lastlog.8.xml:46(surname) grpck.8.xml:46(surname)
|
||||
#: groups.1.xml:45(surname) groupmod.8.xml:46(surname)
|
||||
#: groupmems.8.xml:49(surname) groupdel.8.xml:46(surname)
|
||||
#: groupadd.8.xml:48(surname) gpasswd.1.xml:50(surname)
|
||||
#: faillog.8.xml:45(surname) faillog.5.xml:45(surname) expiry.1.xml:49(surname)
|
||||
#: chsh.1.xml:48(surname) chpasswd.8.xml:49(surname)
|
||||
#: faillog.8.xml:45(surname) faillog.5.xml:45(surname)
|
||||
#: expiry.1.xml:49(surname) chsh.1.xml:48(surname) chpasswd.8.xml:49(surname)
|
||||
#: chgpasswd.8.xml:45(surname) chfn.1.xml:48(surname) chage.1.xml:46(surname)
|
||||
msgid "Kłoczko"
|
||||
msgstr ""
|
||||
@@ -101,16 +102,17 @@ msgstr ""
|
||||
#: useradd.8.xml:64(contrib) suauth.5.xml:47(contrib) su.1.xml:64(contrib)
|
||||
#: sg.1.xml:48(contrib) shadow.5.xml:47(contrib) shadow.3.xml:47(contrib)
|
||||
#: pwconv.8.xml:53(contrib) pwck.8.xml:53(contrib) porttime.5.xml:47(contrib)
|
||||
#: passwd.5.xml:47(contrib) passwd.1.xml:54(contrib) newusers.8.xml:62(contrib)
|
||||
#: newgrp.1.xml:48(contrib) logoutd.8.xml:47(contrib)
|
||||
#: login.defs.5.xml:112(contrib) login.access.5.xml:48(contrib)
|
||||
#: login.1.xml:80(contrib) limits.5.xml:49(contrib) lastlog.8.xml:48(contrib)
|
||||
#: grpck.8.xml:48(contrib) groups.1.xml:47(contrib) groupmod.8.xml:48(contrib)
|
||||
#: passwd.5.xml:47(contrib) passwd.1.xml:54(contrib)
|
||||
#: newusers.8.xml:62(contrib) newgrp.1.xml:48(contrib)
|
||||
#: logoutd.8.xml:47(contrib) login.defs.5.xml:112(contrib)
|
||||
#: login.access.5.xml:48(contrib) login.1.xml:80(contrib)
|
||||
#: limits.5.xml:49(contrib) lastlog.8.xml:48(contrib) grpck.8.xml:48(contrib)
|
||||
#: groups.1.xml:47(contrib) groupmod.8.xml:48(contrib)
|
||||
#: groupmems.8.xml:51(contrib) groupdel.8.xml:48(contrib)
|
||||
#: groupadd.8.xml:50(contrib) gpasswd.1.xml:52(contrib)
|
||||
#: faillog.8.xml:47(contrib) faillog.5.xml:47(contrib) expiry.1.xml:51(contrib)
|
||||
#: chsh.1.xml:50(contrib) chpasswd.8.xml:51(contrib) chfn.1.xml:50(contrib)
|
||||
#: chage.1.xml:48(contrib)
|
||||
#: faillog.8.xml:47(contrib) faillog.5.xml:47(contrib)
|
||||
#: expiry.1.xml:51(contrib) chsh.1.xml:50(contrib) chpasswd.8.xml:51(contrib)
|
||||
#: chfn.1.xml:50(contrib) chage.1.xml:48(contrib)
|
||||
msgid "shadow-utils maintainer, 2000 - 2007"
|
||||
msgstr ""
|
||||
|
||||
@@ -144,13 +146,14 @@ msgstr ""
|
||||
#: newusers.8.xml:66(surname) newgrp.1.xml:52(surname)
|
||||
#: logoutd.8.xml:51(surname) login.defs.5.xml:116(surname)
|
||||
#: login.access.5.xml:52(surname) login.1.xml:84(surname)
|
||||
#: limits.5.xml:53(surname) lastlog.8.xml:52(surname) gshadow.5.xml:39(surname)
|
||||
#: grpck.8.xml:52(surname) groups.1.xml:51(surname) groupmod.8.xml:52(surname)
|
||||
#: groupmems.8.xml:55(surname) groupdel.8.xml:52(surname)
|
||||
#: groupadd.8.xml:54(surname) gpasswd.1.xml:56(surname)
|
||||
#: faillog.8.xml:51(surname) faillog.5.xml:51(surname) expiry.1.xml:55(surname)
|
||||
#: chsh.1.xml:54(surname) chpasswd.8.xml:55(surname)
|
||||
#: chgpasswd.8.xml:51(surname) chfn.1.xml:54(surname) chage.1.xml:52(surname)
|
||||
#: limits.5.xml:53(surname) lastlog.8.xml:52(surname)
|
||||
#: gshadow.5.xml:39(surname) grpck.8.xml:52(surname) groups.1.xml:51(surname)
|
||||
#: groupmod.8.xml:52(surname) groupmems.8.xml:55(surname)
|
||||
#: groupdel.8.xml:52(surname) groupadd.8.xml:54(surname)
|
||||
#: gpasswd.1.xml:56(surname) faillog.8.xml:51(surname)
|
||||
#: faillog.5.xml:51(surname) expiry.1.xml:55(surname) chsh.1.xml:54(surname)
|
||||
#: chpasswd.8.xml:55(surname) chgpasswd.8.xml:51(surname)
|
||||
#: chfn.1.xml:54(surname) chage.1.xml:52(surname)
|
||||
msgid "François"
|
||||
msgstr ""
|
||||
|
||||
@@ -179,13 +182,14 @@ msgstr ""
|
||||
#: newusers.8.xml:68(contrib) newgrp.1.xml:54(contrib)
|
||||
#: logoutd.8.xml:53(contrib) login.defs.5.xml:118(contrib)
|
||||
#: login.access.5.xml:54(contrib) login.1.xml:86(contrib)
|
||||
#: limits.5.xml:55(contrib) lastlog.8.xml:54(contrib) gshadow.5.xml:42(contrib)
|
||||
#: grpck.8.xml:54(contrib) groups.1.xml:53(contrib) groupmod.8.xml:54(contrib)
|
||||
#: groupmems.8.xml:57(contrib) groupdel.8.xml:54(contrib)
|
||||
#: groupadd.8.xml:56(contrib) gpasswd.1.xml:58(contrib)
|
||||
#: faillog.8.xml:53(contrib) faillog.5.xml:53(contrib) expiry.1.xml:57(contrib)
|
||||
#: chsh.1.xml:56(contrib) chpasswd.8.xml:57(contrib)
|
||||
#: chgpasswd.8.xml:53(contrib) chfn.1.xml:56(contrib) chage.1.xml:54(contrib)
|
||||
#: limits.5.xml:55(contrib) lastlog.8.xml:54(contrib)
|
||||
#: gshadow.5.xml:42(contrib) grpck.8.xml:54(contrib) groups.1.xml:53(contrib)
|
||||
#: groupmod.8.xml:54(contrib) groupmems.8.xml:57(contrib)
|
||||
#: groupdel.8.xml:54(contrib) groupadd.8.xml:56(contrib)
|
||||
#: gpasswd.1.xml:58(contrib) faillog.8.xml:53(contrib)
|
||||
#: faillog.5.xml:53(contrib) expiry.1.xml:57(contrib) chsh.1.xml:56(contrib)
|
||||
#: chpasswd.8.xml:57(contrib) chgpasswd.8.xml:53(contrib)
|
||||
#: chfn.1.xml:56(contrib) chage.1.xml:54(contrib)
|
||||
msgid "shadow-utils maintainer, 2007 - now"
|
||||
msgstr ""
|
||||
|
||||
@@ -257,13 +261,14 @@ msgstr ""
|
||||
#: useradd.8.xml:88(replaceable) useradd.8.xml:100(replaceable)
|
||||
#: su.1.xml:88(replaceable) pwconv.8.xml:81(replaceable)
|
||||
#: pwconv.8.xml:87(replaceable) pwconv.8.xml:93(replaceable)
|
||||
#: pwconv.8.xml:99(replaceable) pwck.8.xml:77(arg) passwd.1.xml:79(replaceable)
|
||||
#: newusers.8.xml:87(replaceable) lastlog.8.xml:73(replaceable)
|
||||
#: grpck.8.xml:72(arg) groupmod.8.xml:73(replaceable)
|
||||
#: groupdel.8.xml:73(replaceable) groupadd.8.xml:75(replaceable)
|
||||
#: faillog.8.xml:72(replaceable) chsh.1.xml:75(replaceable)
|
||||
#: chpasswd.8.xml:76(replaceable) chgpasswd.8.xml:72(replaceable)
|
||||
#: chfn.1.xml:75(replaceable) chage.1.xml:72(replaceable)
|
||||
#: pwconv.8.xml:99(replaceable) pwck.8.xml:77(arg)
|
||||
#: passwd.1.xml:79(replaceable) newusers.8.xml:87(replaceable)
|
||||
#: lastlog.8.xml:73(replaceable) grpck.8.xml:72(arg)
|
||||
#: groupmod.8.xml:73(replaceable) groupdel.8.xml:73(replaceable)
|
||||
#: groupadd.8.xml:75(replaceable) faillog.8.xml:72(replaceable)
|
||||
#: chsh.1.xml:75(replaceable) chpasswd.8.xml:76(replaceable)
|
||||
#: chgpasswd.8.xml:72(replaceable) chfn.1.xml:75(replaceable)
|
||||
#: chage.1.xml:72(replaceable)
|
||||
msgid "options"
|
||||
msgstr "tilvalg"
|
||||
|
||||
@@ -312,10 +317,11 @@ msgstr ""
|
||||
#: useradd.8.xml:124(title) su.1.xml:145(title) pwconv.8.xml:187(title)
|
||||
#: pwck.8.xml:176(title) passwd.1.xml:174(title) newusers.8.xml:265(title)
|
||||
#: login.1.xml:210(title) lastlog.8.xml:91(title) grpck.8.xml:147(title)
|
||||
#: groupmod.8.xml:89(title) groupmems.8.xml:100(title) groupdel.8.xml:88(title)
|
||||
#: groupadd.8.xml:93(title) gpasswd.1.xml:134(title) faillog.8.xml:89(title)
|
||||
#: expiry.1.xml:91(title) chsh.1.xml:95(title) chpasswd.8.xml:130(title)
|
||||
#: chgpasswd.8.xml:105(title) chfn.1.xml:111(title) chage.1.xml:91(title)
|
||||
#: groupmod.8.xml:89(title) groupmems.8.xml:100(title)
|
||||
#: groupdel.8.xml:88(title) groupadd.8.xml:93(title) gpasswd.1.xml:134(title)
|
||||
#: faillog.8.xml:89(title) expiry.1.xml:91(title) chsh.1.xml:95(title)
|
||||
#: chpasswd.8.xml:130(title) chgpasswd.8.xml:105(title) chfn.1.xml:111(title)
|
||||
#: chage.1.xml:91(title)
|
||||
msgid "OPTIONS"
|
||||
msgstr "TILVALG"
|
||||
|
||||
@@ -337,7 +343,7 @@ msgstr "Rediger gruppedatabase."
|
||||
|
||||
#: vipw.8.xml:120(term) userdel.8.xml:123(term) useradd.8.xml:266(term)
|
||||
#: pwconv.8.xml:195(term) pwck.8.xml:186(term) passwd.1.xml:214(term)
|
||||
#: newusers.8.xml:283(term) lastlog.8.xml:118(term) grpck.8.xml:157(term)
|
||||
#: newusers.8.xml:283(term) lastlog.8.xml:107(term) grpck.8.xml:157(term)
|
||||
#: groupmod.8.xml:129(term) groupmems.8.xml:142(term) groupdel.8.xml:95(term)
|
||||
#: groupadd.8.xml:131(term) gpasswd.1.xml:173(term) faillog.8.xml:122(term)
|
||||
#: expiry.1.xml:112(term) chsh.1.xml:101(term) chpasswd.8.xml:171(term)
|
||||
@@ -347,7 +353,7 @@ msgstr "<option>-h</option>, <option>--help</option>"
|
||||
|
||||
#: vipw.8.xml:122(para) userdel.8.xml:125(para) useradd.8.xml:268(para)
|
||||
#: pwconv.8.xml:197(para) pwck.8.xml:188(para) passwd.1.xml:216(para)
|
||||
#: newusers.8.xml:285(para) lastlog.8.xml:122(para) grpck.8.xml:159(para)
|
||||
#: newusers.8.xml:285(para) lastlog.8.xml:111(para) grpck.8.xml:159(para)
|
||||
#: groupmod.8.xml:131(para) groupmems.8.xml:144(para) groupdel.8.xml:97(para)
|
||||
#: groupadd.8.xml:133(para) gpasswd.1.xml:175(para) faillog.8.xml:124(para)
|
||||
#: expiry.1.xml:114(para) chsh.1.xml:103(para) chpasswd.8.xml:173(para)
|
||||
@@ -373,7 +379,7 @@ msgstr "Stille tilstand."
|
||||
|
||||
#: vipw.8.xml:138(term) usermod.8.xml:311(term) userdel.8.xml:146(term)
|
||||
#: useradd.8.xml:445(term) pwconv.8.xml:201(term) pwck.8.xml:209(term)
|
||||
#: passwd.1.xml:301(term) newusers.8.xml:308(term) lastlog.8.xml:126(term)
|
||||
#: passwd.1.xml:301(term) newusers.8.xml:308(term) lastlog.8.xml:115(term)
|
||||
#: grpck.8.xml:173(term) groupmod.8.xml:178(term) groupmems.8.xml:165(term)
|
||||
#: groupdel.8.xml:101(term) groupadd.8.xml:204(term) faillog.8.xml:180(term)
|
||||
#: chsh.1.xml:107(term) chpasswd.8.xml:188(term) chgpasswd.8.xml:146(term)
|
||||
@@ -387,7 +393,7 @@ msgstr ""
|
||||
|
||||
#: vipw.8.xml:142(para) usermod.8.xml:315(para) userdel.8.xml:150(para)
|
||||
#: useradd.8.xml:449(para) pwconv.8.xml:205(para) pwck.8.xml:213(para)
|
||||
#: passwd.1.xml:305(para) newusers.8.xml:312(para) lastlog.8.xml:130(para)
|
||||
#: passwd.1.xml:305(para) newusers.8.xml:312(para) lastlog.8.xml:119(para)
|
||||
#: grpck.8.xml:177(para) groupmod.8.xml:182(para) groupmems.8.xml:169(para)
|
||||
#: groupdel.8.xml:105(para) groupadd.8.xml:208(para) gpasswd.1.xml:185(para)
|
||||
#: faillog.8.xml:184(para) chsh.1.xml:111(para) chpasswd.8.xml:192(para)
|
||||
@@ -416,18 +422,18 @@ msgstr "<option>-u</option>, <option>--user</option>"
|
||||
msgid "Indicates which user's tcb shadow file to edit."
|
||||
msgstr "Indikerer hvilken brugers tcb-shadowfil at redigere."
|
||||
|
||||
#: vipw.8.xml:165(title) usermod.8.xml:496(title) userdel.8.xml:171(title)
|
||||
#: vipw.8.xml:165(title) usermod.8.xml:497(title) userdel.8.xml:171(title)
|
||||
#: useradd.8.xml:647(title) su.1.xml:339(title) sg.1.xml:98(title)
|
||||
#: pwconv.8.xml:227(title) pwck.8.xml:252(title) passwd.1.xml:390(title)
|
||||
#: newusers.8.xml:362(title) newgrp.1.xml:109(title) login.1.xml:294(title)
|
||||
#: grpck.8.xml:209(title) groupmod.8.xml:193(title) groupmems.8.xml:199(title)
|
||||
#: groupdel.8.xml:128(title) groupadd.8.xml:219(title) gpasswd.1.xml:264(title)
|
||||
#: chsh.1.xml:154(title) chpasswd.8.xml:239(title) chgpasswd.8.xml:198(title)
|
||||
#: chfn.1.xml:193(title) chage.1.xml:244(title)
|
||||
#: groupdel.8.xml:128(title) groupadd.8.xml:219(title)
|
||||
#: gpasswd.1.xml:264(title) chsh.1.xml:154(title) chpasswd.8.xml:239(title)
|
||||
#: chgpasswd.8.xml:198(title) chfn.1.xml:193(title) chage.1.xml:244(title)
|
||||
msgid "CONFIGURATION"
|
||||
msgstr "KONFIGURATION"
|
||||
|
||||
#: vipw.8.xml:166(para) usermod.8.xml:497(para) userdel.8.xml:172(para)
|
||||
#: vipw.8.xml:166(para) usermod.8.xml:498(para) userdel.8.xml:172(para)
|
||||
#: useradd.8.xml:648(para) su.1.xml:340(para) sg.1.xml:99(para)
|
||||
#: pwck.8.xml:253(para) passwd.1.xml:391(para) newusers.8.xml:363(para)
|
||||
#: newgrp.1.xml:110(para) login.1.xml:295(para) grpck.8.xml:210(para)
|
||||
@@ -482,35 +488,37 @@ msgstr ""
|
||||
"Redigeringsprogram der skal bruges hvis <option>VISUAL</option> ikke er "
|
||||
"angivet."
|
||||
|
||||
#: vipw.8.xml:195(title) usermod.8.xml:513(title) userdel.8.xml:188(title)
|
||||
#: vipw.8.xml:195(title) usermod.8.xml:514(title) userdel.8.xml:188(title)
|
||||
#: useradd.8.xml:675(title) suauth.5.xml:193(title) su.1.xml:367(title)
|
||||
#: sg.1.xml:110(title) shadow.5.xml:255(title) shadow.3.xml:226(title)
|
||||
#: pwconv.8.xml:250(title) pwck.8.xml:269(title) porttime.5.xml:130(title)
|
||||
#: passwd.5.xml:141(title) passwd.1.xml:408(title) newusers.8.xml:397(title)
|
||||
#: newgrp.1.xml:121(title) logoutd.8.xml:89(title)
|
||||
#: login.access.5.xml:121(title) login.1.xml:338(title) limits.5.xml:196(title)
|
||||
#: lastlog.8.xml:204(title) gshadow.5.xml:156(title) grpck.8.xml:221(title)
|
||||
#: groups.1.xml:100(title) groupmod.8.xml:205(title) groupmems.8.xml:211(title)
|
||||
#: groupdel.8.xml:140(title) groupadd.8.xml:233(title) gpasswd.1.xml:279(title)
|
||||
#: faillog.8.xml:243(title) faillog.5.xml:96(title) expiry.1.xml:121(title)
|
||||
#: chsh.1.xml:167(title) chpasswd.8.xml:255(title) chgpasswd.8.xml:213(title)
|
||||
#: chfn.1.xml:207(title) chage.1.xml:256(title)
|
||||
#: login.access.5.xml:121(title) login.1.xml:338(title)
|
||||
#: limits.5.xml:196(title) lastlog.8.xml:182(title) gshadow.5.xml:156(title)
|
||||
#: grpck.8.xml:221(title) groups.1.xml:100(title) groupmod.8.xml:205(title)
|
||||
#: groupmems.8.xml:211(title) groupdel.8.xml:140(title)
|
||||
#: groupadd.8.xml:233(title) gpasswd.1.xml:279(title) faillog.8.xml:243(title)
|
||||
#: faillog.5.xml:96(title) expiry.1.xml:121(title) chsh.1.xml:167(title)
|
||||
#: chpasswd.8.xml:255(title) chgpasswd.8.xml:213(title) chfn.1.xml:207(title)
|
||||
#: chage.1.xml:256(title)
|
||||
msgid "FILES"
|
||||
msgstr "FILER"
|
||||
|
||||
#: vipw.8.xml:198(filename) usermod.8.xml:516(filename)
|
||||
#: vipw.8.xml:198(filename) usermod.8.xml:517(filename)
|
||||
#: userdel.8.xml:191(filename) useradd.8.xml:690(filename)
|
||||
#: sg.1.xml:125(filename) pwck.8.xml:272(filename) newusers.8.xml:412(filename)
|
||||
#: newgrp.1.xml:136(filename) gshadow.5.xml:159(filename)
|
||||
#: grpck.8.xml:224(filename) groups.1.xml:103(filename)
|
||||
#: groupmod.8.xml:208(filename) groupmems.8.xml:214(filename)
|
||||
#: groupdel.8.xml:143(filename) groupadd.8.xml:236(filename)
|
||||
#: gpasswd.1.xml:72(filename) gpasswd.1.xml:75(filename)
|
||||
#: gpasswd.1.xml:282(filename) chgpasswd.8.xml:216(filename)
|
||||
#: sg.1.xml:125(filename) pwck.8.xml:272(filename)
|
||||
#: newusers.8.xml:412(filename) newgrp.1.xml:136(filename)
|
||||
#: gshadow.5.xml:159(filename) grpck.8.xml:224(filename)
|
||||
#: groups.1.xml:103(filename) groupmod.8.xml:208(filename)
|
||||
#: groupmems.8.xml:214(filename) groupdel.8.xml:143(filename)
|
||||
#: groupadd.8.xml:236(filename) gpasswd.1.xml:72(filename)
|
||||
#: gpasswd.1.xml:75(filename) gpasswd.1.xml:282(filename)
|
||||
#: chgpasswd.8.xml:216(filename)
|
||||
msgid "/etc/group"
|
||||
msgstr "/etc/group"
|
||||
|
||||
#: vipw.8.xml:200(para) usermod.8.xml:518(para) userdel.8.xml:193(para)
|
||||
#: vipw.8.xml:200(para) usermod.8.xml:519(para) userdel.8.xml:193(para)
|
||||
#: useradd.8.xml:692(para) sg.1.xml:127(para) pwck.8.xml:274(para)
|
||||
#: newusers.8.xml:414(para) newgrp.1.xml:138(para) gshadow.5.xml:161(para)
|
||||
#: grpck.8.xml:226(para) groups.1.xml:105(para) groupmod.8.xml:210(para)
|
||||
@@ -519,7 +527,7 @@ msgstr "/etc/group"
|
||||
msgid "Group account information."
|
||||
msgstr "Information om gruppekonto."
|
||||
|
||||
#: vipw.8.xml:204(filename) usermod.8.xml:522(filename)
|
||||
#: vipw.8.xml:204(filename) usermod.8.xml:523(filename)
|
||||
#: useradd.8.xml:696(filename) sg.1.xml:131(filename)
|
||||
#: newusers.8.xml:418(filename) newgrp.1.xml:142(filename)
|
||||
#: gshadow.5.xml:165(filename) grpck.8.xml:230(filename)
|
||||
@@ -530,7 +538,7 @@ msgstr "Information om gruppekonto."
|
||||
msgid "/etc/gshadow"
|
||||
msgstr "/etc/gshadow"
|
||||
|
||||
#: vipw.8.xml:206(para) usermod.8.xml:524(para) useradd.8.xml:698(para)
|
||||
#: vipw.8.xml:206(para) usermod.8.xml:525(para) useradd.8.xml:698(para)
|
||||
#: sg.1.xml:133(para) newusers.8.xml:420(para) newgrp.1.xml:144(para)
|
||||
#: gshadow.5.xml:167(para) grpck.8.xml:232(para) groupmod.8.xml:216(para)
|
||||
#: groupdel.8.xml:151(para) groupadd.8.xml:244(para) gpasswd.1.xml:290(para)
|
||||
@@ -538,7 +546,7 @@ msgstr "/etc/gshadow"
|
||||
msgid "Secure group account information."
|
||||
msgstr "Information om sikret gruppekonto."
|
||||
|
||||
#: vipw.8.xml:210(filename) usermod.8.xml:534(filename)
|
||||
#: vipw.8.xml:210(filename) usermod.8.xml:535(filename)
|
||||
#: userdel.8.xml:203(filename) useradd.8.xml:678(filename)
|
||||
#: su.1.xml:370(filename) sg.1.xml:113(filename) shadow.5.xml:258(filename)
|
||||
#: pwck.8.xml:278(filename) passwd.5.xml:144(filename)
|
||||
@@ -551,7 +559,7 @@ msgstr "Information om sikret gruppekonto."
|
||||
msgid "/etc/passwd"
|
||||
msgstr "/etc/passwd"
|
||||
|
||||
#: vipw.8.xml:212(para) usermod.8.xml:536(para) userdel.8.xml:205(para)
|
||||
#: vipw.8.xml:212(para) usermod.8.xml:537(para) userdel.8.xml:205(para)
|
||||
#: useradd.8.xml:680(para) su.1.xml:372(para) sg.1.xml:115(para)
|
||||
#: shadow.5.xml:260(para) pwck.8.xml:280(para) passwd.5.xml:146(para)
|
||||
#: passwd.1.xml:413(para) newusers.8.xml:402(para) newgrp.1.xml:126(para)
|
||||
@@ -561,7 +569,7 @@ msgstr "/etc/passwd"
|
||||
msgid "User account information."
|
||||
msgstr "Information om brugerkonto."
|
||||
|
||||
#: vipw.8.xml:216(filename) usermod.8.xml:540(filename)
|
||||
#: vipw.8.xml:216(filename) usermod.8.xml:541(filename)
|
||||
#: userdel.8.xml:209(filename) useradd.8.xml:684(filename)
|
||||
#: su.1.xml:376(filename) sg.1.xml:119(filename) shadow.5.xml:264(filename)
|
||||
#: shadow.3.xml:229(filename) pwck.8.xml:284(filename)
|
||||
@@ -572,7 +580,7 @@ msgstr "Information om brugerkonto."
|
||||
msgid "/etc/shadow"
|
||||
msgstr "/etc/shadow"
|
||||
|
||||
#: vipw.8.xml:218(para) usermod.8.xml:542(para) userdel.8.xml:211(para)
|
||||
#: vipw.8.xml:218(para) usermod.8.xml:543(para) userdel.8.xml:211(para)
|
||||
#: useradd.8.xml:686(para) su.1.xml:378(para) sg.1.xml:121(para)
|
||||
#: shadow.5.xml:266(para) shadow.3.xml:231(para) pwck.8.xml:286(para)
|
||||
#: passwd.1.xml:419(para) newusers.8.xml:408(para) newgrp.1.xml:132(para)
|
||||
@@ -581,7 +589,7 @@ msgstr "/etc/shadow"
|
||||
msgid "Secure user account information."
|
||||
msgstr "Information om sikret brugerkonto."
|
||||
|
||||
#: vipw.8.xml:225(title) usermod.8.xml:561(title) userdel.8.xml:308(title)
|
||||
#: vipw.8.xml:225(title) usermod.8.xml:562(title) userdel.8.xml:308(title)
|
||||
#: useradd.8.xml:804(title) suauth.5.xml:222(title) su.1.xml:438(title)
|
||||
#: sg.1.xml:140(title) shadow.5.xml:283(title) shadow.3.xml:238(title)
|
||||
#: pwconv.8.xml:262(title) pwck.8.xml:344(title) porttime.5.xml:142(title)
|
||||
@@ -644,15 +652,15 @@ msgstr ""
|
||||
#: usermod.8.xml:46(surname) userdel.8.xml:46(surname)
|
||||
#: useradd.8.xml:57(surname) su.1.xml:57(surname) sg.1.xml:41(surname)
|
||||
#: shadow.5.xml:40(surname) shadow.3.xml:40(surname) pwck.8.xml:46(surname)
|
||||
#: porttime.5.xml:40(surname) passwd.5.xml:40(surname) passwd.1.xml:47(surname)
|
||||
#: newusers.8.xml:55(surname) newgrp.1.xml:41(surname)
|
||||
#: logoutd.8.xml:40(surname) login.defs.5.xml:105(surname)
|
||||
#: login.1.xml:73(surname) lastlog.8.xml:41(surname) grpck.8.xml:41(surname)
|
||||
#: groups.1.xml:40(surname) groupmod.8.xml:41(surname)
|
||||
#: groupdel.8.xml:41(surname) groupadd.8.xml:43(surname)
|
||||
#: faillog.8.xml:40(surname) faillog.5.xml:40(surname) expiry.1.xml:44(surname)
|
||||
#: chsh.1.xml:43(surname) chpasswd.8.xml:44(surname) chfn.1.xml:43(surname)
|
||||
#: chage.1.xml:41(surname)
|
||||
#: porttime.5.xml:40(surname) passwd.5.xml:40(surname)
|
||||
#: passwd.1.xml:47(surname) newusers.8.xml:55(surname)
|
||||
#: newgrp.1.xml:41(surname) logoutd.8.xml:40(surname)
|
||||
#: login.defs.5.xml:105(surname) login.1.xml:73(surname)
|
||||
#: lastlog.8.xml:41(surname) grpck.8.xml:41(surname) groups.1.xml:40(surname)
|
||||
#: groupmod.8.xml:41(surname) groupdel.8.xml:41(surname)
|
||||
#: groupadd.8.xml:43(surname) faillog.8.xml:40(surname)
|
||||
#: faillog.5.xml:40(surname) expiry.1.xml:44(surname) chsh.1.xml:43(surname)
|
||||
#: chpasswd.8.xml:44(surname) chfn.1.xml:43(surname) chage.1.xml:41(surname)
|
||||
msgid "Haugh"
|
||||
msgstr ""
|
||||
|
||||
@@ -1023,7 +1031,7 @@ msgstr ""
|
||||
#| "<option>-f</option>, <option>--inactive</option> "
|
||||
#| "<replaceable>INACTIVE</replaceable>"
|
||||
msgid ""
|
||||
"<option>-v</option>, <option>--add-subuids</option> "
|
||||
"<option>-v</option>, <option>--add-sub-uids</option> "
|
||||
"<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
|
||||
msgstr ""
|
||||
"<option>-f</option>, <option>--inactive</option> <replaceable>INAKTIV</"
|
||||
@@ -1052,7 +1060,7 @@ msgstr ""
|
||||
#| "<option>-e</option>, <option>--expiredate</option> "
|
||||
#| "<replaceable>EXPIRE_DATE</replaceable>"
|
||||
msgid ""
|
||||
"<option>-V</option>, <option>--del-subuids</option> "
|
||||
"<option>-V</option>, <option>--del-sub-uids</option> "
|
||||
"<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
|
||||
msgstr ""
|
||||
"<option>-e</option>, <option>--expiredate</option> "
|
||||
@@ -1065,8 +1073,8 @@ msgstr ""
|
||||
#: usermod.8.xml:409(para)
|
||||
msgid ""
|
||||
"This option may be specified multiple times to remove multiple ranges to a "
|
||||
"users account. When both <option>--del-subuids</option> and <option>--add-"
|
||||
"subuids</option> are specified, the removal of all subordinate uid ranges "
|
||||
"users account. When both <option>--del-sub-uids</option> and <option>--add-"
|
||||
"sub-uids</option> are specified, the removal of all subordinate uid ranges "
|
||||
"happens before any subordinate uid range is added."
|
||||
msgstr ""
|
||||
|
||||
@@ -1076,7 +1084,7 @@ msgstr ""
|
||||
#| "<option>-f</option>, <option>--inactive</option> "
|
||||
#| "<replaceable>INACTIVE</replaceable>"
|
||||
msgid ""
|
||||
"<option>-w</option>, <option>--add-subgids</option> "
|
||||
"<option>-w</option>, <option>--add-sub-gids</option> "
|
||||
"<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
|
||||
msgstr ""
|
||||
"<option>-f</option>, <option>--inactive</option> <replaceable>INAKTIV</"
|
||||
@@ -1099,7 +1107,7 @@ msgstr ""
|
||||
#| "<option>-e</option>, <option>--expiredate</option> "
|
||||
#| "<replaceable>EXPIRE_DATE</replaceable>"
|
||||
msgid ""
|
||||
"<option>-W</option>, <option>--del-subgids</option> "
|
||||
"<option>-W</option>, <option>--del-sub-gids</option> "
|
||||
"<replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>"
|
||||
msgstr ""
|
||||
"<option>-e</option>, <option>--expiredate</option> "
|
||||
@@ -1112,8 +1120,8 @@ msgstr ""
|
||||
#: usermod.8.xml:447(para)
|
||||
msgid ""
|
||||
"This option may be specified multiple times to remove multiple ranges to a "
|
||||
"users account. When both <option>--del-subgids</option> and <option>--add-"
|
||||
"subgids</option> are specified, the removal of all subordinate gid ranges "
|
||||
"users account. When both <option>--del-sub-gids</option> and <option>--add-"
|
||||
"sub-gids</option> are specified, the removal of all subordinate gid ranges "
|
||||
"happens before any subordinate gid range is added."
|
||||
msgstr ""
|
||||
|
||||
@@ -1135,9 +1143,9 @@ msgstr ""
|
||||
|
||||
#: usermod.8.xml:478(title) userdel.8.xml:281(title) useradd.8.xml:623(title)
|
||||
#: su.1.xml:331(title) shadow.3.xml:218(title) passwd.1.xml:372(title)
|
||||
#: newusers.8.xml:350(title) login.1.xml:260(title) lastlog.8.xml:216(title)
|
||||
#: groupdel.8.xml:116(title) groupadd.8.xml:257(title) gpasswd.1.xml:252(title)
|
||||
#: faillog.8.xml:232(title) chpasswd.8.xml:231(title)
|
||||
#: newusers.8.xml:350(title) login.1.xml:260(title) lastlog.8.xml:194(title)
|
||||
#: groupdel.8.xml:116(title) groupadd.8.xml:257(title)
|
||||
#: gpasswd.1.xml:252(title) faillog.8.xml:232(title) chpasswd.8.xml:231(title)
|
||||
#: chgpasswd.8.xml:186(title)
|
||||
msgid "CAVEATS"
|
||||
msgstr ""
|
||||
@@ -1147,17 +1155,17 @@ msgid ""
|
||||
"You must make certain that the named user is not executing any processes "
|
||||
"when this command is being executed if the user's numerical user ID, the "
|
||||
"user's name, or the user's home directory is being changed. "
|
||||
"<command>usermod</command> checks this on Linux. On other platforms it only "
|
||||
"uses utmp to check if the user is logged in."
|
||||
"<command>usermod</command> checks this on Linux, but only check if the user "
|
||||
"is logged in according to utmp on other architectures."
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:486(para)
|
||||
#: usermod.8.xml:487(para)
|
||||
msgid ""
|
||||
"You must change the owner of any <command>crontab</command> files or "
|
||||
"<command>at</command> jobs manually."
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:490(para)
|
||||
#: usermod.8.xml:491(para)
|
||||
msgid "You must make any changes involving NIS on the NIS server."
|
||||
msgstr ""
|
||||
|
||||
@@ -1388,7 +1396,7 @@ msgid ""
|
||||
"algorithm: <placeholder-1/>"
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:528(filename) userdel.8.xml:197(filename)
|
||||
#: usermod.8.xml:529(filename) userdel.8.xml:197(filename)
|
||||
#: useradd.8.xml:726(filename) su.1.xml:382(filename)
|
||||
#: pwconv.8.xml:253(filename) passwd.1.xml:423(filename)
|
||||
#: newusers.8.xml:424(filename) login.access.5.xml:124(filename)
|
||||
@@ -1399,7 +1407,7 @@ msgstr ""
|
||||
msgid "/etc/login.defs"
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:530(para) userdel.8.xml:199(para) useradd.8.xml:728(para)
|
||||
#: usermod.8.xml:531(para) userdel.8.xml:199(para) useradd.8.xml:728(para)
|
||||
#: su.1.xml:384(para) pwconv.8.xml:255(para) passwd.1.xml:425(para)
|
||||
#: newusers.8.xml:426(para) login.access.5.xml:126(para) login.1.xml:391(para)
|
||||
#: groupmod.8.xml:222(para) groupadd.8.xml:250(para) chsh.1.xml:184(para)
|
||||
@@ -1407,31 +1415,31 @@ msgstr ""
|
||||
msgid "Shadow password suite configuration."
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:546(filename) userdel.8.xml:215(filename)
|
||||
#: usermod.8.xml:547(filename) userdel.8.xml:215(filename)
|
||||
#: useradd.8.xml:714(filename) newusers.8.xml:436(filename)
|
||||
#, fuzzy
|
||||
#| msgid "/etc/suauth"
|
||||
msgid "/etc/subgid"
|
||||
msgstr "/etc/suauth"
|
||||
|
||||
#: usermod.8.xml:548(para) userdel.8.xml:217(para) useradd.8.xml:716(para)
|
||||
#: usermod.8.xml:549(para) userdel.8.xml:217(para) useradd.8.xml:716(para)
|
||||
#: newusers.8.xml:438(para)
|
||||
msgid "Per user subordinate group IDs."
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:552(filename) userdel.8.xml:221(filename)
|
||||
#: usermod.8.xml:553(filename) userdel.8.xml:221(filename)
|
||||
#: useradd.8.xml:720(filename) newusers.8.xml:442(filename)
|
||||
#, fuzzy
|
||||
#| msgid "/etc/suauth"
|
||||
msgid "/etc/subuid"
|
||||
msgstr "/etc/suauth"
|
||||
|
||||
#: usermod.8.xml:554(para) userdel.8.xml:223(para) useradd.8.xml:722(para)
|
||||
#: usermod.8.xml:555(para) userdel.8.xml:223(para) useradd.8.xml:722(para)
|
||||
#: newusers.8.xml:444(para)
|
||||
msgid "Per user subordinate user IDs."
|
||||
msgstr ""
|
||||
|
||||
#: usermod.8.xml:562(para)
|
||||
#: usermod.8.xml:563(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "<citerefentry><refentrytitle>vi</refentrytitle><manvolnum>1</manvolnum></"
|
||||
@@ -1645,8 +1653,9 @@ msgstr ""
|
||||
#: passwd.1.xml:449(replaceable) newgrp.1.xml:59(manvolnum)
|
||||
#: login.1.xml:91(manvolnum) grpck.8.xml:256(replaceable)
|
||||
#: groups.1.xml:58(manvolnum) gpasswd.1.xml:63(manvolnum)
|
||||
#: expiry.1.xml:62(manvolnum) chsh.1.xml:61(manvolnum) chfn.1.xml:61(manvolnum)
|
||||
#: chage.1.xml:59(manvolnum) chage.1.xml:289(replaceable)
|
||||
#: expiry.1.xml:62(manvolnum) chsh.1.xml:61(manvolnum)
|
||||
#: chfn.1.xml:61(manvolnum) chage.1.xml:59(manvolnum)
|
||||
#: chage.1.xml:289(replaceable)
|
||||
msgid "1"
|
||||
msgstr ""
|
||||
|
||||
@@ -1967,7 +1976,7 @@ msgid ""
|
||||
"<option>PASS_MAX_DAYS</option> and others). <placeholder-1/> Example: "
|
||||
"<option>-K</option> <replaceable>PASS_MAX_DAYS</"
|
||||
"replaceable>=<replaceable>-1</replaceable> can be used when creating system "
|
||||
"account to turn off password aging, even though system account has no "
|
||||
"account to turn off password ageing, even though system account has no "
|
||||
"password at all. Multiple <option>-K</option> options can be specified, e."
|
||||
"g.: <option>-K</option> <replaceable>UID_MIN</"
|
||||
"replaceable>=<replaceable>100</replaceable> <option>-K</option> "
|
||||
@@ -1985,7 +1994,7 @@ msgstr ""
|
||||
#: useradd.8.xml:327(para)
|
||||
msgid ""
|
||||
"By default, the user's entries in the lastlog and faillog databases are "
|
||||
"reset to avoid reusing the entry from a previously deleted user."
|
||||
"resetted to avoid reusing the entry from a previously deleted user."
|
||||
msgstr ""
|
||||
|
||||
#: useradd.8.xml:335(term)
|
||||
@@ -2005,11 +2014,9 @@ msgid ""
|
||||
"is not enabled, no home directories are created."
|
||||
msgstr ""
|
||||
|
||||
#: useradd.8.xml:353(term)
|
||||
#, fuzzy
|
||||
#| msgid "<option>-c</option>, <option>--crypt-method</option>"
|
||||
msgid "<option>-M</option>, <option>--no-create-home</option>"
|
||||
msgstr "<option>-c</option>, <option>--crypt-method</option>"
|
||||
#: useradd.8.xml:354(option)
|
||||
msgid "-M"
|
||||
msgstr ""
|
||||
|
||||
#: useradd.8.xml:357(para)
|
||||
msgid ""
|
||||
@@ -2074,10 +2081,10 @@ msgstr ""
|
||||
#: useradd.8.xml:434(para)
|
||||
msgid ""
|
||||
"Note that <command>useradd</command> will not create a home directory for "
|
||||
"such a user, regardless of the default setting in <filename>/etc/login.defs</"
|
||||
"filename> (<option>CREATE_HOME</option>). You have to specify the <option>-"
|
||||
"m</option> options if you want a home directory for a system account to be "
|
||||
"created."
|
||||
"such an user, regardless of the default setting in <filename>/etc/login."
|
||||
"defs</filename> (<option>CREATE_HOME</option>). You have to specify the "
|
||||
"<option>-m</option> options if you want a home directory for a system "
|
||||
"account to be created."
|
||||
msgstr ""
|
||||
|
||||
#: useradd.8.xml:461(para)
|
||||
@@ -2595,7 +2602,7 @@ msgstr ""
|
||||
#, no-wrap
|
||||
msgid ""
|
||||
"\n"
|
||||
" 1) the user su is targeting\n"
|
||||
" 1) the user su is targetting\n"
|
||||
" "
|
||||
msgstr ""
|
||||
|
||||
@@ -2629,12 +2636,12 @@ msgstr ""
|
||||
#: suauth.5.xml:107(para)
|
||||
msgid ""
|
||||
"from-id is formatted the same as to-id except the extra word "
|
||||
"<emphasis>GROUP</emphasis> is recognized. <emphasis>ALL EXCEPT GROUP</"
|
||||
"<emphasis>GROUP</emphasis> is recognised. <emphasis>ALL EXCEPT GROUP</"
|
||||
"emphasis> is perfectly valid too. Following <emphasis>GROUP</emphasis> "
|
||||
"appears one or more group names, delimited by \",\". It is not sufficient to "
|
||||
"have primary group id of the relevant group, an entry in "
|
||||
"<citerefentry><refentrytitle>/etc/group</refentrytitle><manvolnum>5</"
|
||||
"manvolnum></citerefentry> is necessary."
|
||||
"manvolnum></citerefentry> is neccessary."
|
||||
msgstr ""
|
||||
|
||||
#: suauth.5.xml:118(para)
|
||||
@@ -2737,8 +2744,9 @@ msgid ""
|
||||
msgstr ""
|
||||
|
||||
#: su.1.xml:58(contrib) shadow.5.xml:41(contrib) shadow.3.xml:41(contrib)
|
||||
#: porttime.5.xml:41(contrib) passwd.5.xml:41(contrib) passwd.1.xml:48(contrib)
|
||||
#: login.1.xml:74(contrib) faillog.8.xml:41(contrib) faillog.5.xml:41(contrib)
|
||||
#: porttime.5.xml:41(contrib) passwd.5.xml:41(contrib)
|
||||
#: passwd.1.xml:48(contrib) login.1.xml:74(contrib) faillog.8.xml:41(contrib)
|
||||
#: faillog.5.xml:41(contrib)
|
||||
msgid "Creation, 1989"
|
||||
msgstr ""
|
||||
|
||||
@@ -2837,7 +2845,7 @@ msgstr ""
|
||||
#: su.1.xml:158(para)
|
||||
msgid ""
|
||||
"The executed command will have no controlling terminal. This option cannot "
|
||||
"be used to execute interactive programs which need a controlling TTY."
|
||||
"be used to execute interractive programs which need a controlling TTY."
|
||||
msgstr ""
|
||||
|
||||
#: su.1.xml:168(term)
|
||||
@@ -3381,7 +3389,7 @@ msgstr ""
|
||||
|
||||
#: shadow.5.xml:117(para) gshadow.5.xml:107(para)
|
||||
msgid ""
|
||||
"A password field which starts with an exclamation mark means that the "
|
||||
"A password field which starts with a exclamation mark means that the "
|
||||
"password is locked. The remaining characters on the line represent the "
|
||||
"password field before the password was locked."
|
||||
msgstr ""
|
||||
@@ -3399,7 +3407,7 @@ msgstr ""
|
||||
#: shadow.5.xml:134(para)
|
||||
msgid ""
|
||||
"The value 0 has a special meaning, which is that the user should change her "
|
||||
"password the next time she will log in the system."
|
||||
"pasword the next time she will log in the system."
|
||||
msgstr ""
|
||||
|
||||
#: shadow.5.xml:139(para)
|
||||
@@ -3499,7 +3507,7 @@ msgstr ""
|
||||
#: shadow.5.xml:229(para)
|
||||
msgid ""
|
||||
"Note that an account expiration differs from a password expiration. In case "
|
||||
"of an account expiration, the user shall not be allowed to login. In case of "
|
||||
"of an acount expiration, the user shall not be allowed to login. In case of "
|
||||
"a password expiration, the user is not allowed to login using her password."
|
||||
msgstr ""
|
||||
|
||||
@@ -3760,15 +3768,18 @@ msgstr ""
|
||||
msgid "pwconv"
|
||||
msgstr ""
|
||||
|
||||
#: pwconv.8.xml:71(refname) pwconv.8.xml:85(command) login.defs.5.xml:438(term)
|
||||
#: pwconv.8.xml:71(refname) pwconv.8.xml:85(command)
|
||||
#: login.defs.5.xml:438(term)
|
||||
msgid "pwunconv"
|
||||
msgstr ""
|
||||
|
||||
#: pwconv.8.xml:72(refname) pwconv.8.xml:91(command) login.defs.5.xml:340(term)
|
||||
#: pwconv.8.xml:72(refname) pwconv.8.xml:91(command)
|
||||
#: login.defs.5.xml:340(term)
|
||||
msgid "grpconv"
|
||||
msgstr ""
|
||||
|
||||
#: pwconv.8.xml:73(refname) pwconv.8.xml:97(command) login.defs.5.xml:346(term)
|
||||
#: pwconv.8.xml:73(refname) pwconv.8.xml:97(command)
|
||||
#: login.defs.5.xml:346(term)
|
||||
msgid "grpunconv"
|
||||
msgstr ""
|
||||
|
||||
@@ -3916,7 +3927,8 @@ msgstr ""
|
||||
|
||||
#: pwck.8.xml:80(replaceable) passwd.5.xml:57(refentrytitle)
|
||||
#: passwd.5.xml:64(refname) passwd.1.xml:64(refentrytitle)
|
||||
#: passwd.1.xml:71(refname) passwd.1.xml:77(command) login.defs.5.xml:409(term)
|
||||
#: passwd.1.xml:71(refname) passwd.1.xml:77(command)
|
||||
#: login.defs.5.xml:409(term)
|
||||
msgid "passwd"
|
||||
msgstr ""
|
||||
|
||||
@@ -4059,7 +4071,7 @@ msgstr ""
|
||||
msgid ""
|
||||
"Note that when <option>USE_TCB</option> is enabled, you cannot specify an "
|
||||
"alternative <replaceable>shadow</replaceable> file. In future releases, this "
|
||||
"parameter could be replaced by an alternate TCB directory."
|
||||
"paramater could be replaced by an alternate TCB directory."
|
||||
msgstr ""
|
||||
|
||||
#: pwck.8.xml:312(para)
|
||||
@@ -4388,12 +4400,8 @@ msgid ""
|
||||
msgstr ""
|
||||
|
||||
#: passwd.1.xml:166(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "You can find advices on how to choose a strong password on http://en."
|
||||
#| "wikipedia.org/wiki/Password_strength"
|
||||
msgid ""
|
||||
"You can find advice on how to choose a strong password on http://en."
|
||||
"You can find advices on how to choose a strong password on http://en."
|
||||
"wikipedia.org/wiki/Password_strength"
|
||||
msgstr ""
|
||||
"Du kan finde råd om hvordan du vælger en god adgangskode på http://en."
|
||||
@@ -4695,8 +4703,8 @@ msgstr "<option>PASS_MIN_LEN</option> (antal)"
|
||||
#: passwd.1.xml:35(para) login.defs.5.xml:35(para)
|
||||
msgid ""
|
||||
"Number of significant characters in the password for crypt(). "
|
||||
"<option>PASS_MAX_LEN</option> is 8 by default. Don't change unless your "
|
||||
"crypt() is better. This is ignored if <option>MD5_CRYPT_ENAB</option> set to "
|
||||
"<option>PASS_MAX_LEN</option> is 8 by default. Don't change unless your crypt"
|
||||
"() is better. This is ignored if <option>MD5_CRYPT_ENAB</option> set to "
|
||||
"<replaceable>yes</replaceable>."
|
||||
msgstr ""
|
||||
|
||||
@@ -4834,9 +4842,7 @@ msgid "HISTORY"
|
||||
msgstr "HISTORIK"
|
||||
|
||||
#: nologin.8.xml:91(para)
|
||||
#, fuzzy
|
||||
#| msgid "The <command>nologin</command> command appearred in BSD 4.4."
|
||||
msgid "The <command>nologin</command> command appeared in BSD 4.4."
|
||||
msgid "The <command>nologin</command> command appearred in BSD 4.4."
|
||||
msgstr "Kommandoen <command>nologin</command> fremkom i BSD 4.4."
|
||||
|
||||
#: newusers.8.xml:72(refentrytitle) newusers.8.xml:79(refname)
|
||||
@@ -4875,19 +4881,11 @@ msgid "This is the name of the user."
|
||||
msgstr "Dette er navnet på brugeren."
|
||||
|
||||
#: newusers.8.xml:116(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "If this field contains the name of an existing user (or the name of an "
|
||||
#| "user created before by <command>newusers</command>), the UID of the "
|
||||
#| "specified user will be used."
|
||||
msgid ""
|
||||
"It can be the name of a new user or the name of an existing user (or a user "
|
||||
"It can be the name of a new user or the name of an existing user (or an user "
|
||||
"created before by <command>newusers</command>). In case of an existing user, "
|
||||
"the user's information will be changed, otherwise a new user will be created."
|
||||
msgstr ""
|
||||
"Hvis dette felt indeholder navnet på en eksisterende bruger (eller navnet på "
|
||||
"en bruger oprettet før af <command>newusers</command>), så vil UID'en for "
|
||||
"den angivne bruger blive brugt."
|
||||
|
||||
#: newusers.8.xml:127(emphasis)
|
||||
msgid "pw_passwd"
|
||||
@@ -4910,12 +4908,8 @@ msgid "This field is used to define the UID of the user."
|
||||
msgstr "Dette flet bruges til at definere UID for brugeren."
|
||||
|
||||
#: newusers.8.xml:144(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "If the field is empty, an new (unused) UID will be defined automatically "
|
||||
#| "by <command>newusers</command>."
|
||||
msgid ""
|
||||
"If the field is empty, a new (unused) UID will be defined automatically by "
|
||||
"If the field is empty, an new (unused) UID will be defined automatically by "
|
||||
"<command>newusers</command>."
|
||||
msgstr ""
|
||||
"Hvis feltet er tomt, vil en ny (ubrugt) UID blive defineret automatisk af "
|
||||
@@ -4927,13 +4921,8 @@ msgstr ""
|
||||
"Hvis dette felt indeholer et tal, så vil dette tal blive brugt som UID'en."
|
||||
|
||||
#: newusers.8.xml:152(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "If this field contains the name of an existing user (or the name of an "
|
||||
#| "user created before by <command>newusers</command>), the UID of the "
|
||||
#| "specified user will be used."
|
||||
msgid ""
|
||||
"If this field contains the name of an existing user (or the name of a user "
|
||||
"If this field contains the name of an existing user (or the name of an user "
|
||||
"created before by <command>newusers</command>), the UID of the specified "
|
||||
"user will be used."
|
||||
msgstr ""
|
||||
@@ -6192,9 +6181,7 @@ msgid "D: max data size (KB)"
|
||||
msgstr "D: Maks. datastørrelse (KB)"
|
||||
|
||||
#: limits.5.xml:111(para)
|
||||
#, fuzzy
|
||||
#| msgid "F: maximum filesize (KB)"
|
||||
msgid "F: maximum file size (KB)"
|
||||
msgid "F: maximum filesize (KB)"
|
||||
msgstr "F: Maks filstørrelse (KB)"
|
||||
|
||||
#: limits.5.xml:112(para)
|
||||
@@ -6264,7 +6251,7 @@ msgstr ""
|
||||
#: limits.5.xml:145(para)
|
||||
msgid ""
|
||||
"Be aware that after <emphasis remap=\"I\">username</emphasis> the rest of "
|
||||
"the line is considered a limit string, thus comments are not allowed. An "
|
||||
"the line is considered a limit string, thus comments are not allowed. A "
|
||||
"invalid limits string will be rejected (not considered) by the "
|
||||
"<command>login</command> program."
|
||||
msgstr ""
|
||||
@@ -6284,12 +6271,8 @@ msgid ""
|
||||
msgstr ""
|
||||
|
||||
#: limits.5.xml:165(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "If more than one line with limits for an user exist, only the first line "
|
||||
#| "for this user will be considered."
|
||||
msgid ""
|
||||
"If more than one line with limits for a user exist, only the first line for "
|
||||
"If more than one line with limits for an user exist, only the first line for "
|
||||
"this user will be considered."
|
||||
msgstr ""
|
||||
"Hvis mere end en linje med begrænsninger for en bruger findes, så vil kun "
|
||||
@@ -6297,7 +6280,7 @@ msgstr ""
|
||||
|
||||
#: limits.5.xml:170(para)
|
||||
msgid ""
|
||||
"If no lines are specified for a user, the last <replaceable>@group</"
|
||||
"If no lines are specified for an user, the last <replaceable>@group</"
|
||||
"replaceable> line matching a group whose the user is a member of will be "
|
||||
"considered, or the last line with default limits if no groups contain the "
|
||||
"user."
|
||||
@@ -6368,53 +6351,29 @@ msgid ""
|
||||
"Print only lastlog records older than <emphasis remap=\"I\">DAYS</emphasis>."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:107(term)
|
||||
#, fuzzy
|
||||
#| msgid "<option>-u</option>, <option>--user</option>"
|
||||
msgid "<option>-C</option>, <option>--clear</option>"
|
||||
msgstr "<option>-u</option>, <option>--user</option>"
|
||||
|
||||
#: lastlog.8.xml:111(para)
|
||||
msgid ""
|
||||
"Clear lastlog record of a user. This option can be used only together with "
|
||||
"<option>-u</option> (<option>--user</option>))."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:138(term)
|
||||
#, fuzzy
|
||||
#| msgid "<option>-u</option>, <option>--user</option>"
|
||||
msgid "<option>-S</option>, <option>--set</option>"
|
||||
msgstr "<option>-u</option>, <option>--user</option>"
|
||||
|
||||
#: lastlog.8.xml:142(para)
|
||||
msgid ""
|
||||
"Set lastlog record of a user to the current time. This option can be used "
|
||||
"only together with <option>-u</option> (<option>--user</option>))."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:149(term) faillog.8.xml:192(term)
|
||||
#: lastlog.8.xml:127(term) faillog.8.xml:192(term)
|
||||
msgid ""
|
||||
"<option>-t</option>, <option>--time</option> <replaceable>DAYS</"
|
||||
"replaceable>"
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:153(para)
|
||||
#: lastlog.8.xml:131(para)
|
||||
msgid ""
|
||||
"Print the lastlog records more recent than <emphasis remap=\"I\">DAYS</"
|
||||
"emphasis>."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:160(term) faillog.8.xml:202(term)
|
||||
#: lastlog.8.xml:138(term) faillog.8.xml:202(term)
|
||||
msgid ""
|
||||
"<option>-u</option>, <option>--user</option> <replaceable>LOGIN</"
|
||||
"replaceable>|<replaceable>RANGE</replaceable>"
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:164(para)
|
||||
#: lastlog.8.xml:142(para)
|
||||
msgid "Print the lastlog record of the specified user(s)."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:167(para) faillog.8.xml:211(para)
|
||||
#: lastlog.8.xml:145(para) faillog.8.xml:211(para)
|
||||
msgid ""
|
||||
"The users can be specified by a login name, a numerical user ID, or a "
|
||||
"<replaceable>RANGE</replaceable> of users. This <replaceable>RANGE</"
|
||||
@@ -6423,24 +6382,24 @@ msgid ""
|
||||
"UID_MAX</replaceable>), or a min value (<replaceable>UID_MIN-</replaceable>)."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:179(para)
|
||||
#: lastlog.8.xml:157(para)
|
||||
msgid ""
|
||||
"If the user has never logged in the message <emphasis>** Never logged in**</"
|
||||
"emphasis> will be displayed instead of the port and time."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:184(para)
|
||||
#: lastlog.8.xml:162(para)
|
||||
msgid ""
|
||||
"Only the entries for the current users of the system will be displayed. "
|
||||
"Other entries may exist for users that were deleted previously."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:192(title) groups.1.xml:90(title) chsh.1.xml:140(title)
|
||||
#: lastlog.8.xml:170(title) groups.1.xml:90(title) chsh.1.xml:140(title)
|
||||
#: chage.1.xml:231(title)
|
||||
msgid "NOTE"
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:193(para)
|
||||
#: lastlog.8.xml:171(para)
|
||||
msgid ""
|
||||
"The <filename>lastlog</filename> file is a database which contains info on "
|
||||
"the last login of each user. You should not rotate it. It is a sparse file, "
|
||||
@@ -6450,15 +6409,15 @@ msgid ""
|
||||
"its real size with \"<command>ls -s</command>\"."
|
||||
msgstr ""
|
||||
|
||||
#: lastlog.8.xml:207(filename)
|
||||
#: lastlog.8.xml:185(filename)
|
||||
msgid "/var/log/lastlog"
|
||||
msgstr "/var/log/lastlog"
|
||||
|
||||
#: lastlog.8.xml:209(para)
|
||||
#: lastlog.8.xml:187(para)
|
||||
msgid "Database times of previous user logins."
|
||||
msgstr "Databasetider for tidligere brugerlogind."
|
||||
|
||||
#: lastlog.8.xml:217(para)
|
||||
#: lastlog.8.xml:195(para)
|
||||
msgid ""
|
||||
"Large gaps in UID numbers will cause the lastlog program to run longer with "
|
||||
"no output to the screen (i.e. if in lastlog database there is no entries for "
|
||||
@@ -6505,19 +6464,11 @@ msgid ""
|
||||
msgstr ""
|
||||
|
||||
#: gshadow.5.xml:97(para)
|
||||
#, fuzzy
|
||||
#| msgid ""
|
||||
#| "The new value of the user's password file comment field. It is normally "
|
||||
#| "modified using the <citerefentry><refentrytitle>chfn</"
|
||||
#| "refentrytitle><manvolnum>1</manvolnum></citerefentry> utility."
|
||||
msgid ""
|
||||
"The password is used when a user who is not a member of the group wants to "
|
||||
"The password is used when an user who is not a member of the group wants to "
|
||||
"gain the permissions of this group (see <citerefentry><refentrytitle>newgrp</"
|
||||
"refentrytitle><manvolnum>1</manvolnum></citerefentry>)."
|
||||
msgstr ""
|
||||
"Den nye værdi for brugerens kommentar kommentarfelt i adgangskodefilen. Den "
|
||||
"ændres normalt med redskabet <citerefentry><refentrytitle>chfn</"
|
||||
"refentrytitle><manvolnum>1</manvolnum></citerefentry>."
|
||||
|
||||
#: gshadow.5.xml:103(para)
|
||||
msgid ""
|
||||
@@ -6916,9 +6867,7 @@ msgid ""
|
||||
msgstr ""
|
||||
|
||||
#: groupmems.8.xml:109(para)
|
||||
#, fuzzy
|
||||
#| msgid "Add an user to the group membership list."
|
||||
msgid "Add a user to the group membership list."
|
||||
msgid "Add an user to the group membership list."
|
||||
msgstr "Tilføj en bruger til listen over gruppemedlemmer."
|
||||
|
||||
#: groupmems.8.xml:110(para) groupmems.8.xml:126(para)
|
||||
@@ -7684,7 +7633,7 @@ msgstr ""
|
||||
msgid ""
|
||||
"The default encryption algorithm can be defined for the system with the "
|
||||
"<option>ENCRYPT_METHOD</option> or <option>MD5_CRYPT_ENAB</option> variables "
|
||||
"of <filename>/etc/login.defs</filename>, and can be overwritten with the "
|
||||
"of <filename>/etc/login.defs</filename>, and can be overwitten with the "
|
||||
"<option>-e</option>, <option>-m</option>, or <option>-c</option> options."
|
||||
msgstr ""
|
||||
|
||||
@@ -7699,7 +7648,7 @@ msgstr ""
|
||||
msgid ""
|
||||
"<phrase condition=\"pam\">Except when PAM is used to encrypt the passwords,</"
|
||||
"phrase><command>chpasswd</command> first updates all the passwords in "
|
||||
"memory, and then commits all the changes to disk if no errors occurred for "
|
||||
"memory, and then commits all the changes to disk if no errors occured for "
|
||||
"any user."
|
||||
msgstr ""
|
||||
|
||||
@@ -7829,7 +7778,7 @@ msgstr ""
|
||||
msgid ""
|
||||
"The default encryption algorithm can be defined for the system with the "
|
||||
"<option>ENCRYPT_METHOD</option> variable of <filename>/etc/login.defs</"
|
||||
"filename>, and can be overwritten with the <option>-e</option>, <option>-m</"
|
||||
"filename>, and can be overwiten with the <option>-e</option>, <option>-m</"
|
||||
"option>, or <option>-c</option> options."
|
||||
msgstr ""
|
||||
|
||||
|
||||
+181
-336
File diff suppressed because it is too large
Load Diff
+173
-328
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user