Compare commits
22 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 749c178062 | |||
| d906ecd3b6 | |||
| 69d932140c | |||
| b28d45d2bd | |||
| b0729855e8 | |||
| 589f97ade4 | |||
| 365658d0f3 | |||
| bfaa59229d | |||
| a497c3663f | |||
| 07dea48511 | |||
| 0f4406b757 | |||
| 2141c2f804 | |||
| c3503a0b5c | |||
| 63448ba21d | |||
| a933847574 | |||
| 6e19e48f9b | |||
| de99d9b9d6 | |||
| 03c52251fb | |||
| aadd2f332c | |||
| c634bfd35c | |||
| ec09609355 | |||
| ad21753e53 |
-47
@@ -1,47 +0,0 @@
|
|||||||
*~
|
|
||||||
lib*.a
|
|
||||||
*.o
|
|
||||||
*.lo
|
|
||||||
*.la
|
|
||||||
*.gmo
|
|
||||||
.deps
|
|
||||||
.libs
|
|
||||||
|
|
||||||
*.patch
|
|
||||||
*.rej
|
|
||||||
*.orig
|
|
||||||
|
|
||||||
Makefile
|
|
||||||
Makefile.in
|
|
||||||
|
|
||||||
/ABOUT-NLS
|
|
||||||
/aclocal.m4
|
|
||||||
/autom4te.cache
|
|
||||||
/config.guess
|
|
||||||
/config.h
|
|
||||||
/config.h.in
|
|
||||||
/config.log
|
|
||||||
/config.rpath
|
|
||||||
/config.status
|
|
||||||
/config.sub
|
|
||||||
/configure
|
|
||||||
/depcomp
|
|
||||||
/install-sh
|
|
||||||
/libtool
|
|
||||||
/ltmain.sh
|
|
||||||
/m4
|
|
||||||
/missing
|
|
||||||
/stamp-h1
|
|
||||||
/ylwrap
|
|
||||||
|
|
||||||
/po/*.header
|
|
||||||
/po/*.sed
|
|
||||||
/po/*.sin
|
|
||||||
/po/Makefile.in.in
|
|
||||||
/po/Makevars.template
|
|
||||||
/po/POTFILES
|
|
||||||
/po/Rules-quot
|
|
||||||
/po/stamp-po
|
|
||||||
|
|
||||||
/shadow.spec
|
|
||||||
/libmisc/getdate.c
|
|
||||||
@@ -1,3 +1,204 @@
|
|||||||
|
2021-07-22 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Updated translations (Björn Esser, Juergen Hoetzel)
|
||||||
|
* Major salt updates (Björn Esser)
|
||||||
|
* Various coverity and cleanup fixes (Iker Pedrosa)
|
||||||
|
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
|
||||||
|
* Implement NSS support for subids and a libsubid (Serge Hallyn)
|
||||||
|
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
|
||||||
|
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
|
||||||
|
* selinux fixes (Christian Göttsche)
|
||||||
|
* Fix path prefix path handling (Lucas Servén Marín)
|
||||||
|
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
|
||||||
|
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
|
||||||
|
* Treat an empty passwd field as invalid (Haelwenn Monnier)
|
||||||
|
* newxidmap: allow running under alternative gid (Martijn de Gouw)
|
||||||
|
* usermod: check that shell is executable (Geert Ijewski)
|
||||||
|
* Add yescript support (Rodolphe Bréard)
|
||||||
|
* useradd memleak fixes (whzhe)
|
||||||
|
* useradd: use built-in settings by default (Ludwig Nussel)
|
||||||
|
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
|
||||||
|
* buffer overflow fixes (Tobias Stoeckmann)
|
||||||
|
* Adding run-parts style for pre and post useradd/del (ed@s5h.net)
|
||||||
|
|
||||||
|
2020-01-23 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* selinux: inclue stdio (Michael Vetter)
|
||||||
|
* man: don't suggest making groupmems user-writeable (Michael Weiser)
|
||||||
|
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
|
||||||
|
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (ed@s5h.net)
|
||||||
|
* add new HOME_MODE login.defs option (Duncan Overbruck)
|
||||||
|
* Add tty logging to useradd (ed@s5h.net)
|
||||||
|
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
|
||||||
|
* Update Dutch translation (Frans-Spiesschaert)
|
||||||
|
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
|
||||||
|
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
|
||||||
|
|
||||||
|
2019-12-20 Dave Reisner <dreisner@archlinux.org>
|
||||||
|
|
||||||
|
* Do not auto-enable acct_tools_setuid just because
|
||||||
|
pam is enabled. NOTE - any distros which are relying
|
||||||
|
on this behavior will need to switch to configure
|
||||||
|
--enable-account-tools-setuid
|
||||||
|
|
||||||
|
2019-12-01 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Release 4.8
|
||||||
|
* Initial optional bcrypt support.
|
||||||
|
* Make build/install of 'su' optional.
|
||||||
|
* Fix for vipw not resuming correctly when suspended
|
||||||
|
* Sync password field descriptions in manpages
|
||||||
|
* Check for valid shell argument in useradd
|
||||||
|
* Allow translation of new strings through POTFILES.in
|
||||||
|
* Migrate to itstool for translations
|
||||||
|
* Migrate to new SELinux api
|
||||||
|
* Support --enable-vendordir
|
||||||
|
* pwck: Only check homedir if set and not a system user
|
||||||
|
* Support nonstandard usernames
|
||||||
|
* sget{pw,gr}ent: check for data at EOL
|
||||||
|
* Add YYY-MM-DD support in chage
|
||||||
|
* Fix failing chmod calls for suidubins
|
||||||
|
* Fix --sbindir and --bindir for binary installations
|
||||||
|
* Fix LASTLOG_UID_MAX in login.defs
|
||||||
|
* Fix configure error with dash
|
||||||
|
|
||||||
|
2019-06-13 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Release 4.7
|
||||||
|
* Spawn: don't loop forever on ECHILD
|
||||||
|
* Do not fail locking if there is a stale lockfile Tomas Mraz)
|
||||||
|
* Use lckpwdf if prefix not set (Tomas Mraz)
|
||||||
|
* Build: check correct DocBook version (Jan Tojnar)
|
||||||
|
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
|
||||||
|
* Add support for btrfs subvolumes for home (Adam Majer)
|
||||||
|
* Fix chpasswd long line handling (Nathan Ruiz)
|
||||||
|
* Use secure_getenv for gettime (Chris Lamb)
|
||||||
|
* Make sp_lstchg reproducible (Chris Lamb)
|
||||||
|
* Do not crash commonio_close if db file is not open (Tomas Mraz)
|
||||||
|
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
|
||||||
|
* French manpage update (Alban VIDAL)
|
||||||
|
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
|
||||||
|
* Sync po files from shadow.pot (Alban VIDAL)
|
||||||
|
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
|
||||||
|
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
|
||||||
|
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
|
||||||
|
* Fix segfault in useradd (Tomas Mraz)
|
||||||
|
* Coverity issues (Tomas Mraz)
|
||||||
|
* Flush sssd caches (Jakub Hrozek)
|
||||||
|
* Log UID in nologin (Vladimir Ivanov)
|
||||||
|
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
|
||||||
|
* Support systems with only utmpx (A. Wilcox)
|
||||||
|
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
|
||||||
|
* Update po/zh_CN translation (Lion Yang)
|
||||||
|
* Create parent dirs for useradd -m (Michael Vetter)
|
||||||
|
* Prevent usermod segv
|
||||||
|
* Fix usermod crash (fariouche)
|
||||||
|
|
||||||
|
2018-04-29 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Release 4.6
|
||||||
|
* Newgrp: avoid unnecessary lookups
|
||||||
|
* Make language less binary
|
||||||
|
* Add error when turning off man switch
|
||||||
|
* Spelling fixes
|
||||||
|
* Make userdel work with -R
|
||||||
|
* newgidmap: enforce setgroups=deny if self-mapping a group
|
||||||
|
* Norwegian bokmål translation
|
||||||
|
* pwck: prevent crash by not passing O_CREAT
|
||||||
|
* WITH_TCB fixes from Mandriva
|
||||||
|
* Fix pwconv and grpconv entry skips
|
||||||
|
* Fix -- slurping in su
|
||||||
|
* add --prefix option
|
||||||
|
|
||||||
|
2017-07-16 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Import new Dutch translations.
|
||||||
|
|
||||||
|
2017-07-10 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Expand error codes for groupmod.
|
||||||
|
|
||||||
|
2017-05-17 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Release 4.5
|
||||||
|
|
||||||
|
2017-05-17 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
|
||||||
|
preventing SIGTERM to su from being propagated to the job.
|
||||||
|
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
|
||||||
|
* Merge Russian translation updates from Yuri Kozlov
|
||||||
|
* Fix missing close of subuid file on error
|
||||||
|
|
||||||
|
2017-02-23 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Merge patch by Tobias Stoeckmann <tobias@stoeckmann.org> to fix
|
||||||
|
the equivalent of util-linux CVE-2017-2616.
|
||||||
|
|
||||||
|
2017-02-08 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Update Kazakh translations
|
||||||
|
* Consult configuration before calculating subuids
|
||||||
|
* Remove misplaced semicolon
|
||||||
|
|
||||||
|
2017-01-29 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Patch from Fedora to improve performance with SSSD, Winbind,
|
||||||
|
or nss_ldap. (Tomas Mraz)
|
||||||
|
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
|
||||||
|
|
||||||
|
2016-12-21 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
|
||||||
|
* Fix readability in usermod error messages.
|
||||||
|
* Reset user in tallylog
|
||||||
|
* Add audit support to su
|
||||||
|
|
||||||
|
2016-12-02 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* changes since 4.4
|
||||||
|
- Use sizeof rather than hardcoding snprintf args
|
||||||
|
- Fix useradd improper default loading
|
||||||
|
- Update Vietnamese translations
|
||||||
|
- Update Polish translations
|
||||||
|
- Remove non-POSIX chmod option in Makefile
|
||||||
|
- Fix suidubins assignments
|
||||||
|
- Fix --add-subuids etc spelling in manpages
|
||||||
|
- Audit homedir ownership change.
|
||||||
|
- Print error on selinux file context update failure
|
||||||
|
- Keep original file perms when creating a backup
|
||||||
|
|
||||||
|
* (henceforth we'll update Changelog with each commit
|
||||||
|
and proper credit)
|
||||||
|
|
||||||
|
2016-12-02 Serge Hallyn <serge@hallyn.com>
|
||||||
|
|
||||||
|
* Changes since 4.2.1:
|
||||||
|
- Documentation, error report and translations updates
|
||||||
|
- Replace path_max with 32
|
||||||
|
- User namespace support fixes/updates including:
|
||||||
|
- Correct sanity checks in newXidmap
|
||||||
|
- Fix building without subuid support
|
||||||
|
- Add /etc/subuid support for UID matching
|
||||||
|
- Support subuid for nonlocal users
|
||||||
|
- Default to 65536 subuid allocations
|
||||||
|
- Respect -r
|
||||||
|
- Check for range overflows
|
||||||
|
- Add tests from svn tree
|
||||||
|
- Use AC_CHECK_SIZEOF for uid_t size checks
|
||||||
|
- Accomodate missing /etc and login.defs
|
||||||
|
- Support FORCE_SHADOW
|
||||||
|
- Be more robust in hostile environment
|
||||||
|
- Allow removing a primary group
|
||||||
|
- Clear passwords on __pw_dup errors
|
||||||
|
- Memory leak fix in commonio_update and get_map_ranges
|
||||||
|
- Fix resource leak in syslog_sg
|
||||||
|
- Fix user busy error at userdel
|
||||||
|
- Support set/clear lastlog record via lastlog command
|
||||||
|
- Add --no-create-home as longopt for -M
|
||||||
|
- Fix signal races
|
||||||
|
- Reduce syslog priority of common usage events
|
||||||
|
|
||||||
2013-08-25 Nicolas François <nicolas.francois@centraliens.net>
|
2013-08-25 Nicolas François <nicolas.francois@centraliens.net>
|
||||||
|
|
||||||
* src/vipw.c: After waitpid(), use errno only if waitpid returned
|
* src/vipw.c: After waitpid(), use errno only if waitpid returned
|
||||||
|
|||||||
+10
-3
@@ -2,7 +2,14 @@
|
|||||||
|
|
||||||
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
||||||
|
|
||||||
AUTOMAKE_OPTIONS = 1.5 dist-bzip2 foreign
|
SUBDIRS = libmisc lib
|
||||||
|
|
||||||
SUBDIRS = po man libmisc lib src \
|
if ENABLE_SUBIDS
|
||||||
contrib doc etc
|
SUBDIRS += libsubid
|
||||||
|
endif
|
||||||
|
|
||||||
|
SUBDIRS += src po contrib doc etc
|
||||||
|
|
||||||
|
if ENABLE_REGENERATE_MAN
|
||||||
|
SUBDIRS += man
|
||||||
|
endif
|
||||||
|
|||||||
+865
@@ -0,0 +1,865 @@
|
|||||||
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
|
# @configure_input@
|
||||||
|
|
||||||
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
||||||
|
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||||
|
# PARTICULAR PURPOSE.
|
||||||
|
|
||||||
|
@SET_MAKE@
|
||||||
|
VPATH = @srcdir@
|
||||||
|
am__is_gnu_make = { \
|
||||||
|
if test -z '$(MAKELEVEL)'; then \
|
||||||
|
false; \
|
||||||
|
elif test -n '$(MAKE_HOST)'; then \
|
||||||
|
true; \
|
||||||
|
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
||||||
|
true; \
|
||||||
|
else \
|
||||||
|
false; \
|
||||||
|
fi; \
|
||||||
|
}
|
||||||
|
am__make_running_with_option = \
|
||||||
|
case $${target_option-} in \
|
||||||
|
?) ;; \
|
||||||
|
*) echo "am__make_running_with_option: internal error: invalid" \
|
||||||
|
"target option '$${target_option-}' specified" >&2; \
|
||||||
|
exit 1;; \
|
||||||
|
esac; \
|
||||||
|
has_opt=no; \
|
||||||
|
sane_makeflags=$$MAKEFLAGS; \
|
||||||
|
if $(am__is_gnu_make); then \
|
||||||
|
sane_makeflags=$$MFLAGS; \
|
||||||
|
else \
|
||||||
|
case $$MAKEFLAGS in \
|
||||||
|
*\\[\ \ ]*) \
|
||||||
|
bs=\\; \
|
||||||
|
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
||||||
|
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
||||||
|
esac; \
|
||||||
|
fi; \
|
||||||
|
skip_next=no; \
|
||||||
|
strip_trailopt () \
|
||||||
|
{ \
|
||||||
|
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
||||||
|
}; \
|
||||||
|
for flg in $$sane_makeflags; do \
|
||||||
|
test $$skip_next = yes && { skip_next=no; continue; }; \
|
||||||
|
case $$flg in \
|
||||||
|
*=*|--*) continue;; \
|
||||||
|
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
||||||
|
-*I?*) strip_trailopt 'I';; \
|
||||||
|
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
||||||
|
-*O?*) strip_trailopt 'O';; \
|
||||||
|
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
||||||
|
-*l?*) strip_trailopt 'l';; \
|
||||||
|
-[dEDm]) skip_next=yes;; \
|
||||||
|
-[JT]) skip_next=yes;; \
|
||||||
|
esac; \
|
||||||
|
case $$flg in \
|
||||||
|
*$$target_option*) has_opt=yes; break;; \
|
||||||
|
esac; \
|
||||||
|
done; \
|
||||||
|
test $$has_opt = yes
|
||||||
|
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
||||||
|
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
||||||
|
pkgdatadir = $(datadir)/@PACKAGE@
|
||||||
|
pkgincludedir = $(includedir)/@PACKAGE@
|
||||||
|
pkglibdir = $(libdir)/@PACKAGE@
|
||||||
|
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
||||||
|
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
||||||
|
install_sh_DATA = $(install_sh) -c -m 644
|
||||||
|
install_sh_PROGRAM = $(install_sh) -c
|
||||||
|
install_sh_SCRIPT = $(install_sh) -c
|
||||||
|
INSTALL_HEADER = $(INSTALL_DATA)
|
||||||
|
transform = $(program_transform_name)
|
||||||
|
NORMAL_INSTALL = :
|
||||||
|
PRE_INSTALL = :
|
||||||
|
POST_INSTALL = :
|
||||||
|
NORMAL_UNINSTALL = :
|
||||||
|
PRE_UNINSTALL = :
|
||||||
|
POST_UNINSTALL = :
|
||||||
|
build_triplet = @build@
|
||||||
|
host_triplet = @host@
|
||||||
|
@ENABLE_SUBIDS_TRUE@am__append_1 = libsubid
|
||||||
|
@ENABLE_REGENERATE_MAN_TRUE@am__append_2 = man
|
||||||
|
subdir = .
|
||||||
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
|
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
|
||||||
|
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \
|
||||||
|
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
|
||||||
|
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
|
||||||
|
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
|
||||||
|
$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
|
||||||
|
$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
|
||||||
|
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
|
||||||
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
$(ACLOCAL_M4)
|
||||||
|
DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \
|
||||||
|
$(am__configure_deps) $(am__DIST_COMMON)
|
||||||
|
am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
|
||||||
|
configure.lineno config.status.lineno
|
||||||
|
mkinstalldirs = $(install_sh) -d
|
||||||
|
CONFIG_HEADER = config.h
|
||||||
|
CONFIG_CLEAN_FILES = man/po/Makefile shadow.spec
|
||||||
|
CONFIG_CLEAN_VPATH_FILES =
|
||||||
|
AM_V_P = $(am__v_P_@AM_V@)
|
||||||
|
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
||||||
|
am__v_P_0 = false
|
||||||
|
am__v_P_1 = :
|
||||||
|
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
||||||
|
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
||||||
|
am__v_GEN_0 = @echo " GEN " $@;
|
||||||
|
am__v_GEN_1 =
|
||||||
|
AM_V_at = $(am__v_at_@AM_V@)
|
||||||
|
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
||||||
|
am__v_at_0 = @
|
||||||
|
am__v_at_1 =
|
||||||
|
SOURCES =
|
||||||
|
DIST_SOURCES =
|
||||||
|
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
|
||||||
|
ctags-recursive dvi-recursive html-recursive info-recursive \
|
||||||
|
install-data-recursive install-dvi-recursive \
|
||||||
|
install-exec-recursive install-html-recursive \
|
||||||
|
install-info-recursive install-pdf-recursive \
|
||||||
|
install-ps-recursive install-recursive installcheck-recursive \
|
||||||
|
installdirs-recursive pdf-recursive ps-recursive \
|
||||||
|
tags-recursive uninstall-recursive
|
||||||
|
am__can_run_installinfo = \
|
||||||
|
case $$AM_UPDATE_INFO_DIR in \
|
||||||
|
n|no|NO) false;; \
|
||||||
|
*) (install-info --version) >/dev/null 2>&1;; \
|
||||||
|
esac
|
||||||
|
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
|
||||||
|
distclean-recursive maintainer-clean-recursive
|
||||||
|
am__recursive_targets = \
|
||||||
|
$(RECURSIVE_TARGETS) \
|
||||||
|
$(RECURSIVE_CLEAN_TARGETS) \
|
||||||
|
$(am__extra_recursive_targets)
|
||||||
|
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
|
||||||
|
cscope distdir dist dist-all distcheck
|
||||||
|
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \
|
||||||
|
$(LISP)config.h.in
|
||||||
|
# Read a list of newline-separated strings from the standard input,
|
||||||
|
# and print each of them once, without duplicates. Input order is
|
||||||
|
# *not* preserved.
|
||||||
|
am__uniquify_input = $(AWK) '\
|
||||||
|
BEGIN { nonempty = 0; } \
|
||||||
|
{ items[$$0] = 1; nonempty = 1; } \
|
||||||
|
END { if (nonempty) { for (i in items) print i; }; } \
|
||||||
|
'
|
||||||
|
# Make sure the list of sources is unique. This is necessary because,
|
||||||
|
# e.g., the same source file might be shared among _SOURCES variables
|
||||||
|
# for different programs/libraries.
|
||||||
|
am__define_uniq_tagged_files = \
|
||||||
|
list='$(am__tagged_files)'; \
|
||||||
|
unique=`for i in $$list; do \
|
||||||
|
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
|
||||||
|
done | $(am__uniquify_input)`
|
||||||
|
ETAGS = etags
|
||||||
|
CTAGS = ctags
|
||||||
|
CSCOPE = cscope
|
||||||
|
DIST_SUBDIRS = libmisc lib libsubid src po contrib doc etc man
|
||||||
|
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
|
||||||
|
$(srcdir)/shadow.spec.in $(top_srcdir)/man/po/Makefile.in \
|
||||||
|
ABOUT-NLS COPYING ChangeLog NEWS README TODO compile \
|
||||||
|
config.guess config.rpath config.sub install-sh ltmain.sh \
|
||||||
|
missing
|
||||||
|
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||||
|
distdir = $(PACKAGE)-$(VERSION)
|
||||||
|
top_distdir = $(distdir)
|
||||||
|
am__remove_distdir = \
|
||||||
|
if test -d "$(distdir)"; then \
|
||||||
|
find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
|
||||||
|
&& rm -rf "$(distdir)" \
|
||||||
|
|| { sleep 5 && rm -rf "$(distdir)"; }; \
|
||||||
|
else :; fi
|
||||||
|
am__post_remove_distdir = $(am__remove_distdir)
|
||||||
|
am__relativize = \
|
||||||
|
dir0=`pwd`; \
|
||||||
|
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
|
||||||
|
sed_rest='s,^[^/]*/*,,'; \
|
||||||
|
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
|
||||||
|
sed_butlast='s,/*[^/]*$$,,'; \
|
||||||
|
while test -n "$$dir1"; do \
|
||||||
|
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
|
||||||
|
if test "$$first" != "."; then \
|
||||||
|
if test "$$first" = ".."; then \
|
||||||
|
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
|
||||||
|
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
|
||||||
|
else \
|
||||||
|
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
|
||||||
|
if test "$$first2" = "$$first"; then \
|
||||||
|
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
|
||||||
|
else \
|
||||||
|
dir2="../$$dir2"; \
|
||||||
|
fi; \
|
||||||
|
dir0="$$dir0"/"$$first"; \
|
||||||
|
fi; \
|
||||||
|
fi; \
|
||||||
|
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
|
||||||
|
done; \
|
||||||
|
reldir="$$dir2"
|
||||||
|
DIST_ARCHIVES = $(distdir).tar.gz $(distdir).tar.xz
|
||||||
|
GZIP_ENV = --best
|
||||||
|
DIST_TARGETS = dist-xz dist-gzip
|
||||||
|
distuninstallcheck_listfiles = find . -type f -print
|
||||||
|
am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \
|
||||||
|
| sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$'
|
||||||
|
distcleancheck_listfiles = find . -type f -print
|
||||||
|
ACLOCAL = @ACLOCAL@
|
||||||
|
AMTAR = @AMTAR@
|
||||||
|
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
||||||
|
AR = @AR@
|
||||||
|
AUTOCONF = @AUTOCONF@
|
||||||
|
AUTOHEADER = @AUTOHEADER@
|
||||||
|
AUTOMAKE = @AUTOMAKE@
|
||||||
|
AWK = @AWK@
|
||||||
|
CC = @CC@
|
||||||
|
CCDEPMODE = @CCDEPMODE@
|
||||||
|
CFLAGS = @CFLAGS@
|
||||||
|
CPP = @CPP@
|
||||||
|
CPPFLAGS = @CPPFLAGS@
|
||||||
|
CYGPATH_W = @CYGPATH_W@
|
||||||
|
DEFS = @DEFS@
|
||||||
|
DEPDIR = @DEPDIR@
|
||||||
|
DLLTOOL = @DLLTOOL@
|
||||||
|
DSYMUTIL = @DSYMUTIL@
|
||||||
|
DUMPBIN = @DUMPBIN@
|
||||||
|
ECHO_C = @ECHO_C@
|
||||||
|
ECHO_N = @ECHO_N@
|
||||||
|
ECHO_T = @ECHO_T@
|
||||||
|
ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
|
||||||
|
EGREP = @EGREP@
|
||||||
|
EXEEXT = @EXEEXT@
|
||||||
|
FGREP = @FGREP@
|
||||||
|
GMSGFMT = @GMSGFMT@
|
||||||
|
GMSGFMT_015 = @GMSGFMT_015@
|
||||||
|
GREP = @GREP@
|
||||||
|
GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
|
||||||
|
INSTALL = @INSTALL@
|
||||||
|
INSTALL_DATA = @INSTALL_DATA@
|
||||||
|
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||||
|
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||||
|
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
||||||
|
INTLLIBS = @INTLLIBS@
|
||||||
|
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
|
||||||
|
LD = @LD@
|
||||||
|
LDFLAGS = @LDFLAGS@
|
||||||
|
LIBACL = @LIBACL@
|
||||||
|
LIBATTR = @LIBATTR@
|
||||||
|
LIBAUDIT = @LIBAUDIT@
|
||||||
|
LIBCRACK = @LIBCRACK@
|
||||||
|
LIBCRYPT = @LIBCRYPT@
|
||||||
|
LIBECONF = @LIBECONF@
|
||||||
|
LIBICONV = @LIBICONV@
|
||||||
|
LIBINTL = @LIBINTL@
|
||||||
|
LIBMD = @LIBMD@
|
||||||
|
LIBOBJS = @LIBOBJS@
|
||||||
|
LIBPAM = @LIBPAM@
|
||||||
|
LIBS = @LIBS@
|
||||||
|
LIBSELINUX = @LIBSELINUX@
|
||||||
|
LIBSEMANAGE = @LIBSEMANAGE@
|
||||||
|
LIBSKEY = @LIBSKEY@
|
||||||
|
LIBSUBID_ABI = @LIBSUBID_ABI@
|
||||||
|
LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
|
||||||
|
LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
|
||||||
|
LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
|
||||||
|
LIBTCB = @LIBTCB@
|
||||||
|
LIBTOOL = @LIBTOOL@
|
||||||
|
LIPO = @LIPO@
|
||||||
|
LIYESCRYPT = @LIYESCRYPT@
|
||||||
|
LN_S = @LN_S@
|
||||||
|
LTLIBICONV = @LTLIBICONV@
|
||||||
|
LTLIBINTL = @LTLIBINTL@
|
||||||
|
LTLIBOBJS = @LTLIBOBJS@
|
||||||
|
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
|
||||||
|
MAINT = @MAINT@
|
||||||
|
MAKEINFO = @MAKEINFO@
|
||||||
|
MANIFEST_TOOL = @MANIFEST_TOOL@
|
||||||
|
MKDIR_P = @MKDIR_P@
|
||||||
|
MSGFMT = @MSGFMT@
|
||||||
|
MSGFMT_015 = @MSGFMT_015@
|
||||||
|
MSGMERGE = @MSGMERGE@
|
||||||
|
NM = @NM@
|
||||||
|
NMEDIT = @NMEDIT@
|
||||||
|
OBJDUMP = @OBJDUMP@
|
||||||
|
OBJEXT = @OBJEXT@
|
||||||
|
OTOOL = @OTOOL@
|
||||||
|
OTOOL64 = @OTOOL64@
|
||||||
|
PACKAGE = @PACKAGE@
|
||||||
|
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
||||||
|
PACKAGE_NAME = @PACKAGE_NAME@
|
||||||
|
PACKAGE_STRING = @PACKAGE_STRING@
|
||||||
|
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||||
|
PACKAGE_URL = @PACKAGE_URL@
|
||||||
|
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||||
|
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||||
|
POSUB = @POSUB@
|
||||||
|
RANLIB = @RANLIB@
|
||||||
|
SED = @SED@
|
||||||
|
SET_MAKE = @SET_MAKE@
|
||||||
|
SHELL = @SHELL@
|
||||||
|
STRIP = @STRIP@
|
||||||
|
USE_NLS = @USE_NLS@
|
||||||
|
VENDORDIR = @VENDORDIR@
|
||||||
|
VERSION = @VERSION@
|
||||||
|
XGETTEXT = @XGETTEXT@
|
||||||
|
XGETTEXT_015 = @XGETTEXT_015@
|
||||||
|
XMLCATALOG = @XMLCATALOG@
|
||||||
|
XML_CATALOG_FILE = @XML_CATALOG_FILE@
|
||||||
|
XSLTPROC = @XSLTPROC@
|
||||||
|
YACC = @YACC@
|
||||||
|
YFLAGS = @YFLAGS@
|
||||||
|
abs_builddir = @abs_builddir@
|
||||||
|
abs_srcdir = @abs_srcdir@
|
||||||
|
abs_top_builddir = @abs_top_builddir@
|
||||||
|
abs_top_srcdir = @abs_top_srcdir@
|
||||||
|
ac_ct_AR = @ac_ct_AR@
|
||||||
|
ac_ct_CC = @ac_ct_CC@
|
||||||
|
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
|
||||||
|
am__include = @am__include@
|
||||||
|
am__leading_dot = @am__leading_dot@
|
||||||
|
am__quote = @am__quote@
|
||||||
|
am__tar = @am__tar@
|
||||||
|
am__untar = @am__untar@
|
||||||
|
bindir = @bindir@
|
||||||
|
build = @build@
|
||||||
|
build_alias = @build_alias@
|
||||||
|
build_cpu = @build_cpu@
|
||||||
|
build_os = @build_os@
|
||||||
|
build_vendor = @build_vendor@
|
||||||
|
builddir = @builddir@
|
||||||
|
capcmd = @capcmd@
|
||||||
|
datadir = @datadir@
|
||||||
|
datarootdir = @datarootdir@
|
||||||
|
docdir = @docdir@
|
||||||
|
dvidir = @dvidir@
|
||||||
|
exec_prefix = @exec_prefix@
|
||||||
|
host = @host@
|
||||||
|
host_alias = @host_alias@
|
||||||
|
host_cpu = @host_cpu@
|
||||||
|
host_os = @host_os@
|
||||||
|
host_vendor = @host_vendor@
|
||||||
|
htmldir = @htmldir@
|
||||||
|
includedir = @includedir@
|
||||||
|
infodir = @infodir@
|
||||||
|
install_sh = @install_sh@
|
||||||
|
libdir = @libdir@
|
||||||
|
libexecdir = @libexecdir@
|
||||||
|
localedir = @localedir@
|
||||||
|
localstatedir = @localstatedir@
|
||||||
|
mandir = @mandir@
|
||||||
|
mkdir_p = @mkdir_p@
|
||||||
|
oldincludedir = @oldincludedir@
|
||||||
|
pdfdir = @pdfdir@
|
||||||
|
prefix = @prefix@
|
||||||
|
program_transform_name = @program_transform_name@
|
||||||
|
psdir = @psdir@
|
||||||
|
runstatedir = @runstatedir@
|
||||||
|
sbindir = @sbindir@
|
||||||
|
sharedstatedir = @sharedstatedir@
|
||||||
|
srcdir = @srcdir@
|
||||||
|
sysconfdir = @sysconfdir@
|
||||||
|
target_alias = @target_alias@
|
||||||
|
top_build_prefix = @top_build_prefix@
|
||||||
|
top_builddir = @top_builddir@
|
||||||
|
top_srcdir = @top_srcdir@
|
||||||
|
EXTRA_DIST = NEWS README TODO shadow.spec.in
|
||||||
|
SUBDIRS = libmisc lib $(am__append_1) src po contrib doc etc \
|
||||||
|
$(am__append_2)
|
||||||
|
all: config.h
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) all-recursive
|
||||||
|
|
||||||
|
.SUFFIXES:
|
||||||
|
am--refresh: Makefile
|
||||||
|
@:
|
||||||
|
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
|
||||||
|
@for dep in $?; do \
|
||||||
|
case '$(am__configure_deps)' in \
|
||||||
|
*$$dep*) \
|
||||||
|
echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
|
||||||
|
$(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
|
||||||
|
&& exit 0; \
|
||||||
|
exit 1;; \
|
||||||
|
esac; \
|
||||||
|
done; \
|
||||||
|
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
|
||||||
|
$(am__cd) $(top_srcdir) && \
|
||||||
|
$(AUTOMAKE) --foreign Makefile
|
||||||
|
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||||
|
@case '$?' in \
|
||||||
|
*config.status*) \
|
||||||
|
echo ' $(SHELL) ./config.status'; \
|
||||||
|
$(SHELL) ./config.status;; \
|
||||||
|
*) \
|
||||||
|
echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
|
||||||
|
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
|
||||||
|
esac;
|
||||||
|
|
||||||
|
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
||||||
|
$(SHELL) ./config.status --recheck
|
||||||
|
|
||||||
|
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
|
||||||
|
$(am__cd) $(srcdir) && $(AUTOCONF)
|
||||||
|
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
|
||||||
|
$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
|
||||||
|
$(am__aclocal_m4_deps):
|
||||||
|
|
||||||
|
config.h: stamp-h1
|
||||||
|
@test -f $@ || rm -f stamp-h1
|
||||||
|
@test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1
|
||||||
|
|
||||||
|
stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
|
||||||
|
@rm -f stamp-h1
|
||||||
|
cd $(top_builddir) && $(SHELL) ./config.status config.h
|
||||||
|
$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
|
||||||
|
($(am__cd) $(top_srcdir) && $(AUTOHEADER))
|
||||||
|
rm -f stamp-h1
|
||||||
|
touch $@
|
||||||
|
|
||||||
|
distclean-hdr:
|
||||||
|
-rm -f config.h stamp-h1
|
||||||
|
man/po/Makefile: $(top_builddir)/config.status $(top_srcdir)/man/po/Makefile.in
|
||||||
|
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||||
|
shadow.spec: $(top_builddir)/config.status $(srcdir)/shadow.spec.in
|
||||||
|
cd $(top_builddir) && $(SHELL) ./config.status $@
|
||||||
|
|
||||||
|
mostlyclean-libtool:
|
||||||
|
-rm -f *.lo
|
||||||
|
|
||||||
|
clean-libtool:
|
||||||
|
-rm -rf .libs _libs
|
||||||
|
|
||||||
|
distclean-libtool:
|
||||||
|
-rm -f libtool config.lt
|
||||||
|
|
||||||
|
# This directory's subdirectories are mostly independent; you can cd
|
||||||
|
# into them and run 'make' without going through this Makefile.
|
||||||
|
# To change the values of 'make' variables: instead of editing Makefiles,
|
||||||
|
# (1) if the variable is set in 'config.status', edit 'config.status'
|
||||||
|
# (which will cause the Makefiles to be regenerated when you run 'make');
|
||||||
|
# (2) otherwise, pass the desired values on the 'make' command line.
|
||||||
|
$(am__recursive_targets):
|
||||||
|
@fail=; \
|
||||||
|
if $(am__make_keepgoing); then \
|
||||||
|
failcom='fail=yes'; \
|
||||||
|
else \
|
||||||
|
failcom='exit 1'; \
|
||||||
|
fi; \
|
||||||
|
dot_seen=no; \
|
||||||
|
target=`echo $@ | sed s/-recursive//`; \
|
||||||
|
case "$@" in \
|
||||||
|
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
|
||||||
|
*) list='$(SUBDIRS)' ;; \
|
||||||
|
esac; \
|
||||||
|
for subdir in $$list; do \
|
||||||
|
echo "Making $$target in $$subdir"; \
|
||||||
|
if test "$$subdir" = "."; then \
|
||||||
|
dot_seen=yes; \
|
||||||
|
local_target="$$target-am"; \
|
||||||
|
else \
|
||||||
|
local_target="$$target"; \
|
||||||
|
fi; \
|
||||||
|
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|
||||||
|
|| eval $$failcom; \
|
||||||
|
done; \
|
||||||
|
if test "$$dot_seen" = "no"; then \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
|
||||||
|
fi; test -z "$$fail"
|
||||||
|
|
||||||
|
ID: $(am__tagged_files)
|
||||||
|
$(am__define_uniq_tagged_files); mkid -fID $$unique
|
||||||
|
tags: tags-recursive
|
||||||
|
TAGS: tags
|
||||||
|
|
||||||
|
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
||||||
|
set x; \
|
||||||
|
here=`pwd`; \
|
||||||
|
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
|
||||||
|
include_option=--etags-include; \
|
||||||
|
empty_fix=.; \
|
||||||
|
else \
|
||||||
|
include_option=--include; \
|
||||||
|
empty_fix=; \
|
||||||
|
fi; \
|
||||||
|
list='$(SUBDIRS)'; for subdir in $$list; do \
|
||||||
|
if test "$$subdir" = .; then :; else \
|
||||||
|
test ! -f $$subdir/TAGS || \
|
||||||
|
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
|
||||||
|
fi; \
|
||||||
|
done; \
|
||||||
|
$(am__define_uniq_tagged_files); \
|
||||||
|
shift; \
|
||||||
|
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
|
||||||
|
test -n "$$unique" || unique=$$empty_fix; \
|
||||||
|
if test $$# -gt 0; then \
|
||||||
|
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||||
|
"$$@" $$unique; \
|
||||||
|
else \
|
||||||
|
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
|
||||||
|
$$unique; \
|
||||||
|
fi; \
|
||||||
|
fi
|
||||||
|
ctags: ctags-recursive
|
||||||
|
|
||||||
|
CTAGS: ctags
|
||||||
|
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
|
||||||
|
$(am__define_uniq_tagged_files); \
|
||||||
|
test -z "$(CTAGS_ARGS)$$unique" \
|
||||||
|
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
|
||||||
|
$$unique
|
||||||
|
|
||||||
|
GTAGS:
|
||||||
|
here=`$(am__cd) $(top_builddir) && pwd` \
|
||||||
|
&& $(am__cd) $(top_srcdir) \
|
||||||
|
&& gtags -i $(GTAGS_ARGS) "$$here"
|
||||||
|
cscope: cscope.files
|
||||||
|
test ! -s cscope.files \
|
||||||
|
|| $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS)
|
||||||
|
clean-cscope:
|
||||||
|
-rm -f cscope.files
|
||||||
|
cscope.files: clean-cscope cscopelist
|
||||||
|
cscopelist: cscopelist-recursive
|
||||||
|
|
||||||
|
cscopelist-am: $(am__tagged_files)
|
||||||
|
list='$(am__tagged_files)'; \
|
||||||
|
case "$(srcdir)" in \
|
||||||
|
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
|
||||||
|
*) sdir=$(subdir)/$(srcdir) ;; \
|
||||||
|
esac; \
|
||||||
|
for i in $$list; do \
|
||||||
|
if test -f "$$i"; then \
|
||||||
|
echo "$(subdir)/$$i"; \
|
||||||
|
else \
|
||||||
|
echo "$$sdir/$$i"; \
|
||||||
|
fi; \
|
||||||
|
done >> $(top_builddir)/cscope.files
|
||||||
|
|
||||||
|
distclean-tags:
|
||||||
|
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
|
||||||
|
-rm -f cscope.out cscope.in.out cscope.po.out cscope.files
|
||||||
|
|
||||||
|
distdir: $(DISTFILES)
|
||||||
|
$(am__remove_distdir)
|
||||||
|
test -d "$(distdir)" || mkdir "$(distdir)"
|
||||||
|
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||||
|
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||||
|
list='$(DISTFILES)'; \
|
||||||
|
dist_files=`for file in $$list; do echo $$file; done | \
|
||||||
|
sed -e "s|^$$srcdirstrip/||;t" \
|
||||||
|
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
||||||
|
case $$dist_files in \
|
||||||
|
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
||||||
|
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
||||||
|
sort -u` ;; \
|
||||||
|
esac; \
|
||||||
|
for file in $$dist_files; do \
|
||||||
|
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
||||||
|
if test -d $$d/$$file; then \
|
||||||
|
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
||||||
|
if test -d "$(distdir)/$$file"; then \
|
||||||
|
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||||
|
fi; \
|
||||||
|
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
||||||
|
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
|
||||||
|
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||||
|
fi; \
|
||||||
|
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
|
||||||
|
else \
|
||||||
|
test -f "$(distdir)/$$file" \
|
||||||
|
|| cp -p $$d/$$file "$(distdir)/$$file" \
|
||||||
|
|| exit 1; \
|
||||||
|
fi; \
|
||||||
|
done
|
||||||
|
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
|
||||||
|
if test "$$subdir" = .; then :; else \
|
||||||
|
$(am__make_dryrun) \
|
||||||
|
|| test -d "$(distdir)/$$subdir" \
|
||||||
|
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|
||||||
|
|| exit 1; \
|
||||||
|
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
|
||||||
|
$(am__relativize); \
|
||||||
|
new_distdir=$$reldir; \
|
||||||
|
dir1=$$subdir; dir2="$(top_distdir)"; \
|
||||||
|
$(am__relativize); \
|
||||||
|
new_top_distdir=$$reldir; \
|
||||||
|
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
|
||||||
|
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
|
||||||
|
($(am__cd) $$subdir && \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) \
|
||||||
|
top_distdir="$$new_top_distdir" \
|
||||||
|
distdir="$$new_distdir" \
|
||||||
|
am__remove_distdir=: \
|
||||||
|
am__skip_length_check=: \
|
||||||
|
am__skip_mode_fix=: \
|
||||||
|
distdir) \
|
||||||
|
|| exit 1; \
|
||||||
|
fi; \
|
||||||
|
done
|
||||||
|
-test -n "$(am__skip_mode_fix)" \
|
||||||
|
|| find "$(distdir)" -type d ! -perm -755 \
|
||||||
|
-exec chmod u+rwx,go+rx {} \; -o \
|
||||||
|
! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
|
||||||
|
! -type d ! -perm -400 -exec chmod a+r {} \; -o \
|
||||||
|
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|
||||||
|
|| chmod -R a+r "$(distdir)"
|
||||||
|
dist-gzip: distdir
|
||||||
|
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist-bzip2: distdir
|
||||||
|
tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist-lzip: distdir
|
||||||
|
tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
dist-xz: distdir
|
||||||
|
tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist-tarZ: distdir
|
||||||
|
@echo WARNING: "Support for distribution archives compressed with" \
|
||||||
|
"legacy program 'compress' is deprecated." >&2
|
||||||
|
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||||
|
tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist-shar: distdir
|
||||||
|
@echo WARNING: "Support for shar distribution archives is" \
|
||||||
|
"deprecated." >&2
|
||||||
|
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
|
||||||
|
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist-zip: distdir
|
||||||
|
-rm -f $(distdir).zip
|
||||||
|
zip -rq $(distdir).zip $(distdir)
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
dist dist-all:
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:'
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
|
||||||
|
# This target untars the dist file and tries a VPATH configuration. Then
|
||||||
|
# it guarantees that the distribution is self-contained by making another
|
||||||
|
# tarfile.
|
||||||
|
distcheck: dist
|
||||||
|
case '$(DIST_ARCHIVES)' in \
|
||||||
|
*.tar.gz*) \
|
||||||
|
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
|
||||||
|
*.tar.bz2*) \
|
||||||
|
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
|
||||||
|
*.tar.lz*) \
|
||||||
|
lzip -dc $(distdir).tar.lz | $(am__untar) ;;\
|
||||||
|
*.tar.xz*) \
|
||||||
|
xz -dc $(distdir).tar.xz | $(am__untar) ;;\
|
||||||
|
*.tar.Z*) \
|
||||||
|
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
|
||||||
|
*.shar.gz*) \
|
||||||
|
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
|
||||||
|
*.zip*) \
|
||||||
|
unzip $(distdir).zip ;;\
|
||||||
|
esac
|
||||||
|
chmod -R a-w $(distdir)
|
||||||
|
chmod u+w $(distdir)
|
||||||
|
mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst
|
||||||
|
chmod a-w $(distdir)
|
||||||
|
test -d $(distdir)/_build || exit 0; \
|
||||||
|
dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
|
||||||
|
&& dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
|
||||||
|
&& am__cwd=`pwd` \
|
||||||
|
&& $(am__cd) $(distdir)/_build/sub \
|
||||||
|
&& ../../configure \
|
||||||
|
$(AM_DISTCHECK_CONFIGURE_FLAGS) \
|
||||||
|
$(DISTCHECK_CONFIGURE_FLAGS) \
|
||||||
|
--srcdir=../.. --prefix="$$dc_install_base" \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) dvi \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) check \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) install \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) installcheck \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) uninstall \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
|
||||||
|
distuninstallcheck \
|
||||||
|
&& chmod -R a-w "$$dc_install_base" \
|
||||||
|
&& ({ \
|
||||||
|
(cd ../.. && umask 077 && mkdir "$$dc_destdir") \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
|
||||||
|
distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
|
||||||
|
} || { rm -rf "$$dc_destdir"; exit 1; }) \
|
||||||
|
&& rm -rf "$$dc_destdir" \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) dist \
|
||||||
|
&& rm -rf $(DIST_ARCHIVES) \
|
||||||
|
&& $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
|
||||||
|
&& cd "$$am__cwd" \
|
||||||
|
|| exit 1
|
||||||
|
$(am__post_remove_distdir)
|
||||||
|
@(echo "$(distdir) archives ready for distribution: "; \
|
||||||
|
list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
|
||||||
|
sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
|
||||||
|
distuninstallcheck:
|
||||||
|
@test -n '$(distuninstallcheck_dir)' || { \
|
||||||
|
echo 'ERROR: trying to run $@ with an empty' \
|
||||||
|
'$$(distuninstallcheck_dir)' >&2; \
|
||||||
|
exit 1; \
|
||||||
|
}; \
|
||||||
|
$(am__cd) '$(distuninstallcheck_dir)' || { \
|
||||||
|
echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \
|
||||||
|
exit 1; \
|
||||||
|
}; \
|
||||||
|
test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \
|
||||||
|
|| { echo "ERROR: files left after uninstall:" ; \
|
||||||
|
if test -n "$(DESTDIR)"; then \
|
||||||
|
echo " (check DESTDIR support)"; \
|
||||||
|
fi ; \
|
||||||
|
$(distuninstallcheck_listfiles) ; \
|
||||||
|
exit 1; } >&2
|
||||||
|
distcleancheck: distclean
|
||||||
|
@if test '$(srcdir)' = . ; then \
|
||||||
|
echo "ERROR: distcleancheck can only run from a VPATH build" ; \
|
||||||
|
exit 1 ; \
|
||||||
|
fi
|
||||||
|
@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
|
||||||
|
|| { echo "ERROR: files left in build directory after distclean:" ; \
|
||||||
|
$(distcleancheck_listfiles) ; \
|
||||||
|
exit 1; } >&2
|
||||||
|
check-am: all-am
|
||||||
|
check: check-recursive
|
||||||
|
all-am: Makefile config.h
|
||||||
|
installdirs: installdirs-recursive
|
||||||
|
installdirs-am:
|
||||||
|
install: install-recursive
|
||||||
|
install-exec: install-exec-recursive
|
||||||
|
install-data: install-data-recursive
|
||||||
|
uninstall: uninstall-recursive
|
||||||
|
|
||||||
|
install-am: all-am
|
||||||
|
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
||||||
|
|
||||||
|
installcheck: installcheck-recursive
|
||||||
|
install-strip:
|
||||||
|
if test -z '$(STRIP)'; then \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||||
|
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||||
|
install; \
|
||||||
|
else \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||||
|
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||||
|
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
||||||
|
fi
|
||||||
|
mostlyclean-generic:
|
||||||
|
|
||||||
|
clean-generic:
|
||||||
|
|
||||||
|
distclean-generic:
|
||||||
|
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
||||||
|
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
|
||||||
|
|
||||||
|
maintainer-clean-generic:
|
||||||
|
@echo "This command is intended for maintainers to use"
|
||||||
|
@echo "it deletes files that may require special tools to rebuild."
|
||||||
|
clean: clean-recursive
|
||||||
|
|
||||||
|
clean-am: clean-generic clean-libtool mostlyclean-am
|
||||||
|
|
||||||
|
distclean: distclean-recursive
|
||||||
|
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
|
||||||
|
-rm -f Makefile
|
||||||
|
distclean-am: clean-am distclean-generic distclean-hdr \
|
||||||
|
distclean-libtool distclean-tags
|
||||||
|
|
||||||
|
dvi: dvi-recursive
|
||||||
|
|
||||||
|
dvi-am:
|
||||||
|
|
||||||
|
html: html-recursive
|
||||||
|
|
||||||
|
html-am:
|
||||||
|
|
||||||
|
info: info-recursive
|
||||||
|
|
||||||
|
info-am:
|
||||||
|
|
||||||
|
install-data-am:
|
||||||
|
|
||||||
|
install-dvi: install-dvi-recursive
|
||||||
|
|
||||||
|
install-dvi-am:
|
||||||
|
|
||||||
|
install-exec-am:
|
||||||
|
|
||||||
|
install-html: install-html-recursive
|
||||||
|
|
||||||
|
install-html-am:
|
||||||
|
|
||||||
|
install-info: install-info-recursive
|
||||||
|
|
||||||
|
install-info-am:
|
||||||
|
|
||||||
|
install-man:
|
||||||
|
|
||||||
|
install-pdf: install-pdf-recursive
|
||||||
|
|
||||||
|
install-pdf-am:
|
||||||
|
|
||||||
|
install-ps: install-ps-recursive
|
||||||
|
|
||||||
|
install-ps-am:
|
||||||
|
|
||||||
|
installcheck-am:
|
||||||
|
|
||||||
|
maintainer-clean: maintainer-clean-recursive
|
||||||
|
-rm -f $(am__CONFIG_DISTCLEAN_FILES)
|
||||||
|
-rm -rf $(top_srcdir)/autom4te.cache
|
||||||
|
-rm -f Makefile
|
||||||
|
maintainer-clean-am: distclean-am maintainer-clean-generic
|
||||||
|
|
||||||
|
mostlyclean: mostlyclean-recursive
|
||||||
|
|
||||||
|
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
|
||||||
|
|
||||||
|
pdf: pdf-recursive
|
||||||
|
|
||||||
|
pdf-am:
|
||||||
|
|
||||||
|
ps: ps-recursive
|
||||||
|
|
||||||
|
ps-am:
|
||||||
|
|
||||||
|
uninstall-am:
|
||||||
|
|
||||||
|
.MAKE: $(am__recursive_targets) all install-am install-strip
|
||||||
|
|
||||||
|
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \
|
||||||
|
am--refresh check check-am clean clean-cscope clean-generic \
|
||||||
|
clean-libtool cscope cscopelist-am ctags ctags-am dist \
|
||||||
|
dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \
|
||||||
|
dist-xz dist-zip distcheck distclean distclean-generic \
|
||||||
|
distclean-hdr distclean-libtool distclean-tags distcleancheck \
|
||||||
|
distdir distuninstallcheck dvi dvi-am html html-am info \
|
||||||
|
info-am install install-am install-data install-data-am \
|
||||||
|
install-dvi install-dvi-am install-exec install-exec-am \
|
||||||
|
install-html install-html-am install-info install-info-am \
|
||||||
|
install-man install-pdf install-pdf-am install-ps \
|
||||||
|
install-ps-am install-strip installcheck installcheck-am \
|
||||||
|
installdirs installdirs-am maintainer-clean \
|
||||||
|
maintainer-clean-generic mostlyclean mostlyclean-generic \
|
||||||
|
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
|
||||||
|
uninstall-am
|
||||||
|
|
||||||
|
.PRECIOUS: Makefile
|
||||||
|
|
||||||
|
|
||||||
|
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||||
|
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||||
|
.NOEXPORT:
|
||||||
@@ -654,9 +654,9 @@ shadow-4.0.18.2 -> shadow-4.1.0 09-12-2007
|
|||||||
- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
|
- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and
|
||||||
SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
|
SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the
|
||||||
passwords.
|
passwords.
|
||||||
- chpaswd, chgpasswd, newusers: New options -c/--crypt-method and
|
- chpasswd, chgpasswd, newusers: New options -c/--crypt-method and
|
||||||
-s/--sha-rounds to supersede the system default encryption algorithm.
|
-s/--sha-rounds to supersede the system default encryption algorithm.
|
||||||
- chpaswd, chgpasswd, newusers: DES is no more the default algorithm. They
|
- chpasswd, chgpasswd, newusers: DES is no more the default algorithm. They
|
||||||
will respect the system default configured in /etc/login.defs
|
will respect the system default configured in /etc/login.defs
|
||||||
|
|
||||||
*** documentation:
|
*** documentation:
|
||||||
@@ -701,14 +701,14 @@ shadow-4.0.17 -> shadow-4.0.18 01-08-2006
|
|||||||
- groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
|
- groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed
|
||||||
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
|
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920)
|
||||||
- passwd, useradd, usermod: fixed inactive/mindays/warndays/maxdays overflow
|
- passwd, useradd, usermod: fixed inactive/mindays/warndays/maxdays overflow
|
||||||
(simillar to RH#198920),
|
(similar to RH#198920),
|
||||||
- groupmems: rewrited for use PAM and getopt_long() and now it is enabled
|
- groupmems: rewritten for use PAM and getopt_long() and now it is enabled
|
||||||
for build and install (patch by George Kraft <gk4@swbell.net>),
|
for build and install (patch by George Kraft <gk4@swbell.net>),
|
||||||
- S/Key: removed assign getpass() to libshadow_getpass() on autoconf level
|
- S/Key: removed assign getpass() to libshadow_getpass() on autoconf level
|
||||||
(patch by Ulrich Mueller <ulm@kph.uni-mainz.de>; http://bugs.gentoo.org/139966),
|
(patch by Ulrich Mueller <ulm@kph.uni-mainz.de>; http://bugs.gentoo.org/139966),
|
||||||
- usermod: back to previous -a option semantics and clarify -a behavior
|
- usermod: back to previous -a option semantics and clarify -a behavior
|
||||||
on documentation level (by Greg Schafer <gschafer@zip.com.au>),
|
on documentation level (by Greg Schafer <gschafer@zip.com.au>),
|
||||||
- chsh, groupmod: rewrited for use getopt_long().
|
- chsh, groupmod: rewritten for use getopt_long().
|
||||||
- updated translations: ca, cs, da, eu, fr, gl, hu, ko, pl, pt, ru, sv, tr, uk, vi.
|
- updated translations: ca, cs, da, eu, fr, gl, hu, ko, pl, pt, ru, sv, tr, uk, vi.
|
||||||
*** documentation:
|
*** documentation:
|
||||||
- fr and ru man pages are up to date,
|
- fr and ru man pages are up to date,
|
||||||
@@ -743,7 +743,7 @@ shadow-4.0.15 -> shadow-4.0.16 05-06-2006
|
|||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- userdel: better fix for old CERT VU#312962 (which was fixed in shadow 4.0.8):
|
- userdel: better fix for old CERT VU#312962 (which was fixed in shadow 4.0.8):
|
||||||
fixed forgoten checking of the return value from fchown() before
|
fixed forgotten checking of the return value from fchown() before
|
||||||
proceeding with the fchmod() (based on Owl patch prepared by
|
proceeding with the fchmod() (based on Owl patch prepared by
|
||||||
Rafal Wojtczuk <nergal@owl.openwall.com>),
|
Rafal Wojtczuk <nergal@owl.openwall.com>),
|
||||||
- userdel: use login.defs::MAIL_DIR instead hardcoded /var/mail in created
|
- userdel: use login.defs::MAIL_DIR instead hardcoded /var/mail in created
|
||||||
@@ -755,7 +755,7 @@ shadow-4.0.15 -> shadow-4.0.16 05-06-2006
|
|||||||
passwords and libshadow_getpass() is used only because libc getpass()
|
passwords and libshadow_getpass() is used only because libc getpass()
|
||||||
do not handles password prompting with echo enabled,
|
do not handles password prompting with echo enabled,
|
||||||
- move login.defs::MD5_CRYPT_ENAB to non-PAM part,
|
- move login.defs::MD5_CRYPT_ENAB to non-PAM part,
|
||||||
- userdel: rewrited for use getopt_log(),
|
- userdel: rewritten for use getopt_log(),
|
||||||
- install default/template configuration files:
|
- install default/template configuration files:
|
||||||
-- if shadow is configured with use PAM install /etc/pam.d/* files,
|
-- if shadow is configured with use PAM install /etc/pam.d/* files,
|
||||||
-- if shadow do not uses PAM install /etc/{limits,login.acces} files,
|
-- if shadow do not uses PAM install /etc/{limits,login.acces} files,
|
||||||
@@ -793,7 +793,7 @@ shadow-4.0.15 -> shadow-4.0.16 05-06-2006
|
|||||||
- updated ru login.defs(5), passwd(1), userdel(8), usermod(8) man pages,
|
- updated ru login.defs(5), passwd(1), userdel(8), usermod(8) man pages,
|
||||||
- pw_auth(3) man page removed (outdated),
|
- pw_auth(3) man page removed (outdated),
|
||||||
- install limits(5), login.access(5) and porttime(5) man pages only when
|
- install limits(5), login.access(5) and porttime(5) man pages only when
|
||||||
shadow is builded with PAM support disabled,
|
shadow is built with PAM support disabled,
|
||||||
- passwd(1): better document how password strength is checked
|
- passwd(1): better document how password strength is checked
|
||||||
(fixed http://bugs.debian.org/115380),
|
(fixed http://bugs.debian.org/115380),
|
||||||
- usermod(8): added missing -a option description
|
- usermod(8): added missing -a option description
|
||||||
@@ -816,7 +816,7 @@ shadow-4.0.14 -> shadow-4.0.15 13-03-2006
|
|||||||
- login: default UMASK if not specified in login.defs is 022 (pointed by
|
- login: default UMASK if not specified in login.defs is 022 (pointed by
|
||||||
Peter Vrabec <pvrabec@redhat.com>),
|
Peter Vrabec <pvrabec@redhat.com>),
|
||||||
- chgpasswd: new tool (by Jonas Meurer <mejo@debian.org>),
|
- chgpasswd: new tool (by Jonas Meurer <mejo@debian.org>),
|
||||||
- lastlog: print the usage and exit if an additional argument is profided to
|
- lastlog: print the usage and exit if an additional argument is provided to
|
||||||
lastlog (merge 488_laslog_verify_arguments Debian patch),
|
lastlog (merge 488_laslog_verify_arguments Debian patch),
|
||||||
- login, newgrp, nologin, su: do not link with libselinux (merge
|
- login, newgrp, nologin, su: do not link with libselinux (merge
|
||||||
490_link_selinux_only_when_needed Debian patch),
|
490_link_selinux_only_when_needed Debian patch),
|
||||||
@@ -830,9 +830,9 @@ shadow-4.0.14 -> shadow-4.0.15 13-03-2006
|
|||||||
tries exceeded,
|
tries exceeded,
|
||||||
- always prints the number of tries in the syslog entry.
|
- always prints the number of tries in the syslog entry.
|
||||||
- add special handling for PAM_ABORT
|
- add special handling for PAM_ABORT
|
||||||
- add an entry to failog, as when USE_PAM is not defined. (#53164)
|
- add an entry to faillog, as when USE_PAM is not defined. (#53164)
|
||||||
- changed pam_end to PAM_END. This is certainly was a mistake. PAM_END is
|
- changed pam_end to PAM_END. This is certainly was a mistake. PAM_END is
|
||||||
pam_close_seesion + pam_end. Here, the session is still not open, we
|
pam_close_session + pam_end. Here, the session is still not open, we
|
||||||
don't have to close it.
|
don't have to close it.
|
||||||
- a HAVE_PAM_FAIL_DELAY is missing,
|
- a HAVE_PAM_FAIL_DELAY is missing,
|
||||||
- su: fixed pam session support (patch from Topi Miettinen; fixed #57526,
|
- su: fixed pam session support (patch from Topi Miettinen; fixed #57526,
|
||||||
@@ -840,7 +840,7 @@ shadow-4.0.14 -> shadow-4.0.15 13-03-2006
|
|||||||
- userdel: user's group is already removed by update_groups().
|
- userdel: user's group is already removed by update_groups().
|
||||||
remove_group() is not needed (bug introduced in 4.0.14 on merge FC fixes).
|
remove_group() is not needed (bug introduced in 4.0.14 on merge FC fixes).
|
||||||
Fixed by Nicolas François <nicolas.francois@centraliens.net>,
|
Fixed by Nicolas François <nicolas.francois@centraliens.net>,
|
||||||
- useradd: allways remove group and gshadow databases lock, Fixed by Nicolas
|
- useradd: always remove group and gshadow databases lock, Fixed by Nicolas
|
||||||
François <nicolas.francois@centraliens.net>
|
François <nicolas.francois@centraliens.net>
|
||||||
(http://bugs.debian.org/348250)
|
(http://bugs.debian.org/348250)
|
||||||
- auditing fixes:
|
- auditing fixes:
|
||||||
@@ -848,14 +848,14 @@ shadow-4.0.14 -> shadow-4.0.15 13-03-2006
|
|||||||
added audit_logger() prototype),
|
added audit_logger() prototype),
|
||||||
- useradd: fixed excess audit_logger() argument,
|
- useradd: fixed excess audit_logger() argument,
|
||||||
- chage: added missing \n on display password status if password must be
|
- chage: added missing \n on display password status if password must be
|
||||||
chaged,
|
changed,
|
||||||
- useradd: fixed allow non-unique UID (http://bugs.debian.org/351281),
|
- useradd: fixed allow non-unique UID (http://bugs.debian.org/351281),
|
||||||
- variouse code cleanups for make possible compilation of shadow with -Wall
|
- various code cleanups for make possible compilation of shadow with -Wall
|
||||||
-Werror (by Alexander Gattin <xrgtn@yandex.ru>),
|
-Werror (by Alexander Gattin <xrgtn@yandex.ru>),
|
||||||
- su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
|
- su: move exit() outside libmisc/shell.c::shell() for handle shell() errors
|
||||||
on higher level (now is better visable where some programs exit with 126
|
on higher level (now is better visable where some programs exit with 126
|
||||||
and 127 exit codes); added new shell() parameter (char *const envp[])
|
and 127 exit codes); added new shell() parameter (char *const envp[])
|
||||||
which allow fix preserving enviloment in su on using -p, (patch by
|
which allow fix preserving enviroment in su on using -p, (patch by
|
||||||
Alexander Gattin <xrgtn@yandex.ru>),
|
Alexander Gattin <xrgtn@yandex.ru>),
|
||||||
- su: added handle -c,--command option for GNU su compliance (merge
|
- su: added handle -c,--command option for GNU su compliance (merge
|
||||||
437_su_-c_option Debian patch),
|
437_su_-c_option Debian patch),
|
||||||
@@ -903,7 +903,7 @@ shadow-4.0.13 -> shadow-4.0.14 03-01-2006
|
|||||||
- userdel: make the -f option force the removal of the user's group (even if it
|
- userdel: make the -f option force the removal of the user's group (even if it
|
||||||
is the primary group of another user)
|
is the primary group of another user)
|
||||||
(merge 453_userdel_-f_removes_group Debian patch),
|
(merge 453_userdel_-f_removes_group Debian patch),
|
||||||
- usermod: rewrited for use getopt_long() (Christian Perrier <bubulle@kheops.frmug.org>),
|
- usermod: rewritten for use getopt_long() (Christian Perrier <bubulle@kheops.frmug.org>),
|
||||||
- grpck: fixed segmentation fault on using -s when /etc/gshadow is empty (fix by
|
- grpck: fixed segmentation fault on using -s when /etc/gshadow is empty (fix by
|
||||||
Tomasz Lemiech <szpajder@staszic.waw.pl>),
|
Tomasz Lemiech <szpajder@staszic.waw.pl>),
|
||||||
- passwd: remove handle -f, -g and -s options.
|
- passwd: remove handle -f, -g and -s options.
|
||||||
@@ -912,7 +912,7 @@ shadow-4.0.13 -> shadow-4.0.14 03-01-2006
|
|||||||
Nicolas François <nicolas.francois@centraliens.net>)
|
Nicolas François <nicolas.francois@centraliens.net>)
|
||||||
- su: export $USER and $SHELL as well as $HOME (http://bugs.debian.org/11003 and
|
- su: export $USER and $SHELL as well as $HOME (http://bugs.debian.org/11003 and
|
||||||
http://bugs.debian.org/11189),
|
http://bugs.debian.org/11189),
|
||||||
- su, vipw: rewrited for use getopt_long(),
|
- su, vipw: rewritten for use getopt_long(),
|
||||||
- su: log successful/failed through syslog (http://bugs.debian.org/190215),
|
- su: log successful/failed through syslog (http://bugs.debian.org/190215),
|
||||||
- updated translations: ca, cs, da, eu, fi, fr, it, pl, pt, ru, sv, tl, vi,
|
- updated translations: ca, cs, da, eu, fi, fr, it, pl, pt, ru, sv, tl, vi,
|
||||||
- new translations: gl.
|
- new translations: gl.
|
||||||
@@ -946,7 +946,7 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- chage: removed duplicated pam_start(),
|
- chage: removed duplicated pam_start(),
|
||||||
- chfn, chsh: finished PAM support usin pam_start() and co.,
|
- chfn, chsh: finished PAM support using pam_start() and co.,
|
||||||
- userdel: userdel should not remove the group which is primary for someone else
|
- userdel: userdel should not remove the group which is primary for someone else
|
||||||
(fix by Nicolas François <nicolas.francois@centraliens.net>
|
(fix by Nicolas François <nicolas.francois@centraliens.net>
|
||||||
http://bugs.debian.org/295416),
|
http://bugs.debian.org/295416),
|
||||||
@@ -955,7 +955,7 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
- fixedlib/commonio.c: don't assume selinux is enabled if is_selinux_enabled()
|
- fixedlib/commonio.c: don't assume selinux is enabled if is_selinux_enabled()
|
||||||
returns -1 (merge isSelinuxEnabled FC patch by Jeremy Katz <katzj@redhat.com>),
|
returns -1 (merge isSelinuxEnabled FC patch by Jeremy Katz <katzj@redhat.com>),
|
||||||
- login, su (non-PAM case): fixed setup max address space limits (added missing break
|
- login, su (non-PAM case): fixed setup max address space limits (added missing break
|
||||||
statement in case) spoted by Lasse Collin <lasse.collin@tukaani.org>,
|
statement in case) spotted by Lasse Collin <lasse.collin@tukaani.org>,
|
||||||
- auditing support added. Patch prepared by Peter Vrabec <pvrabec@redhat.com> basing
|
- auditing support added. Patch prepared by Peter Vrabec <pvrabec@redhat.com> basing
|
||||||
on work by Steve Grubb from http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159215
|
on work by Steve Grubb from http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159215
|
||||||
Now auditing support have commands: chage, gpasswd, groupadd, groupdel, groupmod,
|
Now auditing support have commands: chage, gpasswd, groupadd, groupdel, groupmod,
|
||||||
@@ -972,12 +972,12 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
This will permit to adduser Debian script to detect if chage failed because the
|
This will permit to adduser Debian script to detect if chage failed because the
|
||||||
system doesn't have shadowed passwords (fix for http://bugs.debian.org/317012),
|
system doesn't have shadowed passwords (fix for http://bugs.debian.org/317012),
|
||||||
- merge 010_more-i18ned-messages Debian patch which adds i18n support for few
|
- merge 010_more-i18ned-messages Debian patch which adds i18n support for few
|
||||||
more messages (orginaly patch was prepared by Guillem Jover <guillem@debian.org>),
|
more messages (originally patch was prepared by Guillem Jover <guillem@debian.org>),
|
||||||
- lastlog: added handle -b option which allow print only lastlog records older than
|
- lastlog: added handle -b option which allow print only lastlog records older than
|
||||||
specified DAYS (fix by <miles@lubin.us>),
|
specified DAYS (fix by <miles@lubin.us>),
|
||||||
- chpasswd, gpasswd, newusers: fixed libmisc/salt.c for use login.defs::MD5_CRYPT_ENAB
|
- chpasswd, gpasswd, newusers: fixed libmisc/salt.c for use login.defs::MD5_CRYPT_ENAB
|
||||||
only if PAM support is disabled (fix by John Gatewood Ham <zappaman@buraphalinux.org>),
|
only if PAM support is disabled (fix by John Gatewood Ham <zappaman@buraphalinux.org>),
|
||||||
- passwd: rewrited for use getopt_long(),
|
- passwd: rewritten for use getopt_long(),
|
||||||
- newgrp: when newgrp process sits between parent and child shells, it should
|
- newgrp: when newgrp process sits between parent and child shells, it should
|
||||||
propagate STOPs from child to parent and CONTs from parent to child,
|
propagate STOPs from child to parent and CONTs from parent to child,
|
||||||
otherwise e.g. bash's "suspend" command won't work
|
otherwise e.g. bash's "suspend" command won't work
|
||||||
@@ -987,11 +987,11 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
- chsh(1), groupadd(8), newusers(8), pwconv(8), useradd(8), userdel(8), usermod(8):
|
- chsh(1), groupadd(8), newusers(8), pwconv(8), useradd(8), userdel(8), usermod(8):
|
||||||
added missing references to /etc/login.defs and login.defs(5)
|
added missing references to /etc/login.defs and login.defs(5)
|
||||||
(Christian Perrier <bubulle@kheops.frmug.org>),
|
(Christian Perrier <bubulle@kheops.frmug.org>),
|
||||||
- passwd(5): rewrited based on work by Greg Wooledge <greg@wooledge.org>
|
- passwd(5): rewritten based on work by Greg Wooledge <greg@wooledge.org>
|
||||||
http://bugs.debian.org/328113
|
http://bugs.debian.org/328113
|
||||||
- login(1): added securetty(5) to SEE ALSO section
|
- login(1): added securetty(5) to SEE ALSO section
|
||||||
(fixed Debian bug http://bugs.debian.org/325773),
|
(fixed Debian bug http://bugs.debian.org/325773),
|
||||||
- groupadd(8), useradd(8): fix regular expression describing alloved login/group
|
- groupadd(8), useradd(8): fix regular expression describing allowed login/group
|
||||||
names (pointed by Nicolas François <nicolas.francois@centraliens.net>)
|
names (pointed by Nicolas François <nicolas.francois@centraliens.net>)
|
||||||
(correct is [a-z_][a-z0-9_-]*[$]),
|
(correct is [a-z_][a-z0-9_-]*[$]),
|
||||||
- groupadd(8), useradd(8): documents in CAVEATS section the limitations shadow
|
- groupadd(8), useradd(8): documents in CAVEATS section the limitations shadow
|
||||||
@@ -1001,9 +1001,9 @@ shadow-4.0.12 -> shadow-4.0.13 10-10-2005
|
|||||||
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and allways
|
- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and always
|
||||||
close PAM session,
|
close PAM session,
|
||||||
- fixed configure.in: realy enable shadow group support by default (pointed by
|
- fixed configure.in: really enable shadow group support by default (pointed by
|
||||||
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
|
Greg Schafer <gschafer@zip.com.au> and Peter Vrabec <pvrabec@redhat.com>),
|
||||||
- login.defs: removed handle QMAIL_DIR variable,
|
- login.defs: removed handle QMAIL_DIR variable,
|
||||||
- login: allow regular user to login on read-only root file system (not only for root)
|
- login: allow regular user to login on read-only root file system (not only for root)
|
||||||
@@ -1028,9 +1028,9 @@ shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005
|
|||||||
period and permit brute-force attacks (fixed http://bugs.debian.org/288827),
|
period and permit brute-force attacks (fixed http://bugs.debian.org/288827),
|
||||||
- uClibc fixes (by Martin Schlemmer <azarah@nosferatu.za.org>):
|
- uClibc fixes (by Martin Schlemmer <azarah@nosferatu.za.org>):
|
||||||
added require ngettext (added [need-ngettext] to AM_GNU_GETTEXT() parameters)
|
added require ngettext (added [need-ngettext] to AM_GNU_GETTEXT() parameters)
|
||||||
and stub prototype for ngettext() in lib/prototypes.h (neccessary if shadow
|
and stub prototype for ngettext() in lib/prototypes.h (necessary if shadow
|
||||||
compiled with disabled NLS support)
|
compiled with disabled NLS support)
|
||||||
- groupadd: rewrited for use getopt_long(),
|
- groupadd: rewritten for use getopt_long(),
|
||||||
- groupadd, groupdel, groupmod, userdel: do OPENLOG() before pam_start(),
|
- groupadd, groupdel, groupmod, userdel: do OPENLOG() before pam_start(),
|
||||||
- groupadd: fixed double OPENLOG(),
|
- groupadd: fixed double OPENLOG(),
|
||||||
- removed lib/{grpack,gspack,pwpack,sppack}.c and prototypes from lib/prototypes.h
|
- removed lib/{grpack,gspack,pwpack,sppack}.c and prototypes from lib/prototypes.h
|
||||||
@@ -1066,7 +1066,7 @@ shadow-4.0.10 -> shadow-4.0.11 18-07-2005
|
|||||||
- su: ignore SIGINT while authenticating. A ^C could defeat the waiting period and
|
- su: ignore SIGINT while authenticating. A ^C could defeat the waiting period and
|
||||||
permit brute-force attacks. Also ignore SIGQUIT.
|
permit brute-force attacks. Also ignore SIGQUIT.
|
||||||
Fixed: http://bugs.debian.org/52372 and http://bugs.debian.org/288827
|
Fixed: http://bugs.debian.org/52372 and http://bugs.debian.org/288827
|
||||||
- useradd: rewrited for use getopt_long(),
|
- useradd: rewritten for use getopt_long(),
|
||||||
- newgrp: add fix for handle splitted NIS groups: extends the functionality that,
|
- newgrp: add fix for handle splitted NIS groups: extends the functionality that,
|
||||||
if the requested group is given, all groups of the same GID are tested for
|
if the requested group is given, all groups of the same GID are tested for
|
||||||
membership of the requesting user.
|
membership of the requesting user.
|
||||||
@@ -1097,7 +1097,7 @@ shadow-4.0.10 -> shadow-4.0.11 18-07-2005
|
|||||||
- updated translations: cs, da, de, es, fi, pl, pt, ro, ru, sk.
|
- updated translations: cs, da, de, es, fi, pl, pt, ro, ru, sk.
|
||||||
*** documentation:
|
*** documentation:
|
||||||
- pwck(8): document -q option (based on Debian patch for fix http://bugs.debian.org/309408)
|
- pwck(8): document -q option (based on Debian patch for fix http://bugs.debian.org/309408)
|
||||||
- pwck(8): rewrited OPTIONS section and better SYNOPSIS,
|
- pwck(8): rewritten OPTIONS section and better SYNOPSIS,
|
||||||
- lastlog(8): document that lastlog is a sparse file, and don't need to be rotated
|
- lastlog(8): document that lastlog is a sparse file, and don't need to be rotated
|
||||||
http://bugs.debian.org/219321
|
http://bugs.debian.org/219321
|
||||||
- login(8): better explain the respective roles of login, init and getty with regards
|
- login(8): better explain the respective roles of login, init and getty with regards
|
||||||
@@ -1111,12 +1111,12 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
|||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- mkpasswd: removed,
|
- mkpasswd: removed,
|
||||||
- userdel: now deletes user groups from /etc/gshdow as well as /etc/group.
|
- userdel: now deletes user groups from /etc/gshadow as well as /etc/group.
|
||||||
Fix by Nicolas François <nicolas.francois@centraliens.net>.
|
Fix by Nicolas François <nicolas.francois@centraliens.net>.
|
||||||
http://bugs.debian.org/99442
|
http://bugs.debian.org/99442
|
||||||
- usermod: when relocating a user's home directory, don't fail and remove the new
|
- usermod: when relocating a user's home directory, don't fail and remove the new
|
||||||
home directory if we can't remove the old home directory for some
|
home directory if we can't remove the old home directory for some
|
||||||
reason; the results can be spectularly poort if, for instance, only
|
reason; the results can be spectacularly poor if, for instance, only
|
||||||
the rmdir() fails. Patch prepared by Timo Lindfors <lindi-spamtrap@newmail.com>.
|
the rmdir() fails. Patch prepared by Timo Lindfors <lindi-spamtrap@newmail.com>.
|
||||||
http://bugs.debian.org/166369
|
http://bugs.debian.org/166369
|
||||||
- su: fix syslogs to be less ambiguous. Use old:new format instead of old-new
|
- su: fix syslogs to be less ambiguous. Use old:new format instead of old-new
|
||||||
@@ -1124,7 +1124,7 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
|||||||
http://bugs.debian.org/213592
|
http://bugs.debian.org/213592
|
||||||
- removed not used now libmisc/setup.c,
|
- removed not used now libmisc/setup.c,
|
||||||
- login: use also UTMPX API instead UTMP on failure (login was affected for this
|
- login: use also UTMPX API instead UTMP on failure (login was affected for this
|
||||||
when shadow was builded without PAM support)
|
when shadow was built without PAM support)
|
||||||
patch by Nicolas François <nicolas.francois@centraliens.net>
|
patch by Nicolas François <nicolas.francois@centraliens.net>
|
||||||
- login: the PAM session needs to be closed as root, thus before change_uid()
|
- login: the PAM session needs to be closed as root, thus before change_uid()
|
||||||
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
|
http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884
|
||||||
@@ -1135,12 +1135,12 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
|||||||
http://bugs.debian.org/48002
|
http://bugs.debian.org/48002
|
||||||
- login: fixed username on succesful login (was using the normal username,
|
- login: fixed username on succesful login (was using the normal username,
|
||||||
when it should have used pam_user) http://bugs.debian.org/47819
|
when it should have used pam_user) http://bugs.debian.org/47819
|
||||||
- remove using SHADOWPWD #define so now shadow is allways builded with shadow
|
- remove using SHADOWPWD #define so now shadow is always built with shadow
|
||||||
passwowd support,
|
password support,
|
||||||
- chage: rewrited for use getopt_long(),
|
- chage: rewritten for use getopt_long(),
|
||||||
- updated translations: ca, cs, da, fi, pl, ru, zh_TW.
|
- updated translations: ca, cs, da, fi, pl, ru, zh_TW.
|
||||||
*** documentation:
|
*** documentation:
|
||||||
- most of the man pages now are generated from XML files so in case submiting any
|
- most of the man pages now are generated from XML files so in case submitting any
|
||||||
chages to this resources please make diff to XML files,
|
chages to this resources please make diff to XML files,
|
||||||
- chfn: give more details about the influence of login.defs on what's allowed to
|
- chfn: give more details about the influence of login.defs on what's allowed to
|
||||||
users.
|
users.
|
||||||
@@ -1148,7 +1148,7 @@ shadow-4.0.9 -> shadow-4.0.10 28-06-2005
|
|||||||
shadow-4.0.8 -> shadow-4.0.9 23-05-2005
|
shadow-4.0.8 -> shadow-4.0.9 23-05-2005
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- passwd: fixed segfault in non-PAM connfiguration
|
- passwd: fixed segfault in non-PAM configuration
|
||||||
(submited by Greg Schafer <gschafer@zip.com.au>),
|
(submited by Greg Schafer <gschafer@zip.com.au>),
|
||||||
- newgrp: fixed NULL pointer dereference - getlogin() and ttyname() can
|
- newgrp: fixed NULL pointer dereference - getlogin() and ttyname() can
|
||||||
return NULL which is not checked (http://bugs.debian.org/162303),
|
return NULL which is not checked (http://bugs.debian.org/162303),
|
||||||
@@ -1170,15 +1170,15 @@ shadow-4.0.7 -> shadow-4.0.8 26-04-2005
|
|||||||
- configure.in: add using AC_GNU_SOURCE macro for kill compilation warnings about
|
- configure.in: add using AC_GNU_SOURCE macro for kill compilation warnings about
|
||||||
implicit declaration of function `fseeko',
|
implicit declaration of function `fseeko',
|
||||||
- faillog: changed faillog record display format for allow fit in 80 columns all
|
- faillog: changed faillog record display format for allow fit in 80 columns all
|
||||||
faillog atributies,
|
faillog attributes,
|
||||||
- removed NDBM code (unused),
|
- removed NDBM code (unused),
|
||||||
- fixed use of SU_WHEEL_ONLY in su. Now su realy is avalaible for wheel group
|
- fixed use of SU_WHEEL_ONLY in su. Now su really is available for wheel group
|
||||||
members. Thanks to Mike Frysinger <vapier@gentoo.org> for report:
|
members. Thanks to Mike Frysinger <vapier@gentoo.org> for report:
|
||||||
http://bugs.gentoo.org/show_bug.cgi?id=80345
|
http://bugs.gentoo.org/show_bug.cgi?id=80345
|
||||||
- drop never finished kerberos and des_rpc support (for kerberos support back firs
|
- drop never finished kerberos and des_rpc support (for kerberos support back firs
|
||||||
must be prepared modularization),
|
must be prepared modularization),
|
||||||
- fixed UTMP path detection (by Kelledin <kelledin@users.sf.net>),
|
- fixed UTMP path detection (by Kelledin <kelledin@users.sf.net>),
|
||||||
- useradd: rewrited group count to dynamic (by John Newbigin
|
- useradd: rewritten group count to dynamic (by John Newbigin
|
||||||
<jnewbigin@ict.swin.edu.au>),
|
<jnewbigin@ict.swin.edu.au>),
|
||||||
- login: fixed create lastlog entry fo users never loged in on non-PAM
|
- login: fixed create lastlog entry fo users never loged in on non-PAM
|
||||||
variant of login (fix by <oracular@ziplip.com>),
|
variant of login (fix by <oracular@ziplip.com>),
|
||||||
@@ -1193,7 +1193,7 @@ shadow-4.0.7 -> shadow-4.0.8 26-04-2005
|
|||||||
fchmod() is executed. (Actually, we could also pass the final "mode" to
|
fchmod() is executed. (Actually, we could also pass the final "mode" to
|
||||||
the open() call and then save the consequent fchmod().)
|
the open() call and then save the consequent fchmod().)
|
||||||
- SELinux changes: added changes in chage, chfn, chsh, passwd for allow
|
- SELinux changes: added changes in chage, chfn, chsh, passwd for allow
|
||||||
construct more grained user password/accuunt properties on SELinux
|
construct more grained user password/account properties on SELinux
|
||||||
policies level. Patch originally based on RH changes (submited by Chris
|
policies level. Patch originally based on RH changes (submited by Chris
|
||||||
PeBenito <pebenito@gentoo.org>),
|
PeBenito <pebenito@gentoo.org>),
|
||||||
- added SELinux changes: in libmisc/copydir.c (based on Fedora patch),
|
- added SELinux changes: in libmisc/copydir.c (based on Fedora patch),
|
||||||
@@ -1211,7 +1211,7 @@ shadow-4.0.7 -> shadow-4.0.8 26-04-2005
|
|||||||
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group
|
||||||
(without gshadow) doesn't permit to use newgrp,
|
(without gshadow) doesn't permit to use newgrp,
|
||||||
- newgrp(1): newgrp uses /bin/sh (not bash),
|
- newgrp(1): newgrp uses /bin/sh (not bash),
|
||||||
- faillog(8): updated after rewrited faillog command for use getopt_long(),
|
- faillog(8): updated after rewritten faillog command for use getopt_long(),
|
||||||
- login(1): removed fragment about abilities pass enviroment variables in login prompt,
|
- login(1): removed fragment about abilities pass enviroment variables in login prompt,
|
||||||
- gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
|
- gshadow(5): new file (by Nicolas Nicolas François <nicolas.francois@centraliens.net>),
|
||||||
- usermod(8): fixed #302388 Debian bug: added separated -o option description,
|
- usermod(8): fixed #302388 Debian bug: added separated -o option description,
|
||||||
@@ -1229,24 +1229,24 @@ shadow-4.0.6 -> shadow-4.0.7 26-01-2005
|
|||||||
-- use fseeko() instead fseek() and remove casting file offsets to unsigned
|
-- use fseeko() instead fseek() and remove casting file offsets to unsigned
|
||||||
long.
|
long.
|
||||||
- lastlog:
|
- lastlog:
|
||||||
-- rewrited source code using the same style as in chpasswd.c,
|
-- rewritten source code using the same style as in chpasswd.c,
|
||||||
-- open lastlog file after finish parse comman line optiomns
|
-- open lastlog file after finish parse commandline options
|
||||||
(now --help otput can be displayd for users without lastlog
|
(now --help output can be displayed for users without lastlog
|
||||||
file read permission),
|
file read permission),
|
||||||
-- cleanups in lastlog(8) man page using the same style as in
|
-- cleanups in lastlog(8) man page using the same style as in
|
||||||
chpasswd(8).
|
chpasswd(8).
|
||||||
- chpasswd:
|
- chpasswd:
|
||||||
-- switch chpasswd to use getopt_long() and adds a --md5 option
|
-- switch chpasswd to use getopt_long() and adds a --md5 option
|
||||||
(by Ian Gulliver <ian@penguinhosting.net>),
|
(by Ian Gulliver <ian@penguinhosting.net>),
|
||||||
-- rewrited chpasswd(8) man page.
|
-- rewritten chpasswd(8) man page.
|
||||||
|
|
||||||
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
|
shadow-4.0.5 -> shadow-4.0.6 08-11-2004
|
||||||
|
|
||||||
- su: fixed adding of pam_env env variables to enviroment
|
- su: fixed adding of pam_env env variables to enviroment
|
||||||
(Martin Schlemmer <azarah@nosferatu.za.org>),
|
(Martin Schlemmer <azarah@nosferatu.za.org>),
|
||||||
- autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
|
- autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables
|
||||||
which was allways empty (Gregorio Guidi <g.guidi@sns.it>),
|
which was always empty (Gregorio Guidi <g.guidi@sns.it>),
|
||||||
- realuy closse security bug in libmisc/pwdcheck.c,
|
- really close security bug in libmisc/pwdcheck.c,
|
||||||
- added missing template/example PAM service config files for chfn, chsh and
|
- added missing template/example PAM service config files for chfn, chsh and
|
||||||
userdel,
|
userdel,
|
||||||
- do not translate variable names from /etc/default/useradd during
|
- do not translate variable names from /etc/default/useradd during
|
||||||
@@ -1257,10 +1257,10 @@ shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004
|
|||||||
- change libmisc to private static library,
|
- change libmisc to private static library,
|
||||||
- added SELinux support (basing on patch from Gentoo),
|
- added SELinux support (basing on patch from Gentoo),
|
||||||
- chage: more verbose/human readable -l output. This output is much more
|
- chage: more verbose/human readable -l output. This output is much more
|
||||||
beter for send directly via email for each users as message with account
|
better for send directly via email for each users as message with account
|
||||||
status (for example as message with warning about account/password expiration),
|
status (for example as message with warning about account/password expiration),
|
||||||
- login: fixed handle -f option: now it works correctly without specify "-h
|
- login: fixed handle -f option: now it works correctly without specify "-h
|
||||||
<host>" if open login session localy is required (thanks for help
|
<host>" if open login session locally is required (thanks for help
|
||||||
investigate bug for Krzysztof Kotlenga),
|
investigate bug for Krzysztof Kotlenga),
|
||||||
- userdel: when removing a user with userdel, userdel was always exits with 1 (fixed).
|
- userdel: when removing a user with userdel, userdel was always exits with 1 (fixed).
|
||||||
Based on http://bugs.gentoo.org/show_bug.cgi?id=66687,
|
Based on http://bugs.gentoo.org/show_bug.cgi?id=66687,
|
||||||
@@ -1274,7 +1274,7 @@ shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004
|
|||||||
makes httpd Option SymlinkIfOwnerMatch break for default weg pages
|
makes httpd Option SymlinkIfOwnerMatch break for default weg pages
|
||||||
including symlinks placed into /etc/skel/public_html for example.
|
including symlinks placed into /etc/skel/public_html for example.
|
||||||
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
|
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819
|
||||||
- su: add pam_open_session() support. If builded without PAM support
|
- su: add pam_open_session() support. If built without PAM support
|
||||||
propagate $DISPLAY and $XAUTHORITY enviroment variables.
|
propagate $DISPLAY and $XAUTHORITY enviroment variables.
|
||||||
Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
|
Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1
|
||||||
- applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
|
- applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn
|
||||||
@@ -1287,11 +1287,11 @@ shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004
|
|||||||
Use constant strings rather than argv[0] for syslog ident in the user
|
Use constant strings rather than argv[0] for syslog ident in the user
|
||||||
management commands,
|
management commands,
|
||||||
shadow-4.0.4.1-owl-tmp.diff:
|
shadow-4.0.4.1-owl-tmp.diff:
|
||||||
Remove using mktemp() if mkstemp() prototype not found (use allways mkstemp()),
|
Remove using mktemp() if mkstemp() prototype not found (use always mkstemp()),
|
||||||
shadow-4.0.4.1-owl-check-reads.diff:
|
shadow-4.0.4.1-owl-check-reads.diff:
|
||||||
Add checking for read errors in commonio and vipw/vigr (not doing so could
|
Add checking for read errors in commonio and vipw/vigr (not doing so could
|
||||||
result in data loss when the records are written back),
|
result in data loss when the records are written back),
|
||||||
- fixed securirty bug in libmisc/pwdcheck.c which allow unauthorized
|
- fixed security bug in libmisc/pwdcheck.c which allow unauthorized
|
||||||
account properties modification.
|
account properties modification.
|
||||||
Affected tools: chfn and chsh.
|
Affected tools: chfn and chsh.
|
||||||
Bug was discovered by Martin Schulze <joey@infodrom.org>.
|
Bug was discovered by Martin Schulze <joey@infodrom.org>.
|
||||||
@@ -1307,12 +1307,12 @@ shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004
|
|||||||
|
|
||||||
shadow-4.0.4 => shadow-4.0.4.1 14-01-2004
|
shadow-4.0.4 => shadow-4.0.4.1 14-01-2004
|
||||||
- bug fixes in automake files for generate correct tar ball on "make dist":
|
- bug fixes in automake files for generate correct tar ball on "make dist":
|
||||||
added mising "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
|
added missing "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am.
|
||||||
|
|
||||||
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
||||||
|
|
||||||
*** general:
|
*** general:
|
||||||
- added missing information about -f options in groupadd usage mesage
|
- added missing information about -f options in groupadd usage message
|
||||||
(document this also in man page),
|
(document this also in man page),
|
||||||
- removed TCFS support (tcfs is dead),
|
- removed TCFS support (tcfs is dead),
|
||||||
- convert all po/*.po files to utf-8,
|
- convert all po/*.po files to utf-8,
|
||||||
@@ -1320,7 +1320,7 @@ shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
|||||||
per service flushing method instead HUPing nscd process),
|
per service flushing method instead HUPing nscd process),
|
||||||
- removed old AUTH_METHODS dependent code,
|
- removed old AUTH_METHODS dependent code,
|
||||||
- chage: now all code depend on SHADOWPWD. If shadow will not be configured
|
- chage: now all code depend on SHADOWPWD. If shadow will not be configured
|
||||||
on autoconf level for using shadow possword chage is olny stub which
|
on autoconf level for using shadow password chage is olny stub which
|
||||||
informs "chage not configured for shadow password support."
|
informs "chage not configured for shadow password support."
|
||||||
- dpasswd: removed,
|
- dpasswd: removed,
|
||||||
- login: remove handle login.defs::DIALUPS_CHECK_ENAB code,
|
- login: remove handle login.defs::DIALUPS_CHECK_ENAB code,
|
||||||
@@ -1328,7 +1328,7 @@ shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
|||||||
- ALL tools, libraries: remove old SVR4, SVR4_SI86_EUA BSD_QUOTA and ATT_AGE
|
- ALL tools, libraries: remove old SVR4, SVR4_SI86_EUA BSD_QUOTA and ATT_AGE
|
||||||
dependent code,
|
dependent code,
|
||||||
- ALL: ready for gettext 0.11.5, automake 1.7.4, autoconf 2.57,
|
- ALL: ready for gettext 0.11.5, automake 1.7.4, autoconf 2.57,
|
||||||
- logoutd, userd: handle also utmpx if avalaile,
|
- logoutd, userd: handle also utmpx if available,
|
||||||
- newgrp: fix for non-PAM version
|
- newgrp: fix for non-PAM version
|
||||||
Use CLOSE_SESSIONS depending code only when USE_PAM.
|
Use CLOSE_SESSIONS depending code only when USE_PAM.
|
||||||
The problem was reported by Mattias Webjorn Eriksson using Slackware
|
The problem was reported by Mattias Webjorn Eriksson using Slackware
|
||||||
@@ -1356,7 +1356,7 @@ shadow-4.0.3 => shadow-4.0.4 14-01-2004
|
|||||||
|
|
||||||
shadow-4.0.2 => shadow-4.0.3 13-03-2002
|
shadow-4.0.2 => shadow-4.0.3 13-03-2002
|
||||||
|
|
||||||
- added variouse cs, de, fr, id, it, ko man pages found mainly in national
|
- added various cs, de, fr, id, it, ko man pages found mainly in national
|
||||||
man pages translations projects (this documents are not synced with
|
man pages translations projects (this documents are not synced with
|
||||||
current en version but you know .. "Documentations is lik sex. When it is
|
current en version but you know .. "Documentations is lik sex. When it is
|
||||||
good it very very good. Whet it is bad it is better than nothing."). Any
|
good it very very good. Whet it is bad it is better than nothing."). Any
|
||||||
@@ -1372,9 +1372,9 @@ shadow-4.0.2 => shadow-4.0.3 13-03-2002
|
|||||||
shadow-4.0.1 => shadow-4.0.2 17-02-2002
|
shadow-4.0.1 => shadow-4.0.2 17-02-2002
|
||||||
|
|
||||||
- resolve many fuzzy translations also all this which may cause problems on
|
- resolve many fuzzy translations also all this which may cause problems on
|
||||||
displaing long uid/gid,
|
displaying long uid/gid,
|
||||||
- allow use "$" on ending in cereated by useradd usermname accounts for allow
|
- allow use "$" on ending in created by useradd username accounts for allow
|
||||||
create machine acounts for samba (thanks to Jerome Borsboom
|
create machine accounts for samba (thanks to Jerome Borsboom
|
||||||
<borsboom@tch.fgg.eur.nl> for point this problem in 4.0.1),
|
<borsboom@tch.fgg.eur.nl> for point this problem in 4.0.1),
|
||||||
- fix small but ugly bug in configure.in in libpam_mics library detection.
|
- fix small but ugly bug in configure.in in libpam_mics library detection.
|
||||||
|
|
||||||
@@ -1394,7 +1394,7 @@ shadow-4.0.0 => shadow-4.0.1
|
|||||||
as root. If root does read-only, there's no lock needed. Added missing
|
as root. If root does read-only, there's no lock needed. Added missing
|
||||||
"#include <errno.h>" for above (me).
|
"#include <errno.h>" for above (me).
|
||||||
shadow-4.0.0-owl-warnings.diff
|
shadow-4.0.0-owl-warnings.diff
|
||||||
Olny one fix from this patch was aplayd because other was fixed few days
|
Olny one fix from this patch was applied because other was fixed few days
|
||||||
before :)
|
before :)
|
||||||
shadow-4.0.0-owl-check_names.diff
|
shadow-4.0.0-owl-check_names.diff
|
||||||
Merge only prat this patch with checking login name matching; checking
|
Merge only prat this patch with checking login name matching; checking
|
||||||
@@ -1402,7 +1402,7 @@ shadow-4.0.0 => shadow-4.0.1
|
|||||||
probably _POSIX_LOGIN_NAME_MAX from <bits/posix1_lim.h>,
|
probably _POSIX_LOGIN_NAME_MAX from <bits/posix1_lim.h>,
|
||||||
shadow-4.0.0-owl-chage-drop-priv.diff
|
shadow-4.0.0-owl-chage-drop-priv.diff
|
||||||
shadow-4.0.0-owl-pam-auth.diff
|
shadow-4.0.0-owl-pam-auth.diff
|
||||||
Merge part with reorder initialize PAM and checkin is chage is runed by
|
Merge part with reorder initialize PAM and checking if chage is runed by
|
||||||
root or not - now chage can be runed from non-root account for checking
|
root or not - now chage can be runed from non-root account for checking
|
||||||
by user own account information (if PAM enabled).
|
by user own account information (if PAM enabled).
|
||||||
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
|
- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk <kukuk@suse.de>),
|
||||||
@@ -1446,30 +1446,30 @@ shadow-20001016 => shadow-4.0.0 06-01-2002
|
|||||||
- much better automake support,
|
- much better automake support,
|
||||||
- added pt_BR man pages for gpasswd(1), groupadd(8), groupdel(8),
|
- added pt_BR man pages for gpasswd(1), groupadd(8), groupdel(8),
|
||||||
groupmod(8), shadow(5) (man pages for other nations also are welcome),
|
groupmod(8), shadow(5) (man pages for other nations also are welcome),
|
||||||
- mamny small fixes and updates nad improvements in man pages,
|
- many small fixes and updates nad improvements in man pages,
|
||||||
- aplayed Debian patch to man pages for shadowconfig,
|
- applied Debian patch to man pages for shadowconfig,
|
||||||
- remove limit to 6 chars logged tty name (012_libmisc_sulog.c.diff Debian
|
- remove limit to 6 chars logged tty name (012_libmisc_sulog.c.diff Debian
|
||||||
patch).
|
patch).
|
||||||
|
|
||||||
shadow-20001012 -> shadow-20001016:
|
shadow-20001012 -> shadow-20001016:
|
||||||
- conditionaly disabled body reload_nscd() because not every
|
- conditionally disabled body reload_nscd() because not every
|
||||||
version of nscd can handle it (this can be enabled by define
|
version of nscd can handle it (this can be enabled by define
|
||||||
ENABLE_NSCD_SIGHUP) (Marek Michałkiewicz <marekm@linux.org.pl>)
|
ENABLE_NSCD_SIGHUP) (Marek Michałkiewicz <marekm@linux.org.pl>)
|
||||||
- fixes on autoconf/automake level for dist target,
|
- fixes on autoconf/automake level for dist target,
|
||||||
- Julianne F. Haugh new contact adress.
|
- Julianne F. Haugh new contact address.
|
||||||
|
|
||||||
shadow-20000902 => shadow-20001012
|
shadow-20000902 => shadow-20001012
|
||||||
|
|
||||||
- removed /redhat directory with obsoleted files (partialy rewrited spec
|
- removed /redhat directory with obsoleted files (partially rewritten spec
|
||||||
file is now in root directory),
|
file is now in root directory),
|
||||||
- aplayed shadow-19990827-group.patch patch from RH wich prevents adduser
|
- applied shadow-19990827-group.patch patch from RH wich prevents adduser
|
||||||
overwrite previously existing groups in adduser,
|
overwrite previously existing groups in adduser,
|
||||||
- added PAM support for chage (bind to "chage" PAM config file) also
|
- added PAM support for chage (bind to "chage" PAM config file) also
|
||||||
added PAM support for all other small tools like chpasswd, groupadd,
|
added PAM support for all other small tools like chpasswd, groupadd,
|
||||||
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common
|
||||||
"shadow" PAM config file) - this modificaytions mainly based on
|
"shadow" PAM config file) - this modifications mainly based on
|
||||||
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
|
modifications prepared by Janek Rękojarski <baggins@pld.org.pl>,
|
||||||
- many small fixes and improvments in automake (mow "make dist"
|
- many small fixes and improvements in automake (mow "make dist"
|
||||||
works correctly),
|
works correctly),
|
||||||
- added cs translation (Jiri Pavlovsky <Jiri.Pavlovsky@ff.cuni.cz>).
|
- added cs translation (Jiri Pavlovsky <Jiri.Pavlovsky@ff.cuni.cz>).
|
||||||
|
|
||||||
|
|||||||
@@ -2,30 +2,25 @@ Shadow SITES
|
|||||||
============
|
============
|
||||||
|
|
||||||
Homepage
|
Homepage
|
||||||
http://pkg-shadow.alioth.debian.org/
|
http://github.com/shadow-maint/shadow
|
||||||
|
|
||||||
FTP site
|
Issue tracker
|
||||||
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow
|
http://github.com/shadow-maint/shadow/issues
|
||||||
|
|
||||||
SVN repository
|
Releases
|
||||||
anonymous read only access: svn://svn.debian.org/pkg-shadow/upstream
|
https://github.com/shadow-maint/shadow/releases
|
||||||
|
|
||||||
SVN web interface
|
|
||||||
http://svn.debian.org/wsvn/pkg-shadow/upstream
|
|
||||||
or
|
|
||||||
http://svn.debian.org/viewsvn/pkg-shadow/upstream
|
|
||||||
|
|
||||||
Mailing lists
|
Mailing lists
|
||||||
for general discuss: pkg-shadow-devel@lists.alioth.debian.org
|
for general discuss: pkg-shadow-devel@alioth-lists.debian.net
|
||||||
commit list: pkg-shadow-commits@lists.alioth.debian.org
|
commit list: pkg-shadow-commits@alioth-lists.debian.net
|
||||||
|
|
||||||
Mailing lists subscription
|
Mailing lists subscription
|
||||||
http://lists.alioth.debian.org/mailman/listinfo/pkg-shadow-devel
|
http://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-devel
|
||||||
http://lists.alioth.debian.org/mailman/listinfo/pkg-shadow-commits
|
http://alioth-lists.debian.net/mailman/listinfo/pkg-shadow-commits
|
||||||
|
|
||||||
Mailing lists archives:
|
Mailing lists archives:
|
||||||
http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/
|
http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/
|
||||||
http://lists.alioth.debian.org/pipermail/pkg-shadow-commits/
|
http://alioth-lists.debian.net/pipermail/pkg-shadow-commits/
|
||||||
|
|
||||||
S/Key support:
|
S/Key support:
|
||||||
Shadow can be built with S/Key support using the S/Key package from:
|
Shadow can be built with S/Key support using the S/Key package from:
|
||||||
@@ -44,6 +39,7 @@ a lot of mail...
|
|||||||
|
|
||||||
Adam Rudnicki <adam@v-lo.krakow.pl>
|
Adam Rudnicki <adam@v-lo.krakow.pl>
|
||||||
Alan Curry <pacman@tardis.mars.net>
|
Alan Curry <pacman@tardis.mars.net>
|
||||||
|
Aleksa Sarai <cyphar@cyphar.com>
|
||||||
Alexander O. Yuriev <alex@bach.cis.temple.edu>
|
Alexander O. Yuriev <alex@bach.cis.temple.edu>
|
||||||
Algis Rudys <arudys@rice.edu>
|
Algis Rudys <arudys@rice.edu>
|
||||||
Andreas Jaeger <aj@arthur.rhein-neckar.de>
|
Andreas Jaeger <aj@arthur.rhein-neckar.de>
|
||||||
@@ -55,6 +51,7 @@ Brian R. Gaeke <brg@dgate.org>
|
|||||||
Calle Karlsson <ckn@kash.se>
|
Calle Karlsson <ckn@kash.se>
|
||||||
Chip Rosenthal <chip@unicom.com>
|
Chip Rosenthal <chip@unicom.com>
|
||||||
Chris Evans <lady0110@sable.ox.ac.uk>
|
Chris Evans <lady0110@sable.ox.ac.uk>
|
||||||
|
Chris Lamb <chris@chris-lamb.co.uk>
|
||||||
Cristian Gafton <gafton@sorosis.ro>
|
Cristian Gafton <gafton@sorosis.ro>
|
||||||
Dan Walsh <dwalsh@redhat.com>
|
Dan Walsh <dwalsh@redhat.com>
|
||||||
Darcy Boese <possum@chardonnay.niagara.com>
|
Darcy Boese <possum@chardonnay.niagara.com>
|
||||||
@@ -62,6 +59,8 @@ Dave Hagewood <admin@arrowweb.com>
|
|||||||
David A. Holland <dholland@hcs.harvard.edu>
|
David A. Holland <dholland@hcs.harvard.edu>
|
||||||
David Frey <David.Frey@lugs.ch>
|
David Frey <David.Frey@lugs.ch>
|
||||||
Ed Carp <ecarp@netcom.com>
|
Ed Carp <ecarp@netcom.com>
|
||||||
|
Ed Neville <ed@s5h.net>
|
||||||
|
Eric W. Biederman" <ebiederm@xmission.com>
|
||||||
Floody <flood@evcom.net>
|
Floody <flood@evcom.net>
|
||||||
Frank Denis <j@4u.net>
|
Frank Denis <j@4u.net>
|
||||||
George Kraft IV <gk4@us.ibm.com>
|
George Kraft IV <gk4@us.ibm.com>
|
||||||
@@ -71,6 +70,7 @@ Guy Maor <maor@debian.org>
|
|||||||
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
|
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
|
||||||
Jakub Hrozek <jhrozek@redhat.com>
|
Jakub Hrozek <jhrozek@redhat.com>
|
||||||
Janos Farkas <chexum@bankinf.banki.hu>
|
Janos Farkas <chexum@bankinf.banki.hu>
|
||||||
|
Jason Franklin <jason.franklin@quoininc.com>
|
||||||
Jay Soffian <jay@lw.net>
|
Jay Soffian <jay@lw.net>
|
||||||
Jesse Thilo <Jesse.Thilo@pobox.com>
|
Jesse Thilo <Jesse.Thilo@pobox.com>
|
||||||
Joey Hess <joey@kite.ml.org>
|
Joey Hess <joey@kite.ml.org>
|
||||||
@@ -92,6 +92,7 @@ Martin Bene <mb@sime.com>
|
|||||||
Martin Mares <mj@gts.cz>
|
Martin Mares <mj@gts.cz>
|
||||||
Michael Meskes <meskes@topsystem.de>
|
Michael Meskes <meskes@topsystem.de>
|
||||||
Michael Talbot-Wilson <mike@calypso.bns.com.au>
|
Michael Talbot-Wilson <mike@calypso.bns.com.au>
|
||||||
|
Michael Vetter <jubalh@iodoru.org>
|
||||||
Mike Frysinger <vapier@gentoo.org>
|
Mike Frysinger <vapier@gentoo.org>
|
||||||
Mike Pakovic <mpakovic@users.southeast.net>
|
Mike Pakovic <mpakovic@users.southeast.net>
|
||||||
Nicolas François <nicolas.francois@centraliens.net>
|
Nicolas François <nicolas.francois@centraliens.net>
|
||||||
@@ -117,5 +118,7 @@ Maintainers
|
|||||||
===========
|
===========
|
||||||
|
|
||||||
Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
|
Tomasz Kłoczko <kloczek@pld.org.pl> (2000-2007)
|
||||||
Nicolas François <nicolas.francois@centraliens.net> (2007-now)
|
Nicolas François <nicolas.francois@centraliens.net> (2007-2014)
|
||||||
|
Serge E. Hallyn <serge@hallyn.com> (2014-now)
|
||||||
|
Christian Brauner <christian@brauner.io> (2019-now)
|
||||||
|
|
||||||
|
|||||||
Vendored
+1234
File diff suppressed because it is too large
Load Diff
-12
@@ -1,12 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
autoreconf -v -f --install || exit 1
|
|
||||||
|
|
||||||
./configure \
|
|
||||||
CFLAGS="-O2 -Wall" \
|
|
||||||
--enable-man \
|
|
||||||
--enable-maintainer-mode \
|
|
||||||
--disable-shared \
|
|
||||||
--without-libpam \
|
|
||||||
--with-selinux \
|
|
||||||
"$@"
|
|
||||||
@@ -0,0 +1,347 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
# Wrapper for compilers which do not understand '-c -o'.
|
||||||
|
|
||||||
|
scriptversion=2012-10-14.11; # UTC
|
||||||
|
|
||||||
|
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
|
||||||
|
# Written by Tom Tromey <tromey@cygnus.com>.
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2, or (at your option)
|
||||||
|
# any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
# As a special exception to the GNU General Public License, if you
|
||||||
|
# distribute this file as part of a program that contains a
|
||||||
|
# configuration script generated by Autoconf, you may include it under
|
||||||
|
# the same distribution terms that you use for the rest of that program.
|
||||||
|
|
||||||
|
# This file is maintained in Automake, please report
|
||||||
|
# bugs to <bug-automake@gnu.org> or send patches to
|
||||||
|
# <automake-patches@gnu.org>.
|
||||||
|
|
||||||
|
nl='
|
||||||
|
'
|
||||||
|
|
||||||
|
# We need space, tab and new line, in precisely that order. Quoting is
|
||||||
|
# there to prevent tools from complaining about whitespace usage.
|
||||||
|
IFS=" "" $nl"
|
||||||
|
|
||||||
|
file_conv=
|
||||||
|
|
||||||
|
# func_file_conv build_file lazy
|
||||||
|
# Convert a $build file to $host form and store it in $file
|
||||||
|
# Currently only supports Windows hosts. If the determined conversion
|
||||||
|
# type is listed in (the comma separated) LAZY, no conversion will
|
||||||
|
# take place.
|
||||||
|
func_file_conv ()
|
||||||
|
{
|
||||||
|
file=$1
|
||||||
|
case $file in
|
||||||
|
/ | /[!/]*) # absolute file, and not a UNC file
|
||||||
|
if test -z "$file_conv"; then
|
||||||
|
# lazily determine how to convert abs files
|
||||||
|
case `uname -s` in
|
||||||
|
MINGW*)
|
||||||
|
file_conv=mingw
|
||||||
|
;;
|
||||||
|
CYGWIN*)
|
||||||
|
file_conv=cygwin
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
file_conv=wine
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
case $file_conv/,$2, in
|
||||||
|
*,$file_conv,*)
|
||||||
|
;;
|
||||||
|
mingw/*)
|
||||||
|
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
|
||||||
|
;;
|
||||||
|
cygwin/*)
|
||||||
|
file=`cygpath -m "$file" || echo "$file"`
|
||||||
|
;;
|
||||||
|
wine/*)
|
||||||
|
file=`winepath -w "$file" || echo "$file"`
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
# func_cl_dashL linkdir
|
||||||
|
# Make cl look for libraries in LINKDIR
|
||||||
|
func_cl_dashL ()
|
||||||
|
{
|
||||||
|
func_file_conv "$1"
|
||||||
|
if test -z "$lib_path"; then
|
||||||
|
lib_path=$file
|
||||||
|
else
|
||||||
|
lib_path="$lib_path;$file"
|
||||||
|
fi
|
||||||
|
linker_opts="$linker_opts -LIBPATH:$file"
|
||||||
|
}
|
||||||
|
|
||||||
|
# func_cl_dashl library
|
||||||
|
# Do a library search-path lookup for cl
|
||||||
|
func_cl_dashl ()
|
||||||
|
{
|
||||||
|
lib=$1
|
||||||
|
found=no
|
||||||
|
save_IFS=$IFS
|
||||||
|
IFS=';'
|
||||||
|
for dir in $lib_path $LIB
|
||||||
|
do
|
||||||
|
IFS=$save_IFS
|
||||||
|
if $shared && test -f "$dir/$lib.dll.lib"; then
|
||||||
|
found=yes
|
||||||
|
lib=$dir/$lib.dll.lib
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if test -f "$dir/$lib.lib"; then
|
||||||
|
found=yes
|
||||||
|
lib=$dir/$lib.lib
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
if test -f "$dir/lib$lib.a"; then
|
||||||
|
found=yes
|
||||||
|
lib=$dir/lib$lib.a
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
IFS=$save_IFS
|
||||||
|
|
||||||
|
if test "$found" != yes; then
|
||||||
|
lib=$lib.lib
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# func_cl_wrapper cl arg...
|
||||||
|
# Adjust compile command to suit cl
|
||||||
|
func_cl_wrapper ()
|
||||||
|
{
|
||||||
|
# Assume a capable shell
|
||||||
|
lib_path=
|
||||||
|
shared=:
|
||||||
|
linker_opts=
|
||||||
|
for arg
|
||||||
|
do
|
||||||
|
if test -n "$eat"; then
|
||||||
|
eat=
|
||||||
|
else
|
||||||
|
case $1 in
|
||||||
|
-o)
|
||||||
|
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
||||||
|
eat=1
|
||||||
|
case $2 in
|
||||||
|
*.o | *.[oO][bB][jJ])
|
||||||
|
func_file_conv "$2"
|
||||||
|
set x "$@" -Fo"$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
func_file_conv "$2"
|
||||||
|
set x "$@" -Fe"$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
-I)
|
||||||
|
eat=1
|
||||||
|
func_file_conv "$2" mingw
|
||||||
|
set x "$@" -I"$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-I*)
|
||||||
|
func_file_conv "${1#-I}" mingw
|
||||||
|
set x "$@" -I"$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-l)
|
||||||
|
eat=1
|
||||||
|
func_cl_dashl "$2"
|
||||||
|
set x "$@" "$lib"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-l*)
|
||||||
|
func_cl_dashl "${1#-l}"
|
||||||
|
set x "$@" "$lib"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
-L)
|
||||||
|
eat=1
|
||||||
|
func_cl_dashL "$2"
|
||||||
|
;;
|
||||||
|
-L*)
|
||||||
|
func_cl_dashL "${1#-L}"
|
||||||
|
;;
|
||||||
|
-static)
|
||||||
|
shared=false
|
||||||
|
;;
|
||||||
|
-Wl,*)
|
||||||
|
arg=${1#-Wl,}
|
||||||
|
save_ifs="$IFS"; IFS=','
|
||||||
|
for flag in $arg; do
|
||||||
|
IFS="$save_ifs"
|
||||||
|
linker_opts="$linker_opts $flag"
|
||||||
|
done
|
||||||
|
IFS="$save_ifs"
|
||||||
|
;;
|
||||||
|
-Xlinker)
|
||||||
|
eat=1
|
||||||
|
linker_opts="$linker_opts $2"
|
||||||
|
;;
|
||||||
|
-*)
|
||||||
|
set x "$@" "$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
|
||||||
|
func_file_conv "$1"
|
||||||
|
set x "$@" -Tp"$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
|
||||||
|
func_file_conv "$1" mingw
|
||||||
|
set x "$@" "$file"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
set x "$@" "$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
if test -n "$linker_opts"; then
|
||||||
|
linker_opts="-link$linker_opts"
|
||||||
|
fi
|
||||||
|
exec "$@" $linker_opts
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
eat=
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
'')
|
||||||
|
echo "$0: No command. Try '$0 --help' for more information." 1>&2
|
||||||
|
exit 1;
|
||||||
|
;;
|
||||||
|
-h | --h*)
|
||||||
|
cat <<\EOF
|
||||||
|
Usage: compile [--help] [--version] PROGRAM [ARGS]
|
||||||
|
|
||||||
|
Wrapper for compilers which do not understand '-c -o'.
|
||||||
|
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
|
||||||
|
arguments, and rename the output as expected.
|
||||||
|
|
||||||
|
If you are trying to build a whole package this is not the
|
||||||
|
right script to run: please start by reading the file 'INSTALL'.
|
||||||
|
|
||||||
|
Report bugs to <bug-automake@gnu.org>.
|
||||||
|
EOF
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
-v | --v*)
|
||||||
|
echo "compile $scriptversion"
|
||||||
|
exit $?
|
||||||
|
;;
|
||||||
|
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
|
||||||
|
func_cl_wrapper "$@" # Doesn't return...
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
ofile=
|
||||||
|
cfile=
|
||||||
|
|
||||||
|
for arg
|
||||||
|
do
|
||||||
|
if test -n "$eat"; then
|
||||||
|
eat=
|
||||||
|
else
|
||||||
|
case $1 in
|
||||||
|
-o)
|
||||||
|
# configure might choose to run compile as 'compile cc -o foo foo.c'.
|
||||||
|
# So we strip '-o arg' only if arg is an object.
|
||||||
|
eat=1
|
||||||
|
case $2 in
|
||||||
|
*.o | *.obj)
|
||||||
|
ofile=$2
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
set x "$@" -o "$2"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
*.c)
|
||||||
|
cfile=$1
|
||||||
|
set x "$@" "$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
set x "$@" "$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
if test -z "$ofile" || test -z "$cfile"; then
|
||||||
|
# If no '-o' option was seen then we might have been invoked from a
|
||||||
|
# pattern rule where we don't need one. That is ok -- this is a
|
||||||
|
# normal compilation that the losing compiler can handle. If no
|
||||||
|
# '.c' file was seen then we are probably linking. That is also
|
||||||
|
# ok.
|
||||||
|
exec "$@"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Name of file we expect compiler to create.
|
||||||
|
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
|
||||||
|
|
||||||
|
# Create the lock directory.
|
||||||
|
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
|
||||||
|
# that we are using for the .o file. Also, base the name on the expected
|
||||||
|
# object file name, since that is what matters with a parallel build.
|
||||||
|
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
|
||||||
|
while true; do
|
||||||
|
if mkdir "$lockdir" >/dev/null 2>&1; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
# FIXME: race condition here if user kills between mkdir and trap.
|
||||||
|
trap "rmdir '$lockdir'; exit 1" 1 2 15
|
||||||
|
|
||||||
|
# Run the compile.
|
||||||
|
"$@"
|
||||||
|
ret=$?
|
||||||
|
|
||||||
|
if test -f "$cofile"; then
|
||||||
|
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
|
||||||
|
elif test -f "${cofile}bj"; then
|
||||||
|
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
rmdir "$lockdir"
|
||||||
|
exit $ret
|
||||||
|
|
||||||
|
# Local Variables:
|
||||||
|
# mode: shell-script
|
||||||
|
# sh-indentation: 2
|
||||||
|
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||||
|
# time-stamp-start: "scriptversion="
|
||||||
|
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||||
|
# time-stamp-time-zone: "UTC"
|
||||||
|
# time-stamp-end: "; # UTC"
|
||||||
|
# End:
|
||||||
+1480
File diff suppressed because it is too large
Load Diff
+651
@@ -0,0 +1,651 @@
|
|||||||
|
/* config.h.in. Generated from configure.ac by autoheader. */
|
||||||
|
|
||||||
|
/* Define if account management tools should be installed setuid and
|
||||||
|
authenticate the callers */
|
||||||
|
#undef ACCT_TOOLS_SETUID
|
||||||
|
|
||||||
|
/* Define to 1 if translation of program messages to the user's native
|
||||||
|
language is requested. */
|
||||||
|
#undef ENABLE_NLS
|
||||||
|
|
||||||
|
/* Define to support the subordinate IDs. */
|
||||||
|
#undef ENABLE_SUBIDS
|
||||||
|
|
||||||
|
/* Path for faillog file. */
|
||||||
|
#undef FAILLOG_FILE
|
||||||
|
|
||||||
|
/* Define to the type of elements in the array set by `getgroups'. Usually
|
||||||
|
this is either `int' or `gid_t'. */
|
||||||
|
#undef GETGROUPS_T
|
||||||
|
|
||||||
|
/* max group name length */
|
||||||
|
#undef GROUP_NAME_MAX_LENGTH
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of 'pam_fail_delay' */
|
||||||
|
#undef HAS_PAM_FAIL_DELAY
|
||||||
|
|
||||||
|
/* Defined to 1 if you have the declaration of 'secure_getenv' */
|
||||||
|
#undef HAS_SECURE_GETENV
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <acl/libacl.h> header file. */
|
||||||
|
#undef HAVE_ACL_LIBACL_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `arc4random_buf' function. */
|
||||||
|
#undef HAVE_ARC4RANDOM_BUF
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <attr/error_context.h> header file. */
|
||||||
|
#undef HAVE_ATTR_ERROR_CONTEXT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <attr/libattr.h> header file. */
|
||||||
|
#undef HAVE_ATTR_LIBATTR_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the MacOS X function CFLocaleCopyCurrent in the
|
||||||
|
CoreFoundation framework. */
|
||||||
|
#undef HAVE_CFLOCALECOPYCURRENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the MacOS X function CFPreferencesCopyAppValue in
|
||||||
|
the CoreFoundation framework. */
|
||||||
|
#undef HAVE_CFPREFERENCESCOPYAPPVALUE
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <crypt.h> header file. */
|
||||||
|
#undef HAVE_CRYPT_H
|
||||||
|
|
||||||
|
/* Define if the GNU dcgettext() function is already present or preinstalled.
|
||||||
|
*/
|
||||||
|
#undef HAVE_DCGETTEXT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `PAM_DATA_SILENT', and to 0 if
|
||||||
|
you don't. */
|
||||||
|
#undef HAVE_DECL_PAM_DATA_SILENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `PAM_DELETE_CRED', and to 0 if
|
||||||
|
you don't. */
|
||||||
|
#undef HAVE_DECL_PAM_DELETE_CRED
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `PAM_ESTABLISH_CRED', and to 0
|
||||||
|
if you don't. */
|
||||||
|
#undef HAVE_DECL_PAM_ESTABLISH_CRED
|
||||||
|
|
||||||
|
/* Define to 1 if you have the declaration of `PAM_NEW_AUTHTOK_REQD', and to 0
|
||||||
|
if you don't. */
|
||||||
|
#undef HAVE_DECL_PAM_NEW_AUTHTOK_REQD
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
|
||||||
|
*/
|
||||||
|
#undef HAVE_DIRENT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <dlfcn.h> header file. */
|
||||||
|
#undef HAVE_DLFCN_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `dlopen' function. */
|
||||||
|
#undef HAVE_DLOPEN
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <errno.h> header file. */
|
||||||
|
#undef HAVE_ERRNO_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `fchmod' function. */
|
||||||
|
#undef HAVE_FCHMOD
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `fchown' function. */
|
||||||
|
#undef HAVE_FCHOWN
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <fcntl.h> header file. */
|
||||||
|
#undef HAVE_FCNTL_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `fsync' function. */
|
||||||
|
#undef HAVE_FSYNC
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `futimes' function. */
|
||||||
|
#undef HAVE_FUTIMES
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getaddrinfo' function. */
|
||||||
|
#undef HAVE_GETADDRINFO
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getentropy' function. */
|
||||||
|
#undef HAVE_GETENTROPY
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getgrgid_r' function. */
|
||||||
|
#undef HAVE_GETGRGID_R
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getgrnam_r' function. */
|
||||||
|
#undef HAVE_GETGRNAM_R
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getgroups' function. */
|
||||||
|
#undef HAVE_GETGROUPS
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `gethostname' function. */
|
||||||
|
#undef HAVE_GETHOSTNAME
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getpwnam_r' function. */
|
||||||
|
#undef HAVE_GETPWNAM_R
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getpwuid_r' function. */
|
||||||
|
#undef HAVE_GETPWUID_R
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getrandom' function. */
|
||||||
|
#undef HAVE_GETRANDOM
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getspnam' function. */
|
||||||
|
#undef HAVE_GETSPNAM
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getspnam_r' function. */
|
||||||
|
#undef HAVE_GETSPNAM_R
|
||||||
|
|
||||||
|
/* Define if the GNU gettext() function is already present or preinstalled. */
|
||||||
|
#undef HAVE_GETTEXT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `gettimeofday' function. */
|
||||||
|
#undef HAVE_GETTIMEOFDAY
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getusershell' function. */
|
||||||
|
#undef HAVE_GETUSERSHELL
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `getutent' function. */
|
||||||
|
#undef HAVE_GETUTENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <gshadow.h> header file. */
|
||||||
|
#undef HAVE_GSHADOW_H
|
||||||
|
|
||||||
|
/* Define if you have the iconv() function. */
|
||||||
|
#undef HAVE_ICONV
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `initgroups' function. */
|
||||||
|
#undef HAVE_INITGROUPS
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `innetgr' function. */
|
||||||
|
#undef HAVE_INNETGR
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <inttypes.h> header file. */
|
||||||
|
#undef HAVE_INTTYPES_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `l64a' function. */
|
||||||
|
#undef HAVE_L64A
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <lastlog.h> header file. */
|
||||||
|
#undef HAVE_LASTLOG_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `lchown' function. */
|
||||||
|
#undef HAVE_LCHOWN
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `lckpwdf' function. */
|
||||||
|
#undef HAVE_LCKPWDF
|
||||||
|
|
||||||
|
/* Defined if you have libcrack. */
|
||||||
|
#undef HAVE_LIBCRACK
|
||||||
|
|
||||||
|
/* Defined if you have the ts&szs cracklib. */
|
||||||
|
#undef HAVE_LIBCRACK_HIST
|
||||||
|
|
||||||
|
/* Defined if it includes *Pw functions. */
|
||||||
|
#undef HAVE_LIBCRACK_PW
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <limits.h> header file. */
|
||||||
|
#undef HAVE_LIMITS_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <linux/btrfs_tree.h> header file. */
|
||||||
|
#undef HAVE_LINUX_BTRFS_TREE_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <linux/magic.h> header file. */
|
||||||
|
#undef HAVE_LINUX_MAGIC_H
|
||||||
|
|
||||||
|
/* Define if struct lastlog has ll_host */
|
||||||
|
#undef HAVE_LL_HOST
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <locale.h> header file. */
|
||||||
|
#undef HAVE_LOCALE_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `lstat' function. */
|
||||||
|
#undef HAVE_LSTAT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `lutimes' function. */
|
||||||
|
#undef HAVE_LUTIMES
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `memcpy' function. */
|
||||||
|
#undef HAVE_MEMCPY
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <memory.h> header file. */
|
||||||
|
#undef HAVE_MEMORY_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `memset' function. */
|
||||||
|
#undef HAVE_MEMSET
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `mkdir' function. */
|
||||||
|
#undef HAVE_MKDIR
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
|
||||||
|
#undef HAVE_NDIR_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <netdb.h> header file. */
|
||||||
|
#undef HAVE_NETDB_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <paths.h> header file. */
|
||||||
|
#undef HAVE_PATHS_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `putgrent' function. */
|
||||||
|
#undef HAVE_PUTGRENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `putpwent' function. */
|
||||||
|
#undef HAVE_PUTPWENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `putspent' function. */
|
||||||
|
#undef HAVE_PUTSPENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `rename' function. */
|
||||||
|
#undef HAVE_RENAME
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `rmdir' function. */
|
||||||
|
#undef HAVE_RMDIR
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <rpc/key_prot.h> header file. */
|
||||||
|
#undef HAVE_RPC_KEY_PROT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `ruserok' function. */
|
||||||
|
#undef HAVE_RUSEROK
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <security/openpam.h> header file. */
|
||||||
|
#undef HAVE_SECURITY_OPENPAM_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <security/pam_misc.h> header file. */
|
||||||
|
#undef HAVE_SECURITY_PAM_MISC_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <selinux/selinux.h> header file. */
|
||||||
|
#undef HAVE_SELINUX_SELINUX_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <semanage/semanage.h> header file. */
|
||||||
|
#undef HAVE_SEMANAGE_SEMANAGE_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `setgroups' function. */
|
||||||
|
#undef HAVE_SETGROUPS
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `sgetgrent' function. */
|
||||||
|
#undef HAVE_SGETGRENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `sgetpwent' function. */
|
||||||
|
#undef HAVE_SGETPWENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `sgetspent' function. */
|
||||||
|
#undef HAVE_SGETSPENT
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sgtty.h> header file. */
|
||||||
|
#undef HAVE_SGTTY_H
|
||||||
|
|
||||||
|
/* Have working shadow group support in libc */
|
||||||
|
#undef HAVE_SHADOWGRP
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `sigaction' function. */
|
||||||
|
#undef HAVE_SIGACTION
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `snprintf' function. */
|
||||||
|
#undef HAVE_SNPRINTF
|
||||||
|
|
||||||
|
/* Define to 1 if stdbool.h conforms to C99. */
|
||||||
|
#undef HAVE_STDBOOL_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <stdint.h> header file. */
|
||||||
|
#undef HAVE_STDINT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <stdlib.h> header file. */
|
||||||
|
#undef HAVE_STDLIB_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strcasecmp' function. */
|
||||||
|
#undef HAVE_STRCASECMP
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strchr' function. */
|
||||||
|
#undef HAVE_STRCHR
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strdup' function. */
|
||||||
|
#undef HAVE_STRDUP
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strerror' function. */
|
||||||
|
#undef HAVE_STRERROR
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strftime' function. */
|
||||||
|
#undef HAVE_STRFTIME
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <strings.h> header file. */
|
||||||
|
#undef HAVE_STRINGS_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <string.h> header file. */
|
||||||
|
#undef HAVE_STRING_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `strstr' function. */
|
||||||
|
#undef HAVE_STRSTR
|
||||||
|
|
||||||
|
/* Define to 1 if `st_atim' is a member of `struct stat'. */
|
||||||
|
#undef HAVE_STRUCT_STAT_ST_ATIM
|
||||||
|
|
||||||
|
/* Define to 1 if `st_atimensec' is a member of `struct stat'. */
|
||||||
|
#undef HAVE_STRUCT_STAT_ST_ATIMENSEC
|
||||||
|
|
||||||
|
/* Define to 1 if `st_mtim' is a member of `struct stat'. */
|
||||||
|
#undef HAVE_STRUCT_STAT_ST_MTIM
|
||||||
|
|
||||||
|
/* Define to 1 if `st_mtimensec' is a member of `struct stat'. */
|
||||||
|
#undef HAVE_STRUCT_STAT_ST_MTIMENSEC
|
||||||
|
|
||||||
|
/* Define to 1 if `st_rdev' is a member of `struct stat'. */
|
||||||
|
#undef HAVE_STRUCT_STAT_ST_RDEV
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_addr' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_ADDR
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_addr_v6' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_ADDR_V6
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_host' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_HOST
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_name' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_NAME
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_syslen' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_SYSLEN
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_time' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_TIME
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_xtime' is a member of `struct utmpx'. */
|
||||||
|
#undef HAVE_STRUCT_UTMPX_UT_XTIME
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_addr' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_ADDR
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_addr_v6' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_ADDR_V6
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_host' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_HOST
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_id' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_ID
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_name' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_NAME
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_syslen' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_SYSLEN
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_time' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_TIME
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_tv' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_TV
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_type' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_TYPE
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_user' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_USER
|
||||||
|
|
||||||
|
/* Define to 1 if `ut_xtime' is a member of `struct utmp'. */
|
||||||
|
#undef HAVE_STRUCT_UTMP_UT_XTIME
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <syslog.h> header file. */
|
||||||
|
#undef HAVE_SYSLOG_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/capability.h> header file. */
|
||||||
|
#undef HAVE_SYS_CAPABILITY_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
|
||||||
|
*/
|
||||||
|
#undef HAVE_SYS_DIR_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/ioctl.h> header file. */
|
||||||
|
#undef HAVE_SYS_IOCTL_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
|
||||||
|
*/
|
||||||
|
#undef HAVE_SYS_NDIR_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/random.h> header file. */
|
||||||
|
#undef HAVE_SYS_RANDOM_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/resource.h> header file. */
|
||||||
|
#undef HAVE_SYS_RESOURCE_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/statfs.h> header file. */
|
||||||
|
#undef HAVE_SYS_STATFS_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/stat.h> header file. */
|
||||||
|
#undef HAVE_SYS_STAT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/time.h> header file. */
|
||||||
|
#undef HAVE_SYS_TIME_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <sys/types.h> header file. */
|
||||||
|
#undef HAVE_SYS_TYPES_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
|
||||||
|
#undef HAVE_SYS_WAIT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <tcb.h> header file. */
|
||||||
|
#undef HAVE_TCB_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <termios.h> header file. */
|
||||||
|
#undef HAVE_TERMIOS_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <termio.h> header file. */
|
||||||
|
#undef HAVE_TERMIO_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <ulimit.h> header file. */
|
||||||
|
#undef HAVE_ULIMIT_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <unistd.h> header file. */
|
||||||
|
#undef HAVE_UNISTD_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `updwtmp' function. */
|
||||||
|
#undef HAVE_UPDWTMP
|
||||||
|
|
||||||
|
/* Define to 1 if you have the `updwtmpx' function. */
|
||||||
|
#undef HAVE_UPDWTMPX
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <utime.h> header file. */
|
||||||
|
#undef HAVE_UTIME_H
|
||||||
|
|
||||||
|
/* Define to 1 if `utime(file, NULL)' sets file's timestamp to the present. */
|
||||||
|
#undef HAVE_UTIME_NULL
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <utmpx.h> header file. */
|
||||||
|
#undef HAVE_UTMPX_H
|
||||||
|
|
||||||
|
/* Define to 1 if you have the <utmp.h> header file. */
|
||||||
|
#undef HAVE_UTMP_H
|
||||||
|
|
||||||
|
/* Define to 1 if the system has the type `_Bool'. */
|
||||||
|
#undef HAVE__BOOL
|
||||||
|
|
||||||
|
/* Path for lastlog file. */
|
||||||
|
#undef LASTLOG_FILE
|
||||||
|
|
||||||
|
/* Define to the sub-directory where libtool stores uninstalled libraries. */
|
||||||
|
#undef LT_OBJDIR
|
||||||
|
|
||||||
|
/* Location of system mail spool directory. */
|
||||||
|
#undef MAIL_SPOOL_DIR
|
||||||
|
|
||||||
|
/* Name of user's mail spool file if stored in user's home directory. */
|
||||||
|
#undef MAIL_SPOOL_FILE
|
||||||
|
|
||||||
|
/* Name of package */
|
||||||
|
#undef PACKAGE
|
||||||
|
|
||||||
|
/* Define to the address where bug reports for this package should be sent. */
|
||||||
|
#undef PACKAGE_BUGREPORT
|
||||||
|
|
||||||
|
/* Define to the full name of this package. */
|
||||||
|
#undef PACKAGE_NAME
|
||||||
|
|
||||||
|
/* Define to the full name and version of this package. */
|
||||||
|
#undef PACKAGE_STRING
|
||||||
|
|
||||||
|
/* Define to the one symbol short name of this package. */
|
||||||
|
#undef PACKAGE_TARNAME
|
||||||
|
|
||||||
|
/* Define to the home page for this package. */
|
||||||
|
#undef PACKAGE_URL
|
||||||
|
|
||||||
|
/* Define to the version of this package. */
|
||||||
|
#undef PACKAGE_VERSION
|
||||||
|
|
||||||
|
/* Path to passwd program. */
|
||||||
|
#undef PASSWD_PROGRAM
|
||||||
|
|
||||||
|
/* Define as the return type of signal handlers (`int' or `void'). */
|
||||||
|
#undef RETSIGTYPE
|
||||||
|
|
||||||
|
/* Define if login should support the -r flag for rlogind. */
|
||||||
|
#undef RLOGIN
|
||||||
|
|
||||||
|
/* Define to the ruserok() "success" return value (0 or 1). */
|
||||||
|
#undef RUSEROK
|
||||||
|
|
||||||
|
/* Define to support the shadow group file. */
|
||||||
|
#undef SHADOWGRP
|
||||||
|
|
||||||
|
/* PAM conversation to use */
|
||||||
|
#undef SHADOW_PAM_CONVERSATION
|
||||||
|
|
||||||
|
/* The default shell. */
|
||||||
|
#undef SHELL
|
||||||
|
|
||||||
|
/* The size of `gid_t', as computed by sizeof. */
|
||||||
|
#undef SIZEOF_GID_T
|
||||||
|
|
||||||
|
/* The size of `uid_t', as computed by sizeof. */
|
||||||
|
#undef SIZEOF_UID_T
|
||||||
|
|
||||||
|
/* Define to support S/Key logins. */
|
||||||
|
#undef SKEY
|
||||||
|
|
||||||
|
/* Define to support newer BSD S/Key API */
|
||||||
|
#undef SKEY_BSD_STYLE
|
||||||
|
|
||||||
|
/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
|
||||||
|
#undef STAT_MACROS_BROKEN
|
||||||
|
|
||||||
|
/* Define to 1 if you have the ANSI C header files. */
|
||||||
|
#undef STDC_HEADERS
|
||||||
|
|
||||||
|
/* Define to support /etc/suauth su access control. */
|
||||||
|
#undef SU_ACCESS
|
||||||
|
|
||||||
|
/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
|
||||||
|
#undef TIME_WITH_SYS_TIME
|
||||||
|
|
||||||
|
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
|
||||||
|
#undef TM_IN_SYS_TIME
|
||||||
|
|
||||||
|
/* Define to allow the bcrypt password encryption algorithm */
|
||||||
|
#undef USE_BCRYPT
|
||||||
|
|
||||||
|
/* Define to support flushing of nscd caches */
|
||||||
|
#undef USE_NSCD
|
||||||
|
|
||||||
|
/* Define to support Pluggable Authentication Modules */
|
||||||
|
#undef USE_PAM
|
||||||
|
|
||||||
|
/* Define to allow the SHA256 and SHA512 password encryption algorithms */
|
||||||
|
#undef USE_SHA_CRYPT
|
||||||
|
|
||||||
|
/* Define to support flushing of sssd caches */
|
||||||
|
#undef USE_SSSD
|
||||||
|
|
||||||
|
/* Define to use syslog(). */
|
||||||
|
#undef USE_SYSLOG
|
||||||
|
|
||||||
|
/* Enable extensions on AIX 3, Interix. */
|
||||||
|
#ifndef _ALL_SOURCE
|
||||||
|
# undef _ALL_SOURCE
|
||||||
|
#endif
|
||||||
|
/* Enable GNU extensions on systems that have them. */
|
||||||
|
#ifndef _GNU_SOURCE
|
||||||
|
# undef _GNU_SOURCE
|
||||||
|
#endif
|
||||||
|
/* Enable threading extensions on Solaris. */
|
||||||
|
#ifndef _POSIX_PTHREAD_SEMANTICS
|
||||||
|
# undef _POSIX_PTHREAD_SEMANTICS
|
||||||
|
#endif
|
||||||
|
/* Enable extensions on HP NonStop. */
|
||||||
|
#ifndef _TANDEM_SOURCE
|
||||||
|
# undef _TANDEM_SOURCE
|
||||||
|
#endif
|
||||||
|
/* Enable general extensions on Solaris. */
|
||||||
|
#ifndef __EXTENSIONS__
|
||||||
|
# undef __EXTENSIONS__
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
/* Define if utmpx should be used */
|
||||||
|
#undef USE_UTMPX
|
||||||
|
|
||||||
|
/* Define to allow the yescrypt password encryption algorithm */
|
||||||
|
#undef USE_YESCRYPT
|
||||||
|
|
||||||
|
/* Version number of package */
|
||||||
|
#undef VERSION
|
||||||
|
|
||||||
|
/* Build shadow with ACL support */
|
||||||
|
#undef WITH_ACL
|
||||||
|
|
||||||
|
/* Build shadow with Extended Attributes support */
|
||||||
|
#undef WITH_ATTR
|
||||||
|
|
||||||
|
/* Define if you want to enable Audit messages */
|
||||||
|
#undef WITH_AUDIT
|
||||||
|
|
||||||
|
/* Build shadow with BtrFS support */
|
||||||
|
#undef WITH_BTRFS
|
||||||
|
|
||||||
|
/* Build shadow with SELinux support */
|
||||||
|
#undef WITH_SELINUX
|
||||||
|
|
||||||
|
/* Build with su */
|
||||||
|
#undef WITH_SU
|
||||||
|
|
||||||
|
/* Build shadow with tcb support (incomplete) */
|
||||||
|
#undef WITH_TCB
|
||||||
|
|
||||||
|
/* Enable large inode numbers on Mac OS X 10.5. */
|
||||||
|
#ifndef _DARWIN_USE_64_BIT_INODE
|
||||||
|
# define _DARWIN_USE_64_BIT_INODE 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* Number of bits in a file offset, on hosts where this is settable. */
|
||||||
|
#undef _FILE_OFFSET_BITS
|
||||||
|
|
||||||
|
/* Define for large files, on AIX-style hosts. */
|
||||||
|
#undef _LARGE_FILES
|
||||||
|
|
||||||
|
/* Define to 1 if on MINIX. */
|
||||||
|
#undef _MINIX
|
||||||
|
|
||||||
|
/* Define to 2 if the system does not provide POSIX.1 features except with
|
||||||
|
this defined. */
|
||||||
|
#undef _POSIX_1_SOURCE
|
||||||
|
|
||||||
|
/* Define to 1 if you need to in order for `stat' and other things to work. */
|
||||||
|
#undef _POSIX_SOURCE
|
||||||
|
|
||||||
|
/* Path for utmp file. */
|
||||||
|
#undef _UTMP_FILE
|
||||||
|
|
||||||
|
/* Path for wtmp file. */
|
||||||
|
#undef _WTMP_FILE
|
||||||
|
|
||||||
|
/* Define to empty if `const' does not conform to ANSI C. */
|
||||||
|
#undef const
|
||||||
|
|
||||||
|
/* Define to `int' if <sys/types.h> doesn't define. */
|
||||||
|
#undef gid_t
|
||||||
|
|
||||||
|
/* Define to `int' if <sys/types.h> does not define. */
|
||||||
|
#undef mode_t
|
||||||
|
|
||||||
|
/* Define to `long int' if <sys/types.h> does not define. */
|
||||||
|
#undef off_t
|
||||||
|
|
||||||
|
/* Define to `int' if <sys/types.h> does not define. */
|
||||||
|
#undef pid_t
|
||||||
|
|
||||||
|
/* Define to `int' if <sys/types.h> doesn't define. */
|
||||||
|
#undef uid_t
|
||||||
Executable
+614
@@ -0,0 +1,614 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
# Output a system dependent set of variables, describing how to set the
|
||||||
|
# run time search path of shared libraries in an executable.
|
||||||
|
#
|
||||||
|
# Copyright 1996-2006 Free Software Foundation, Inc.
|
||||||
|
# Taken from GNU libtool, 2001
|
||||||
|
# Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
|
||||||
|
#
|
||||||
|
# This file is free software; the Free Software Foundation gives
|
||||||
|
# unlimited permission to copy and/or distribute it, with or without
|
||||||
|
# modifications, as long as this notice is preserved.
|
||||||
|
#
|
||||||
|
# The first argument passed to this file is the canonical host specification,
|
||||||
|
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
|
||||||
|
# or
|
||||||
|
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
|
||||||
|
# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld
|
||||||
|
# should be set by the caller.
|
||||||
|
#
|
||||||
|
# The set of defined variables is at the end of this script.
|
||||||
|
|
||||||
|
# Known limitations:
|
||||||
|
# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer
|
||||||
|
# than 256 bytes, otherwise the compiler driver will dump core. The only
|
||||||
|
# known workaround is to choose shorter directory names for the build
|
||||||
|
# directory and/or the installation directory.
|
||||||
|
|
||||||
|
# All known linkers require a `.a' archive for static linking (except MSVC,
|
||||||
|
# which needs '.lib').
|
||||||
|
libext=a
|
||||||
|
shrext=.so
|
||||||
|
|
||||||
|
host="$1"
|
||||||
|
host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'`
|
||||||
|
host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'`
|
||||||
|
host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'`
|
||||||
|
|
||||||
|
# Code taken from libtool.m4's _LT_CC_BASENAME.
|
||||||
|
|
||||||
|
for cc_temp in $CC""; do
|
||||||
|
case $cc_temp in
|
||||||
|
compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
|
||||||
|
distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
|
||||||
|
\-*) ;;
|
||||||
|
*) break;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'`
|
||||||
|
|
||||||
|
# Code taken from libtool.m4's AC_LIBTOOL_PROG_COMPILER_PIC.
|
||||||
|
|
||||||
|
wl=
|
||||||
|
if test "$GCC" = yes; then
|
||||||
|
wl='-Wl,'
|
||||||
|
else
|
||||||
|
case "$host_os" in
|
||||||
|
aix*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
darwin*)
|
||||||
|
case $cc_basename in
|
||||||
|
xlc*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
mingw* | pw32* | os2*)
|
||||||
|
;;
|
||||||
|
hpux9* | hpux10* | hpux11*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
irix5* | irix6* | nonstopux*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
newsos6)
|
||||||
|
;;
|
||||||
|
linux*)
|
||||||
|
case $cc_basename in
|
||||||
|
icc* | ecc*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
pgcc | pgf77 | pgf90)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
ccc*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
como)
|
||||||
|
wl='-lopt='
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
case `$CC -V 2>&1 | sed 5q` in
|
||||||
|
*Sun\ C*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
osf3* | osf4* | osf5*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
sco3.2v5*)
|
||||||
|
;;
|
||||||
|
solaris*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
sunos4*)
|
||||||
|
wl='-Qoption ld '
|
||||||
|
;;
|
||||||
|
sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
sysv4*MP*)
|
||||||
|
;;
|
||||||
|
unicos*)
|
||||||
|
wl='-Wl,'
|
||||||
|
;;
|
||||||
|
uts4*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Code taken from libtool.m4's AC_LIBTOOL_PROG_LD_SHLIBS.
|
||||||
|
|
||||||
|
hardcode_libdir_flag_spec=
|
||||||
|
hardcode_libdir_separator=
|
||||||
|
hardcode_direct=no
|
||||||
|
hardcode_minus_L=no
|
||||||
|
|
||||||
|
case "$host_os" in
|
||||||
|
cygwin* | mingw* | pw32*)
|
||||||
|
# FIXME: the MSVC++ port hasn't been tested in a loooong time
|
||||||
|
# When not using gcc, we currently assume that we are using
|
||||||
|
# Microsoft Visual C++.
|
||||||
|
if test "$GCC" != yes; then
|
||||||
|
with_gnu_ld=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
interix*)
|
||||||
|
# we just hope/assume this is gcc and not c89 (= MSVC++)
|
||||||
|
with_gnu_ld=yes
|
||||||
|
;;
|
||||||
|
openbsd*)
|
||||||
|
with_gnu_ld=no
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
ld_shlibs=yes
|
||||||
|
if test "$with_gnu_ld" = yes; then
|
||||||
|
# Set some defaults for GNU ld with shared library support. These
|
||||||
|
# are reset later if shared libraries are not supported. Putting them
|
||||||
|
# here allows them to be overridden if necessary.
|
||||||
|
# Unlike libtool, we use -rpath here, not --rpath, since the documented
|
||||||
|
# option of GNU ld is called -rpath, not --rpath.
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
|
||||||
|
case "$host_os" in
|
||||||
|
aix3* | aix4* | aix5*)
|
||||||
|
# On AIX/PPC, the GNU linker is very broken
|
||||||
|
if test "$host_cpu" != ia64; then
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
amigaos*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
# Samuel A. Falvo II <kc5tja@dolphin.openprojects.net> reports
|
||||||
|
# that the semantics of dynamic libraries on AmigaOS, at least up
|
||||||
|
# to version 4, is to share data among multiple programs linked
|
||||||
|
# with the same dynamic library. Since this doesn't match the
|
||||||
|
# behavior of shared libraries on other platforms, we cannot use
|
||||||
|
# them.
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
beos*)
|
||||||
|
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
cygwin* | mingw* | pw32*)
|
||||||
|
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||||
|
# no search path for DLLs.
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
interix3*)
|
||||||
|
hardcode_direct=no
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
|
||||||
|
;;
|
||||||
|
linux*)
|
||||||
|
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
netbsd*)
|
||||||
|
;;
|
||||||
|
solaris*)
|
||||||
|
if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then
|
||||||
|
ld_shlibs=no
|
||||||
|
elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
|
||||||
|
case `$LD -v 2>&1` in
|
||||||
|
*\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
|
||||||
|
hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`'
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
sunos4*)
|
||||||
|
hardcode_direct=yes
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
ld_shlibs=no
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
if test "$ld_shlibs" = no; then
|
||||||
|
hardcode_libdir_flag_spec=
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
case "$host_os" in
|
||||||
|
aix3*)
|
||||||
|
# Note: this linker hardcodes the directories in LIBPATH if there
|
||||||
|
# are no directories specified by -L.
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
if test "$GCC" = yes; then
|
||||||
|
# Neither direct hardcoding nor static linking is supported with a
|
||||||
|
# broken collect2.
|
||||||
|
hardcode_direct=unsupported
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
aix4* | aix5*)
|
||||||
|
if test "$host_cpu" = ia64; then
|
||||||
|
# On IA64, the linker does run time linking by default, so we don't
|
||||||
|
# have to do anything special.
|
||||||
|
aix_use_runtimelinking=no
|
||||||
|
else
|
||||||
|
aix_use_runtimelinking=no
|
||||||
|
# Test if we are trying to use run time linking or normal
|
||||||
|
# AIX style linking. If -brtl is somewhere in LDFLAGS, we
|
||||||
|
# need to do runtime linking.
|
||||||
|
case $host_os in aix4.[23]|aix4.[23].*|aix5*)
|
||||||
|
for ld_flag in $LDFLAGS; do
|
||||||
|
if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
|
||||||
|
aix_use_runtimelinking=yes
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
hardcode_direct=yes
|
||||||
|
hardcode_libdir_separator=':'
|
||||||
|
if test "$GCC" = yes; then
|
||||||
|
case $host_os in aix4.[012]|aix4.[012].*)
|
||||||
|
collect2name=`${CC} -print-prog-name=collect2`
|
||||||
|
if test -f "$collect2name" && \
|
||||||
|
strings "$collect2name" | grep resolve_lib_name >/dev/null
|
||||||
|
then
|
||||||
|
# We have reworked collect2
|
||||||
|
hardcode_direct=yes
|
||||||
|
else
|
||||||
|
# We have old collect2
|
||||||
|
hardcode_direct=unsupported
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
hardcode_libdir_separator=
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
# Begin _LT_AC_SYS_LIBPATH_AIX.
|
||||||
|
echo 'int main () { return 0; }' > conftest.c
|
||||||
|
${CC} ${LDFLAGS} conftest.c -o conftest
|
||||||
|
aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
|
||||||
|
}'`
|
||||||
|
if test -z "$aix_libpath"; then
|
||||||
|
aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; }
|
||||||
|
}'`
|
||||||
|
fi
|
||||||
|
if test -z "$aix_libpath"; then
|
||||||
|
aix_libpath="/usr/lib:/lib"
|
||||||
|
fi
|
||||||
|
rm -f conftest.c conftest
|
||||||
|
# End _LT_AC_SYS_LIBPATH_AIX.
|
||||||
|
if test "$aix_use_runtimelinking" = yes; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
|
||||||
|
else
|
||||||
|
if test "$host_cpu" = ia64; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
|
||||||
|
else
|
||||||
|
hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
amigaos*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
# see comment about different semantics on the GNU ld section
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
bsdi[45]*)
|
||||||
|
;;
|
||||||
|
cygwin* | mingw* | pw32*)
|
||||||
|
# When not using gcc, we currently assume that we are using
|
||||||
|
# Microsoft Visual C++.
|
||||||
|
# hardcode_libdir_flag_spec is actually meaningless, as there is
|
||||||
|
# no search path for DLLs.
|
||||||
|
hardcode_libdir_flag_spec=' '
|
||||||
|
libext=lib
|
||||||
|
;;
|
||||||
|
darwin* | rhapsody*)
|
||||||
|
hardcode_direct=no
|
||||||
|
if test "$GCC" = yes ; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
case $cc_basename in
|
||||||
|
xlc*)
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
dgux*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
;;
|
||||||
|
freebsd1*)
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
freebsd2.2*)
|
||||||
|
hardcode_libdir_flag_spec='-R$libdir'
|
||||||
|
hardcode_direct=yes
|
||||||
|
;;
|
||||||
|
freebsd2*)
|
||||||
|
hardcode_direct=yes
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
;;
|
||||||
|
freebsd* | kfreebsd*-gnu | dragonfly*)
|
||||||
|
hardcode_libdir_flag_spec='-R$libdir'
|
||||||
|
hardcode_direct=yes
|
||||||
|
;;
|
||||||
|
hpux9*)
|
||||||
|
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
hardcode_direct=yes
|
||||||
|
# hardcode_minus_L: Not really in the search PATH,
|
||||||
|
# but as the default location of the library.
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
;;
|
||||||
|
hpux10*)
|
||||||
|
if test "$with_gnu_ld" = no; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
hardcode_direct=yes
|
||||||
|
# hardcode_minus_L: Not really in the search PATH,
|
||||||
|
# but as the default location of the library.
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
hpux11*)
|
||||||
|
if test "$with_gnu_ld" = no; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
case $host_cpu in
|
||||||
|
hppa*64*|ia64*)
|
||||||
|
hardcode_direct=no
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
hardcode_direct=yes
|
||||||
|
# hardcode_minus_L: Not really in the search PATH,
|
||||||
|
# but as the default location of the library.
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
irix5* | irix6* | nonstopux*)
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
;;
|
||||||
|
netbsd*)
|
||||||
|
hardcode_libdir_flag_spec='-R$libdir'
|
||||||
|
hardcode_direct=yes
|
||||||
|
;;
|
||||||
|
newsos6)
|
||||||
|
hardcode_direct=yes
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
;;
|
||||||
|
openbsd*)
|
||||||
|
hardcode_direct=yes
|
||||||
|
if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
|
||||||
|
else
|
||||||
|
case "$host_os" in
|
||||||
|
openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
|
||||||
|
hardcode_libdir_flag_spec='-R$libdir'
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
os2*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
;;
|
||||||
|
osf3*)
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
;;
|
||||||
|
osf4* | osf5*)
|
||||||
|
if test "$GCC" = yes; then
|
||||||
|
hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
|
||||||
|
else
|
||||||
|
# Both cc and cxx compiler support -rpath directly
|
||||||
|
hardcode_libdir_flag_spec='-rpath $libdir'
|
||||||
|
fi
|
||||||
|
hardcode_libdir_separator=:
|
||||||
|
;;
|
||||||
|
solaris*)
|
||||||
|
hardcode_libdir_flag_spec='-R$libdir'
|
||||||
|
;;
|
||||||
|
sunos4*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
hardcode_direct=yes
|
||||||
|
hardcode_minus_L=yes
|
||||||
|
;;
|
||||||
|
sysv4)
|
||||||
|
case $host_vendor in
|
||||||
|
sni)
|
||||||
|
hardcode_direct=yes # is this really true???
|
||||||
|
;;
|
||||||
|
siemens)
|
||||||
|
hardcode_direct=no
|
||||||
|
;;
|
||||||
|
motorola)
|
||||||
|
hardcode_direct=no #Motorola manual says yes, but my tests say they lie
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
sysv4.3*)
|
||||||
|
;;
|
||||||
|
sysv4*MP*)
|
||||||
|
if test -d /usr/nec; then
|
||||||
|
ld_shlibs=yes
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7*)
|
||||||
|
;;
|
||||||
|
sysv5* | sco3.2v5* | sco5v6*)
|
||||||
|
hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`'
|
||||||
|
hardcode_libdir_separator=':'
|
||||||
|
;;
|
||||||
|
uts4*)
|
||||||
|
hardcode_libdir_flag_spec='-L$libdir'
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
ld_shlibs=no
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Check dynamic linker characteristics
|
||||||
|
# Code taken from libtool.m4's AC_LIBTOOL_SYS_DYNAMIC_LINKER.
|
||||||
|
libname_spec='lib$name'
|
||||||
|
case "$host_os" in
|
||||||
|
aix3*)
|
||||||
|
;;
|
||||||
|
aix4* | aix5*)
|
||||||
|
;;
|
||||||
|
amigaos*)
|
||||||
|
;;
|
||||||
|
beos*)
|
||||||
|
;;
|
||||||
|
bsdi[45]*)
|
||||||
|
;;
|
||||||
|
cygwin* | mingw* | pw32*)
|
||||||
|
shrext=.dll
|
||||||
|
;;
|
||||||
|
darwin* | rhapsody*)
|
||||||
|
shrext=.dylib
|
||||||
|
;;
|
||||||
|
dgux*)
|
||||||
|
;;
|
||||||
|
freebsd1*)
|
||||||
|
;;
|
||||||
|
kfreebsd*-gnu)
|
||||||
|
;;
|
||||||
|
freebsd* | dragonfly*)
|
||||||
|
;;
|
||||||
|
gnu*)
|
||||||
|
;;
|
||||||
|
hpux9* | hpux10* | hpux11*)
|
||||||
|
case $host_cpu in
|
||||||
|
ia64*)
|
||||||
|
shrext=.so
|
||||||
|
;;
|
||||||
|
hppa*64*)
|
||||||
|
shrext=.sl
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
shrext=.sl
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
interix3*)
|
||||||
|
;;
|
||||||
|
irix5* | irix6* | nonstopux*)
|
||||||
|
case "$host_os" in
|
||||||
|
irix5* | nonstopux*)
|
||||||
|
libsuff= shlibsuff=
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
case $LD in
|
||||||
|
*-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;;
|
||||||
|
*-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;;
|
||||||
|
*-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;;
|
||||||
|
*) libsuff= shlibsuff= ;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
;;
|
||||||
|
linux*oldld* | linux*aout* | linux*coff*)
|
||||||
|
;;
|
||||||
|
linux*)
|
||||||
|
;;
|
||||||
|
knetbsd*-gnu)
|
||||||
|
;;
|
||||||
|
netbsd*)
|
||||||
|
;;
|
||||||
|
newsos6)
|
||||||
|
;;
|
||||||
|
nto-qnx*)
|
||||||
|
;;
|
||||||
|
openbsd*)
|
||||||
|
;;
|
||||||
|
os2*)
|
||||||
|
libname_spec='$name'
|
||||||
|
shrext=.dll
|
||||||
|
;;
|
||||||
|
osf3* | osf4* | osf5*)
|
||||||
|
;;
|
||||||
|
solaris*)
|
||||||
|
;;
|
||||||
|
sunos4*)
|
||||||
|
;;
|
||||||
|
sysv4 | sysv4.3*)
|
||||||
|
;;
|
||||||
|
sysv4*MP*)
|
||||||
|
;;
|
||||||
|
sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
|
||||||
|
;;
|
||||||
|
uts4*)
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
|
||||||
|
escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"`
|
||||||
|
shlibext=`echo "$shrext" | sed -e 's,^\.,,'`
|
||||||
|
escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"`
|
||||||
|
|
||||||
|
LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <<EOF
|
||||||
|
|
||||||
|
# How to pass a linker flag through the compiler.
|
||||||
|
wl="$escaped_wl"
|
||||||
|
|
||||||
|
# Static library suffix (normally "a").
|
||||||
|
libext="$libext"
|
||||||
|
|
||||||
|
# Shared library suffix (normally "so").
|
||||||
|
shlibext="$shlibext"
|
||||||
|
|
||||||
|
# Flag to hardcode \$libdir into a binary during linking.
|
||||||
|
# This must work even if \$libdir does not exist.
|
||||||
|
hardcode_libdir_flag_spec="$escaped_hardcode_libdir_flag_spec"
|
||||||
|
|
||||||
|
# Whether we need a single -rpath flag with a separated argument.
|
||||||
|
hardcode_libdir_separator="$hardcode_libdir_separator"
|
||||||
|
|
||||||
|
# Set to yes if using DIR/libNAME.so during linking hardcodes DIR into the
|
||||||
|
# resulting binary.
|
||||||
|
hardcode_direct="$hardcode_direct"
|
||||||
|
|
||||||
|
# Set to yes if using the -LDIR flag during linking hardcodes DIR into the
|
||||||
|
# resulting binary.
|
||||||
|
hardcode_minus_L="$hardcode_minus_L"
|
||||||
|
|
||||||
|
EOF
|
||||||
+1801
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
+122
-33
@@ -1,16 +1,29 @@
|
|||||||
dnl Process this file with autoconf to produce a configure script.
|
dnl Process this file with autoconf to produce a configure script.
|
||||||
AC_INIT
|
AC_PREREQ([2.69])
|
||||||
AM_INIT_AUTOMAKE(shadow, 4.2)
|
m4_define([libsubid_abi_major], 3)
|
||||||
|
m4_define([libsubid_abi_minor], 0)
|
||||||
|
m4_define([libsubid_abi_micro], 0)
|
||||||
|
m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
|
||||||
|
AC_INIT([shadow], [4.9], [pkg-shadow-devel@lists.alioth.debian.org], [],
|
||||||
|
[https://github.com/shadow-maint/shadow])
|
||||||
|
AM_INIT_AUTOMAKE([1.11 foreign dist-xz])
|
||||||
|
AC_CONFIG_MACRO_DIRS([m4])
|
||||||
|
AM_SILENT_RULES([yes])
|
||||||
AC_CONFIG_HEADERS([config.h])
|
AC_CONFIG_HEADERS([config.h])
|
||||||
|
|
||||||
|
AC_SUBST([LIBSUBID_ABI_MAJOR], [libsubid_abi_major])
|
||||||
|
AC_SUBST([LIBSUBID_ABI_MINOR], [libsubid_abi_minor])
|
||||||
|
AC_SUBST([LIBSUBID_ABI_MICRO], [libsubid_abi_micro])
|
||||||
|
AC_SUBST([LIBSUBID_ABI], [libsubid_abi])
|
||||||
|
|
||||||
dnl Some hacks...
|
dnl Some hacks...
|
||||||
test "$prefix" = "NONE" && prefix="/usr"
|
test "$prefix" = "NONE" && prefix="/usr"
|
||||||
test "$prefix" = "/usr" && exec_prefix=""
|
test "$prefix" = "/usr" && exec_prefix=""
|
||||||
|
|
||||||
AC_GNU_SOURCE
|
AC_GNU_SOURCE
|
||||||
|
|
||||||
AM_DISABLE_SHARED
|
|
||||||
AM_ENABLE_STATIC
|
AM_ENABLE_STATIC
|
||||||
|
AM_ENABLE_SHARED
|
||||||
|
|
||||||
AM_MAINTAINER_MODE
|
AM_MAINTAINER_MODE
|
||||||
|
|
||||||
@@ -29,20 +42,21 @@ AC_HEADER_STDC
|
|||||||
AC_HEADER_SYS_WAIT
|
AC_HEADER_SYS_WAIT
|
||||||
AC_HEADER_STDBOOL
|
AC_HEADER_STDBOOL
|
||||||
|
|
||||||
AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
|
AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
|
||||||
utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
|
utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
|
||||||
utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
|
utime.h ulimit.h sys/capability.h sys/random.h sys/resource.h \
|
||||||
locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
|
gshadow.h lastlog.h locale.h rpc/key_prot.h netdb.h acl/libacl.h \
|
||||||
attr/error_context.h)
|
attr/libattr.h attr/error_context.h)
|
||||||
|
|
||||||
dnl shadow now uses the libc's shadow implementation
|
dnl shadow now uses the libc's shadow implementation
|
||||||
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
AC_CHECK_HEADER([shadow.h],,[AC_MSG_ERROR([You need a libc with shadow.h])])
|
||||||
|
|
||||||
AC_CHECK_FUNCS(l64a fchmod fchown fsync futimes getgroups gethostname getspnam \
|
AC_CHECK_FUNCS(arc4random_buf l64a fchmod fchown fsync futimes getgroups \
|
||||||
gettimeofday getusershell getutent initgroups lchown lckpwdf lstat \
|
gethostname getentropy getrandom getspnam gettimeofday getusershell \
|
||||||
lutimes memcpy memset setgroups sigaction strchr updwtmp updwtmpx innetgr \
|
getutent initgroups lchown lckpwdf lstat lutimes memcpy memset \
|
||||||
getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo \
|
setgroups sigaction strchr updwtmp updwtmpx innetgr getpwnam_r \
|
||||||
ruserok)
|
getpwuid_r getgrnam_r getgrgid_r getspnam_r getaddrinfo ruserok \
|
||||||
|
dlopen)
|
||||||
AC_SYS_LARGEFILE
|
AC_SYS_LARGEFILE
|
||||||
|
|
||||||
dnl Checks for typedefs, structures, and compiler characteristics.
|
dnl Checks for typedefs, structures, and compiler characteristics.
|
||||||
@@ -71,12 +85,6 @@ AC_CHECK_MEMBERS([struct utmp.ut_type,
|
|||||||
struct utmp.ut_time,
|
struct utmp.ut_time,
|
||||||
struct utmp.ut_xtime,
|
struct utmp.ut_xtime,
|
||||||
struct utmp.ut_tv],,,[[#include <utmp.h>]])
|
struct utmp.ut_tv],,,[[#include <utmp.h>]])
|
||||||
dnl There are dependencies:
|
|
||||||
dnl If UTMPX has to be used, the utmp structure shall have a ut_id field.
|
|
||||||
if test "$ac_cv_header_utmpx_h" = "yes" &&
|
|
||||||
test "$ac_cv_member_struct_utmp_ut_id" != "yes"; then
|
|
||||||
AC_MSG_ERROR(Systems with UTMPX and no ut_id field in the utmp structure are not supported)
|
|
||||||
fi
|
|
||||||
|
|
||||||
AC_CHECK_MEMBERS([struct utmpx.ut_name,
|
AC_CHECK_MEMBERS([struct utmpx.ut_name,
|
||||||
struct utmpx.ut_host,
|
struct utmpx.ut_host,
|
||||||
@@ -113,6 +121,9 @@ AC_REPLACE_FUNCS(sgetgrent sgetpwent sgetspent)
|
|||||||
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
|
AC_REPLACE_FUNCS(snprintf strcasecmp strdup strerror strstr)
|
||||||
|
|
||||||
AC_CHECK_FUNC(setpgrp)
|
AC_CHECK_FUNC(setpgrp)
|
||||||
|
AC_CHECK_FUNC(secure_getenv, [AC_DEFINE(HAS_SECURE_GETENV,
|
||||||
|
1,
|
||||||
|
[Defined to 1 if you have the declaration of 'secure_getenv'])])
|
||||||
|
|
||||||
if test "$ac_cv_header_shadow_h" = "yes"; then
|
if test "$ac_cv_header_shadow_h" = "yes"; then
|
||||||
AC_CACHE_CHECK(for working shadow group support,
|
AC_CACHE_CHECK(for working shadow group support,
|
||||||
@@ -226,7 +237,7 @@ AC_ARG_ENABLE(account-tools-setuid,
|
|||||||
*) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
|
*) AC_MSG_ERROR(bad value ${enableval} for --enable-account-tools-setuid)
|
||||||
;;
|
;;
|
||||||
esac],
|
esac],
|
||||||
[enable_acct_tools_setuid="maybe"]
|
[enable_acct_tools_setuid="no"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_ARG_ENABLE(utmpx,
|
AC_ARG_ENABLE(utmpx,
|
||||||
@@ -247,12 +258,15 @@ AC_ARG_ENABLE(subordinate-ids,
|
|||||||
[enable_subids="maybe"]
|
[enable_subids="maybe"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_ARG_WITH(audit,
|
AC_ARG_WITH(audit,
|
||||||
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
[AC_HELP_STRING([--with-audit], [use auditing support @<:@default=yes if found@:>@])],
|
||||||
[with_audit=$withval], [with_audit=maybe])
|
[with_audit=$withval], [with_audit=maybe])
|
||||||
AC_ARG_WITH(libpam,
|
AC_ARG_WITH(libpam,
|
||||||
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
[AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])],
|
||||||
[with_libpam=$withval], [with_libpam=maybe])
|
[with_libpam=$withval], [with_libpam=maybe])
|
||||||
|
AC_ARG_WITH(btrfs,
|
||||||
|
[AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])],
|
||||||
|
[with_btrfs=$withval], [with_btrfs=maybe])
|
||||||
AC_ARG_WITH(selinux,
|
AC_ARG_WITH(selinux,
|
||||||
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
[AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])],
|
||||||
[with_selinux=$withval], [with_selinux=maybe])
|
[with_selinux=$withval], [with_selinux=maybe])
|
||||||
@@ -274,12 +288,24 @@ AC_ARG_WITH(libcrack,
|
|||||||
AC_ARG_WITH(sha-crypt,
|
AC_ARG_WITH(sha-crypt,
|
||||||
[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
|
[AC_HELP_STRING([--with-sha-crypt], [allow the SHA256 and SHA512 password encryption algorithms @<:@default=yes@:>@])],
|
||||||
[with_sha_crypt=$withval], [with_sha_crypt=yes])
|
[with_sha_crypt=$withval], [with_sha_crypt=yes])
|
||||||
|
AC_ARG_WITH(bcrypt,
|
||||||
|
[AC_HELP_STRING([--with-bcrypt], [allow the bcrypt password encryption algorithm @<:@default=no@:>@])],
|
||||||
|
[with_bcrypt=$withval], [with_bcrypt=no])
|
||||||
|
AC_ARG_WITH(yescrypt,
|
||||||
|
[AC_HELP_STRING([--with-yescrypt], [allow the yescrypt password encryption algorithm @<:@default=no@:>@])],
|
||||||
|
[with_yescrypt=$withval], [with_yescrypt=no])
|
||||||
AC_ARG_WITH(nscd,
|
AC_ARG_WITH(nscd,
|
||||||
[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
|
[AC_HELP_STRING([--with-nscd], [enable support for nscd @<:@default=yes@:>@])],
|
||||||
[with_nscd=$withval], [with_nscd=yes])
|
[with_nscd=$withval], [with_nscd=yes])
|
||||||
|
AC_ARG_WITH(sssd,
|
||||||
|
[AC_HELP_STRING([--with-sssd], [enable support for flushing sssd caches @<:@default=yes@:>@])],
|
||||||
|
[with_sssd=$withval], [with_sssd=yes])
|
||||||
AC_ARG_WITH(group-name-max-length,
|
AC_ARG_WITH(group-name-max-length,
|
||||||
[AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
|
[AC_HELP_STRING([--with-group-name-max-length], [set max group name length @<:@default=16@:>@])],
|
||||||
[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
|
[with_group_name_max_length=$withval], [with_group_name_max_length=yes])
|
||||||
|
AC_ARG_WITH(su,
|
||||||
|
[AC_HELP_STRING([--with-su], [build and install su program and man page @<:@default=yes@:>@])],
|
||||||
|
[with_su=$withval], [with_su=yes])
|
||||||
|
|
||||||
if test "$with_group_name_max_length" = "no" ; then
|
if test "$with_group_name_max_length" = "no" ; then
|
||||||
with_group_name_max_length=0
|
with_group_name_max_length=0
|
||||||
@@ -295,12 +321,31 @@ if test "$with_sha_crypt" = "yes"; then
|
|||||||
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes")
|
||||||
|
if test "$with_bcrypt" = "yes"; then
|
||||||
|
AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm])
|
||||||
|
fi
|
||||||
|
|
||||||
|
AM_CONDITIONAL(USE_YESCRYPT, test "x$with_yescrypt" = "xyes")
|
||||||
|
if test "$with_yescrypt" = "yes"; then
|
||||||
|
AC_DEFINE(USE_YESCRYPT, 1, [Define to allow the yescrypt password encryption algorithm])
|
||||||
|
fi
|
||||||
|
|
||||||
if test "$with_nscd" = "yes"; then
|
if test "$with_nscd" = "yes"; then
|
||||||
AC_CHECK_FUNC(posix_spawn,
|
AC_CHECK_FUNC(posix_spawn,
|
||||||
[AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
|
[AC_DEFINE(USE_NSCD, 1, [Define to support flushing of nscd caches])],
|
||||||
[AC_MSG_ERROR([posix_spawn is needed for nscd support])])
|
[AC_MSG_ERROR([posix_spawn is needed for nscd support])])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "$with_sssd" = "yes"; then
|
||||||
|
AC_CHECK_FUNC(posix_spawn,
|
||||||
|
[AC_DEFINE(USE_SSSD, 1, [Define to support flushing of sssd caches])],
|
||||||
|
[AC_MSG_ERROR([posix_spawn is needed for sssd support])])
|
||||||
|
fi
|
||||||
|
|
||||||
|
AS_IF([test "$with_su" != "no"], AC_DEFINE(WITH_SU, 1, [Build with su])])
|
||||||
|
AM_CONDITIONAL([WITH_SU], [test "x$with_su" != "xno"])
|
||||||
|
|
||||||
dnl Check for some functions in libc first, only if not found check for
|
dnl Check for some functions in libc first, only if not found check for
|
||||||
dnl other libraries. This should prevent linking libnsl if not really
|
dnl other libraries. This should prevent linking libnsl if not really
|
||||||
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
|
dnl needed (Linux glibc, Irix), but still link it if needed (Solaris).
|
||||||
@@ -309,6 +354,17 @@ AC_SEARCH_LIBS(inet_ntoa, inet)
|
|||||||
AC_SEARCH_LIBS(socket, socket)
|
AC_SEARCH_LIBS(socket, socket)
|
||||||
AC_SEARCH_LIBS(gethostbyname, nsl)
|
AC_SEARCH_LIBS(gethostbyname, nsl)
|
||||||
|
|
||||||
|
AC_CHECK_LIB([econf],[econf_readDirs],[LIBECONF="-leconf"],[LIBECONF=""])
|
||||||
|
if test -n "$LIBECONF"; then
|
||||||
|
ECONF_CPPFLAGS="-DUSE_ECONF=1"
|
||||||
|
AC_ARG_ENABLE([vendordir],
|
||||||
|
AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
|
||||||
|
fi
|
||||||
|
AC_SUBST(ECONF_CPPFLAGS)
|
||||||
|
AC_SUBST(LIBECONF)
|
||||||
|
AC_SUBST([VENDORDIR], [$enable_vendordir])
|
||||||
|
AM_CONDITIONAL([HAVE_VENDORDIR], [test "x$enable_vendordir" != x])
|
||||||
|
|
||||||
if test "$enable_shadowgrp" = "yes"; then
|
if test "$enable_shadowgrp" = "yes"; then
|
||||||
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
AC_DEFINE(SHADOWGRP, 1, [Define to support the shadow group file.])
|
||||||
fi
|
fi
|
||||||
@@ -321,11 +377,12 @@ if test "$enable_man" = "yes"; then
|
|||||||
AC_PATH_PROG([XSLTPROC], [xsltproc])
|
AC_PATH_PROG([XSLTPROC], [xsltproc])
|
||||||
if test -z "$XSLTPROC"; then
|
if test -z "$XSLTPROC"; then
|
||||||
enable_man=no
|
enable_man=no
|
||||||
|
AC_MSG_ERROR([xsltproc is missing.])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dnl check for DocBook DTD and stylesheets in the local catalog.
|
dnl check for DocBook DTD and stylesheets in the local catalog.
|
||||||
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN],
|
JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.5//EN],
|
||||||
[DocBook XML DTD V4.1.2], [], enable_man=no)
|
[DocBook XML DTD V4.5], [], enable_man=no)
|
||||||
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
|
JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
|
||||||
[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
|
[DocBook XSL Stylesheets >= 1.70.1], [], enable_man=no)
|
||||||
fi
|
fi
|
||||||
@@ -335,16 +392,10 @@ if test "$enable_subids" != "no"; then
|
|||||||
dnl
|
dnl
|
||||||
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
|
dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc
|
||||||
dnl
|
dnl
|
||||||
AC_RUN_IFELSE([AC_LANG_SOURCE([
|
AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"])
|
||||||
#include <sys/types.h>
|
AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"])
|
||||||
int main(void) {
|
|
||||||
uid_t u;
|
|
||||||
gid_t g;
|
|
||||||
return (sizeof u < 4) || (sizeof g < 4);
|
|
||||||
}
|
|
||||||
])], [id32bit="yes"], [id32bit="no"])
|
|
||||||
|
|
||||||
if test "x$id32bit" = "xyes"; then
|
if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then
|
||||||
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
|
AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.])
|
||||||
enable_subids="yes"
|
enable_subids="yes"
|
||||||
else
|
else
|
||||||
@@ -360,6 +411,10 @@ AC_SUBST(LIBCRYPT)
|
|||||||
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
AC_CHECK_LIB(crypt, crypt, [LIBCRYPT=-lcrypt],
|
||||||
[AC_MSG_ERROR([crypt() not found])])
|
[AC_MSG_ERROR([crypt() not found])])
|
||||||
|
|
||||||
|
AC_SUBST(LIYESCRYPT)
|
||||||
|
AC_CHECK_LIB(crypt, crypt, [LIYESCRYPT=-lcrypt],
|
||||||
|
[AC_MSG_ERROR([crypt() not found])])
|
||||||
|
|
||||||
AC_SUBST(LIBACL)
|
AC_SUBST(LIBACL)
|
||||||
if test "$with_acl" != "no"; then
|
if test "$with_acl" != "no"; then
|
||||||
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
|
AC_CHECK_HEADERS(acl/libacl.h attr/error_context.h, [acl_header="yes"], [acl_header="no"])
|
||||||
@@ -455,6 +510,20 @@ if test "$with_libcrack" = "yes"; then
|
|||||||
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.]))
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test "$with_btrfs" != "no"; then
|
||||||
|
AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \
|
||||||
|
[btrfs_headers="yes"], [btrfs_headers="no"])
|
||||||
|
if test "$btrfs_headers$with_btrfs" = "noyes" ; then
|
||||||
|
AC_MSG_ERROR([One of sys/statfs.h linux/magic.h linux/btrfs_tree.h is missing])
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test "$btrfs_headers" = "yes" ; then
|
||||||
|
AC_DEFINE(WITH_BTRFS, 1, [Build shadow with BtrFS support])
|
||||||
|
with_btrfs="yes"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
AM_CONDITIONAL(WITH_BTRFS, test x$with_btrfs = xyes)
|
||||||
|
|
||||||
AC_SUBST(LIBSELINUX)
|
AC_SUBST(LIBSELINUX)
|
||||||
AC_SUBST(LIBSEMANAGE)
|
AC_SUBST(LIBSEMANAGE)
|
||||||
if test "$with_selinux" != "no"; then
|
if test "$with_selinux" != "no"; then
|
||||||
@@ -479,7 +548,7 @@ if test "$with_selinux" != "no"; then
|
|||||||
AC_MSG_ERROR([libsemanage not found])
|
AC_MSG_ERROR([libsemanage not found])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if test "$selinux_lib$semanage_lib" == "yesyes" ; then
|
if test "$selinux_lib$semanage_lib" = "yesyes" ; then
|
||||||
AC_DEFINE(WITH_SELINUX, 1,
|
AC_DEFINE(WITH_SELINUX, 1,
|
||||||
[Build shadow with SELinux support])
|
[Build shadow with SELinux support])
|
||||||
LIBSELINUX="-lselinux"
|
LIBSELINUX="-lselinux"
|
||||||
@@ -569,7 +638,7 @@ if test "$with_libpam" = "yes"; then
|
|||||||
LIBS=$save_libs
|
LIBS=$save_libs
|
||||||
|
|
||||||
AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
|
AC_DEFINE(USE_PAM, 1, [Define to support Pluggable Authentication Modules])
|
||||||
AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM converstation to use])
|
AC_DEFINE_UNQUOTED(SHADOW_PAM_CONVERSATION, [$pam_conv_function],[PAM conversation to use])
|
||||||
AM_CONDITIONAL(USE_PAM, [true])
|
AM_CONDITIONAL(USE_PAM, [true])
|
||||||
|
|
||||||
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
AC_MSG_CHECKING(use login and su access checking if PAM not used)
|
||||||
@@ -599,6 +668,19 @@ if test "$enable_acct_tools_setuid" != "no"; then
|
|||||||
fi
|
fi
|
||||||
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
AM_CONDITIONAL(ACCT_TOOLS_SETUID, test "x$enable_acct_tools_setuid" = "xyes")
|
||||||
|
|
||||||
|
|
||||||
|
AC_ARG_WITH(fcaps,
|
||||||
|
[AC_HELP_STRING([--with-fcaps], [use file capabilities instead of suid binaries for newuidmap/newgidmap @<:@default=no@:>@])],
|
||||||
|
[with_fcaps=$withval], [with_fcaps=no])
|
||||||
|
AM_CONDITIONAL(FCAPS, test "x$with_fcaps" = "xyes")
|
||||||
|
|
||||||
|
if test "x$with_fcaps" = "xyes"; then
|
||||||
|
AC_CHECK_PROGS(capcmd, "setcap")
|
||||||
|
if test "x$capcmd" = "x" ; then
|
||||||
|
AC_MSG_ERROR([setcap command not available])
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
AC_SUBST(LIBSKEY)
|
AC_SUBST(LIBSKEY)
|
||||||
AC_SUBST(LIBMD)
|
AC_SUBST(LIBMD)
|
||||||
if test "$with_skey" = "yes"; then
|
if test "$with_skey" = "yes"; then
|
||||||
@@ -656,6 +738,7 @@ AC_CONFIG_FILES([
|
|||||||
man/zh_TW/Makefile
|
man/zh_TW/Makefile
|
||||||
libmisc/Makefile
|
libmisc/Makefile
|
||||||
lib/Makefile
|
lib/Makefile
|
||||||
|
libsubid/Makefile
|
||||||
src/Makefile
|
src/Makefile
|
||||||
contrib/Makefile
|
contrib/Makefile
|
||||||
etc/Makefile
|
etc/Makefile
|
||||||
@@ -674,12 +757,18 @@ if test "$with_libpam" = "yes"; then
|
|||||||
echo " suid account management tools: $enable_acct_tools_setuid"
|
echo " suid account management tools: $enable_acct_tools_setuid"
|
||||||
fi
|
fi
|
||||||
echo " SELinux support: $with_selinux"
|
echo " SELinux support: $with_selinux"
|
||||||
|
echo " BtrFS support: $with_btrfs"
|
||||||
echo " ACL support: $with_acl"
|
echo " ACL support: $with_acl"
|
||||||
echo " Extended Attributes support: $with_attr"
|
echo " Extended Attributes support: $with_attr"
|
||||||
echo " tcb support (incomplete): $with_tcb"
|
echo " tcb support (incomplete): $with_tcb"
|
||||||
echo " shadow group support: $enable_shadowgrp"
|
echo " shadow group support: $enable_shadowgrp"
|
||||||
echo " S/Key support: $with_skey"
|
echo " S/Key support: $with_skey"
|
||||||
echo " SHA passwords encryption: $with_sha_crypt"
|
echo " SHA passwords encryption: $with_sha_crypt"
|
||||||
|
echo " bcrypt passwords encryption: $with_bcrypt"
|
||||||
|
echo " yescrypt passwords encryption: $with_yescrypt"
|
||||||
echo " nscd support: $with_nscd"
|
echo " nscd support: $with_nscd"
|
||||||
|
echo " sssd support: $with_sssd"
|
||||||
echo " subordinate IDs support: $enable_subids"
|
echo " subordinate IDs support: $enable_subids"
|
||||||
|
echo " use file caps: $with_fcaps"
|
||||||
|
echo " install su: $with_su"
|
||||||
echo
|
echo
|
||||||
@@ -0,0 +1,488 @@
|
|||||||
|
# Makefile.in generated by automake 1.15.1 from Makefile.am.
|
||||||
|
# @configure_input@
|
||||||
|
|
||||||
|
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
|
||||||
|
|
||||||
|
# This Makefile.in is free software; the Free Software Foundation
|
||||||
|
# gives unlimited permission to copy and/or distribute it,
|
||||||
|
# with or without modifications, as long as this notice is preserved.
|
||||||
|
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
|
||||||
|
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
|
||||||
|
# PARTICULAR PURPOSE.
|
||||||
|
|
||||||
|
@SET_MAKE@
|
||||||
|
|
||||||
|
# This is a dummy Makefile.am to get automake work flawlessly,
|
||||||
|
# and also cooperate to make a distribution for `make dist'
|
||||||
|
VPATH = @srcdir@
|
||||||
|
am__is_gnu_make = { \
|
||||||
|
if test -z '$(MAKELEVEL)'; then \
|
||||||
|
false; \
|
||||||
|
elif test -n '$(MAKE_HOST)'; then \
|
||||||
|
true; \
|
||||||
|
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
|
||||||
|
true; \
|
||||||
|
else \
|
||||||
|
false; \
|
||||||
|
fi; \
|
||||||
|
}
|
||||||
|
am__make_running_with_option = \
|
||||||
|
case $${target_option-} in \
|
||||||
|
?) ;; \
|
||||||
|
*) echo "am__make_running_with_option: internal error: invalid" \
|
||||||
|
"target option '$${target_option-}' specified" >&2; \
|
||||||
|
exit 1;; \
|
||||||
|
esac; \
|
||||||
|
has_opt=no; \
|
||||||
|
sane_makeflags=$$MAKEFLAGS; \
|
||||||
|
if $(am__is_gnu_make); then \
|
||||||
|
sane_makeflags=$$MFLAGS; \
|
||||||
|
else \
|
||||||
|
case $$MAKEFLAGS in \
|
||||||
|
*\\[\ \ ]*) \
|
||||||
|
bs=\\; \
|
||||||
|
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
|
||||||
|
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
|
||||||
|
esac; \
|
||||||
|
fi; \
|
||||||
|
skip_next=no; \
|
||||||
|
strip_trailopt () \
|
||||||
|
{ \
|
||||||
|
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
|
||||||
|
}; \
|
||||||
|
for flg in $$sane_makeflags; do \
|
||||||
|
test $$skip_next = yes && { skip_next=no; continue; }; \
|
||||||
|
case $$flg in \
|
||||||
|
*=*|--*) continue;; \
|
||||||
|
-*I) strip_trailopt 'I'; skip_next=yes;; \
|
||||||
|
-*I?*) strip_trailopt 'I';; \
|
||||||
|
-*O) strip_trailopt 'O'; skip_next=yes;; \
|
||||||
|
-*O?*) strip_trailopt 'O';; \
|
||||||
|
-*l) strip_trailopt 'l'; skip_next=yes;; \
|
||||||
|
-*l?*) strip_trailopt 'l';; \
|
||||||
|
-[dEDm]) skip_next=yes;; \
|
||||||
|
-[JT]) skip_next=yes;; \
|
||||||
|
esac; \
|
||||||
|
case $$flg in \
|
||||||
|
*$$target_option*) has_opt=yes; break;; \
|
||||||
|
esac; \
|
||||||
|
done; \
|
||||||
|
test $$has_opt = yes
|
||||||
|
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
|
||||||
|
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
|
||||||
|
pkgdatadir = $(datadir)/@PACKAGE@
|
||||||
|
pkgincludedir = $(includedir)/@PACKAGE@
|
||||||
|
pkglibdir = $(libdir)/@PACKAGE@
|
||||||
|
pkglibexecdir = $(libexecdir)/@PACKAGE@
|
||||||
|
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
|
||||||
|
install_sh_DATA = $(install_sh) -c -m 644
|
||||||
|
install_sh_PROGRAM = $(install_sh) -c
|
||||||
|
install_sh_SCRIPT = $(install_sh) -c
|
||||||
|
INSTALL_HEADER = $(INSTALL_DATA)
|
||||||
|
transform = $(program_transform_name)
|
||||||
|
NORMAL_INSTALL = :
|
||||||
|
PRE_INSTALL = :
|
||||||
|
POST_INSTALL = :
|
||||||
|
NORMAL_UNINSTALL = :
|
||||||
|
PRE_UNINSTALL = :
|
||||||
|
POST_UNINSTALL = :
|
||||||
|
build_triplet = @build@
|
||||||
|
host_triplet = @host@
|
||||||
|
subdir = contrib
|
||||||
|
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
|
||||||
|
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
|
||||||
|
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/lib-ld.m4 \
|
||||||
|
$(top_srcdir)/m4/lib-link.m4 $(top_srcdir)/m4/lib-prefix.m4 \
|
||||||
|
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
|
||||||
|
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
|
||||||
|
$(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/nls.m4 \
|
||||||
|
$(top_srcdir)/m4/po.m4 $(top_srcdir)/m4/progtest.m4 \
|
||||||
|
$(top_srcdir)/acinclude.m4 $(top_srcdir)/configure.ac
|
||||||
|
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
|
||||||
|
$(ACLOCAL_M4)
|
||||||
|
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
|
||||||
|
mkinstalldirs = $(install_sh) -d
|
||||||
|
CONFIG_HEADER = $(top_builddir)/config.h
|
||||||
|
CONFIG_CLEAN_FILES =
|
||||||
|
CONFIG_CLEAN_VPATH_FILES =
|
||||||
|
AM_V_P = $(am__v_P_@AM_V@)
|
||||||
|
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
|
||||||
|
am__v_P_0 = false
|
||||||
|
am__v_P_1 = :
|
||||||
|
AM_V_GEN = $(am__v_GEN_@AM_V@)
|
||||||
|
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
|
||||||
|
am__v_GEN_0 = @echo " GEN " $@;
|
||||||
|
am__v_GEN_1 =
|
||||||
|
AM_V_at = $(am__v_at_@AM_V@)
|
||||||
|
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
|
||||||
|
am__v_at_0 = @
|
||||||
|
am__v_at_1 =
|
||||||
|
SOURCES =
|
||||||
|
DIST_SOURCES =
|
||||||
|
am__can_run_installinfo = \
|
||||||
|
case $$AM_UPDATE_INFO_DIR in \
|
||||||
|
n|no|NO) false;; \
|
||||||
|
*) (install-info --version) >/dev/null 2>&1;; \
|
||||||
|
esac
|
||||||
|
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
|
||||||
|
am__DIST_COMMON = $(srcdir)/Makefile.in README
|
||||||
|
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
|
||||||
|
ACLOCAL = @ACLOCAL@
|
||||||
|
AMTAR = @AMTAR@
|
||||||
|
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
|
||||||
|
AR = @AR@
|
||||||
|
AUTOCONF = @AUTOCONF@
|
||||||
|
AUTOHEADER = @AUTOHEADER@
|
||||||
|
AUTOMAKE = @AUTOMAKE@
|
||||||
|
AWK = @AWK@
|
||||||
|
CC = @CC@
|
||||||
|
CCDEPMODE = @CCDEPMODE@
|
||||||
|
CFLAGS = @CFLAGS@
|
||||||
|
CPP = @CPP@
|
||||||
|
CPPFLAGS = @CPPFLAGS@
|
||||||
|
CYGPATH_W = @CYGPATH_W@
|
||||||
|
DEFS = @DEFS@
|
||||||
|
DEPDIR = @DEPDIR@
|
||||||
|
DLLTOOL = @DLLTOOL@
|
||||||
|
DSYMUTIL = @DSYMUTIL@
|
||||||
|
DUMPBIN = @DUMPBIN@
|
||||||
|
ECHO_C = @ECHO_C@
|
||||||
|
ECHO_N = @ECHO_N@
|
||||||
|
ECHO_T = @ECHO_T@
|
||||||
|
ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
|
||||||
|
EGREP = @EGREP@
|
||||||
|
EXEEXT = @EXEEXT@
|
||||||
|
FGREP = @FGREP@
|
||||||
|
GMSGFMT = @GMSGFMT@
|
||||||
|
GMSGFMT_015 = @GMSGFMT_015@
|
||||||
|
GREP = @GREP@
|
||||||
|
GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
|
||||||
|
INSTALL = @INSTALL@
|
||||||
|
INSTALL_DATA = @INSTALL_DATA@
|
||||||
|
INSTALL_PROGRAM = @INSTALL_PROGRAM@
|
||||||
|
INSTALL_SCRIPT = @INSTALL_SCRIPT@
|
||||||
|
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
|
||||||
|
INTLLIBS = @INTLLIBS@
|
||||||
|
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
|
||||||
|
LD = @LD@
|
||||||
|
LDFLAGS = @LDFLAGS@
|
||||||
|
LIBACL = @LIBACL@
|
||||||
|
LIBATTR = @LIBATTR@
|
||||||
|
LIBAUDIT = @LIBAUDIT@
|
||||||
|
LIBCRACK = @LIBCRACK@
|
||||||
|
LIBCRYPT = @LIBCRYPT@
|
||||||
|
LIBECONF = @LIBECONF@
|
||||||
|
LIBICONV = @LIBICONV@
|
||||||
|
LIBINTL = @LIBINTL@
|
||||||
|
LIBMD = @LIBMD@
|
||||||
|
LIBOBJS = @LIBOBJS@
|
||||||
|
LIBPAM = @LIBPAM@
|
||||||
|
LIBS = @LIBS@
|
||||||
|
LIBSELINUX = @LIBSELINUX@
|
||||||
|
LIBSEMANAGE = @LIBSEMANAGE@
|
||||||
|
LIBSKEY = @LIBSKEY@
|
||||||
|
LIBSUBID_ABI = @LIBSUBID_ABI@
|
||||||
|
LIBSUBID_ABI_MAJOR = @LIBSUBID_ABI_MAJOR@
|
||||||
|
LIBSUBID_ABI_MICRO = @LIBSUBID_ABI_MICRO@
|
||||||
|
LIBSUBID_ABI_MINOR = @LIBSUBID_ABI_MINOR@
|
||||||
|
LIBTCB = @LIBTCB@
|
||||||
|
LIBTOOL = @LIBTOOL@
|
||||||
|
LIPO = @LIPO@
|
||||||
|
LIYESCRYPT = @LIYESCRYPT@
|
||||||
|
LN_S = @LN_S@
|
||||||
|
LTLIBICONV = @LTLIBICONV@
|
||||||
|
LTLIBINTL = @LTLIBINTL@
|
||||||
|
LTLIBOBJS = @LTLIBOBJS@
|
||||||
|
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
|
||||||
|
MAINT = @MAINT@
|
||||||
|
MAKEINFO = @MAKEINFO@
|
||||||
|
MANIFEST_TOOL = @MANIFEST_TOOL@
|
||||||
|
MKDIR_P = @MKDIR_P@
|
||||||
|
MSGFMT = @MSGFMT@
|
||||||
|
MSGFMT_015 = @MSGFMT_015@
|
||||||
|
MSGMERGE = @MSGMERGE@
|
||||||
|
NM = @NM@
|
||||||
|
NMEDIT = @NMEDIT@
|
||||||
|
OBJDUMP = @OBJDUMP@
|
||||||
|
OBJEXT = @OBJEXT@
|
||||||
|
OTOOL = @OTOOL@
|
||||||
|
OTOOL64 = @OTOOL64@
|
||||||
|
PACKAGE = @PACKAGE@
|
||||||
|
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
|
||||||
|
PACKAGE_NAME = @PACKAGE_NAME@
|
||||||
|
PACKAGE_STRING = @PACKAGE_STRING@
|
||||||
|
PACKAGE_TARNAME = @PACKAGE_TARNAME@
|
||||||
|
PACKAGE_URL = @PACKAGE_URL@
|
||||||
|
PACKAGE_VERSION = @PACKAGE_VERSION@
|
||||||
|
PATH_SEPARATOR = @PATH_SEPARATOR@
|
||||||
|
POSUB = @POSUB@
|
||||||
|
RANLIB = @RANLIB@
|
||||||
|
SED = @SED@
|
||||||
|
SET_MAKE = @SET_MAKE@
|
||||||
|
SHELL = @SHELL@
|
||||||
|
STRIP = @STRIP@
|
||||||
|
USE_NLS = @USE_NLS@
|
||||||
|
VENDORDIR = @VENDORDIR@
|
||||||
|
VERSION = @VERSION@
|
||||||
|
XGETTEXT = @XGETTEXT@
|
||||||
|
XGETTEXT_015 = @XGETTEXT_015@
|
||||||
|
XMLCATALOG = @XMLCATALOG@
|
||||||
|
XML_CATALOG_FILE = @XML_CATALOG_FILE@
|
||||||
|
XSLTPROC = @XSLTPROC@
|
||||||
|
YACC = @YACC@
|
||||||
|
YFLAGS = @YFLAGS@
|
||||||
|
abs_builddir = @abs_builddir@
|
||||||
|
abs_srcdir = @abs_srcdir@
|
||||||
|
abs_top_builddir = @abs_top_builddir@
|
||||||
|
abs_top_srcdir = @abs_top_srcdir@
|
||||||
|
ac_ct_AR = @ac_ct_AR@
|
||||||
|
ac_ct_CC = @ac_ct_CC@
|
||||||
|
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
|
||||||
|
am__include = @am__include@
|
||||||
|
am__leading_dot = @am__leading_dot@
|
||||||
|
am__quote = @am__quote@
|
||||||
|
am__tar = @am__tar@
|
||||||
|
am__untar = @am__untar@
|
||||||
|
bindir = @bindir@
|
||||||
|
build = @build@
|
||||||
|
build_alias = @build_alias@
|
||||||
|
build_cpu = @build_cpu@
|
||||||
|
build_os = @build_os@
|
||||||
|
build_vendor = @build_vendor@
|
||||||
|
builddir = @builddir@
|
||||||
|
capcmd = @capcmd@
|
||||||
|
datadir = @datadir@
|
||||||
|
datarootdir = @datarootdir@
|
||||||
|
docdir = @docdir@
|
||||||
|
dvidir = @dvidir@
|
||||||
|
exec_prefix = @exec_prefix@
|
||||||
|
host = @host@
|
||||||
|
host_alias = @host_alias@
|
||||||
|
host_cpu = @host_cpu@
|
||||||
|
host_os = @host_os@
|
||||||
|
host_vendor = @host_vendor@
|
||||||
|
htmldir = @htmldir@
|
||||||
|
includedir = @includedir@
|
||||||
|
infodir = @infodir@
|
||||||
|
install_sh = @install_sh@
|
||||||
|
libdir = @libdir@
|
||||||
|
libexecdir = @libexecdir@
|
||||||
|
localedir = @localedir@
|
||||||
|
localstatedir = @localstatedir@
|
||||||
|
mandir = @mandir@
|
||||||
|
mkdir_p = @mkdir_p@
|
||||||
|
oldincludedir = @oldincludedir@
|
||||||
|
pdfdir = @pdfdir@
|
||||||
|
prefix = @prefix@
|
||||||
|
program_transform_name = @program_transform_name@
|
||||||
|
psdir = @psdir@
|
||||||
|
runstatedir = @runstatedir@
|
||||||
|
sbindir = @sbindir@
|
||||||
|
sharedstatedir = @sharedstatedir@
|
||||||
|
srcdir = @srcdir@
|
||||||
|
sysconfdir = @sysconfdir@
|
||||||
|
target_alias = @target_alias@
|
||||||
|
top_build_prefix = @top_build_prefix@
|
||||||
|
top_builddir = @top_builddir@
|
||||||
|
top_srcdir = @top_srcdir@
|
||||||
|
EXTRA_DIST = README adduser.c adduser-old.c adduser.sh adduser2.sh \
|
||||||
|
atudel groupmems.shar pwdauth.c shadow-anonftp.patch \
|
||||||
|
udbachk.tgz
|
||||||
|
|
||||||
|
all: all-am
|
||||||
|
|
||||||
|
.SUFFIXES:
|
||||||
|
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
|
||||||
|
@for dep in $?; do \
|
||||||
|
case '$(am__configure_deps)' in \
|
||||||
|
*$$dep*) \
|
||||||
|
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
|
||||||
|
&& { if test -f $@; then exit 0; else break; fi; }; \
|
||||||
|
exit 1;; \
|
||||||
|
esac; \
|
||||||
|
done; \
|
||||||
|
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign contrib/Makefile'; \
|
||||||
|
$(am__cd) $(top_srcdir) && \
|
||||||
|
$(AUTOMAKE) --foreign contrib/Makefile
|
||||||
|
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
|
||||||
|
@case '$?' in \
|
||||||
|
*config.status*) \
|
||||||
|
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
|
||||||
|
*) \
|
||||||
|
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
|
||||||
|
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
|
||||||
|
esac;
|
||||||
|
|
||||||
|
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
|
||||||
|
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||||
|
|
||||||
|
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
|
||||||
|
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||||
|
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
|
||||||
|
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
|
||||||
|
$(am__aclocal_m4_deps):
|
||||||
|
|
||||||
|
mostlyclean-libtool:
|
||||||
|
-rm -f *.lo
|
||||||
|
|
||||||
|
clean-libtool:
|
||||||
|
-rm -rf .libs _libs
|
||||||
|
tags TAGS:
|
||||||
|
|
||||||
|
ctags CTAGS:
|
||||||
|
|
||||||
|
cscope cscopelist:
|
||||||
|
|
||||||
|
|
||||||
|
distdir: $(DISTFILES)
|
||||||
|
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||||
|
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
|
||||||
|
list='$(DISTFILES)'; \
|
||||||
|
dist_files=`for file in $$list; do echo $$file; done | \
|
||||||
|
sed -e "s|^$$srcdirstrip/||;t" \
|
||||||
|
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
|
||||||
|
case $$dist_files in \
|
||||||
|
*/*) $(MKDIR_P) `echo "$$dist_files" | \
|
||||||
|
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
|
||||||
|
sort -u` ;; \
|
||||||
|
esac; \
|
||||||
|
for file in $$dist_files; do \
|
||||||
|
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
|
||||||
|
if test -d $$d/$$file; then \
|
||||||
|
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
|
||||||
|
if test -d "$(distdir)/$$file"; then \
|
||||||
|
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||||
|
fi; \
|
||||||
|
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
|
||||||
|
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
|
||||||
|
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
|
||||||
|
fi; \
|
||||||
|
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
|
||||||
|
else \
|
||||||
|
test -f "$(distdir)/$$file" \
|
||||||
|
|| cp -p $$d/$$file "$(distdir)/$$file" \
|
||||||
|
|| exit 1; \
|
||||||
|
fi; \
|
||||||
|
done
|
||||||
|
check-am: all-am
|
||||||
|
check: check-am
|
||||||
|
all-am: Makefile
|
||||||
|
installdirs:
|
||||||
|
install: install-am
|
||||||
|
install-exec: install-exec-am
|
||||||
|
install-data: install-data-am
|
||||||
|
uninstall: uninstall-am
|
||||||
|
|
||||||
|
install-am: all-am
|
||||||
|
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
||||||
|
|
||||||
|
installcheck: installcheck-am
|
||||||
|
install-strip:
|
||||||
|
if test -z '$(STRIP)'; then \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||||
|
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||||
|
install; \
|
||||||
|
else \
|
||||||
|
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
|
||||||
|
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
|
||||||
|
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
|
||||||
|
fi
|
||||||
|
mostlyclean-generic:
|
||||||
|
|
||||||
|
clean-generic:
|
||||||
|
|
||||||
|
distclean-generic:
|
||||||
|
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
|
||||||
|
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
|
||||||
|
|
||||||
|
maintainer-clean-generic:
|
||||||
|
@echo "This command is intended for maintainers to use"
|
||||||
|
@echo "it deletes files that may require special tools to rebuild."
|
||||||
|
clean: clean-am
|
||||||
|
|
||||||
|
clean-am: clean-generic clean-libtool mostlyclean-am
|
||||||
|
|
||||||
|
distclean: distclean-am
|
||||||
|
-rm -f Makefile
|
||||||
|
distclean-am: clean-am distclean-generic
|
||||||
|
|
||||||
|
dvi: dvi-am
|
||||||
|
|
||||||
|
dvi-am:
|
||||||
|
|
||||||
|
html: html-am
|
||||||
|
|
||||||
|
html-am:
|
||||||
|
|
||||||
|
info: info-am
|
||||||
|
|
||||||
|
info-am:
|
||||||
|
|
||||||
|
install-data-am:
|
||||||
|
|
||||||
|
install-dvi: install-dvi-am
|
||||||
|
|
||||||
|
install-dvi-am:
|
||||||
|
|
||||||
|
install-exec-am:
|
||||||
|
|
||||||
|
install-html: install-html-am
|
||||||
|
|
||||||
|
install-html-am:
|
||||||
|
|
||||||
|
install-info: install-info-am
|
||||||
|
|
||||||
|
install-info-am:
|
||||||
|
|
||||||
|
install-man:
|
||||||
|
|
||||||
|
install-pdf: install-pdf-am
|
||||||
|
|
||||||
|
install-pdf-am:
|
||||||
|
|
||||||
|
install-ps: install-ps-am
|
||||||
|
|
||||||
|
install-ps-am:
|
||||||
|
|
||||||
|
installcheck-am:
|
||||||
|
|
||||||
|
maintainer-clean: maintainer-clean-am
|
||||||
|
-rm -f Makefile
|
||||||
|
maintainer-clean-am: distclean-am maintainer-clean-generic
|
||||||
|
|
||||||
|
mostlyclean: mostlyclean-am
|
||||||
|
|
||||||
|
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
|
||||||
|
|
||||||
|
pdf: pdf-am
|
||||||
|
|
||||||
|
pdf-am:
|
||||||
|
|
||||||
|
ps: ps-am
|
||||||
|
|
||||||
|
ps-am:
|
||||||
|
|
||||||
|
uninstall-am:
|
||||||
|
|
||||||
|
.MAKE: install-am install-strip
|
||||||
|
|
||||||
|
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
|
||||||
|
cscopelist-am ctags-am distclean distclean-generic \
|
||||||
|
distclean-libtool distdir dvi dvi-am html html-am info info-am \
|
||||||
|
install install-am install-data install-data-am install-dvi \
|
||||||
|
install-dvi-am install-exec install-exec-am install-html \
|
||||||
|
install-html-am install-info install-info-am install-man \
|
||||||
|
install-pdf install-pdf-am install-ps install-ps-am \
|
||||||
|
install-strip installcheck installcheck-am installdirs \
|
||||||
|
maintainer-clean maintainer-clean-generic mostlyclean \
|
||||||
|
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
|
||||||
|
tags-am uninstall uninstall-am
|
||||||
|
|
||||||
|
.PRECIOUS: Makefile
|
||||||
|
|
||||||
|
|
||||||
|
# Tell versions [3.59,3.63) of GNU make to not export all variables.
|
||||||
|
# Otherwise a system limit (for SysV at least) may be exceeded.
|
||||||
|
.NOEXPORT:
|
||||||
@@ -20,7 +20,7 @@
|
|||||||
** 1/28/95
|
** 1/28/95
|
||||||
** shadow-adduser 1.3:
|
** shadow-adduser 1.3:
|
||||||
**
|
**
|
||||||
** Basically a bug-fix on my additions in 1.2. Thanx to Terry Stewart
|
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
||||||
** It was such a stupid bug that I would have never seen it myself.
|
** It was such a stupid bug that I would have never seen it myself.
|
||||||
**
|
**
|
||||||
|
|||||||
+1
-1
@@ -34,7 +34,7 @@
|
|||||||
** 1/28/95
|
** 1/28/95
|
||||||
** shadow-adduser 1.3:
|
** shadow-adduser 1.3:
|
||||||
**
|
**
|
||||||
** Basically a bug-fix on my additions in 1.2. Thanx to Terry Stewart
|
** Basically a bug-fix on my additions in 1.2. Thanks to Terry Stewart
|
||||||
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
** (stew@texas.net) for pointing out one of the many idiotic bugs I introduced.
|
||||||
** It was such a stupid bug that I would have never seen it myself.
|
** It was such a stupid bug that I would have never seen it myself.
|
||||||
**
|
**
|
||||||
|
|||||||
+1
-1
@@ -32,7 +32,7 @@ def_home_dir=/home/users
|
|||||||
# default shell
|
# default shell
|
||||||
def_shell=/bin/tcsh
|
def_shell=/bin/tcsh
|
||||||
|
|
||||||
# Defaul expiration date (mm/dd/yy)
|
# Default expiration date (mm/dd/yy)
|
||||||
def_expire=""
|
def_expire=""
|
||||||
|
|
||||||
# default dates
|
# default dates
|
||||||
|
|||||||
@@ -480,7 +480,7 @@ X.B groupmems
|
|||||||
\fB-D\fR |
|
\fB-D\fR |
|
||||||
[\fB-g\fI group_name \fR]
|
[\fB-g\fI group_name \fR]
|
||||||
X.SH DESCRIPTION
|
X.SH DESCRIPTION
|
||||||
The \fBgroupmems\fR utility allows a user to administer his/her own
|
The \fBgroupmems\fR utility allows a user to administer their own
|
||||||
group membership list without the requirement of superuser privileges.
|
group membership list without the requirement of superuser privileges.
|
||||||
The \fBgroupmems\fR utility is for systems that configure its users to
|
The \fBgroupmems\fR utility is for systems that configure its users to
|
||||||
be in their own name sake primary group (i.e., guest / guest).
|
be in their own name sake primary group (i.e., guest / guest).
|
||||||
|
|||||||
@@ -2,7 +2,7 @@ Hello Marek,
|
|||||||
|
|
||||||
I have created a diffile against the 980403 release that adds
|
I have created a diffile against the 980403 release that adds
|
||||||
functionality to newusers for automatic handling of users with only
|
functionality to newusers for automatic handling of users with only
|
||||||
anonomous ftp login (using the guestgroup feature in ftpaccess, which
|
anonymous ftp login (using the guestgroup feature in ftpaccess, which
|
||||||
means that the users home directory looks like '/home/user/./'). It also
|
means that the users home directory looks like '/home/user/./'). It also
|
||||||
adds a commandline argument to specify an initial directory structure
|
adds a commandline argument to specify an initial directory structure
|
||||||
for such users, with a tarball normally containing the bin,lib,etc
|
for such users, with a tarball normally containing the bin,lib,etc
|
||||||
|
|||||||
Vendored
-16
@@ -1,16 +0,0 @@
|
|||||||
PKG=shadow
|
|
||||||
SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
|
|
||||||
|
|
||||||
deb:: check_cheese
|
|
||||||
|
|
||||||
include /usr/share/quilt/quilt.debbuild.mk
|
|
||||||
|
|
||||||
check_cheese:
|
|
||||||
@dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \
|
|
||||||
echo ""; \
|
|
||||||
echo " ** **"; \
|
|
||||||
echo " ** Warning: not a cheesy release! **"; \
|
|
||||||
echo " ** **"; \
|
|
||||||
echo ""; \
|
|
||||||
exit 1; \
|
|
||||||
}
|
|
||||||
Vendored
-36
@@ -1,36 +0,0 @@
|
|||||||
shadow (1:4.0.15-5) unstable; urgency=low
|
|
||||||
|
|
||||||
* commands passed in argument to su must use su's -c option and must quote
|
|
||||||
the command if it contains a space, as in:
|
|
||||||
su - root -c "ls -l /"
|
|
||||||
The following commands won't work anymore:
|
|
||||||
su - root -c ls -l /
|
|
||||||
su - root "ls -l /"
|
|
||||||
su - root ls -l /
|
|
||||||
|
|
||||||
-- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200
|
|
||||||
|
|
||||||
shadow (1:4.0.14-1) unstable; urgency=low
|
|
||||||
|
|
||||||
* passwd does not support the -f, -s, and -g options anymore. You should use
|
|
||||||
the chfn, chsh and gpasswd utilities instead.
|
|
||||||
* login now distributes the nologin utility, which can be used as a shell
|
|
||||||
to politely refuse a login
|
|
||||||
|
|
||||||
-- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100
|
|
||||||
|
|
||||||
shadow (1:4.0.12-1) unstable; urgency=low
|
|
||||||
|
|
||||||
CLOSE_SESSIONS and other variables are not used anymore in
|
|
||||||
/etc/login/defs.
|
|
||||||
As shadow utilities which use this file now warn about unknown
|
|
||||||
entries there, administrators should remove such unknown entries.
|
|
||||||
The supplied login.defs file does not include them anymore.
|
|
||||||
|
|
||||||
dpasswd is no more distributed by upstream. Login do not support
|
|
||||||
dialup password anymore. Re-introducing this functionality in
|
|
||||||
upstream is not trivial.
|
|
||||||
|
|
||||||
|
|
||||||
-- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200
|
|
||||||
|
|
||||||
Vendored
-62
@@ -1,62 +0,0 @@
|
|||||||
Read this file first for a brief overview of the new versions of login
|
|
||||||
and passwd.
|
|
||||||
|
|
||||||
|
|
||||||
---Shadow passwords
|
|
||||||
|
|
||||||
The command `shadowconfig on' will turn on shadow password support.
|
|
||||||
`shadowconfig off' will turn it back off. If you turn on shadow
|
|
||||||
password support, you'll gain the ability to set password ages and
|
|
||||||
expirations with chage(1).
|
|
||||||
|
|
||||||
NOTE: If you use the nscd package, you may have problems with a
|
|
||||||
slight delay in updating the password information. You may notice
|
|
||||||
this during upgrades of certain packages that try to add a system
|
|
||||||
user and then access the users information immediately afterwards.
|
|
||||||
To avoid this, it is suggested that you stop the nscd daemon before
|
|
||||||
upgrades, then restart it again.
|
|
||||||
|
|
||||||
---General configuration
|
|
||||||
|
|
||||||
Most of the configuration for the shadow utilities is in
|
|
||||||
/etc/login.defs. See login.defs(5). The defaults are quite
|
|
||||||
reasonable.
|
|
||||||
|
|
||||||
Also see the /etc/pam.d/* files for each program to configure the PAM
|
|
||||||
support. PAM documentation is available in several formats in the
|
|
||||||
libpam-doc package.
|
|
||||||
|
|
||||||
|
|
||||||
---MD5 Encryption
|
|
||||||
|
|
||||||
This is enabled now using the /etc/pam.d/* files. Examples are given.
|
|
||||||
|
|
||||||
|
|
||||||
---Adding users and groups
|
|
||||||
|
|
||||||
Though you may add users and groups with the SysV type commands,
|
|
||||||
useradd and groupadd, I recommend you add them with Debian adduser
|
|
||||||
version 3+. adduser gives you more configuration and conforms to the
|
|
||||||
Debian UID and GID allocation.
|
|
||||||
|
|
||||||
Editing user and group parameters can be done with usermod and
|
|
||||||
groupmod. Removing users and groups can be done with userdel and
|
|
||||||
groupdel.
|
|
||||||
|
|
||||||
|
|
||||||
--- Group administration
|
|
||||||
|
|
||||||
Local group allocation is much easier. With gpasswd(1) you can
|
|
||||||
designate users to administer groups. They can then securely add or
|
|
||||||
remove users from the group.
|
|
||||||
|
|
||||||
|
|
||||||
--- What to read next?
|
|
||||||
|
|
||||||
Read the manpages, the other files in this directory, and the Shadow
|
|
||||||
Password HOWTO (included in the doc-linux package). A large portion
|
|
||||||
of these files deals with getting shadow installed. You can, of
|
|
||||||
course, ignore those parts.
|
|
||||||
|
|
||||||
Also, the libpam-doc package will go a long way to allowing you to take
|
|
||||||
full advantage of the PAM authentication scheme.
|
|
||||||
Vendored
-17
@@ -1,17 +0,0 @@
|
|||||||
This package uses quilt to patch the upstream source.
|
|
||||||
|
|
||||||
You can find some info on how to generate the patched source, add a new
|
|
||||||
modification, and remove an existing modification on:
|
|
||||||
/usr/share/doc/quilt/README.source
|
|
||||||
|
|
||||||
================================================================================
|
|
||||||
|
|
||||||
To package a new upstream release, you can use the Makefile:
|
|
||||||
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile
|
|
||||||
|
|
||||||
================================================================================
|
|
||||||
|
|
||||||
A testsuite is also available. Instruction on how to run this testsuite
|
|
||||||
are available on:
|
|
||||||
svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README
|
|
||||||
|
|
||||||
Vendored
-19
@@ -1,19 +0,0 @@
|
|||||||
Things that should be done:
|
|
||||||
* Verify the files left in debian/tmp
|
|
||||||
+ e.g. /etc/default/adduser should be installed
|
|
||||||
* Check the build system: rebuilding the package twoce in the same tree
|
|
||||||
doubles the size of the diff.gz file
|
|
||||||
|
|
||||||
Other points (not related to the release of a syncronized shadow):
|
|
||||||
* compare the source with the usages and man pages
|
|
||||||
+ probably add a sentence to chsh/chfn's manpages about authentication
|
|
||||||
required for ordinary users
|
|
||||||
* do something (a tool) for the variables in login.defs
|
|
||||||
In Debian, some tools are not compiled with the PAM support, so upstream
|
|
||||||
getdef.c won't be OK.
|
|
||||||
It should be nice to see in each man page the set of variables used.
|
|
||||||
The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug')
|
|
||||||
with the debugging informations. This may be used to extract the set of
|
|
||||||
variables used in Debian/for each tools.
|
|
||||||
* verify all the patches around (I've found patches for at least RedHat,
|
|
||||||
OWL, LFS, Mandriva, Gentoo; are they already applied?)
|
|
||||||
Vendored
-25
@@ -1,25 +0,0 @@
|
|||||||
This described the usertags used by the team.
|
|
||||||
|
|
||||||
For usertags documentation, see
|
|
||||||
http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html
|
|
||||||
|
|
||||||
All bugs tagged by team members must be tagged with
|
|
||||||
"user pkg-shadow-devel@lists.alioth.debian.org"
|
|
||||||
|
|
||||||
Tags list
|
|
||||||
---------
|
|
||||||
|
|
||||||
toclose: This bug has been announced to be closed in case no more news
|
|
||||||
or information is received from the bug submitter or someone
|
|
||||||
else until the delay specified in the limits_YYYYMMDD tag
|
|
||||||
|
|
||||||
limits-YYYYMMDD: combine it with "toclose". Specifies the date after which
|
|
||||||
bugs can be closed without other action in case no news
|
|
||||||
is received
|
|
||||||
|
|
||||||
manpages-replace A bug reported angainst a manpages-xx package to indicate
|
|
||||||
conflicting man pages. This tag can be used to tune the
|
|
||||||
Replaces fields.
|
|
||||||
|
|
||||||
su-transition: This bug is related to the su transition (#276419)
|
|
||||||
|
|
||||||
Vendored
-3676
File diff suppressed because it is too large
Load Diff
Vendored
-1
@@ -1 +0,0 @@
|
|||||||
6
|
|
||||||
Vendored
-44
@@ -1,44 +0,0 @@
|
|||||||
Source: shadow
|
|
||||||
Section: admin
|
|
||||||
Priority: required
|
|
||||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
|
||||||
Standards-Version: 3.9.5
|
|
||||||
Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
|
|
||||||
Build-Depends: dh-autoreconf, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), bison, libaudit-dev [linux-any]
|
|
||||||
,hardening-wrapper
|
|
||||||
Vcs-Git: git://anonscm.debian.org/git/pkg-shadow/shadow.git
|
|
||||||
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-shadow/shadow.git;a=summary
|
|
||||||
Homepage: http://pkg-shadow.alioth.debian.org/
|
|
||||||
|
|
||||||
Package: passwd
|
|
||||||
Architecture: any
|
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, debianutils (>= 2.15.2)
|
|
||||||
Replaces: manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1)
|
|
||||||
Multi-Arch: foreign
|
|
||||||
Description: change and administer password and group data
|
|
||||||
This package includes passwd, chsh, chfn, and many other programs to
|
|
||||||
maintain password and group data.
|
|
||||||
.
|
|
||||||
Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian
|
|
||||||
|
|
||||||
Package: login
|
|
||||||
Architecture: any
|
|
||||||
Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libpam-modules (>= 1.1.8-1)
|
|
||||||
Conflicts: gnunet (<< 0.7.0c-2), amavisd-new (<<2.3.3-8), python-4suite (<< 0.99cvs20060405-1), backupninja (<< 0.9.3-5), echolot (<< 2.1.8-4)
|
|
||||||
Breaks: coreutils (<< 8.21~) [hurd-any], passwd (<< 1:4.1.5.1-2~) [hurd-any], hurd (<< 20140206~) [hurd-any]
|
|
||||||
Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1), passwd (<< 1:4.1.5.1-2~) [hurd-any], coreutils (<< 8.21~) [hurd-any], hurd (<< 20140206~) [hurd-any]
|
|
||||||
Essential: yes
|
|
||||||
Description: system login tools
|
|
||||||
These tools are required to be able to login and use your system. The
|
|
||||||
login program invokes your user shell and enables command execution. The
|
|
||||||
newgrp program is used to change your effective group ID (useful for
|
|
||||||
workgroup type situations). The su program allows changing your effective
|
|
||||||
user ID (useful being able to execute commands as another user).
|
|
||||||
|
|
||||||
Package: uidmap
|
|
||||||
Priority: optional
|
|
||||||
Depends: ${shlibs:Depends}, ${misc:Depends}
|
|
||||||
Architecture: any
|
|
||||||
Description: programs to help use subuids
|
|
||||||
These programs help unprivileged users to create uid and gid mappings in
|
|
||||||
user namespaces.
|
|
||||||
Vendored
-103
@@ -1,103 +0,0 @@
|
|||||||
This is Debian GNU/Linux's prepackaged version of the shadow utilities.
|
|
||||||
|
|
||||||
It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>.
|
|
||||||
As of May 2007, this site is no longer available.
|
|
||||||
|
|
||||||
Copyright:
|
|
||||||
|
|
||||||
Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh.
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz.
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko.
|
|
||||||
All rights reserved.
|
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without
|
|
||||||
modification, are permitted provided that the following conditions
|
|
||||||
are met:
|
|
||||||
1. Redistributions of source code must retain the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer.
|
|
||||||
2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
notice, this list of conditions and the following disclaimer in the
|
|
||||||
documentation and/or other materials provided with the distribution.
|
|
||||||
3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
||||||
may be used to endorse or promote products derived from this software
|
|
||||||
without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
||||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
||||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
||||||
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
|
||||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
||||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
||||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
||||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
||||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
||||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
||||||
SUCH DAMAGE.
|
|
||||||
|
|
||||||
This source code is currently archived on ftp.uu.net in the
|
|
||||||
comp.sources.misc portion of the USENET archives. You may also contact
|
|
||||||
the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have
|
|
||||||
any questions regarding this package.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
|
|
||||||
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
|
|
||||||
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
|
|
||||||
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
|
|
||||||
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
|
|
||||||
LOSS OF INFORMATION OR MACHINE RESOURCES.
|
|
||||||
|
|
||||||
Special thanks are due to Chip Rosenthal for his fine testing efforts;
|
|
||||||
to Steve Simmons for his work in porting this code to BSD; and to Bill
|
|
||||||
Kennedy for his contributions of LaserJet printer time and energies.
|
|
||||||
Also, thanks for Dennis L. Mumaugh for the initial shadow password
|
|
||||||
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
|
|
||||||
V Release 4 changes. Effort in porting to SunOS has been contributed
|
|
||||||
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
|
|
||||||
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
|
|
||||||
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
|
|
||||||
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
|
|
||||||
for taking over the Linux port of this software.
|
|
||||||
|
|
||||||
Source files: login_access.c, login_desrpc.c, login_krb.c are derived
|
|
||||||
from the logdaemon-5.0 package, which is under the following license:
|
|
||||||
|
|
||||||
/************************************************************************
|
|
||||||
* Copyright 1995 by Wietse Venema. All rights reserved. Individual files
|
|
||||||
* may be covered by other copyrights (as noted in the file itself.)
|
|
||||||
*
|
|
||||||
* This material was originally written and compiled by Wietse Venema at
|
|
||||||
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
|
|
||||||
* 1992, 1993, 1994 and 1995.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms are permitted
|
|
||||||
* provided that this entire copyright notice is duplicated in all such
|
|
||||||
* copies.
|
|
||||||
*
|
|
||||||
* This software is provided "as is" and without any expressed or implied
|
|
||||||
* warranties, including, without limitation, the implied warranties of
|
|
||||||
* merchantibility and fitness for any particular purpose.
|
|
||||||
************************************************************************/
|
|
||||||
|
|
||||||
Some parts substantially in src/su.c derived from an ancestor of
|
|
||||||
su for GNU. Run a shell with substitute user and group IDs.
|
|
||||||
Copyright (C) 1992-2003 Free Software Foundation, Inc.
|
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
|
||||||
it under the terms of the GNU General Public License as published by
|
|
||||||
the Free Software Foundation; either version 2, or (at your option)
|
|
||||||
any later version.
|
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
GNU General Public License for more details.
|
|
||||||
|
|
||||||
On Debian GNU/Linux systems, the complete text of the GNU General Public
|
|
||||||
License can be found in '/usr/share/common-licenses/GPL-2'
|
|
||||||
Vendored
-1
@@ -1 +0,0 @@
|
|||||||
.so man8/cppw.8
|
|
||||||
Vendored
-27
@@ -1,27 +0,0 @@
|
|||||||
.TH CPPW 8 "7 Apr 2005"
|
|
||||||
.SH NAME
|
|
||||||
cppw, cpgr \- copy with locking the given file to the password or group file
|
|
||||||
.SH SYNOPSIS
|
|
||||||
\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file
|
|
||||||
.br
|
|
||||||
\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file
|
|
||||||
|
|
||||||
.SH DESCRIPTION
|
|
||||||
.BR cppw " and " cpgr
|
|
||||||
will copy, with locking, the given file to
|
|
||||||
.IR /etc/passwd " and " /etc/group ", respectively."
|
|
||||||
With the \fB\-s\fR flag, they will copy the shadow versions of those files,
|
|
||||||
.IR /etc/shadow " and " /etc/gshadow ", respectively."
|
|
||||||
|
|
||||||
With the \fB\-h\fR flag, the commands display a short help message and exit
|
|
||||||
silently.
|
|
||||||
.SH "SEE ALSO"
|
|
||||||
.BR vipw (8),
|
|
||||||
.BR vigr (8),
|
|
||||||
.BR group (5),
|
|
||||||
.BR passwd (5),
|
|
||||||
.BR shadow (5),
|
|
||||||
.BR gshadow (5)
|
|
||||||
.SH AUTHOR
|
|
||||||
\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on
|
|
||||||
\fBvipw\fR and \fBvigr\fR written by Guy Maor.
|
|
||||||
Vendored
-94
@@ -1,94 +0,0 @@
|
|||||||
Build-Depends:
|
|
||||||
==============
|
|
||||||
* autoconf
|
|
||||||
* automake1.9
|
|
||||||
works with 1.7 or 1.9 (at least)
|
|
||||||
* libtool
|
|
||||||
* gettext
|
|
||||||
POT, PO, GMO regenerated?
|
|
||||||
* libpam0g-dev
|
|
||||||
OK
|
|
||||||
* debhelper (>= 4.1.16)
|
|
||||||
* po-debconf
|
|
||||||
OK
|
|
||||||
* quilt
|
|
||||||
patch system
|
|
||||||
* dpkg-dev (>= 1.13.5)
|
|
||||||
* xsltproc
|
|
||||||
used to generate the manpages
|
|
||||||
* docbook-xsl
|
|
||||||
needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
|
|
||||||
* docbook-xml
|
|
||||||
manpages/docbook.xsl includes html/docbook.xsl
|
|
||||||
(But it is not strictly needed. The generated manpages are identical.
|
|
||||||
Without it, a warning is generated.)
|
|
||||||
Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no)
|
|
||||||
* libxml2-utils
|
|
||||||
needed by the JH_CHECK_XML_CATALOG macros
|
|
||||||
* cdbs
|
|
||||||
used in debian/rules
|
|
||||||
* libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64]
|
|
||||||
* gnome-doc-utils (>= 0.4.3-1)
|
|
||||||
xml2po, 0.4.3-1 needed for the -l switch.
|
|
||||||
|
|
||||||
passwd Depends:
|
|
||||||
===============
|
|
||||||
* ${shlibs:Depends}
|
|
||||||
OK
|
|
||||||
* ${loginpam}
|
|
||||||
- hurd
|
|
||||||
login
|
|
||||||
libpam-modules (>= 0.72-5)
|
|
||||||
- other archs
|
|
||||||
+ login (>= 970502-1)
|
|
||||||
login is needed because some passwd utils need /etc/login.defs
|
|
||||||
login is Essential, so this is just to enforce the version
|
|
||||||
+ libpam-modules (>= 0.72-5)
|
|
||||||
* debianutils (>= 2.15.2)
|
|
||||||
After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15)
|
|
||||||
/etc/shell was forgotten and introduced in debianutils in 2.15.2
|
|
||||||
|
|
||||||
passwd Conflicts:
|
|
||||||
=================
|
|
||||||
|
|
||||||
passwd Replaces:
|
|
||||||
================
|
|
||||||
Some of the passwd man pages are also distributed in some manpages* packages.
|
|
||||||
Look at the debian/02/run test to optimize these dependencies.
|
|
||||||
NOTE: Not all maintainers have been notified.
|
|
||||||
* manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3)
|
|
||||||
All those packages have been updated during sarge->etch. So these Replaces
|
|
||||||
should be removed after lenny release
|
|
||||||
* manpages-tr, manpages-zh
|
|
||||||
Those packages are still in etch, so the Replaces should be kept even
|
|
||||||
after lenny release
|
|
||||||
|
|
||||||
login Pre-Depends:
|
|
||||||
==================
|
|
||||||
* ${shlibs:Depends}
|
|
||||||
* libpam-runtime (>= 0.76-14)
|
|
||||||
sarge contained 0.76-22
|
|
||||||
|
|
||||||
Why Pre-Depends? (because it's an essential package?)
|
|
||||||
|
|
||||||
login Depends:
|
|
||||||
==============
|
|
||||||
* libpam-modules (>= 0.72-5)
|
|
||||||
libpam-modules is needed.
|
|
||||||
potato contained 0.72-9
|
|
||||||
|
|
||||||
login Conflicts:
|
|
||||||
================
|
|
||||||
|
|
||||||
login Replaces:
|
|
||||||
===============
|
|
||||||
* Some of the login man pages are also distributed in some manpages* packages.
|
|
||||||
Look at the debian/02/run test to optimize these dependencies.
|
|
||||||
NOTE: Not all maintainers have been notified.
|
|
||||||
- manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15)
|
|
||||||
Those are packages that have been updated during sarge->etch. These
|
|
||||||
Replaces should be removed after lenny
|
|
||||||
- manpages-tr, manpages-zh
|
|
||||||
Those packages are still in etch, so the Replaces should be kept even
|
|
||||||
after lenny release
|
|
||||||
|
|
||||||
Vendored
-340
@@ -1,340 +0,0 @@
|
|||||||
#
|
|
||||||
# /etc/login.defs - Configuration control definitions for the login package.
|
|
||||||
#
|
|
||||||
# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
|
|
||||||
# If unspecified, some arbitrary (and possibly incorrect) value will
|
|
||||||
# be assumed. All other items are optional - if not specified then
|
|
||||||
# the described action or option will be inhibited.
|
|
||||||
#
|
|
||||||
# Comment lines (lines beginning with "#") and blank lines are ignored.
|
|
||||||
#
|
|
||||||
# Modified for Linux. --marekm
|
|
||||||
|
|
||||||
# REQUIRED for useradd/userdel/usermod
|
|
||||||
# Directory where mailboxes reside, _or_ name of file, relative to the
|
|
||||||
# home directory. If you _do_ define MAIL_DIR and MAIL_FILE,
|
|
||||||
# MAIL_DIR takes precedence.
|
|
||||||
#
|
|
||||||
# Essentially:
|
|
||||||
# - MAIL_DIR defines the location of users mail spool files
|
|
||||||
# (for mbox use) by appending the username to MAIL_DIR as defined
|
|
||||||
# below.
|
|
||||||
# - MAIL_FILE defines the location of the users mail spool files as the
|
|
||||||
# fully-qualified filename obtained by prepending the user home
|
|
||||||
# directory before $MAIL_FILE
|
|
||||||
#
|
|
||||||
# NOTE: This is no more used for setting up users MAIL environment variable
|
|
||||||
# which is, starting from shadow 4.0.12-1 in Debian, entirely the
|
|
||||||
# job of the pam_mail PAM modules
|
|
||||||
# See default PAM configuration files provided for
|
|
||||||
# login, su, etc.
|
|
||||||
#
|
|
||||||
# This is a temporary situation: setting these variables will soon
|
|
||||||
# move to /etc/default/useradd and the variables will then be
|
|
||||||
# no more supported
|
|
||||||
MAIL_DIR /var/mail
|
|
||||||
#MAIL_FILE .mail
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable logging and display of /var/log/faillog login failure info.
|
|
||||||
# This option conflicts with the pam_tally PAM module.
|
|
||||||
#
|
|
||||||
FAILLOG_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable display of unknown usernames when login failures are recorded.
|
|
||||||
#
|
|
||||||
# WARNING: Unknown usernames may become world readable.
|
|
||||||
# See #290803 and #298773 for details about how this could become a security
|
|
||||||
# concern
|
|
||||||
LOG_UNKFAIL_ENAB no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable logging of successful logins
|
|
||||||
#
|
|
||||||
LOG_OK_LOGINS no
|
|
||||||
|
|
||||||
#
|
|
||||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
|
||||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
|
||||||
#
|
|
||||||
SYSLOG_SU_ENAB yes
|
|
||||||
SYSLOG_SG_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, all su activity is logged to this file.
|
|
||||||
#
|
|
||||||
#SULOG_FILE /var/log/sulog
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, file which maps tty line to TERM environment parameter.
|
|
||||||
# Each line of the file is in a format something like "vt100 tty01".
|
|
||||||
#
|
|
||||||
#TTYTYPE_FILE /etc/ttytype
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, login failures will be logged here in a utmp format
|
|
||||||
# last, when invoked as lastb, will read /var/log/btmp, so...
|
|
||||||
#
|
|
||||||
FTMP_FILE /var/log/btmp
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, the command name to display when running "su -". For
|
|
||||||
# example, if this is defined as "su" then a "ps" will display the
|
|
||||||
# command is "-su". If not defined, then "ps" would display the
|
|
||||||
# name of the shell actually being run, e.g. something like "-sh".
|
|
||||||
#
|
|
||||||
SU_NAME su
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, file which inhibits all the usual chatter during the login
|
|
||||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
|
||||||
# user's name or shell are found in the file. If not a full pathname, then
|
|
||||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
|
||||||
#
|
|
||||||
HUSHLOGIN_FILE .hushlogin
|
|
||||||
#HUSHLOGIN_FILE /etc/hushlogins
|
|
||||||
|
|
||||||
#
|
|
||||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
|
||||||
#
|
|
||||||
# (they are minimal, add the rest in the shell startup files)
|
|
||||||
ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
||||||
ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
|
|
||||||
|
|
||||||
#
|
|
||||||
# Terminal permissions
|
|
||||||
#
|
|
||||||
# TTYGROUP Login tty will be assigned this group ownership.
|
|
||||||
# TTYPERM Login tty will be set to this permission.
|
|
||||||
#
|
|
||||||
# If you have a "write" program which is "setgid" to a special group
|
|
||||||
# which owns the terminals, define TTYGROUP to the group number and
|
|
||||||
# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
|
|
||||||
# TTYPERM to either 622 or 600.
|
|
||||||
#
|
|
||||||
# In Debian /usr/bin/bsd-write or similar programs are setgid tty
|
|
||||||
# However, the default and recommended value for TTYPERM is still 0600
|
|
||||||
# to not allow anyone to write to anyone else console or terminal
|
|
||||||
|
|
||||||
# Users can still allow other people to write them by issuing
|
|
||||||
# the "mesg y" command.
|
|
||||||
|
|
||||||
TTYGROUP tty
|
|
||||||
TTYPERM 0600
|
|
||||||
|
|
||||||
#
|
|
||||||
# Login configuration initializations:
|
|
||||||
#
|
|
||||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
|
||||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
|
||||||
# UMASK Default "umask" value.
|
|
||||||
#
|
|
||||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
|
||||||
#
|
|
||||||
# UMASK is the default umask value for pam_umask and is used by
|
|
||||||
# useradd and newusers to set the mode of the new home directories.
|
|
||||||
# 022 is the "historical" value in Debian for UMASK
|
|
||||||
# 027, or even 077, could be considered better for privacy
|
|
||||||
# There is no One True Answer here : each sysadmin must make up his/her
|
|
||||||
# mind.
|
|
||||||
#
|
|
||||||
# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
|
|
||||||
# for private user groups, i. e. the uid is the same as gid, and username is
|
|
||||||
# the same as the primary group name: for these, the user permissions will be
|
|
||||||
# used as group permissions, e. g. 022 will become 002.
|
|
||||||
#
|
|
||||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
|
||||||
#
|
|
||||||
ERASECHAR 0177
|
|
||||||
KILLCHAR 025
|
|
||||||
UMASK 022
|
|
||||||
|
|
||||||
#
|
|
||||||
# Password aging controls:
|
|
||||||
#
|
|
||||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
|
||||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
|
||||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
|
||||||
#
|
|
||||||
PASS_MAX_DAYS 99999
|
|
||||||
PASS_MIN_DAYS 0
|
|
||||||
PASS_WARN_AGE 7
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic uid selection in useradd
|
|
||||||
#
|
|
||||||
UID_MIN 1000
|
|
||||||
UID_MAX 60000
|
|
||||||
# System accounts
|
|
||||||
#SYS_UID_MIN 100
|
|
||||||
#SYS_UID_MAX 999
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic gid selection in groupadd
|
|
||||||
#
|
|
||||||
GID_MIN 1000
|
|
||||||
GID_MAX 60000
|
|
||||||
# System accounts
|
|
||||||
#SYS_GID_MIN 100
|
|
||||||
#SYS_GID_MAX 999
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max number of login retries if password is bad. This will most likely be
|
|
||||||
# overriden by PAM, since the default pam_unix module has it's own built
|
|
||||||
# in of 3 retries. However, this is a safe fallback in case you are using
|
|
||||||
# an authentication module that does not enforce PAM_MAXTRIES.
|
|
||||||
#
|
|
||||||
LOGIN_RETRIES 5
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max time in seconds for login
|
|
||||||
#
|
|
||||||
LOGIN_TIMEOUT 60
|
|
||||||
|
|
||||||
#
|
|
||||||
# Which fields may be changed by regular users using chfn - use
|
|
||||||
# any combination of letters "frwh" (full name, room number, work
|
|
||||||
# phone, home phone). If not defined, no changes are allowed.
|
|
||||||
# For backward compatibility, "yes" = "rwh" and "no" = "frwh".
|
|
||||||
#
|
|
||||||
CHFN_RESTRICT rwh
|
|
||||||
|
|
||||||
#
|
|
||||||
# Should login be allowed if we can't cd to the home directory?
|
|
||||||
# Default in no.
|
|
||||||
#
|
|
||||||
DEFAULT_HOME yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, this command is run when removing a user.
|
|
||||||
# It should remove any at/cron/print jobs etc. owned by
|
|
||||||
# the user to be removed (passed as the first argument).
|
|
||||||
#
|
|
||||||
#USERDEL_CMD /usr/sbin/userdel_local
|
|
||||||
|
|
||||||
#
|
|
||||||
# If set to yes, userdel will remove the user´s group if it contains no
|
|
||||||
# more members, and useradd will create by default a group with the name
|
|
||||||
# of the user.
|
|
||||||
#
|
|
||||||
# Other former uses of this variable such as setting the umask when
|
|
||||||
# user==primary group are not used in PAM environments, such as Debian
|
|
||||||
#
|
|
||||||
USERGROUPS_ENAB yes
|
|
||||||
|
|
||||||
#
|
|
||||||
# Instead of the real user shell, the program specified by this parameter
|
|
||||||
# will be launched, although its visible name (argv[0]) will be the shell's.
|
|
||||||
# The program may do whatever it wants (logging, additional authentification,
|
|
||||||
# banner, ...) before running the actual shell.
|
|
||||||
#
|
|
||||||
# FAKE_SHELL /bin/fakeshell
|
|
||||||
|
|
||||||
#
|
|
||||||
# If defined, either full pathname of a file containing device names or
|
|
||||||
# a ":" delimited list of device names. Root logins will be allowed only
|
|
||||||
# upon these devices.
|
|
||||||
#
|
|
||||||
# This variable is used by login and su.
|
|
||||||
#
|
|
||||||
#CONSOLE /etc/consoles
|
|
||||||
#CONSOLE console:tty01:tty02:tty03:tty04
|
|
||||||
|
|
||||||
#
|
|
||||||
# List of groups to add to the user's supplementary group set
|
|
||||||
# when logging in on the console (as determined by the CONSOLE
|
|
||||||
# setting). Default is none.
|
|
||||||
#
|
|
||||||
# Use with caution - it is possible for users to gain permanent
|
|
||||||
# access to these groups, even when not logged in on the console.
|
|
||||||
# How to do it is left as an exercise for the reader...
|
|
||||||
#
|
|
||||||
# This variable is used by login and su.
|
|
||||||
#
|
|
||||||
#CONSOLE_GROUPS floppy:audio:cdrom
|
|
||||||
|
|
||||||
#
|
|
||||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
|
||||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
|
||||||
# It supports passwords of unlimited length and longer salt strings.
|
|
||||||
# Set to "no" if you need to copy encrypted passwords to other systems
|
|
||||||
# which don't understand the new algorithm. Default is "no".
|
|
||||||
#
|
|
||||||
# This variable is deprecated. You should use ENCRYPT_METHOD.
|
|
||||||
#
|
|
||||||
#MD5_CRYPT_ENAB no
|
|
||||||
|
|
||||||
#
|
|
||||||
# If set to MD5 , MD5-based algorithm will be used for encrypting password
|
|
||||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
|
||||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
|
||||||
# If set to DES, DES-based algorithm will be used for encrypting password (default)
|
|
||||||
# Overrides the MD5_CRYPT_ENAB option
|
|
||||||
#
|
|
||||||
# Note: It is recommended to use a value consistent with
|
|
||||||
# the PAM modules configuration.
|
|
||||||
#
|
|
||||||
ENCRYPT_METHOD SHA512
|
|
||||||
|
|
||||||
#
|
|
||||||
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
|
||||||
#
|
|
||||||
# Define the number of SHA rounds.
|
|
||||||
# With a lot of rounds, it is more difficult to brute forcing the password.
|
|
||||||
# But note also that it more CPU resources will be needed to authenticate
|
|
||||||
# users.
|
|
||||||
#
|
|
||||||
# If not specified, the libc will choose the default number of rounds (5000).
|
|
||||||
# The values must be inside the 1000-999999999 range.
|
|
||||||
# If only one of the MIN or MAX values is set, then this value will be used.
|
|
||||||
# If MIN > MAX, the highest value will be used.
|
|
||||||
#
|
|
||||||
# SHA_CRYPT_MIN_ROUNDS 5000
|
|
||||||
# SHA_CRYPT_MAX_ROUNDS 5000
|
|
||||||
|
|
||||||
################# OBSOLETED BY PAM ##############
|
|
||||||
# #
|
|
||||||
# These options are now handled by PAM. Please #
|
|
||||||
# edit the appropriate file in /etc/pam.d/ to #
|
|
||||||
# enable the equivelants of them.
|
|
||||||
#
|
|
||||||
###############
|
|
||||||
|
|
||||||
#MOTD_FILE
|
|
||||||
#DIALUPS_CHECK_ENAB
|
|
||||||
#LASTLOG_ENAB
|
|
||||||
#MAIL_CHECK_ENAB
|
|
||||||
#OBSCURE_CHECKS_ENAB
|
|
||||||
#PORTTIME_CHECKS_ENAB
|
|
||||||
#SU_WHEEL_ONLY
|
|
||||||
#CRACKLIB_DICTPATH
|
|
||||||
#PASS_CHANGE_TRIES
|
|
||||||
#PASS_ALWAYS_WARN
|
|
||||||
#ENVIRON_FILE
|
|
||||||
#NOLOGINS_FILE
|
|
||||||
#ISSUE_FILE
|
|
||||||
#PASS_MIN_LEN
|
|
||||||
#PASS_MAX_LEN
|
|
||||||
#ULIMIT
|
|
||||||
#ENV_HZ
|
|
||||||
#CHFN_AUTH
|
|
||||||
#CHSH_AUTH
|
|
||||||
#FAIL_DELAY
|
|
||||||
|
|
||||||
################# OBSOLETED #######################
|
|
||||||
# #
|
|
||||||
# These options are no more handled by shadow. #
|
|
||||||
# #
|
|
||||||
# Shadow utilities will display a warning if they #
|
|
||||||
# still appear. #
|
|
||||||
# #
|
|
||||||
###################################################
|
|
||||||
|
|
||||||
# CLOSE_SESSIONS
|
|
||||||
# LOGIN_STRING
|
|
||||||
# NO_PASSWORD_CONSOLE
|
|
||||||
# QMAIL_DIR
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-1
@@ -1 +0,0 @@
|
|||||||
usr/share/lintian/overrides
|
|
||||||
Vendored
-25
@@ -1,25 +0,0 @@
|
|||||||
usr/share/locale/*/LC_MESSAGES/shadow.mo
|
|
||||||
usr/share/man/*/man1/login.1
|
|
||||||
usr/share/man/*/man1/newgrp.1
|
|
||||||
usr/share/man/*/man1/sg.1
|
|
||||||
usr/share/man/*/man1/su.1
|
|
||||||
usr/share/man/*/man5/faillog.5
|
|
||||||
usr/share/man/*/man5/login.defs.5
|
|
||||||
usr/share/man/*/man8/faillog.8
|
|
||||||
usr/share/man/*/man8/lastlog.8
|
|
||||||
usr/share/man/*/man8/nologin.8
|
|
||||||
usr/share/man/man1/login.1
|
|
||||||
usr/share/man/man1/newgrp.1
|
|
||||||
usr/share/man/man1/sg.1
|
|
||||||
usr/share/man/man1/su.1
|
|
||||||
usr/share/man/man5/faillog.5
|
|
||||||
usr/share/man/man5/login.defs.5
|
|
||||||
usr/share/man/man8/faillog.8
|
|
||||||
usr/share/man/man8/lastlog.8
|
|
||||||
usr/share/man/man8/nologin.8
|
|
||||||
usr/sbin/nologin
|
|
||||||
usr/bin/faillog
|
|
||||||
usr/bin/lastlog
|
|
||||||
usr/bin/newgrp
|
|
||||||
bin/login
|
|
||||||
bin/su
|
|
||||||
Vendored
-1
@@ -1 +0,0 @@
|
|||||||
usr/bin/newgrp usr/bin/sg
|
|
||||||
Vendored
-3
@@ -1,3 +0,0 @@
|
|||||||
login: setuid-binary usr/bin/newgrp 4755 root/root
|
|
||||||
login: setuid-binary bin/su 4755 root/root
|
|
||||||
login: possible-missing-colon-in-closes l667:closes bug 336321
|
|
||||||
Vendored
-111
@@ -1,111 +0,0 @@
|
|||||||
#
|
|
||||||
# The PAM configuration file for the Shadow `login' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# Enforce a minimal delay in case of failure (in microseconds).
|
|
||||||
# (Replaces the `FAIL_DELAY' setting from login.defs)
|
|
||||||
# Note that other modules may require another minimal delay. (for example,
|
|
||||||
# to disable any delay, you should add the nodelay option to pam_unix)
|
|
||||||
auth optional pam_faildelay.so delay=3000000
|
|
||||||
|
|
||||||
# Outputs an issue file prior to each login prompt (Replaces the
|
|
||||||
# ISSUE_FILE option from login.defs). Uncomment for use
|
|
||||||
# auth required pam_issue.so issue=/etc/issue
|
|
||||||
|
|
||||||
# Disallows root logins except on tty's listed in /etc/securetty
|
|
||||||
# (Replaces the `CONSOLE' setting from login.defs)
|
|
||||||
#
|
|
||||||
# With the default control of this module:
|
|
||||||
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
|
|
||||||
# root will not be prompted for a password on insecure lines.
|
|
||||||
# if an invalid username is entered, a password is prompted (but login
|
|
||||||
# will eventually be rejected)
|
|
||||||
#
|
|
||||||
# You can change it to a "requisite" module if you think root may mis-type
|
|
||||||
# her login and should not be prompted for a password in that case. But
|
|
||||||
# this will leave the system as vulnerable to user enumeration attacks.
|
|
||||||
#
|
|
||||||
# You can change it to a "required" module if you think it permits to
|
|
||||||
# guess valid user names of your system (invalid user names are considered
|
|
||||||
# as possibly being root on insecure lines), but root passwords may be
|
|
||||||
# communicated over insecure lines.
|
|
||||||
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
|
|
||||||
|
|
||||||
# Disallows other than root logins when /etc/nologin exists
|
|
||||||
# (Replaces the `NOLOGINS_FILE' option from login.defs)
|
|
||||||
auth requisite pam_nologin.so
|
|
||||||
|
|
||||||
# SELinux needs to be the first session rule. This ensures that any
|
|
||||||
# lingering context has been cleared. Without out this it is possible
|
|
||||||
# that a module could execute code in the wrong domain.
|
|
||||||
# When the module is present, "required" would be sufficient (When SELinux
|
|
||||||
# is disabled, this returns success.)
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
|
|
||||||
|
|
||||||
# This module parses environment configuration file(s)
|
|
||||||
# and also allows you to use an extended config
|
|
||||||
# file /etc/security/pam_env.conf.
|
|
||||||
#
|
|
||||||
# parsing /etc/environment needs "readenv=1"
|
|
||||||
session required pam_env.so readenv=1
|
|
||||||
# locale variables are also kept into /etc/default/locale in etch
|
|
||||||
# reading this file *in addition to /etc/environment* does not hurt
|
|
||||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
|
||||||
|
|
||||||
# Standard Un*x authentication.
|
|
||||||
@include common-auth
|
|
||||||
|
|
||||||
# This allows certain extra groups to be granted to a user
|
|
||||||
# based on things like time of day, tty, service, and user.
|
|
||||||
# Please edit /etc/security/group.conf to fit your needs
|
|
||||||
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
|
|
||||||
auth optional pam_group.so
|
|
||||||
|
|
||||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
|
||||||
# time restrainst on logins.
|
|
||||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
|
||||||
# as well as /etc/porttime)
|
|
||||||
# account requisite pam_time.so
|
|
||||||
|
|
||||||
# Uncomment and edit /etc/security/access.conf if you need to
|
|
||||||
# set access limits.
|
|
||||||
# (Replaces /etc/login.access file)
|
|
||||||
# account required pam_access.so
|
|
||||||
|
|
||||||
# Sets up user limits according to /etc/security/limits.conf
|
|
||||||
# (Replaces the use of /etc/limits in old login)
|
|
||||||
session required pam_limits.so
|
|
||||||
|
|
||||||
# Prints the last login info upon succesful login
|
|
||||||
# (Replaces the `LASTLOG_ENAB' option from login.defs)
|
|
||||||
session optional pam_lastlog.so
|
|
||||||
|
|
||||||
# Prints the message of the day upon succesful login.
|
|
||||||
# (Replaces the `MOTD_FILE' option in login.defs)
|
|
||||||
session optional pam_exec.so type=open_session stdout /bin/uname -snrvm
|
|
||||||
session optional pam_motd.so
|
|
||||||
|
|
||||||
# Prints the status of the user's mailbox upon succesful login
|
|
||||||
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
|
|
||||||
#
|
|
||||||
# This also defines the MAIL environment variable
|
|
||||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
|
||||||
# in /etc/login.defs to make sure that removing a user
|
|
||||||
# also removes the user's mail spool file.
|
|
||||||
# See comments in /etc/login.defs
|
|
||||||
session optional pam_mail.so standard
|
|
||||||
|
|
||||||
# Sets the loginuid process attribute
|
|
||||||
session required pam_loginuid.so
|
|
||||||
|
|
||||||
# Standard Un*x account and session
|
|
||||||
@include common-account
|
|
||||||
@include common-session
|
|
||||||
@include common-password
|
|
||||||
|
|
||||||
# SELinux needs to intervene at login time to ensure that the process
|
|
||||||
# starts in the proper default security context. Only sessions which are
|
|
||||||
# intended to run in the user's context should be run after this.
|
|
||||||
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
|
|
||||||
# When the module is present, "required" would be sufficient (When SELinux
|
|
||||||
# is disabled, this returns success.)
|
|
||||||
Vendored
-44
@@ -1,44 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if test "$1" = configure
|
|
||||||
then
|
|
||||||
if test -f /etc/init.d/logoutd
|
|
||||||
then
|
|
||||||
if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd"
|
|
||||||
then
|
|
||||||
echo "removing logoutd cruft"
|
|
||||||
rm /etc/init.d/logoutd
|
|
||||||
update-rc.d logoutd remove
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null
|
|
||||||
|
|
||||||
if [ "$1" = "configure" ] && [ "$2" = "" ]
|
|
||||||
then
|
|
||||||
# Install faillog during initial installs only
|
|
||||||
if [ ! -f /var/log/faillog ] ; then
|
|
||||||
touch /var/log/faillog
|
|
||||||
chown root:root /var/log/faillog
|
|
||||||
chmod 644 /var/log/faillog
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create subuid/subgid if missing
|
|
||||||
if [ ! -e /etc/subuid ]; then
|
|
||||||
touch /etc/subuid
|
|
||||||
chown root:root /etc/subuid
|
|
||||||
chmod 644 /etc/subuid
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ ! -e /etc/subgid ]; then
|
|
||||||
touch /etc/subgid
|
|
||||||
chown root:root /etc/subgid
|
|
||||||
chmod 644 /etc/subgid
|
|
||||||
fi
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
Vendored
-52
@@ -1,52 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
#
|
|
||||||
# see: dh_installdeb(1)
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# summary of how this script can be called:
|
|
||||||
# * <new-preinst> `install'
|
|
||||||
# * <new-preinst> `install' <old-version>
|
|
||||||
# * <new-preinst> `upgrade' <old-version>
|
|
||||||
# * <old-preinst> `abort-upgrade' <new-version>
|
|
||||||
#
|
|
||||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
||||||
# the debian-policy package
|
|
||||||
|
|
||||||
remove_md5() {
|
|
||||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
|
||||||
cp $1 $1.pre-upgrade
|
|
||||||
sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
|
||||||
&& mv $1.post-upgrade $1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
install|upgrade)
|
|
||||||
if [ "x$2" != "x" ] ; then
|
|
||||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
|
||||||
remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
;;
|
|
||||||
|
|
||||||
abort-upgrade)
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "preinst called with unknown argument \`$1'" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# dh_installdeb will replace this with shell code automatically
|
|
||||||
# generated by other debhelper scripts.
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-61
@@ -1,61 +0,0 @@
|
|||||||
#
|
|
||||||
# The PAM configuration file for the Shadow `su' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to su without passwords (normal operation)
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# Uncomment this to force users to be a member of group root
|
|
||||||
# before they can use `su'. You can also add "group=foo"
|
|
||||||
# to the end of this line if you want to use a group other
|
|
||||||
# than the default "root" (but this may have side effect of
|
|
||||||
# denying "root" user, unless she's a member of "foo" or explicitly
|
|
||||||
# permitted earlier by e.g. "sufficient pam_rootok.so").
|
|
||||||
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
|
|
||||||
# auth required pam_wheel.so
|
|
||||||
|
|
||||||
# Uncomment this if you want wheel members to be able to
|
|
||||||
# su without a password.
|
|
||||||
# auth sufficient pam_wheel.so trust
|
|
||||||
|
|
||||||
# Uncomment this if you want members of a specific group to not
|
|
||||||
# be allowed to use su at all.
|
|
||||||
# auth required pam_wheel.so deny group=nosu
|
|
||||||
|
|
||||||
# Uncomment and edit /etc/security/time.conf if you need to set
|
|
||||||
# time restrainst on su usage.
|
|
||||||
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
|
|
||||||
# as well as /etc/porttime)
|
|
||||||
# account requisite pam_time.so
|
|
||||||
|
|
||||||
# This module parses environment configuration file(s)
|
|
||||||
# and also allows you to use an extended config
|
|
||||||
# file /etc/security/pam_env.conf.
|
|
||||||
#
|
|
||||||
# parsing /etc/environment needs "readenv=1"
|
|
||||||
session required pam_env.so readenv=1
|
|
||||||
# locale variables are also kept into /etc/default/locale in etch
|
|
||||||
# reading this file *in addition to /etc/environment* does not hurt
|
|
||||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
|
||||||
|
|
||||||
# Defines the MAIL environment variable
|
|
||||||
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
|
|
||||||
# in /etc/login.defs to make sure that removing a user
|
|
||||||
# also removes the user's mail spool file.
|
|
||||||
# See comments in /etc/login.defs
|
|
||||||
#
|
|
||||||
# "nopen" stands to avoid reporting new mail when su'ing to another user
|
|
||||||
session optional pam_mail.so nopen
|
|
||||||
|
|
||||||
# Sets up user limits according to /etc/security/limits.conf
|
|
||||||
# (Replaces the use of /etc/limits in old login)
|
|
||||||
session required pam_limits.so
|
|
||||||
|
|
||||||
# The standard Unix authentication modules, used with
|
|
||||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
|
||||||
# /etc/shadow entries.
|
|
||||||
@include common-auth
|
|
||||||
@include common-account
|
|
||||||
@include common-session
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'chage' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to change password aging being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-16
@@ -1,16 +0,0 @@
|
|||||||
#
|
|
||||||
# The PAM configuration file for the Shadow `chfn' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to change user infomation without being
|
|
||||||
# prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# The standard Unix authentication modules, used with
|
|
||||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
|
||||||
# /etc/shadow entries.
|
|
||||||
@include common-auth
|
|
||||||
@include common-account
|
|
||||||
@include common-session
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-5
@@ -1,5 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'chpasswd' service
|
|
||||||
#
|
|
||||||
|
|
||||||
@include common-password
|
|
||||||
|
|
||||||
Vendored
-20
@@ -1,20 +0,0 @@
|
|||||||
#
|
|
||||||
# The PAM configuration file for the Shadow `chsh' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This will not allow a user to change their shell unless
|
|
||||||
# their current one is listed in /etc/shells. This keeps
|
|
||||||
# accounts with special shells from changing them.
|
|
||||||
auth required pam_shells.so
|
|
||||||
|
|
||||||
# This allows root to change user shell without being
|
|
||||||
# prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# The standard Unix authentication modules, used with
|
|
||||||
# NIS (man nsswitch) as well as normal /etc/passwd and
|
|
||||||
# /etc/shadow entries.
|
|
||||||
@include common-auth
|
|
||||||
@include common-account
|
|
||||||
@include common-session
|
|
||||||
|
|
||||||
Vendored
-9
@@ -1,9 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
cd /var/backups || exit 0
|
|
||||||
|
|
||||||
for FILE in passwd group shadow gshadow; do
|
|
||||||
test -f /etc/$FILE || continue
|
|
||||||
cmp -s $FILE.bak /etc/$FILE && continue
|
|
||||||
cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak
|
|
||||||
done
|
|
||||||
Vendored
-2
@@ -1,2 +0,0 @@
|
|||||||
usr/share/lintian/overrides
|
|
||||||
etc/default
|
|
||||||
Vendored
-1
@@ -1 +0,0 @@
|
|||||||
debian/passwd.expire.cron
|
|
||||||
Vendored
-57
@@ -1,57 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
#
|
|
||||||
# passwd.expire.cron: sample expiry notification script for use as a cronjob
|
|
||||||
#
|
|
||||||
# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted
|
|
||||||
# for use, distribution, modification, etc.
|
|
||||||
#
|
|
||||||
# Usage:
|
|
||||||
# edit the listed options, including the actual email, then rename to
|
|
||||||
# /etc/cron.daily/passwd
|
|
||||||
#
|
|
||||||
# If your users don't have a valid login shell (ie. they are ftp or mail
|
|
||||||
# users only), they will need some other way to change their password
|
|
||||||
# (telnet will work since login will handle password aging, or a poppasswd
|
|
||||||
# program, if they are mail users).
|
|
||||||
|
|
||||||
# <CONFIG> #
|
|
||||||
|
|
||||||
# should be same as /etc/adduser.conf
|
|
||||||
$LOW_UID=1000;
|
|
||||||
$HIGH_UID=29999;
|
|
||||||
|
|
||||||
# this let's the MTA handle the domain,
|
|
||||||
# set it manually if you want. Make sure
|
|
||||||
# you also add the @ like "\@domain.com"
|
|
||||||
$MAIL_DOM="";
|
|
||||||
|
|
||||||
# </CONFIG> #
|
|
||||||
|
|
||||||
# Set the current day reference
|
|
||||||
$curdays = int(time() / (60 * 60 * 24));
|
|
||||||
|
|
||||||
# Now go through the list
|
|
||||||
|
|
||||||
open(SH, "< /etc/shadow");
|
|
||||||
while (<SH>) {
|
|
||||||
@shent = split(':', $_);
|
|
||||||
@userent = getpwnam($shent[0]);
|
|
||||||
if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) {
|
|
||||||
if ($curdays > $shent[2] + $shent[4] - $shent[5] &&
|
|
||||||
$shent[4] != -1 && $shent[4] != 0 &&
|
|
||||||
$shent[5] != -1 && $shent[5] != 0) {
|
|
||||||
$daysleft = ($shent[2] + $shent[4]) - $curdays;
|
|
||||||
if ($daysleft == 1) { $days = "day"; } else {$days = "days"; }
|
|
||||||
if ($daysleft < 0) { next; }
|
|
||||||
open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}");
|
|
||||||
print MAIL <<EOF;
|
|
||||||
Your account will expire in $daysleft $days. Please change your password before
|
|
||||||
then or your account will expire
|
|
||||||
EOF
|
|
||||||
close (MAIL);
|
|
||||||
# This makes sure we also get a list of almost expired users
|
|
||||||
print "$shent[0]'s account will expire in $daysleft days\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
@userent = getpwent();
|
|
||||||
}
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'groupadd' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to add groups without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'groupdel' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to remove groups without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'groupmod' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to modify groups without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-78
@@ -1,78 +0,0 @@
|
|||||||
usr/bin/chage
|
|
||||||
usr/bin/chfn
|
|
||||||
usr/bin/chsh
|
|
||||||
usr/bin/expiry
|
|
||||||
usr/bin/gpasswd
|
|
||||||
usr/bin/passwd
|
|
||||||
usr/sbin/chpasswd
|
|
||||||
usr/sbin/chgpasswd
|
|
||||||
usr/sbin/cppw
|
|
||||||
usr/sbin/groupadd
|
|
||||||
usr/sbin/groupdel
|
|
||||||
usr/sbin/groupmod
|
|
||||||
usr/sbin/grpck
|
|
||||||
usr/sbin/grpconv
|
|
||||||
usr/sbin/grpunconv
|
|
||||||
usr/sbin/newusers
|
|
||||||
usr/sbin/pwck
|
|
||||||
usr/sbin/pwconv
|
|
||||||
usr/sbin/pwunconv
|
|
||||||
usr/sbin/useradd
|
|
||||||
usr/sbin/userdel
|
|
||||||
usr/sbin/usermod
|
|
||||||
usr/sbin/vipw
|
|
||||||
usr/share/man/*/man1/chage.1
|
|
||||||
usr/share/man/*/man1/chfn.1
|
|
||||||
usr/share/man/*/man1/chsh.1
|
|
||||||
usr/share/man/*/man1/expiry.1
|
|
||||||
usr/share/man/*/man1/gpasswd.1
|
|
||||||
usr/share/man/*/man1/passwd.1
|
|
||||||
usr/share/man/*/man5/passwd.5
|
|
||||||
usr/share/man/*/man5/shadow.5
|
|
||||||
usr/share/man/*/man5/gshadow.5
|
|
||||||
usr/share/man/*/man8/chpasswd.8
|
|
||||||
usr/share/man/*/man8/groupadd.8
|
|
||||||
usr/share/man/*/man8/groupdel.8
|
|
||||||
usr/share/man/*/man8/groupmod.8
|
|
||||||
usr/share/man/*/man8/grpck.8
|
|
||||||
usr/share/man/*/man8/grpconv.8
|
|
||||||
usr/share/man/*/man8/grpunconv.8
|
|
||||||
usr/share/man/*/man8/newusers.8
|
|
||||||
usr/share/man/*/man8/pwck.8
|
|
||||||
usr/share/man/*/man8/pwconv.8
|
|
||||||
usr/share/man/*/man8/pwunconv.8
|
|
||||||
usr/share/man/*/man8/useradd.8
|
|
||||||
usr/share/man/*/man8/userdel.8
|
|
||||||
usr/share/man/*/man8/usermod.8
|
|
||||||
usr/share/man/*/man8/vigr.8
|
|
||||||
usr/share/man/*/man8/vipw.8
|
|
||||||
usr/share/man/man1/chage.1
|
|
||||||
usr/share/man/man1/chfn.1
|
|
||||||
usr/share/man/man1/chsh.1
|
|
||||||
usr/share/man/man1/expiry.1
|
|
||||||
usr/share/man/man1/gpasswd.1
|
|
||||||
usr/share/man/man1/passwd.1
|
|
||||||
usr/share/man/man5/passwd.5
|
|
||||||
usr/share/man/man5/shadow.5
|
|
||||||
usr/share/man/man5/gshadow.5
|
|
||||||
usr/share/man/man5/subuid.5
|
|
||||||
usr/share/man/man5/subgid.5
|
|
||||||
usr/share/man/man5/subgid.5
|
|
||||||
usr/share/man/man5/subuid.5
|
|
||||||
usr/share/man/man8/chgpasswd.8
|
|
||||||
usr/share/man/man8/chpasswd.8
|
|
||||||
usr/share/man/man8/groupadd.8
|
|
||||||
usr/share/man/man8/groupdel.8
|
|
||||||
usr/share/man/man8/groupmod.8
|
|
||||||
usr/share/man/man8/grpck.8
|
|
||||||
usr/share/man/man8/grpconv.8
|
|
||||||
usr/share/man/man8/grpunconv.8
|
|
||||||
usr/share/man/man8/newusers.8
|
|
||||||
usr/share/man/man8/pwck.8
|
|
||||||
usr/share/man/man8/pwconv.8
|
|
||||||
usr/share/man/man8/pwunconv.8
|
|
||||||
usr/share/man/man8/useradd.8
|
|
||||||
usr/share/man/man8/userdel.8
|
|
||||||
usr/share/man/man8/usermod.8
|
|
||||||
usr/share/man/man8/vigr.8
|
|
||||||
usr/share/man/man8/vipw.8
|
|
||||||
Vendored
-2
@@ -1,2 +0,0 @@
|
|||||||
usr/sbin/vipw usr/sbin/vigr
|
|
||||||
usr/sbin/cppw usr/sbin/cpgr
|
|
||||||
Vendored
-6
@@ -1,6 +0,0 @@
|
|||||||
passwd: setgid-binary usr/bin/chage 2755 root/shadow
|
|
||||||
passwd: setuid-binary usr/bin/chfn 4755 root/root
|
|
||||||
passwd: setuid-binary usr/bin/chsh 4755 root/root
|
|
||||||
passwd: setgid-binary usr/bin/expiry 2755 root/shadow
|
|
||||||
passwd: setuid-binary usr/bin/gpasswd 4755 root/root
|
|
||||||
passwd: setuid-binary usr/bin/passwd 4755 root/root
|
|
||||||
Vendored
-5
@@ -1,5 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'newusers' service
|
|
||||||
#
|
|
||||||
|
|
||||||
@include common-password
|
|
||||||
|
|
||||||
Vendored
-6
@@ -1,6 +0,0 @@
|
|||||||
#
|
|
||||||
# The PAM configuration file for the Shadow `passwd' service
|
|
||||||
#
|
|
||||||
|
|
||||||
@include common-password
|
|
||||||
|
|
||||||
Vendored
-44
@@ -1,44 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
configure)
|
|
||||||
# Fix permissions on various log files from old versions of the debian
|
|
||||||
# installer, some unrelated to passwd but we decided to put the fix
|
|
||||||
# here since there was no better place. This can safely be removed
|
|
||||||
# after etch is released.
|
|
||||||
if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
|
|
||||||
for log in /var/log/base-config* \
|
|
||||||
$(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
|
|
||||||
if [ -e "$log" ]; then
|
|
||||||
chmod 600 "$log"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
|
|
||||||
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
|
|
||||||
then
|
|
||||||
groupadd -g 42 shadow || (
|
|
||||||
cat <<EOF
|
|
||||||
Group ID 42 has been allocated for the shadow group. You have either
|
|
||||||
used 42 yourself or created a shadow group with a different ID.
|
|
||||||
Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
|
||||||
|
|
||||||
Note that both user and group IDs in the range 0-99 are globally
|
|
||||||
allocated by the Debian project and must be the same on every Debian
|
|
||||||
system.
|
|
||||||
EOF
|
|
||||||
exit 1
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# Run shadowconfig only on new installs
|
|
||||||
[ -z "$2" ] && shadowconfig on
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
Vendored
-51
@@ -1,51 +0,0 @@
|
|||||||
#! /bin/sh
|
|
||||||
|
|
||||||
#
|
|
||||||
# see: dh_installdeb(1)
|
|
||||||
|
|
||||||
set -e
|
|
||||||
|
|
||||||
# summary of how this script can be called:
|
|
||||||
# * <new-preinst> `install'
|
|
||||||
# * <new-preinst> `install' <old-version>
|
|
||||||
# * <new-preinst> `upgrade' <old-version>
|
|
||||||
# * <old-preinst> `abort-upgrade' <new-version>
|
|
||||||
#
|
|
||||||
# for details, see http://www.debian.org/doc/debian-policy/ or
|
|
||||||
# the debian-policy package
|
|
||||||
|
|
||||||
remove_md5() {
|
|
||||||
if md5sum $1 2>/dev/null |grep -q $2; then
|
|
||||||
cp $1 $1.pre-upgrade
|
|
||||||
sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \
|
|
||||||
&& mv $1.post-upgrade $1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
case "$1" in
|
|
||||||
install|upgrade)
|
|
||||||
if [ "x$2" != "x" ] ; then
|
|
||||||
if dpkg --compare-versions $2 lt 1:4.0.3 ; then
|
|
||||||
remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
;;
|
|
||||||
|
|
||||||
abort-upgrade)
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
echo "preinst called with unknown argument \`$1'" >&2
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# dh_installdeb will replace this with shell code automatically
|
|
||||||
# generated by other debhelper scripts.
|
|
||||||
|
|
||||||
#DEBHELPER#
|
|
||||||
|
|
||||||
exit 0
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'useradd' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to add users without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'userdel' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to remove users without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
Vendored
-8
@@ -1,8 +0,0 @@
|
|||||||
# The PAM configuration file for the Shadow 'groupdel' service
|
|
||||||
#
|
|
||||||
|
|
||||||
# This allows root to remove groups without being prompted for a password
|
|
||||||
auth sufficient pam_rootok.so
|
|
||||||
|
|
||||||
# checks for account validity
|
|
||||||
account required pam_permit.so
|
|
||||||
-55
@@ -1,55 +0,0 @@
|
|||||||
Goal: Log login failures to the btmp file
|
|
||||||
|
|
||||||
Notes:
|
|
||||||
* I'm not sure login should add an entry in the FTMP file when PAM is used.
|
|
||||||
(but nothing in /etc/login.defs indicates that the failure is not logged)
|
|
||||||
|
|
||||||
Index: git/src/login.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/login.c
|
|
||||||
+++ git/src/login.c
|
|
||||||
@@ -831,6 +831,24 @@
|
|
||||||
(void) puts ("");
|
|
||||||
(void) puts (_("Login incorrect"));
|
|
||||||
|
|
||||||
+ if (getdef_str("FTMP_FILE") != NULL) {
|
|
||||||
+#ifdef USE_UTMPX
|
|
||||||
+ struct utmpx *failent =
|
|
||||||
+ prepare_utmpx (failent_user,
|
|
||||||
+ tty,
|
|
||||||
+ /* FIXME: or fromhost? */hostname,
|
|
||||||
+ utent);
|
|
||||||
+#else /* !USE_UTMPX */
|
|
||||||
+ struct utmp *failent =
|
|
||||||
+ prepare_utmp (failent_user,
|
|
||||||
+ tty,
|
|
||||||
+ hostname,
|
|
||||||
+ utent);
|
|
||||||
+#endif /* !USE_UTMPX */
|
|
||||||
+ failtmp (failent_user, failent);
|
|
||||||
+ free (failent);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (failcount >= retries) {
|
|
||||||
SYSLOG ((LOG_NOTICE,
|
|
||||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
|
||||||
Index: git/lib/getdef.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/lib/getdef.c
|
|
||||||
+++ git/lib/getdef.c
|
|
||||||
@@ -62,6 +62,7 @@
|
|
||||||
{"ERASECHAR", NULL},
|
|
||||||
{"FAIL_DELAY", NULL},
|
|
||||||
{"FAKE_SHELL", NULL},
|
|
||||||
+ {"FTMP_FILE", NULL},
|
|
||||||
{"GID_MAX", NULL},
|
|
||||||
{"GID_MIN", NULL},
|
|
||||||
{"HUSHLOGIN_FILE", NULL},
|
|
||||||
@@ -109,7 +110,6 @@
|
|
||||||
{"ENVIRON_FILE", NULL},
|
|
||||||
{"ENV_TZ", NULL},
|
|
||||||
{"FAILLOG_ENAB", NULL},
|
|
||||||
- {"FTMP_FILE", NULL},
|
|
||||||
{"ISSUE_FILE", NULL},
|
|
||||||
{"LASTLOG_ENAB", NULL},
|
|
||||||
{"LOGIN_STRING", NULL},
|
|
||||||
Vendored
-93
@@ -1,93 +0,0 @@
|
|||||||
=== modified file 'etc/login.defs'
|
|
||||||
Index: git/etc/login.defs
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/etc/login.defs
|
|
||||||
+++ git/etc/login.defs
|
|
||||||
@@ -229,7 +229,7 @@
|
|
||||||
# Extra per user uids
|
|
||||||
SUB_UID_MIN 100000
|
|
||||||
SUB_UID_MAX 600100000
|
|
||||||
-SUB_UID_COUNT 10000
|
|
||||||
+SUB_UID_COUNT 65536
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic gid selection in groupadd(8)
|
|
||||||
@@ -242,7 +242,7 @@
|
|
||||||
# Extra per user group ids
|
|
||||||
SUB_GID_MIN 100000
|
|
||||||
SUB_GID_MAX 600100000
|
|
||||||
-SUB_GID_COUNT 10000
|
|
||||||
+SUB_GID_COUNT 65536
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max number of login(1) retries if password is bad
|
|
||||||
Index: git/src/newusers.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/newusers.c
|
|
||||||
+++ git/src/newusers.c
|
|
||||||
@@ -988,8 +988,8 @@
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
- is_sub_uid = sub_uid_file_present ();
|
|
||||||
- is_sub_gid = sub_gid_file_present ();
|
|
||||||
+ is_sub_uid = sub_uid_file_present () && !rflg;
|
|
||||||
+ is_sub_gid = sub_gid_file_present () && !rflg;
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
|
|
||||||
open_files ();
|
|
||||||
Index: git/src/useradd.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/useradd.c
|
|
||||||
+++ git/src/useradd.c
|
|
||||||
@@ -1994,6 +1994,10 @@
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
#endif /* ACCT_TOOLS_SETUID */
|
|
||||||
|
|
||||||
+ /* Needed for userns check */
|
|
||||||
+ uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
|
|
||||||
+ uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Get my name so that I can use it to report errors.
|
|
||||||
*/
|
|
||||||
@@ -2023,8 +2027,10 @@
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
#ifdef ENABLE_SUBIDS
|
|
||||||
- is_sub_uid = sub_uid_file_present ();
|
|
||||||
- is_sub_gid = sub_gid_file_present ();
|
|
||||||
+ is_sub_uid = sub_uid_file_present () && !rflg &&
|
|
||||||
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
|
|
||||||
+ is_sub_gid = sub_gid_file_present () && !rflg &&
|
|
||||||
+ (!user_id || (user_id <= uid_max && user_id >= uid_min));
|
|
||||||
#endif /* ENABLE_SUBIDS */
|
|
||||||
|
|
||||||
get_defaults ();
|
|
||||||
|
|
||||||
Index: git/libmisc/find_new_sub_uids.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/libmisc/find_new_sub_uids.c
|
|
||||||
+++ git/libmisc/find_new_sub_uids.c
|
|
||||||
@@ -58,7 +58,7 @@
|
|
||||||
|
|
||||||
min = getdef_ulong ("SUB_UID_MIN", 100000UL);
|
|
||||||
max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
|
|
||||||
- count = getdef_ulong ("SUB_UID_COUNT", 10000);
|
|
||||||
+ count = getdef_ulong ("SUB_UID_COUNT", 65536);
|
|
||||||
|
|
||||||
if (min > max || count >= max || (min + count - 1) > max) {
|
|
||||||
(void) fprintf (stderr,
|
|
||||||
Index: git/libmisc/find_new_sub_gids.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/libmisc/find_new_sub_gids.c
|
|
||||||
+++ git/libmisc/find_new_sub_gids.c
|
|
||||||
@@ -58,7 +58,7 @@
|
|
||||||
|
|
||||||
min = getdef_ulong ("SUB_GID_MIN", 100000UL);
|
|
||||||
max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
|
|
||||||
- count = getdef_ulong ("SUB_GID_COUNT", 10000);
|
|
||||||
+ count = getdef_ulong ("SUB_GID_COUNT", 65536);
|
|
||||||
|
|
||||||
if (min > max || count >= max || (min + count - 1) > max) {
|
|
||||||
(void) fprintf (stderr,
|
|
||||||
-2687
File diff suppressed because it is too large
Load Diff
Vendored
-282
@@ -1,282 +0,0 @@
|
|||||||
#! /bin/sh /usr/share/dpatch/dpatch-run
|
|
||||||
## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net>
|
|
||||||
##
|
|
||||||
## All lines beginning with `## DP:' are a description of the patch.
|
|
||||||
## DP: Add cppw / cpgr
|
|
||||||
|
|
||||||
@DPATCH@
|
|
||||||
Index: git/src/cppw.c
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/src/cppw.c
|
|
||||||
@@ -0,0 +1,238 @@
|
|
||||||
+/*
|
|
||||||
+ cppw, cpgr copy with locking given file over the password or group file
|
|
||||||
+ with -s will copy with locking given file over shadow or gshadow file
|
|
||||||
+
|
|
||||||
+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net>
|
|
||||||
+
|
|
||||||
+ Based on vipw, vigr by:
|
|
||||||
+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu>
|
|
||||||
+
|
|
||||||
+ This program is free software; you can redistribute it and/or modify
|
|
||||||
+ it under the terms of the GNU General Public License as published by
|
|
||||||
+ the Free Software Foundation; either version 2 of the License, or
|
|
||||||
+ (at your option) any later version.
|
|
||||||
+
|
|
||||||
+ This program is distributed in the hope that it will be useful, but
|
|
||||||
+ WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
||||||
+ General Public License for more details.
|
|
||||||
+
|
|
||||||
+ You should have received a copy of the GNU General Public License
|
|
||||||
+ along with this program; if not, write to the Free Software
|
|
||||||
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
||||||
+
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <config.h>
|
|
||||||
+#include "defines.h"
|
|
||||||
+
|
|
||||||
+#include <errno.h>
|
|
||||||
+#include <sys/stat.h>
|
|
||||||
+#include <unistd.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <stdlib.h>
|
|
||||||
+#include <sys/types.h>
|
|
||||||
+#include <signal.h>
|
|
||||||
+#include <utime.h>
|
|
||||||
+#include "exitcodes.h"
|
|
||||||
+#include "prototypes.h"
|
|
||||||
+#include "pwio.h"
|
|
||||||
+#include "shadowio.h"
|
|
||||||
+#include "groupio.h"
|
|
||||||
+#include "sgroupio.h"
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+const char *Prog;
|
|
||||||
+
|
|
||||||
+const char *filename, *filenewname;
|
|
||||||
+static bool filelocked = false;
|
|
||||||
+static int (*unlock) (void);
|
|
||||||
+
|
|
||||||
+/* local function prototypes */
|
|
||||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb);
|
|
||||||
+static void cppwexit (const char *msg, int syserr, int ret);
|
|
||||||
+static void cppwcopy (const char *file,
|
|
||||||
+ const char *in_file,
|
|
||||||
+ int (*file_lock) (void),
|
|
||||||
+ int (*file_unlock) (void));
|
|
||||||
+
|
|
||||||
+static int create_copy (FILE *fp, const char *dest, struct stat *sb)
|
|
||||||
+{
|
|
||||||
+ struct utimbuf ub;
|
|
||||||
+ FILE *bkfp;
|
|
||||||
+ int c;
|
|
||||||
+ mode_t mask;
|
|
||||||
+
|
|
||||||
+ mask = umask (077);
|
|
||||||
+ bkfp = fopen (dest, "w");
|
|
||||||
+ (void) umask (mask);
|
|
||||||
+ if (NULL == bkfp) {
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ rewind (fp);
|
|
||||||
+ while ((c = getc (fp)) != EOF) {
|
|
||||||
+ if (putc (c, bkfp) == EOF) {
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ( (c != EOF)
|
|
||||||
+ || (fflush (bkfp) != 0)) {
|
|
||||||
+ (void) fclose (bkfp);
|
|
||||||
+ (void) unlink (dest);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ if ( (fsync (fileno (bkfp)) != 0)
|
|
||||||
+ || (fclose (bkfp) != 0)) {
|
|
||||||
+ (void) unlink (dest);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ ub.actime = sb->st_atime;
|
|
||||||
+ ub.modtime = sb->st_mtime;
|
|
||||||
+ if ( (utime (dest, &ub) != 0)
|
|
||||||
+ || (chmod (dest, sb->st_mode) != 0)
|
|
||||||
+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) {
|
|
||||||
+ (void) unlink (dest);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void cppwexit (const char *msg, int syserr, int ret)
|
|
||||||
+{
|
|
||||||
+ int err = errno;
|
|
||||||
+ if (filelocked) {
|
|
||||||
+ (*unlock) ();
|
|
||||||
+ }
|
|
||||||
+ if (NULL != msg) {
|
|
||||||
+ fprintf (stderr, "%s: %s", Prog, msg);
|
|
||||||
+ if (0 != syserr) {
|
|
||||||
+ fprintf (stderr, ": %s", strerror (err));
|
|
||||||
+ }
|
|
||||||
+ (void) fputs ("\n", stderr);
|
|
||||||
+ }
|
|
||||||
+ if (NULL != filename) {
|
|
||||||
+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename);
|
|
||||||
+ } else {
|
|
||||||
+ fprintf (stderr, _("%s: no changes\n"), Prog);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ exit (ret);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void cppwcopy (const char *file,
|
|
||||||
+ const char *in_file,
|
|
||||||
+ int (*file_lock) (void),
|
|
||||||
+ int (*file_unlock) (void))
|
|
||||||
+{
|
|
||||||
+ struct stat st1;
|
|
||||||
+ FILE *f;
|
|
||||||
+ char filenew[1024];
|
|
||||||
+
|
|
||||||
+ snprintf (filenew, sizeof filenew, "%s.new", file);
|
|
||||||
+ unlock = file_unlock;
|
|
||||||
+ filename = file;
|
|
||||||
+ filenewname = filenew;
|
|
||||||
+
|
|
||||||
+ if (access (file, F_OK) != 0) {
|
|
||||||
+ cppwexit (file, 1, 1);
|
|
||||||
+ }
|
|
||||||
+ if (file_lock () == 0) {
|
|
||||||
+ cppwexit (_("Couldn't lock file"), 0, 5);
|
|
||||||
+ }
|
|
||||||
+ filelocked = true;
|
|
||||||
+
|
|
||||||
+ /* file to copy has same owners, perm */
|
|
||||||
+ if (stat (file, &st1) != 0) {
|
|
||||||
+ cppwexit (file, 1, 1);
|
|
||||||
+ }
|
|
||||||
+ f = fopen (in_file, "r");
|
|
||||||
+ if (NULL == f) {
|
|
||||||
+ cppwexit (in_file, 1, 1);
|
|
||||||
+ }
|
|
||||||
+ if (create_copy (f, filenew, &st1) != 0) {
|
|
||||||
+ cppwexit (_("Couldn't make copy"), errno, 1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* XXX - here we should check filenew for errors; if there are any,
|
|
||||||
+ * fail w/ an appropriate error code and let the user manually fix
|
|
||||||
+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly
|
|
||||||
+ * stolen from '--marekm's comment) */
|
|
||||||
+
|
|
||||||
+ if (rename (filenew, file) != 0) {
|
|
||||||
+ fprintf (stderr, _("%s: can't copy %s: %s)\n"),
|
|
||||||
+ Prog, filenew, strerror (errno));
|
|
||||||
+ cppwexit (NULL,0,1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ (*file_unlock) ();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int main (int argc, char **argv)
|
|
||||||
+{
|
|
||||||
+ int flag;
|
|
||||||
+ bool cpshadow = false;
|
|
||||||
+ char *in_file;
|
|
||||||
+ int e = E_USAGE;
|
|
||||||
+ bool do_cppw = true;
|
|
||||||
+
|
|
||||||
+ (void) setlocale (LC_ALL, "");
|
|
||||||
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
||||||
+ (void) textdomain (PACKAGE);
|
|
||||||
+
|
|
||||||
+ Prog = Basename (argv[0]);
|
|
||||||
+ if (strcmp (Prog, "cpgr") == 0) {
|
|
||||||
+ do_cppw = false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ while ((flag = getopt (argc, argv, "ghps")) != EOF) {
|
|
||||||
+ switch (flag) {
|
|
||||||
+ case 'p':
|
|
||||||
+ do_cppw = true;
|
|
||||||
+ break;
|
|
||||||
+ case 'g':
|
|
||||||
+ do_cppw = false;
|
|
||||||
+ break;
|
|
||||||
+ case 's':
|
|
||||||
+ cpshadow = true;
|
|
||||||
+ break;
|
|
||||||
+ case 'h':
|
|
||||||
+ e = E_SUCCESS;
|
|
||||||
+ /*pass through*/
|
|
||||||
+ default:
|
|
||||||
+ (void) fputs (_("Usage:\n\
|
|
||||||
+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\
|
|
||||||
+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\
|
|
||||||
+"), (E_SUCCESS != e) ? stderr : stdout);
|
|
||||||
+ exit (e);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (argc != optind + 1) {
|
|
||||||
+ cppwexit (_("wrong number of arguments, -h for usage"),0,1);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ in_file = argv[optind];
|
|
||||||
+
|
|
||||||
+ if (do_cppw) {
|
|
||||||
+ if (cpshadow) {
|
|
||||||
+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock);
|
|
||||||
+ } else {
|
|
||||||
+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock);
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+#ifdef SHADOWGRP
|
|
||||||
+ if (cpshadow) {
|
|
||||||
+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock);
|
|
||||||
+ } else
|
|
||||||
+#endif /* SHADOWGRP */
|
|
||||||
+ {
|
|
||||||
+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
Index: git/src/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/Makefile.am
|
|
||||||
+++ git/src/Makefile.am
|
|
||||||
@@ -29,6 +29,7 @@
|
|
||||||
ubin_PROGRAMS += newgidmap newuidmap
|
|
||||||
endif
|
|
||||||
usbin_PROGRAMS = \
|
|
||||||
+ cppw \
|
|
||||||
chgpasswd \
|
|
||||||
chpasswd \
|
|
||||||
groupadd \
|
|
||||||
@@ -87,6 +88,7 @@
|
|
||||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
|
||||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
|
||||||
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
|
||||||
+cppw_LDADD = $(LDADD) $(LIBSELINUX)
|
|
||||||
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
|
||||||
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
|
||||||
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
|
||||||
Index: git/po/POTFILES.in
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/po/POTFILES.in
|
|
||||||
+++ git/po/POTFILES.in
|
|
||||||
@@ -85,6 +85,7 @@
|
|
||||||
src/chgpasswd.c
|
|
||||||
src/chpasswd.c
|
|
||||||
src/chsh.c
|
|
||||||
+src/cppw.c
|
|
||||||
src/expiry.c
|
|
||||||
src/faillog.c
|
|
||||||
src/gpasswd.c
|
|
||||||
Vendored
-64
@@ -1,64 +0,0 @@
|
|||||||
Goal: Add selinux support to cppw
|
|
||||||
|
|
||||||
Fix:
|
|
||||||
|
|
||||||
Status wrt upstream: cppw is not available upstream.
|
|
||||||
The patch was made based on the
|
|
||||||
302_vim_selinux_support patch. It needs to be
|
|
||||||
reviewed by an SE-Linux aware person.
|
|
||||||
|
|
||||||
Depends on 401_cppw_src.dpatch
|
|
||||||
|
|
||||||
Index: git/src/cppw.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/cppw.c
|
|
||||||
+++ git/src/cppw.c
|
|
||||||
@@ -34,6 +34,9 @@
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <signal.h>
|
|
||||||
#include <utime.h>
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+#include <selinux/selinux.h>
|
|
||||||
+#endif /* WITH_SELINUX */
|
|
||||||
#include "exitcodes.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
#include "pwio.h"
|
|
||||||
@@ -139,6 +142,22 @@
|
|
||||||
if (access (file, F_OK) != 0) {
|
|
||||||
cppwexit (file, 1, 1);
|
|
||||||
}
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ /* if SE Linux is enabled then set the context of all new files
|
|
||||||
+ * to be the context of the file we are editing */
|
|
||||||
+ if (is_selinux_enabled () > 0) {
|
|
||||||
+ security_context_t passwd_context=NULL;
|
|
||||||
+ int ret = 0;
|
|
||||||
+ if (getfilecon (file, &passwd_context) < 0) {
|
|
||||||
+ cppwexit (_("Couldn't get file context"), errno, 1);
|
|
||||||
+ }
|
|
||||||
+ ret = setfscreatecon (passwd_context);
|
|
||||||
+ freecon (passwd_context);
|
|
||||||
+ if (0 != ret) {
|
|
||||||
+ cppwexit (_("setfscreatecon () failed"), errno, 1);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif /* WITH_SELINUX */
|
|
||||||
if (file_lock () == 0) {
|
|
||||||
cppwexit (_("Couldn't lock file"), 0, 5);
|
|
||||||
}
|
|
||||||
@@ -167,6 +186,15 @@
|
|
||||||
cppwexit (NULL,0,1);
|
|
||||||
}
|
|
||||||
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ /* unset the fscreatecon */
|
|
||||||
+ if (is_selinux_enabled () > 0) {
|
|
||||||
+ if (setfscreatecon (NULL)) {
|
|
||||||
+ cppwexit (_("setfscreatecon() failed"), errno, 1);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+#endif /* WITH_SELINUX */
|
|
||||||
+
|
|
||||||
(*file_unlock) ();
|
|
||||||
}
|
|
||||||
|
|
||||||
-96
@@ -1,96 +0,0 @@
|
|||||||
Goal: Re-enable logging and displaying failures on login when login is
|
|
||||||
compiled with PAM and when FAILLOG_ENAB is set to yes. And create the
|
|
||||||
faillog file if it does not exist on postinst (as on Woody).
|
|
||||||
Depends: 008_login_more_LOG_UNKFAIL_ENAB
|
|
||||||
Fixes: #192849
|
|
||||||
|
|
||||||
Note: It could be removed if pam_tally could report the number of failures
|
|
||||||
preceding a successful login.
|
|
||||||
|
|
||||||
Index: git/src/login.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/login.c
|
|
||||||
+++ git/src/login.c
|
|
||||||
@@ -131,9 +131,9 @@
|
|
||||||
const char *host,
|
|
||||||
/*@null@*/const struct utmp *utent);
|
|
||||||
|
|
||||||
-#ifndef USE_PAM
|
|
||||||
static struct faillog faillog;
|
|
||||||
|
|
||||||
+#ifndef USE_PAM
|
|
||||||
static void bad_time_notify (void);
|
|
||||||
static void check_nologin (bool login_to_root);
|
|
||||||
#else
|
|
||||||
@@ -791,6 +791,9 @@
|
|
||||||
SYSLOG ((LOG_NOTICE,
|
|
||||||
"TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
|
|
||||||
failcount, fromhost, failent_user));
|
|
||||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
|
||||||
+ failure (pwd->pw_uid, tty, &faillog);
|
|
||||||
+ }
|
|
||||||
fprintf (stderr,
|
|
||||||
_("Maximum number of tries exceeded (%u)\n"),
|
|
||||||
failcount);
|
|
||||||
@@ -808,6 +811,14 @@
|
|
||||||
pam_strerror (pamh, retcode)));
|
|
||||||
failed = true;
|
|
||||||
}
|
|
||||||
+ if ( (NULL != pwd)
|
|
||||||
+ && getdef_bool("FAILLOG_ENAB")
|
|
||||||
+ && ! failcheck (pwd->pw_uid, &faillog, failed)) {
|
|
||||||
+ SYSLOG((LOG_CRIT,
|
|
||||||
+ "exceeded failure limit for `%s' %s",
|
|
||||||
+ failent_user, fromhost));
|
|
||||||
+ failed = 1;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (!failed) {
|
|
||||||
break;
|
|
||||||
@@ -831,6 +842,10 @@
|
|
||||||
(void) puts ("");
|
|
||||||
(void) puts (_("Login incorrect"));
|
|
||||||
|
|
||||||
+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) {
|
|
||||||
+ failure (pwd->pw_uid, tty, &faillog);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (getdef_str("FTMP_FILE") != NULL) {
|
|
||||||
#ifdef USE_UTMPX
|
|
||||||
struct utmpx *failent =
|
|
||||||
@@ -1285,6 +1300,7 @@
|
|
||||||
*/
|
|
||||||
#ifndef USE_PAM
|
|
||||||
motd (); /* print the message of the day */
|
|
||||||
+#endif
|
|
||||||
if ( getdef_bool ("FAILLOG_ENAB")
|
|
||||||
&& (0 != faillog.fail_cnt)) {
|
|
||||||
failprint (&faillog);
|
|
||||||
@@ -1297,6 +1313,7 @@
|
|
||||||
username, (int) faillog.fail_cnt));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+#ifndef USE_PAM
|
|
||||||
if ( getdef_bool ("LASTLOG_ENAB")
|
|
||||||
&& (ll.ll_time != 0)) {
|
|
||||||
time_t ll_time = ll.ll_time;
|
|
||||||
Index: git/lib/getdef.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/lib/getdef.c
|
|
||||||
+++ git/lib/getdef.c
|
|
||||||
@@ -61,6 +61,7 @@
|
|
||||||
{"ENV_SUPATH", NULL},
|
|
||||||
{"ERASECHAR", NULL},
|
|
||||||
{"FAIL_DELAY", NULL},
|
|
||||||
+ {"FAILLOG_ENAB", NULL},
|
|
||||||
{"FAKE_SHELL", NULL},
|
|
||||||
{"FTMP_FILE", NULL},
|
|
||||||
{"GID_MAX", NULL},
|
|
||||||
@@ -109,7 +110,6 @@
|
|
||||||
{"ENV_HZ", NULL},
|
|
||||||
{"ENVIRON_FILE", NULL},
|
|
||||||
{"ENV_TZ", NULL},
|
|
||||||
- {"FAILLOG_ENAB", NULL},
|
|
||||||
{"ISSUE_FILE", NULL},
|
|
||||||
{"LASTLOG_ENAB", NULL},
|
|
||||||
{"LOGIN_STRING", NULL},
|
|
||||||
-109
@@ -1,109 +0,0 @@
|
|||||||
Goal: Do not hardcode pam_fail_delay and let pam_unix do its
|
|
||||||
job to set a delay...or not
|
|
||||||
|
|
||||||
Fixes: #87648
|
|
||||||
|
|
||||||
Status wrt upstream: Forwarded but not applied yet
|
|
||||||
|
|
||||||
Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs
|
|
||||||
|
|
||||||
Index: git/src/login.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/login.c
|
|
||||||
+++ git/src/login.c
|
|
||||||
@@ -525,7 +525,6 @@
|
|
||||||
#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
|
|
||||||
char ptime[80];
|
|
||||||
#endif
|
|
||||||
- unsigned int delay;
|
|
||||||
unsigned int retries;
|
|
||||||
bool subroot = false;
|
|
||||||
#ifndef USE_PAM
|
|
||||||
@@ -545,6 +544,7 @@
|
|
||||||
pid_t child;
|
|
||||||
char *pam_user = NULL;
|
|
||||||
#else
|
|
||||||
+ unsigned int delay;
|
|
||||||
struct spwd *spwd = NULL;
|
|
||||||
#endif
|
|
||||||
/*
|
|
||||||
@@ -705,7 +705,6 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
environ = newenvp; /* make new environment active */
|
|
||||||
- delay = getdef_unum ("FAIL_DELAY", 1);
|
|
||||||
retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
|
|
||||||
|
|
||||||
#ifdef USE_PAM
|
|
||||||
@@ -721,8 +720,7 @@
|
|
||||||
|
|
||||||
/*
|
|
||||||
* hostname & tty are either set to NULL or their correct values,
|
|
||||||
- * depending on how much we know. We also set PAM's fail delay to
|
|
||||||
- * ours.
|
|
||||||
+ * depending on how much we know.
|
|
||||||
*
|
|
||||||
* PAM_RHOST and PAM_TTY are used for authentication, only use
|
|
||||||
* information coming from login or from the caller (e.g. no utmp)
|
|
||||||
@@ -731,10 +729,6 @@
|
|
||||||
PAM_FAIL_CHECK;
|
|
||||||
retcode = pam_set_item (pamh, PAM_TTY, tty);
|
|
||||||
PAM_FAIL_CHECK;
|
|
||||||
-#ifdef HAS_PAM_FAIL_DELAY
|
|
||||||
- retcode = pam_fail_delay (pamh, 1000000 * delay);
|
|
||||||
- PAM_FAIL_CHECK;
|
|
||||||
-#endif
|
|
||||||
/* if fflg, then the user has already been authenticated */
|
|
||||||
if (!fflg) {
|
|
||||||
unsigned int failcount = 0;
|
|
||||||
@@ -775,12 +769,6 @@
|
|
||||||
bool failed = false;
|
|
||||||
|
|
||||||
failcount++;
|
|
||||||
-#ifdef HAS_PAM_FAIL_DELAY
|
|
||||||
- if (delay > 0) {
|
|
||||||
- retcode = pam_fail_delay(pamh, 1000000*delay);
|
|
||||||
- PAM_FAIL_CHECK;
|
|
||||||
- }
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
retcode = pam_authenticate (pamh, 0);
|
|
||||||
|
|
||||||
@@ -1103,14 +1091,17 @@
|
|
||||||
free (username);
|
|
||||||
username = NULL;
|
|
||||||
|
|
||||||
+#ifndef USE_PAM
|
|
||||||
/*
|
|
||||||
* Wait a while (a la SVR4 /usr/bin/login) before attempting
|
|
||||||
* to login the user again. If the earlier alarm occurs
|
|
||||||
* before the sleep() below completes, login will exit.
|
|
||||||
*/
|
|
||||||
+ delay = getdef_unum ("FAIL_DELAY", 1);
|
|
||||||
if (delay > 0) {
|
|
||||||
(void) sleep (delay);
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
(void) puts (_("Login incorrect"));
|
|
||||||
|
|
||||||
Index: git/lib/getdef.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/lib/getdef.c
|
|
||||||
+++ git/lib/getdef.c
|
|
||||||
@@ -60,7 +60,6 @@
|
|
||||||
{"ENV_PATH", NULL},
|
|
||||||
{"ENV_SUPATH", NULL},
|
|
||||||
{"ERASECHAR", NULL},
|
|
||||||
- {"FAIL_DELAY", NULL},
|
|
||||||
{"FAILLOG_ENAB", NULL},
|
|
||||||
{"FAKE_SHELL", NULL},
|
|
||||||
{"FTMP_FILE", NULL},
|
|
||||||
@@ -110,6 +109,7 @@
|
|
||||||
{"ENV_HZ", NULL},
|
|
||||||
{"ENVIRON_FILE", NULL},
|
|
||||||
{"ENV_TZ", NULL},
|
|
||||||
+ {"FAIL_DELAY", NULL},
|
|
||||||
{"ISSUE_FILE", NULL},
|
|
||||||
{"LASTLOG_ENAB", NULL},
|
|
||||||
{"LOGIN_STRING", NULL},
|
|
||||||
-39
@@ -1,39 +0,0 @@
|
|||||||
Goal: save the [g]shadow files with the 'shadow' group and mode 0440
|
|
||||||
|
|
||||||
Fixes: #166793
|
|
||||||
|
|
||||||
Index: git/lib/commonio.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/lib/commonio.c
|
|
||||||
+++ git/lib/commonio.c
|
|
||||||
@@ -44,6 +44,7 @@
|
|
||||||
#include <errno.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <signal.h>
|
|
||||||
+#include <grp.h>
|
|
||||||
#include "nscd.h"
|
|
||||||
#ifdef WITH_TCB
|
|
||||||
#include <tcb.h>
|
|
||||||
@@ -966,13 +967,20 @@
|
|
||||||
goto fail;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
+ struct group *grp;
|
|
||||||
/*
|
|
||||||
* Default permissions for new [g]shadow files.
|
|
||||||
* (passwd and group always exist...)
|
|
||||||
*/
|
|
||||||
- sb.st_mode = 0400;
|
|
||||||
+ sb.st_mode = 0440;
|
|
||||||
sb.st_uid = 0;
|
|
||||||
- sb.st_gid = 0;
|
|
||||||
+ /*
|
|
||||||
+ * Try to retrieve the shadow's GID, and fall back to GID 0.
|
|
||||||
+ */
|
|
||||||
+ if ((grp = getgrnam("shadow")) != NULL)
|
|
||||||
+ sb.st_gid = grp->gr_gid;
|
|
||||||
+ else
|
|
||||||
+ sb.st_gid = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
snprintf (buf, sizeof buf, "%s+", db->filename);
|
|
||||||
Vendored
-201
@@ -1,201 +0,0 @@
|
|||||||
Goal: Document the shadowconfig utility
|
|
||||||
|
|
||||||
Status wrt upstream: The shadowconfig utility is debian specific.
|
|
||||||
Its man page also (but it used to be distributed)
|
|
||||||
|
|
||||||
Index: git/man/shadowconfig.8
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/man/shadowconfig.8
|
|
||||||
@@ -0,0 +1,41 @@
|
|
||||||
+.\"Generated by db2man.xsl. Don't modify this, modify the source.
|
|
||||||
+.de Sh \" Subsection
|
|
||||||
+.br
|
|
||||||
+.if t .Sp
|
|
||||||
+.ne 5
|
|
||||||
+.PP
|
|
||||||
+\fB\\$1\fR
|
|
||||||
+.PP
|
|
||||||
+..
|
|
||||||
+.de Sp \" Vertical space (when we can't use .PP)
|
|
||||||
+.if t .sp .5v
|
|
||||||
+.if n .sp
|
|
||||||
+..
|
|
||||||
+.de Ip \" List item
|
|
||||||
+.br
|
|
||||||
+.ie \\n(.$>=3 .ne \\$3
|
|
||||||
+.el .ne 3
|
|
||||||
+.IP "\\$1" \\$2
|
|
||||||
+..
|
|
||||||
+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" ""
|
|
||||||
+.SH NAME
|
|
||||||
+shadowconfig \- toggle shadow passwords on and off
|
|
||||||
+.SH "SYNOPSIS"
|
|
||||||
+.ad l
|
|
||||||
+.hy 0
|
|
||||||
+.HP 13
|
|
||||||
+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR
|
|
||||||
+.ad
|
|
||||||
+.hy
|
|
||||||
+
|
|
||||||
+.SH "DESCRIPTION"
|
|
||||||
+
|
|
||||||
+.PP
|
|
||||||
+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&.
|
|
||||||
+
|
|
||||||
+.PP
|
|
||||||
+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&.
|
|
||||||
+
|
|
||||||
+.PP
|
|
||||||
+Note that turning shadow passwords off and on again will lose all password aging information\&.
|
|
||||||
+
|
|
||||||
Index: git/man/shadowconfig.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/man/shadowconfig.8.xml
|
|
||||||
@@ -0,0 +1,52 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
|
||||||
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
|
||||||
+<refentry id='shadowconfig.8'>
|
|
||||||
+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ -->
|
|
||||||
+ <refentryinfo>
|
|
||||||
+ <date>19 Apr 1997</date>
|
|
||||||
+ </refentryinfo>
|
|
||||||
+ <refmeta>
|
|
||||||
+ <refentrytitle>shadowconfig</refentrytitle>
|
|
||||||
+ <manvolnum>8</manvolnum>
|
|
||||||
+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo>
|
|
||||||
+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo>
|
|
||||||
+ </refmeta>
|
|
||||||
+ <refnamediv id='name'>
|
|
||||||
+ <refname>shadowconfig</refname>
|
|
||||||
+ <refpurpose>toggle shadow passwords on and off</refpurpose>
|
|
||||||
+ </refnamediv>
|
|
||||||
+
|
|
||||||
+ <refsynopsisdiv id='synopsis'>
|
|
||||||
+ <cmdsynopsis>
|
|
||||||
+ <command>shadowconfig</command>
|
|
||||||
+ <group choice='plain'>
|
|
||||||
+ <arg choice='plain'><replaceable>on</replaceable></arg>
|
|
||||||
+ <arg choice='plain'><replaceable>off</replaceable></arg>
|
|
||||||
+ </group>
|
|
||||||
+ </cmdsynopsis>
|
|
||||||
+ </refsynopsisdiv>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='description'>
|
|
||||||
+ <title>DESCRIPTION</title>
|
|
||||||
+ <para><command>shadowconfig</command> on will turn shadow passwords on;
|
|
||||||
+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow
|
|
||||||
+ passwords off. <command>shadowconfig</command> will print an error
|
|
||||||
+ message and exit with a nonzero code if it finds anything awry. If
|
|
||||||
+ that happens, you should correct the error and run it again. Turning
|
|
||||||
+ shadow passwords on when they are already on, or off when they are
|
|
||||||
+ already off, is harmless.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ <para>
|
|
||||||
+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a
|
|
||||||
+ brief introduction
|
|
||||||
+ to shadow passwords and related features.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ <para>Note that turning shadow passwords off and on again will lose all
|
|
||||||
+ password
|
|
||||||
+ aging information.
|
|
||||||
+ </para>
|
|
||||||
+ </refsect1>
|
|
||||||
+</refentry>
|
|
||||||
Index: git/man/fr/shadowconfig.8
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/man/fr/shadowconfig.8
|
|
||||||
@@ -0,0 +1,26 @@
|
|
||||||
+.\" This file was generated with po4a. Translate the source file.
|
|
||||||
+.\"
|
|
||||||
+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $
|
|
||||||
+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux"
|
|
||||||
+.SH NOM
|
|
||||||
+shadowconfig \- active ou désactive les mots de passe cachés
|
|
||||||
+.SH SYNOPSIS
|
|
||||||
+\fBshadowconfig\fP \fIon\fP | \fIoff\fP
|
|
||||||
+.SH DESCRIPTION
|
|
||||||
+.PP
|
|
||||||
+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message
|
|
||||||
+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre
|
|
||||||
+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant
|
|
||||||
+de recommencer.
|
|
||||||
+
|
|
||||||
+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les
|
|
||||||
+désactiver lorsqu'ils ne sont pas actifs est sans effet.
|
|
||||||
+
|
|
||||||
+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux
|
|
||||||
+mots de passe cachés et à leurs fonctionnalités.
|
|
||||||
+
|
|
||||||
+Notez que désactiver puis réactiver les mots de passe cachés aura pour
|
|
||||||
+conséquence la perte des informations d'âge sur les mots de passe.
|
|
||||||
+.SH TRADUCTION
|
|
||||||
+Nicolas FRANÇOIS, 2004.
|
|
||||||
+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>.
|
|
||||||
Index: git/man/ja/shadowconfig.8
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/man/ja/shadowconfig.8
|
|
||||||
@@ -0,0 +1,25 @@
|
|
||||||
+.\" all right reserved,
|
|
||||||
+.\" Translated Tue Oct 30 11:59:11 JST 2001
|
|
||||||
+.\" by Maki KURODA <mkuroda@aisys-jp.com>
|
|
||||||
+.\"
|
|
||||||
+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux"
|
|
||||||
+.SH 名前
|
|
||||||
+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える
|
|
||||||
+.SH 書式
|
|
||||||
+.B "shadowconfig"
|
|
||||||
+.IR on " | " off
|
|
||||||
+.SH 説明
|
|
||||||
+.PP
|
|
||||||
+.B shadowconfig on
|
|
||||||
+は shadow パスワードを有効にする。
|
|
||||||
+.B shadowconfig off
|
|
||||||
+は shadow パスワードを無効にする。
|
|
||||||
+.B shadowconfig
|
|
||||||
+は何らかの間違いがあると、エラーメッセージを表示し、
|
|
||||||
+ゼロではない返り値を返す。
|
|
||||||
+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。
|
|
||||||
+shadow パスワードの設定がすでにオンの場合にオンに設定したり、
|
|
||||||
+すでにオフの場合にオフに設定しても、何の影響もない。
|
|
||||||
+
|
|
||||||
+.I /usr/share/doc/passwd/README.debian.gz
|
|
||||||
+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。
|
|
||||||
Index: git/man/pl/shadowconfig.8
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null
|
|
||||||
+++ git/man/pl/shadowconfig.8
|
|
||||||
@@ -0,0 +1,27 @@
|
|
||||||
+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $
|
|
||||||
+.\" {PTM/WK/1999-09-14}
|
|
||||||
+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux"
|
|
||||||
+.SH NAZWA
|
|
||||||
+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow
|
|
||||||
+.SH SKŁADNIA
|
|
||||||
+.B "shadowconfig"
|
|
||||||
+.IR on " | " off
|
|
||||||
+.SH OPIS
|
|
||||||
+.PP
|
|
||||||
+.B shadowconfig on
|
|
||||||
+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow);
|
|
||||||
+.B shadowconfig off
|
|
||||||
+wyłącza dodatkowe pliki haseł i grup.
|
|
||||||
+.B shadowconfig
|
|
||||||
+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli
|
|
||||||
+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd
|
|
||||||
+.\" if it finds anything awry.
|
|
||||||
+i uruchomić program ponownie.
|
|
||||||
+
|
|
||||||
+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie,
|
|
||||||
+gdy jest wyłączona jest nieszkodliwe.
|
|
||||||
+
|
|
||||||
+Przeczytaj
|
|
||||||
+.IR /usr/share/doc/passwd/README.debian.gz ,
|
|
||||||
+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych
|
|
||||||
+plików haseł przesłanianych (shadow passwords) i związanych tematów.
|
|
||||||
-40
@@ -1,40 +0,0 @@
|
|||||||
Goal: Recommend using adduser and deluser.
|
|
||||||
|
|
||||||
Fixes: #406046
|
|
||||||
|
|
||||||
Status wrt upstream: Debian specific patch.
|
|
||||||
|
|
||||||
Index: git/man/useradd.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/man/useradd.8.xml
|
|
||||||
+++ git/man/useradd.8.xml
|
|
||||||
@@ -105,6 +105,12 @@
|
|
||||||
<refsect1 id='description'>
|
|
||||||
<title>DESCRIPTION</title>
|
|
||||||
<para>
|
|
||||||
+ <command>useradd</command> is a low level utility for adding
|
|
||||||
+ users. On Debian, administrators should usually use
|
|
||||||
+ <citerefentry><refentrytitle>adduser</refentrytitle>
|
|
||||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
When invoked without the <option>-D</option> option, the
|
|
||||||
<command>useradd</command> command creates a new user account using
|
|
||||||
the values specified on the command line plus the default values from
|
|
||||||
Index: git/man/userdel.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/man/userdel.8.xml
|
|
||||||
+++ git/man/userdel.8.xml
|
|
||||||
@@ -83,6 +83,12 @@
|
|
||||||
<refsect1 id='description'>
|
|
||||||
<title>DESCRIPTION</title>
|
|
||||||
<para>
|
|
||||||
+ <command>userdel</command> is a low level utility for removing
|
|
||||||
+ users. On Debian, administrators should usually use
|
|
||||||
+ <citerefentry><refentrytitle>deluser</refentrytitle>
|
|
||||||
+ <manvolnum>8</manvolnum></citerefentry> instead.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
The <command>userdel</command> command modifies the system account
|
|
||||||
files, deleting all entries that refer to the user name <emphasis
|
|
||||||
remap='I'>LOGIN</emphasis>. The named user must exist.
|
|
||||||
Vendored
-106
@@ -1,106 +0,0 @@
|
|||||||
Goal: Relaxed usernames/groupnames checking patch.
|
|
||||||
|
|
||||||
Status wrt upstream: Debian specific. Not to be used upstream
|
|
||||||
|
|
||||||
Details:
|
|
||||||
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
|
|
||||||
characters and don't start with '-', '+', or '~'. This patch is more
|
|
||||||
restrictive than original Karl's version. closes: #264879
|
|
||||||
Also closes: #377844
|
|
||||||
|
|
||||||
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
|
|
||||||
|
|
||||||
I can't come up with a good justification as to why characters other
|
|
||||||
than ':'s and '\0's should be disallowed in group and usernames (other
|
|
||||||
than '-' as the leading character). Thus, the maintenance tools don't
|
|
||||||
anymore. closes: #79682, #166798, #171179
|
|
||||||
|
|
||||||
Index: git/libmisc/chkname.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/libmisc/chkname.c
|
|
||||||
+++ git/libmisc/chkname.c
|
|
||||||
@@ -48,6 +48,7 @@
|
|
||||||
|
|
||||||
static bool is_valid_name (const char *name)
|
|
||||||
{
|
|
||||||
+#if 0
|
|
||||||
/*
|
|
||||||
* User/group names must match [a-z_][a-z0-9_-]*[$]
|
|
||||||
*/
|
|
||||||
@@ -66,6 +67,26 @@
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
+ /*
|
|
||||||
+ * POSIX indicate that usernames are composed of characters from the
|
|
||||||
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
|
|
||||||
+ * should not be used as the first character of a portable user name.
|
|
||||||
+ *
|
|
||||||
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
|
|
||||||
+ */
|
|
||||||
+ if ( ('\0' == *name)
|
|
||||||
+ || ('-' == *name)
|
|
||||||
+ || ('~' == *name)
|
|
||||||
+ || ('+' == *name)) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ do {
|
|
||||||
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ name++;
|
|
||||||
+ } while ('\0' != *name);
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
Index: git/man/useradd.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/man/useradd.8.xml
|
|
||||||
+++ git/man/useradd.8.xml
|
|
||||||
@@ -633,12 +633,20 @@
|
|
||||||
</para>
|
|
||||||
|
|
||||||
<para>
|
|
||||||
- Usernames must start with a lower case letter or an underscore,
|
|
||||||
+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore,
|
|
||||||
followed by lower case letters, digits, underscores, or dashes.
|
|
||||||
They can end with a dollar sign.
|
|
||||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
+ On Debian, the only constraints are that usernames must neither start
|
|
||||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
|
||||||
+ colon (':'), a comma (','), or a whitespace (space: ' ',
|
|
||||||
+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash
|
|
||||||
+ ('/') may break the default algorithm for the definition of the
|
|
||||||
+ user's home directory.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
Usernames may only be up to 32 characters long.
|
|
||||||
</para>
|
|
||||||
</refsect1>
|
|
||||||
Index: git/man/groupadd.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/man/groupadd.8.xml
|
|
||||||
+++ git/man/groupadd.8.xml
|
|
||||||
@@ -256,12 +256,18 @@
|
|
||||||
<refsect1 id='caveats'>
|
|
||||||
<title>CAVEATS</title>
|
|
||||||
<para>
|
|
||||||
- Groupnames must start with a lower case letter or an underscore,
|
|
||||||
+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore,
|
|
||||||
followed by lower case letters, digits, underscores, or dashes.
|
|
||||||
They can end with a dollar sign.
|
|
||||||
In regular expression terms: [a-z_][a-z0-9_-]*[$]?
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
+ On Debian, the only constraints are that groupnames must neither start
|
|
||||||
+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
|
|
||||||
+ colon (':'), a comma (','), or a whitespace (space:' ',
|
|
||||||
+ end of line: '\n', tabulation: '\t', etc.).
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
-20
@@ -1,20 +0,0 @@
|
|||||||
Index: git/src/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/Makefile.am
|
|
||||||
+++ git/src/Makefile.am
|
|
||||||
@@ -23,7 +23,6 @@
|
|
||||||
# $prefix/bin and $prefix/sbin, no install-data hacks...)
|
|
||||||
|
|
||||||
bin_PROGRAMS = groups login su
|
|
||||||
-sbin_PROGRAMS = nologin
|
|
||||||
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd
|
|
||||||
if ENABLE_SUBIDS
|
|
||||||
ubin_PROGRAMS += newgidmap newuidmap
|
|
||||||
@@ -41,6 +40,7 @@
|
|
||||||
grpunconv \
|
|
||||||
logoutd \
|
|
||||||
newusers \
|
|
||||||
+ nologin \
|
|
||||||
pwck \
|
|
||||||
pwconv \
|
|
||||||
pwunconv \
|
|
||||||
@@ -1,50 +0,0 @@
|
|||||||
Goal: Concatenate the non-su arguments and provide them to the shell with
|
|
||||||
the -c option
|
|
||||||
Fixes: #317264
|
|
||||||
see also #276419
|
|
||||||
|
|
||||||
Status wrt upstream: This is a Debian specific patch.
|
|
||||||
|
|
||||||
Note: the fix of the man page is still missing.
|
|
||||||
(to be taken from the trunk)
|
|
||||||
|
|
||||||
Index: git/src/su.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/su.c
|
|
||||||
+++ git/src/su.c
|
|
||||||
@@ -1152,6 +1152,35 @@
|
|
||||||
argv[0] = "-c";
|
|
||||||
argv[1] = command;
|
|
||||||
}
|
|
||||||
+ /* On Debian, the arguments are concatenated and the
|
|
||||||
+ * resulting string is always given to the shell with its
|
|
||||||
+ * -c option.
|
|
||||||
+ */
|
|
||||||
+ {
|
|
||||||
+ char **parg;
|
|
||||||
+ unsigned int cmd_len = 0;
|
|
||||||
+ char *cmd = NULL;
|
|
||||||
+ if (strcmp(argv[0], "-c") != 0) {
|
|
||||||
+ argv--;
|
|
||||||
+ argv[0] = "-c";
|
|
||||||
+ }
|
|
||||||
+ /* Now argv[0] is always -c, and other arguments
|
|
||||||
+ * can be concatenated
|
|
||||||
+ */
|
|
||||||
+ cmd_len = 1; /* finale '\0' */
|
|
||||||
+ for (parg = &argv[1]; *parg; parg++) {
|
|
||||||
+ cmd_len += strlen (*parg) + 1;
|
|
||||||
+ }
|
|
||||||
+ cmd = (char *) xmalloc (sizeof (char) * cmd_len);
|
|
||||||
+ cmd[0] = '\0';
|
|
||||||
+ for (parg = &argv[1]; *parg; parg++) {
|
|
||||||
+ strcat (cmd, " ");
|
|
||||||
+ strcat (cmd, *parg);
|
|
||||||
+ }
|
|
||||||
+ cmd[cmd_len - 1] = '\0';
|
|
||||||
+ argv[1] = &cmd[1]; /* do not take first space */
|
|
||||||
+ argv[2] = NULL;
|
|
||||||
+ }
|
|
||||||
/*
|
|
||||||
* Use the shell and create an argv
|
|
||||||
* with the rest of the command line included.
|
|
||||||
@@ -1,52 +0,0 @@
|
|||||||
Goal: Do not concatenate the additional arguments, and support an
|
|
||||||
environment variable to revert to the old Debian's su behavior.
|
|
||||||
|
|
||||||
This patch needs the su_arguments_are_concatenated patch.
|
|
||||||
|
|
||||||
This patch, and su_arguments_are_concatenated should be dropped after
|
|
||||||
Etch.
|
|
||||||
|
|
||||||
Status wrt upstream: This patch is Debian specific.
|
|
||||||
|
|
||||||
Index: git/src/su.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/su.c
|
|
||||||
+++ git/src/su.c
|
|
||||||
@@ -104,6 +104,19 @@
|
|
||||||
/* If nonzero, change some environment vars to indicate the user su'd to. */
|
|
||||||
static bool change_environment = true;
|
|
||||||
|
|
||||||
+/*
|
|
||||||
+ * If nonzero, keep the old Debian behavior:
|
|
||||||
+ * * concatenate all the arguments and provide them to the -c option of
|
|
||||||
+ * the shell
|
|
||||||
+ * * If there are some additional arguments, but no -c, add a -c
|
|
||||||
+ * argument anyway
|
|
||||||
+ * Drawbacks:
|
|
||||||
+ * * you can't provide options to the shell (other than -c)
|
|
||||||
+ * * you can't rely on the argument count
|
|
||||||
+ * See http://bugs.debian.org/276419
|
|
||||||
+ */
|
|
||||||
+static int old_debian_behavior;
|
|
||||||
+
|
|
||||||
#ifdef USE_PAM
|
|
||||||
static pam_handle_t *pamh = NULL;
|
|
||||||
static int caught = 0;
|
|
||||||
@@ -949,6 +962,8 @@
|
|
||||||
int ret;
|
|
||||||
#endif /* USE_PAM */
|
|
||||||
|
|
||||||
+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL);
|
|
||||||
+
|
|
||||||
(void) setlocale (LC_ALL, "");
|
|
||||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
|
||||||
(void) textdomain (PACKAGE);
|
|
||||||
@@ -1156,7 +1171,7 @@
|
|
||||||
* resulting string is always given to the shell with its
|
|
||||||
* -c option.
|
|
||||||
*/
|
|
||||||
- {
|
|
||||||
+ if (old_debian_behavior) {
|
|
||||||
char **parg;
|
|
||||||
unsigned int cmd_len = 0;
|
|
||||||
char *cmd = NULL;
|
|
||||||
Vendored
-47
@@ -1,47 +0,0 @@
|
|||||||
Goal: accepts the -O flag for backward compatibility. (was used by adduser?)
|
|
||||||
|
|
||||||
Note: useradd.8 needs to be regenerated.
|
|
||||||
|
|
||||||
Status wrt upstream: not included as this is just specific
|
|
||||||
backward compatibility for Debian
|
|
||||||
|
|
||||||
Index: git/man/useradd.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/man/useradd.8.xml
|
|
||||||
+++ git/man/useradd.8.xml
|
|
||||||
@@ -329,6 +329,11 @@
|
|
||||||
databases are resetted to avoid reusing the entry from a previously
|
|
||||||
deleted user.
|
|
||||||
</para>
|
|
||||||
+ <para>
|
|
||||||
+ For the compatibility with previous Debian's
|
|
||||||
+ <command>useradd</command>, the <option>-O</option> option is
|
|
||||||
+ also supported.
|
|
||||||
+ </para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
Index: git/src/useradd.c
|
|
||||||
===================================================================
|
|
||||||
--- git.orig/src/useradd.c
|
|
||||||
+++ git/src/useradd.c
|
|
||||||
@@ -1056,9 +1056,9 @@
|
|
||||||
};
|
|
||||||
while ((c = getopt_long (argc, argv,
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
|
|
||||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:",
|
|
||||||
#else /* !WITH_SELINUX */
|
|
||||||
- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
|
|
||||||
+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U",
|
|
||||||
#endif /* !WITH_SELINUX */
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -1181,6 +1181,7 @@
|
|
||||||
kflg = true;
|
|
||||||
break;
|
|
||||||
case 'K':
|
|
||||||
+ case 'O': /* compatibility with previous Debian useradd */
|
|
||||||
/*
|
|
||||||
* override login.defs defaults (-K name=value)
|
|
||||||
* example: -K UID_MIN=100 -K UID_MAX=499
|
|
||||||
-81
@@ -1,81 +0,0 @@
|
|||||||
--- a/debian/passwd.install
|
|
||||||
+++ b/debian/passwd.install
|
|
||||||
@@ -9,6 +9,7 @@
|
|
||||||
usr/sbin/cppw
|
|
||||||
usr/sbin/groupadd
|
|
||||||
usr/sbin/groupdel
|
|
||||||
+usr/sbin/groupmems
|
|
||||||
usr/sbin/groupmod
|
|
||||||
usr/sbin/grpck
|
|
||||||
usr/sbin/grpconv
|
|
||||||
@@ -33,6 +34,7 @@
|
|
||||||
usr/share/man/*/man8/chpasswd.8
|
|
||||||
usr/share/man/*/man8/groupadd.8
|
|
||||||
usr/share/man/*/man8/groupdel.8
|
|
||||||
+usr/share/man/*/man8/groupmems.8
|
|
||||||
usr/share/man/*/man8/groupmod.8
|
|
||||||
usr/share/man/*/man8/grpck.8
|
|
||||||
usr/share/man/*/man8/grpconv.8
|
|
||||||
@@ -59,6 +61,7 @@
|
|
||||||
usr/share/man/man8/chpasswd.8
|
|
||||||
usr/share/man/man8/groupadd.8
|
|
||||||
usr/share/man/man8/groupdel.8
|
|
||||||
+usr/share/man/man8/groupmems.8
|
|
||||||
usr/share/man/man8/groupmod.8
|
|
||||||
usr/share/man/man8/grpck.8
|
|
||||||
usr/share/man/man8/grpconv.8
|
|
||||||
--- a/debian/passwd.postinst
|
|
||||||
+++ b/debian/passwd.postinst
|
|
||||||
@@ -31,6 +31,24 @@
|
|
||||||
exit 1
|
|
||||||
)
|
|
||||||
fi
|
|
||||||
+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99'
|
|
||||||
+ then
|
|
||||||
+ groupadd -g 99 groupmems || (
|
|
||||||
+ cat <<EOF
|
|
||||||
+************************ TESTSUITE *****************************
|
|
||||||
+Group ID 99 has been allocated for the groupmems group. You have either
|
|
||||||
+used 99 yourself or created a groupmems group with a different ID.
|
|
||||||
+Please correct this problem and reconfigure with ``dpkg --configure passwd''.
|
|
||||||
+
|
|
||||||
+Note that both user and group IDs in the range 0-99 are globally
|
|
||||||
+allocated by the Debian project and must be the same on every Debian
|
|
||||||
+system.
|
|
||||||
+EOF
|
|
||||||
+ exit 1
|
|
||||||
+ )
|
|
||||||
+# FIXME
|
|
||||||
+ chgrp groupmems /usr/sbin/groupmems
|
|
||||||
+ fi
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
--- a/debian/rules
|
|
||||||
+++ b/debian/rules
|
|
||||||
@@ -60,6 +60,7 @@
|
|
||||||
dh_installpam -p passwd --name=chsh
|
|
||||||
dh_installpam -p passwd --name=chpasswd
|
|
||||||
dh_installpam -p passwd --name=newusers
|
|
||||||
+ dh_installpam -p passwd --name=groupmems
|
|
||||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
|
||||||
# login is not built on The Hurd, but some utilities of passwd depends on
|
|
||||||
# /etc/login.defs.
|
|
||||||
@@ -87,3 +88,6 @@
|
|
||||||
chgrp shadow debian/passwd/usr/bin/expiry
|
|
||||||
chmod g+s debian/passwd/usr/bin/chage
|
|
||||||
chmod g+s debian/passwd/usr/bin/expiry
|
|
||||||
+ chgrp groupmems debian/passwd/usr/sbin/groupmems
|
|
||||||
+ chmod u+s debian/passwd/usr/sbin/groupmems
|
|
||||||
+ chmod o-x debian/passwd/usr/sbin/groupmems
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/debian/passwd.groupmems.pam
|
|
||||||
@@ -0,0 +1,8 @@
|
|
||||||
+# The PAM configuration file for the Shadow 'groupmod' service
|
|
||||||
+#
|
|
||||||
+
|
|
||||||
+# This allows root to modify groups without being prompted for a password
|
|
||||||
+auth sufficient pam_rootok.so
|
|
||||||
+
|
|
||||||
+@include common-auth
|
|
||||||
+@include common-account
|
|
||||||
Vendored
-76
@@ -1,76 +0,0 @@
|
|||||||
--- a/lib/Makefile.am
|
|
||||||
+++ b/lib/Makefile.am
|
|
||||||
@@ -1,6 +1,8 @@
|
|
||||||
|
|
||||||
AUTOMAKE_OPTIONS = 1.0 foreign
|
|
||||||
|
|
||||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
|
||||||
+
|
|
||||||
DEFS =
|
|
||||||
|
|
||||||
noinst_LTLIBRARIES = libshadow.la
|
|
||||||
--- a/libmisc/Makefile.am
|
|
||||||
+++ b/libmisc/Makefile.am
|
|
||||||
@@ -1,6 +1,8 @@
|
|
||||||
|
|
||||||
EXTRA_DIST = .indent.pro xgetXXbyYY.c
|
|
||||||
|
|
||||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
|
||||||
+
|
|
||||||
INCLUDES = -I$(top_srcdir)/lib
|
|
||||||
|
|
||||||
noinst_LIBRARIES = libmisc.a
|
|
||||||
--- a/src/Makefile.am
|
|
||||||
+++ b/src/Makefile.am
|
|
||||||
@@ -7,6 +7,8 @@
|
|
||||||
suidperms = 4755
|
|
||||||
sgidperms = 2755
|
|
||||||
|
|
||||||
+CFLAGS += -fprofile-arcs -ftest-coverage
|
|
||||||
+
|
|
||||||
INCLUDES = \
|
|
||||||
-I${top_srcdir}/lib \
|
|
||||||
-I$(top_srcdir)/libmisc
|
|
||||||
--- a/debian/rules
|
|
||||||
+++ b/debian/rules
|
|
||||||
@@ -40,6 +40,12 @@
|
|
||||||
endif
|
|
||||||
export CFLAGS
|
|
||||||
|
|
||||||
+clean:: clean_gcov
|
|
||||||
+
|
|
||||||
+clean_gcov:
|
|
||||||
+ find . -name "*.gcda" -delete
|
|
||||||
+ find . -name "*.gcno" -delete
|
|
||||||
+
|
|
||||||
# Add extras to the install process:
|
|
||||||
binary-install/login::
|
|
||||||
dh_installpam -p login
|
|
||||||
--- a/lib/defines.h
|
|
||||||
+++ b/lib/defines.h
|
|
||||||
@@ -174,23 +174,9 @@
|
|
||||||
trust the formatted time received from the unix domain (or worse,
|
|
||||||
UDP) socket. -MM */
|
|
||||||
/* Avoid translated PAM error messages: Set LC_ALL to "C".
|
|
||||||
+ * This is disabled for coverage testing
|
|
||||||
* --Nekral */
|
|
||||||
-#define SYSLOG(x) \
|
|
||||||
- do { \
|
|
||||||
- char *old_locale = setlocale (LC_ALL, NULL); \
|
|
||||||
- char *saved_locale = NULL; \
|
|
||||||
- if (NULL != old_locale) { \
|
|
||||||
- saved_locale = strdup (old_locale); \
|
|
||||||
- } \
|
|
||||||
- if (NULL != saved_locale) { \
|
|
||||||
- (void) setlocale (LC_ALL, "C"); \
|
|
||||||
- } \
|
|
||||||
- syslog x ; \
|
|
||||||
- if (NULL != saved_locale) { \
|
|
||||||
- (void) setlocale (LC_ALL, saved_locale); \
|
|
||||||
- free (saved_locale); \
|
|
||||||
- } \
|
|
||||||
- } while (false)
|
|
||||||
+#define SYSLOG(x) syslog x
|
|
||||||
#else /* !ENABLE_NLS */
|
|
||||||
#define SYSLOG(x) syslog x
|
|
||||||
#endif /* !ENABLE_NLS */
|
|
||||||
Vendored
-71
@@ -1,71 +0,0 @@
|
|||||||
Small intro to the system for numbering the patches here...
|
|
||||||
|
|
||||||
-The 0xx series of patches are patches isolated from the latest
|
|
||||||
version of the shadow Debian package not using quilt in order to
|
|
||||||
separate upstream from Debian-specific stuff.
|
|
||||||
|
|
||||||
NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES
|
|
||||||
|
|
||||||
-The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has
|
|
||||||
adopted Debian translations, it is very likely that these patches
|
|
||||||
will become useless when we will have synced with upstream
|
|
||||||
|
|
||||||
-The 2xx series are patches for manual pages translations to upstream
|
|
||||||
4.0.18.1.
|
|
||||||
|
|
||||||
-The 3xx series are patches which have been temporarily applied to
|
|
||||||
Debian's shadow while we *know* they have been applied upstream as well
|
|
||||||
These patches should NOT be kept when we will sync with upstream
|
|
||||||
|
|
||||||
-The 4xx series are patches which have been applied to Debian's shadow
|
|
||||||
and have NOT been accepted and/or applied upstream. These patches MUST be kept
|
|
||||||
even after resynced with upstream
|
|
||||||
|
|
||||||
-The 5xx series are patches which are applied to Debian's shadow
|
|
||||||
and will never be proposed upstream because they're too specific
|
|
||||||
This list SHOULD BE AS SHORT AS POSSIBLE
|
|
||||||
|
|
||||||
In short, while we are working towards synchronisation with upstream,
|
|
||||||
our goal is to make 0xx patches disappear by moving them either to 3xx
|
|
||||||
series (things already implemented upstream) or to 4xx series
|
|
||||||
(Debian-specific patches).
|
|
||||||
|
|
||||||
|
|
||||||
Short HOWTO for quilt
|
|
||||||
=====================
|
|
||||||
|
|
||||||
The quilt system can be assimilated to a Pile Of Patches management system.
|
|
||||||
Patches live in debian/patches, the working directory is "."
|
|
||||||
|
|
||||||
The basic commands are (abbreviation accepted):
|
|
||||||
quilt push (asks to apply the next patch in the pile)
|
|
||||||
quilt pop (removes the current patch and go up in the pile)
|
|
||||||
quilt refresh (take the current changes in tree onto the patch)
|
|
||||||
|
|
||||||
When a file is changed by a patch, quilt saves it somewhere under .pc on
|
|
||||||
application. This is how it can refresh it afterward (comparing the version
|
|
||||||
in .pc and the one you currently have in your working dir).
|
|
||||||
|
|
||||||
There are three common pitfalls with quilt:
|
|
||||||
- doing "quilt pop" without doing "quilt refresh". The version of current
|
|
||||||
dir is replaced with the version of the .pc dir. Your changes are lost.
|
|
||||||
Quilt wont let you do so, but you can force it with '-f' if you're fool.
|
|
||||||
- editing a file with is not in the patch yet. Quilt didn't do any previous
|
|
||||||
backup.
|
|
||||||
Use "quilt add" to add files to patches.
|
|
||||||
Set $EDITOR and use "quilt edit" to edit a file, and add it onto the
|
|
||||||
patch if needed.
|
|
||||||
- If you update your working directory, patches may not revert cleanly.
|
|
||||||
It is thus recommended to use "quilt pop -a" before updating with
|
|
||||||
"svn up".
|
|
||||||
If you forget (and run into trouble), you may want to remove the whole
|
|
||||||
shadow-?.?.? directory. If you use the makefile which is in the upper
|
|
||||||
directory (trunk/), shadow-?.?.?/debian/patches is a link to
|
|
||||||
debian/patches, so this dirctory does not contain any valuable info.
|
|
||||||
|
|
||||||
The documentation is quite well done, I think. "quilt -h" will list you the
|
|
||||||
commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is
|
|
||||||
a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete
|
|
||||||
manual, with tutorial.
|
|
||||||
|
|
||||||
|
|
||||||
Vendored
-36
@@ -1,36 +0,0 @@
|
|||||||
# These patches are only for the testsuite:
|
|
||||||
#900_testsuite_groupmems
|
|
||||||
#901_testsuite_gcov
|
|
||||||
|
|
||||||
503_shadowconfig.8
|
|
||||||
008_login_log_failure_in_FTMP
|
|
||||||
429_login_FAILLOG_ENAB
|
|
||||||
401_cppw_src.dpatch
|
|
||||||
# 402 should be merged in 401, but should be reviewed by SE Linux experts first
|
|
||||||
402_cppw_selinux
|
|
||||||
506_relaxed_usernames
|
|
||||||
542_useradd-O_option
|
|
||||||
501_commonio_group_shadow
|
|
||||||
463_login_delay_obeys_to_PAM
|
|
||||||
523_su_arguments_are_concatenated
|
|
||||||
523_su_arguments_are_no_more_concatenated_by_default
|
|
||||||
508_nologin_in_usr_sbin
|
|
||||||
505_useradd_recommend_adduser
|
|
||||||
#userns/01_userns_doc
|
|
||||||
#userns/02_userns_doc_login.defs
|
|
||||||
#userns/03_userns_implement_commonio_append
|
|
||||||
#userns/04_userns_add_backend_support
|
|
||||||
#userns/05_userns_implemend_find_new_sub_xids
|
|
||||||
#userns/06_userns_userdel
|
|
||||||
#userns/07_userns_useradd
|
|
||||||
#userns/08_userns_detect_busy_subids
|
|
||||||
#userns/09_userns_usermod
|
|
||||||
#userns/10_userns_newusers
|
|
||||||
#userns/11_userns_newxidmap
|
|
||||||
#userns/12_userns_selinuxlibs
|
|
||||||
#userns/13_subordinate_parse_static_buf
|
|
||||||
#userns/14_fix_getopt
|
|
||||||
#userns/manpagetypo
|
|
||||||
#userns/16_add-argument-sanity-checking.patch
|
|
||||||
1000_configure_userns
|
|
||||||
1010_vietnamese_translation
|
|
||||||
Vendored
-334
@@ -1,334 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:14:18 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id DAC33C80F4; Tue, 22 Jan 2013 09:14:18 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 274ACC80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:14:14 +0000 (UTC)
|
|
||||||
Received: from out01.mta.xmission.com ([166.70.13.231])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZuB-0006Xm-N5; Tue, 22 Jan 2013 02:12:31 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZuA-0005NR-BQ; Tue, 22 Jan 2013 02:12:30 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZu7-0004Pj-Ec; Tue, 22 Jan 2013 02:12:30 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:12:23 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <877gn5shs8.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX18YouPWtKNAX3LovSW2+p/ONbuCHMFEQpM=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 01/11] Documentation for /etc/subuid and /etc/subgid
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2071
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 9835
|
|
||||||
Lines: 286
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
man/Makefile.am | 4 ++
|
|
||||||
man/subgid.5.xml | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
man/subuid.5.xml | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
3 files changed, 244 insertions(+), 0 deletions(-)
|
|
||||||
create mode 100644 man/subgid.5.xml
|
|
||||||
create mode 100644 man/subuid.5.xml
|
|
||||||
|
|
||||||
Index: shadow/man/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/Makefile.am 2013-02-01 15:26:14.428082026 -0600
|
|
||||||
+++ shadow/man/Makefile.am 2013-02-01 15:27:37.000000000 -0600
|
|
||||||
@@ -43,6 +43,8 @@
|
|
||||||
man5/shadow.5 \
|
|
||||||
man1/su.1 \
|
|
||||||
man5/suauth.5 \
|
|
||||||
+ man5/subgid.5 \
|
|
||||||
+ man5/subuid.5 \
|
|
||||||
man8/useradd.8 \
|
|
||||||
man8/userdel.8 \
|
|
||||||
man8/usermod.8 \
|
|
||||||
@@ -94,6 +96,8 @@
|
|
||||||
sg.1.xml \
|
|
||||||
su.1.xml \
|
|
||||||
suauth.5.xml \
|
|
||||||
+ subgid.5.xml \
|
|
||||||
+ subuid.5.xml \
|
|
||||||
useradd.8.xml \
|
|
||||||
userdel.8.xml \
|
|
||||||
usermod.8.xml \
|
|
||||||
Index: shadow/man/subgid.5.xml
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/man/subgid.5.xml 2013-02-01 15:26:14.424082026 -0600
|
|
||||||
@@ -0,0 +1,120 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
+<!--
|
|
||||||
+ Copyright (c) 2013 Eric W. Biederman
|
|
||||||
+ All rights reserved.
|
|
||||||
+
|
|
||||||
+ Redistribution and use in source and binary forms, with or without
|
|
||||||
+ modification, are permitted provided that the following conditions
|
|
||||||
+ are met:
|
|
||||||
+ 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer.
|
|
||||||
+ 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ documentation and/or other materials provided with the distribution.
|
|
||||||
+ 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ endorse or promote products derived from this software without
|
|
||||||
+ specific prior written permission.
|
|
||||||
+
|
|
||||||
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+-->
|
|
||||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
||||||
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
||||||
+<!-- SHADOW-CONFIG-HERE -->
|
|
||||||
+]>
|
|
||||||
+<refentry id='subgid.5'>
|
|
||||||
+ <refmeta>
|
|
||||||
+ <refentrytitle>subgid</refentrytitle>
|
|
||||||
+ <manvolnum>5</manvolnum>
|
|
||||||
+ <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
|
|
||||||
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
||||||
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
||||||
+ </refmeta>
|
|
||||||
+ <refnamediv id='name'>
|
|
||||||
+ <refname>subgid</refname>
|
|
||||||
+ <refpurpose>the subordinate gid file</refpurpose>
|
|
||||||
+ </refnamediv>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='description'>
|
|
||||||
+ <title>DESCRIPTION</title>
|
|
||||||
+ <para>
|
|
||||||
+ Each line in <filename>/etc/subgid</filename> contains
|
|
||||||
+ a user id and a range of suboridinate user ids that user
|
|
||||||
+ is allowed to use.
|
|
||||||
+
|
|
||||||
+ This is specified with three fields delimited by colons
|
|
||||||
+ (<quote>:</quote>).
|
|
||||||
+ These fields are:
|
|
||||||
+ </para>
|
|
||||||
+ <itemizedlist mark='bullet'>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>login name</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>numerical subordinate user ID</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>numerical subordinate user ID count</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </itemizedlist>
|
|
||||||
+
|
|
||||||
+ <para>
|
|
||||||
+ This file specifies the group IDs to be that each user may use
|
|
||||||
+ with the <command>newgidmap</command> command that ordinary users can use to
|
|
||||||
+ configure gid mapping in a user namespace.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ <para>
|
|
||||||
+ Multiple ranges may be specified per user ID.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ </refsect1>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='files'>
|
|
||||||
+ <title>FILES</title>
|
|
||||||
+ <variablelist>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term><filename>/etc/subgid</filename></term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>Per user subordinate group IDs.</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term><filename>/etc/subgid-</filename></term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>Backup file for /etc/subgid.</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ </variablelist>
|
|
||||||
+ </refsect1>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='see_also'>
|
|
||||||
+ <title>SEE ALSO</title>
|
|
||||||
+ <para>
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ </para>
|
|
||||||
+ </refsect1>
|
|
||||||
+</refentry>
|
|
||||||
Index: shadow/man/subuid.5.xml
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/man/subuid.5.xml 2013-02-01 15:26:14.424082026 -0600
|
|
||||||
@@ -0,0 +1,120 @@
|
|
||||||
+<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
+<!--
|
|
||||||
+ Copyright (c) 2013 Eric W. Biederman
|
|
||||||
+ All rights reserved.
|
|
||||||
+
|
|
||||||
+ Redistribution and use in source and binary forms, with or without
|
|
||||||
+ modification, are permitted provided that the following conditions
|
|
||||||
+ are met:
|
|
||||||
+ 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer.
|
|
||||||
+ 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ documentation and/or other materials provided with the distribution.
|
|
||||||
+ 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ endorse or promote products derived from this software without
|
|
||||||
+ specific prior written permission.
|
|
||||||
+
|
|
||||||
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+-->
|
|
||||||
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
||||||
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
||||||
+<!-- SHADOW-CONFIG-HERE -->
|
|
||||||
+]>
|
|
||||||
+<refentry id='subuid.5'>
|
|
||||||
+ <refmeta>
|
|
||||||
+ <refentrytitle>subuid</refentrytitle>
|
|
||||||
+ <manvolnum>5</manvolnum>
|
|
||||||
+ <refmiscinfo class="sectdesc">File Formats and Conversions</refmiscinfo>
|
|
||||||
+ <refmiscinfo class="source">shadow-utils</refmiscinfo>
|
|
||||||
+ <refmiscinfo class="version">&SHADOW_UTILS_VERSION;</refmiscinfo>
|
|
||||||
+ </refmeta>
|
|
||||||
+ <refnamediv id='name'>
|
|
||||||
+ <refname>subuid</refname>
|
|
||||||
+ <refpurpose>the subordinate uid file</refpurpose>
|
|
||||||
+ </refnamediv>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='description'>
|
|
||||||
+ <title>DESCRIPTION</title>
|
|
||||||
+ <para>
|
|
||||||
+ Each line in <filename>/etc/subuid</filename> contains
|
|
||||||
+ a user id and a range of suboridinate user ids that user
|
|
||||||
+ is allowed to use.
|
|
||||||
+
|
|
||||||
+ This is specified with three fields delimited by colons
|
|
||||||
+ (<quote>:</quote>).
|
|
||||||
+ These fields are:
|
|
||||||
+ </para>
|
|
||||||
+ <itemizedlist mark='bullet'>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>login name</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>numerical subordinate user ID</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>numerical subordinate user ID count</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </itemizedlist>
|
|
||||||
+
|
|
||||||
+ <para>
|
|
||||||
+ This file specifies the user IDs to be that each user may use
|
|
||||||
+ with the <command>newuidmap</command> command that ordinary users can use to
|
|
||||||
+ configure uid mapping in a user namespace.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ <para>
|
|
||||||
+ Multiple ranges may be specified per user ID.
|
|
||||||
+ </para>
|
|
||||||
+
|
|
||||||
+ </refsect1>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='files'>
|
|
||||||
+ <title>FILES</title>
|
|
||||||
+ <variablelist>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term><filename>/etc/subuid</filename></term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>Per user subordinate user IDs.</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term><filename>/etc/subuid-</filename></term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>Backup file for /etc/subuid.</para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ </variablelist>
|
|
||||||
+ </refsect1>
|
|
||||||
+
|
|
||||||
+ <refsect1 id='see_also'>
|
|
||||||
+ <title>SEE ALSO</title>
|
|
||||||
+ <para>
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>newgidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ <citerefentry>
|
|
||||||
+ <refentrytitle>usermod</refentrytitle><manvolnum>8</manvolnum>
|
|
||||||
+ </citerefentry>,
|
|
||||||
+ </para>
|
|
||||||
+ </refsect1>
|
|
||||||
+</refentry>
|
|
||||||
-218
@@ -1,218 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:14:55 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id 140DBC80F4; Tue, 22 Jan 2013 09:14:55 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 5D815C80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:14:50 +0000 (UTC)
|
|
||||||
Received: from out03.mta.xmission.com ([166.70.13.233])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZum-0006il-0f; Tue, 22 Jan 2013 02:13:08 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZul-0004GF-Id; Tue, 22 Jan 2013 02:13:07 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZuf-0004T0-MS; Tue, 22 Jan 2013 02:13:07 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:12:58 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <871uddshr9.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX19iYyOCEx6dl2v1Ya/KIGpixG5+3MVA1bY=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 02/11] login.defs.5: Document the new variables in login.defs
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2072
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 7615
|
|
||||||
Lines: 170
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
man/Makefile.am | 2 +
|
|
||||||
man/login.defs.5.xml | 8 ++++++
|
|
||||||
man/login.defs.d/SUB_GID_COUNT.xml | 46 ++++++++++++++++++++++++++++++++++++
|
|
||||||
man/login.defs.d/SUB_UID_COUNT.xml | 46 ++++++++++++++++++++++++++++++++++++
|
|
||||||
4 files changed, 102 insertions(+), 0 deletions(-)
|
|
||||||
create mode 100644 man/login.defs.d/SUB_GID_COUNT.xml
|
|
||||||
create mode 100644 man/login.defs.d/SUB_UID_COUNT.xml
|
|
||||||
|
|
||||||
Index: shadow/man/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/Makefile.am 2013-02-01 15:27:51.048080390 -0600
|
|
||||||
+++ shadow/man/Makefile.am 2013-02-01 15:27:51.040080390 -0600
|
|
||||||
@@ -163,6 +163,8 @@
|
|
||||||
USERDEL_CMD.xml \
|
|
||||||
USERGROUPS_ENAB.xml \
|
|
||||||
USE_TCB.xml \
|
|
||||||
+ SUB_GID_COUNT.xml \
|
|
||||||
+ SUB_UID_COUNT.xml \
|
|
||||||
SYS_GID_MAX.xml \
|
|
||||||
SYS_UID_MAX.xml
|
|
||||||
|
|
||||||
Index: shadow/man/login.defs.5.xml
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/login.defs.5.xml 2013-02-01 15:27:51.048080390 -0600
|
|
||||||
+++ shadow/man/login.defs.5.xml 2013-02-01 15:27:51.044080390 -0600
|
|
||||||
@@ -78,6 +78,8 @@
|
|
||||||
<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
|
|
||||||
<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
|
|
||||||
<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
|
|
||||||
+<!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
|
|
||||||
+<!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
|
|
||||||
<!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
|
|
||||||
<!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
|
|
||||||
<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
|
|
||||||
@@ -216,6 +218,8 @@
|
|
||||||
&SULOG_FILE;
|
|
||||||
&SU_NAME;
|
|
||||||
&SU_WHEEL_ONLY;
|
|
||||||
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
|
|
||||||
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
|
|
||||||
&SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
|
|
||||||
&SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
|
|
||||||
&SYSLOG_SG_ENAB;
|
|
||||||
@@ -393,6 +397,8 @@
|
|
||||||
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
||||||
<phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
|
|
||||||
SHA_CRYPT_MIN_ROUNDS</phrase>
|
|
||||||
+ SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
|
|
||||||
+ SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
|
|
||||||
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
|
|
||||||
UMASK
|
|
||||||
</para>
|
|
||||||
@@ -470,6 +476,8 @@
|
|
||||||
GID_MAX GID_MIN
|
|
||||||
MAIL_DIR MAX_MEMBERS_PER_GROUP
|
|
||||||
PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
|
|
||||||
+ SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN
|
|
||||||
+ SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN
|
|
||||||
SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN
|
|
||||||
UMASK
|
|
||||||
<phrase condition="tcb">TCB_AUTH_GROUP TCB_SYMLINK USE_TCB</phrase>
|
|
||||||
Index: shadow/man/login.defs.d/SUB_GID_COUNT.xml
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/man/login.defs.d/SUB_GID_COUNT.xml 2013-02-01 15:27:51.044080390 -0600
|
|
||||||
@@ -0,0 +1,46 @@
|
|
||||||
+<!--
|
|
||||||
+ Copyright (c) 2013, Eric W. Biederman
|
|
||||||
+ All rights reserved.
|
|
||||||
+
|
|
||||||
+ Redistribution and use in source and binary forms, with or without
|
|
||||||
+ modification, are permitted provided that the following conditions
|
|
||||||
+ are met:
|
|
||||||
+ 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer.
|
|
||||||
+ 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ documentation and/or other materials provided with the distribution.
|
|
||||||
+ 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ endorse or promote products derived from this software without
|
|
||||||
+ specific prior written permission.
|
|
||||||
+
|
|
||||||
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+-->
|
|
||||||
+<varlistentry>
|
|
||||||
+ <term><option>SUB_GID_MIN</option> (number)</term>
|
|
||||||
+ <term><option>SUB_GID_MAX</option> (number)</term>
|
|
||||||
+ <term><option>SUB_GID_COUNT</option> (number)</term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ The commands <command>useradd</command> and <command>newusers</command>
|
|
||||||
+ allocate <option>SUB_GID_COUNT</option> unused group IDs from the range
|
|
||||||
+ <option>SUB_GID_MIN</option> to <option>SUB_GID_MAX</option> for each
|
|
||||||
+ new user.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ The default values for <option>SUB_GID_MAN</option>,
|
|
||||||
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_COUNT</option>
|
|
||||||
+ are respectively 100000, 600100000 and 10000.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+</varlistentry>
|
|
||||||
Index: shadow/man/login.defs.d/SUB_UID_COUNT.xml
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/man/login.defs.d/SUB_UID_COUNT.xml 2013-02-01 15:27:51.044080390 -0600
|
|
||||||
@@ -0,0 +1,46 @@
|
|
||||||
+<!--
|
|
||||||
+ Copyright (c) 2013, Eric W. Biederman
|
|
||||||
+ All rights reserved.
|
|
||||||
+
|
|
||||||
+ Redistribution and use in source and binary forms, with or without
|
|
||||||
+ modification, are permitted provided that the following conditions
|
|
||||||
+ are met:
|
|
||||||
+ 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer.
|
|
||||||
+ 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ documentation and/or other materials provided with the distribution.
|
|
||||||
+ 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ endorse or promote products derived from this software without
|
|
||||||
+ specific prior written permission.
|
|
||||||
+
|
|
||||||
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+-->
|
|
||||||
+<varlistentry>
|
|
||||||
+ <term><option>SUB_UID_MIN</option> (number)</term>
|
|
||||||
+ <term><option>SUB_UID_MAX</option> (number)</term>
|
|
||||||
+ <term><option>SUB_UID_COUNT</option> (number)</term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ The commands <command>useradd</command> and <command>newusers</command>
|
|
||||||
+ allocate <option>SUB_UID_COUNT</option> unused user IDs from the range
|
|
||||||
+ <option>SUB_UID_MIN</option> to <option>SUB_UID_MAX</option> for each
|
|
||||||
+ new user.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ The default values for <option>SUB_GID_MAN</option>,
|
|
||||||
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_COUNT</option>
|
|
||||||
+ are respectively 100000, 600100000 and 10000.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+</varlistentry>
|
|
||||||
@@ -1,110 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:15:19 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id CAFA8C80F6; Tue, 22 Jan 2013 09:15:19 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 43FAEC80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:15:15 +0000 (UTC)
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZvA-0006sA-Pq; Tue, 22 Jan 2013 02:13:32 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZv8-0004VI-Fi; Tue, 22 Jan 2013 02:13:32 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:13:26 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87vcapr361.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1++0A/mQBimfZkeNedO095IfnCYGQfIolI=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 03/11] Implement commonio_append.
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2073
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 1874
|
|
||||||
Lines: 65
|
|
||||||
|
|
||||||
|
|
||||||
To support files that do not have a simple unique key implement
|
|
||||||
commonio_append to allow new entries to be added.
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
lib/commonio.c | 30 ++++++++++++++++++++++++++++++
|
|
||||||
lib/commonio.h | 1 +
|
|
||||||
2 files changed, 31 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/lib/commonio.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/lib/commonio.c 2013-02-01 15:27:51.376080384 -0600
|
|
||||||
+++ shadow/lib/commonio.c 2013-02-01 15:27:51.368080384 -0600
|
|
||||||
@@ -1121,6 +1121,36 @@
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
+int commonio_append (struct commonio_db *db, const void *eptr)
|
|
||||||
+{
|
|
||||||
+ struct commonio_entry *p;
|
|
||||||
+ void *nentry;
|
|
||||||
+
|
|
||||||
+ if (!db->isopen || db->readonly) {
|
|
||||||
+ errno = EINVAL;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ nentry = db->ops->dup (eptr);
|
|
||||||
+ if (NULL == nentry) {
|
|
||||||
+ errno = ENOMEM;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ /* new entry */
|
|
||||||
+ p = (struct commonio_entry *) malloc (sizeof *p);
|
|
||||||
+ if (NULL == p) {
|
|
||||||
+ db->ops->free (nentry);
|
|
||||||
+ errno = ENOMEM;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ p->eptr = nentry;
|
|
||||||
+ p->line = NULL;
|
|
||||||
+ p->changed = true;
|
|
||||||
+ add_one_entry (db, p);
|
|
||||||
+
|
|
||||||
+ db->changed = true;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
|
|
||||||
void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p)
|
|
||||||
{
|
|
||||||
Index: shadow/lib/commonio.h
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/lib/commonio.h 2013-02-01 15:27:51.376080384 -0600
|
|
||||||
+++ shadow/lib/commonio.h 2013-02-01 15:27:51.368080384 -0600
|
|
||||||
@@ -146,6 +146,7 @@
|
|
||||||
extern int commonio_open (struct commonio_db *, int);
|
|
||||||
extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *);
|
|
||||||
extern int commonio_update (struct commonio_db *, const void *);
|
|
||||||
+extern int commonio_append (struct commonio_db *, const void *);
|
|
||||||
extern int commonio_remove (struct commonio_db *, const char *);
|
|
||||||
extern int commonio_rewind (struct commonio_db *);
|
|
||||||
extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *);
|
|
||||||
-685
@@ -1,685 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:16:29 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id AF9A9C80F4; Tue, 22 Jan 2013 09:16:29 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id EDF70C80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:16:24 +0000 (UTC)
|
|
||||||
Received: from out01.mta.xmission.com ([166.70.13.231])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwI-0007HS-Mn; Tue, 22 Jan 2013 02:14:42 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwI-0005wP-8E; Tue, 22 Jan 2013 02:14:42 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwE-0004bA-Mv; Tue, 22 Jan 2013 02:14:42 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:14:35 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87liblr344.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1/3QOlmT6VsAuzQbs/RJ/nb1IrpO++QYVA=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 04/11] Add backend support for suboridnate uids and gids
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2074
|
|
||||||
Status: RO
|
|
||||||
X-Status: A
|
|
||||||
Content-Length: 15967
|
|
||||||
Lines: 636
|
|
||||||
|
|
||||||
|
|
||||||
These files list the set of subordinate uids and gids that users are allowed
|
|
||||||
to use. The expect use case is with the user namespace but other uses are
|
|
||||||
allowed.
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
etc/login.defs | 8 +
|
|
||||||
lib/Makefile.am | 2 +
|
|
||||||
lib/getdef.c | 6 +
|
|
||||||
lib/subordinateio.c | 512 +++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
lib/subordinateio.h | 38 ++++
|
|
||||||
5 files changed, 566 insertions(+), 0 deletions(-)
|
|
||||||
create mode 100644 lib/subordinateio.c
|
|
||||||
create mode 100644 lib/subordinateio.h
|
|
||||||
|
|
||||||
Index: shadow/etc/login.defs
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/etc/login.defs 2013-02-01 15:27:51.684080379 -0600
|
|
||||||
+++ shadow/etc/login.defs 2013-02-01 15:27:51.676080379 -0600
|
|
||||||
@@ -226,6 +226,10 @@
|
|
||||||
# System accounts
|
|
||||||
SYS_UID_MIN 101
|
|
||||||
SYS_UID_MAX 999
|
|
||||||
+# Extra per user uids
|
|
||||||
+SUB_UID_MIN 100000
|
|
||||||
+SUB_UID_MAX 600100000
|
|
||||||
+SUB_UID_COUNT 10000
|
|
||||||
|
|
||||||
#
|
|
||||||
# Min/max values for automatic gid selection in groupadd
|
|
||||||
@@ -235,6 +239,10 @@
|
|
||||||
# System accounts
|
|
||||||
SYS_GID_MIN 101
|
|
||||||
SYS_GID_MAX 999
|
|
||||||
+# Extra per user group ids
|
|
||||||
+SUB_GID_MIN 100000
|
|
||||||
+SUB_GID_MAX 600100000
|
|
||||||
+SUB_GID_COUNT 10000
|
|
||||||
|
|
||||||
#
|
|
||||||
# Max number of login retries if password is bad
|
|
||||||
Index: shadow/lib/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/lib/Makefile.am 2013-02-01 15:27:51.684080379 -0600
|
|
||||||
+++ shadow/lib/Makefile.am 2013-02-01 15:27:51.676080379 -0600
|
|
||||||
@@ -39,6 +39,8 @@
|
|
||||||
pwio.c \
|
|
||||||
pwio.h \
|
|
||||||
pwmem.c \
|
|
||||||
+ subordinateio.h \
|
|
||||||
+ subordinateio.c \
|
|
||||||
selinux.c \
|
|
||||||
semanage.c \
|
|
||||||
sgetgrent.c \
|
|
||||||
Index: shadow/lib/getdef.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/lib/getdef.c 2013-02-01 15:27:51.684080379 -0600
|
|
||||||
+++ shadow/lib/getdef.c 2013-02-01 15:27:51.680080379 -0600
|
|
||||||
@@ -82,6 +82,12 @@
|
|
||||||
{"SHA_CRYPT_MAX_ROUNDS", NULL},
|
|
||||||
{"SHA_CRYPT_MIN_ROUNDS", NULL},
|
|
||||||
#endif
|
|
||||||
+ {"SUB_GID_COUNT", NULL},
|
|
||||||
+ {"SUB_GID_MAX", NULL},
|
|
||||||
+ {"SUB_GID_MIN", NULL},
|
|
||||||
+ {"SUB_UID_COUNT", NULL},
|
|
||||||
+ {"SUB_UID_MAX", NULL},
|
|
||||||
+ {"SUB_UID_MIN", NULL},
|
|
||||||
{"SULOG_FILE", NULL},
|
|
||||||
{"SU_NAME", NULL},
|
|
||||||
{"SYS_GID_MAX", NULL},
|
|
||||||
Index: shadow/lib/subordinateio.c
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/lib/subordinateio.c 2013-02-01 15:27:51.680080379 -0600
|
|
||||||
@@ -0,0 +1,512 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright (c) 2012 - Eric Biederman
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <config.h>
|
|
||||||
+#include "prototypes.h"
|
|
||||||
+#include "defines.h"
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include "commonio.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
+
|
|
||||||
+struct subordinate_range {
|
|
||||||
+ const char *owner;
|
|
||||||
+ unsigned long start;
|
|
||||||
+ unsigned long count;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+#define NFIELDS 3
|
|
||||||
+
|
|
||||||
+static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *rangeent = ent;
|
|
||||||
+ struct subordinate_range *range;
|
|
||||||
+
|
|
||||||
+ range = (struct subordinate_range *) malloc (sizeof *range);
|
|
||||||
+ if (NULL == range) {
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ range->owner = strdup (rangeent->owner);
|
|
||||||
+ if (NULL == range->owner) {
|
|
||||||
+ free(range);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+ range->start = rangeent->start;
|
|
||||||
+ range->count = rangeent->count;
|
|
||||||
+
|
|
||||||
+ return range;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void subordinate_free (/*@out@*/ /*@only@*/void *ent)
|
|
||||||
+{
|
|
||||||
+ struct subordinate_range *rangeent = ent;
|
|
||||||
+
|
|
||||||
+ free ((void *)(rangeent->owner));
|
|
||||||
+ free (rangeent);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static void *subordinate_parse (const char *line)
|
|
||||||
+{
|
|
||||||
+ static struct subordinate_range range;
|
|
||||||
+ char rangebuf[1024];
|
|
||||||
+ int i;
|
|
||||||
+ char *cp;
|
|
||||||
+ char *fields[NFIELDS];
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Copy the string to a temporary buffer so the substrings can
|
|
||||||
+ * be modified to be NULL terminated.
|
|
||||||
+ */
|
|
||||||
+ if (strlen (line) >= sizeof rangebuf)
|
|
||||||
+ return NULL; /* fail if too long */
|
|
||||||
+ strcpy (rangebuf, line);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Save a pointer to the start of each colon separated
|
|
||||||
+ * field. The fields are converted into NUL terminated strings.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+ for (cp = rangebuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) {
|
|
||||||
+ fields[i] = cp;
|
|
||||||
+ while (('\0' != *cp) && (':' != *cp)) {
|
|
||||||
+ cp++;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ('\0' != *cp) {
|
|
||||||
+ *cp = '\0';
|
|
||||||
+ cp++;
|
|
||||||
+ } else {
|
|
||||||
+ cp = NULL;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * There must be exactly NFIELDS colon separated fields or
|
|
||||||
+ * the entry is invalid. Also, fields must be non-blank.
|
|
||||||
+ */
|
|
||||||
+ if (i != NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0')
|
|
||||||
+ return NULL;
|
|
||||||
+ range.owner = fields[0];
|
|
||||||
+ if (getulong (fields[1], &range.start) == 0)
|
|
||||||
+ return NULL;
|
|
||||||
+ if (getulong (fields[2], &range.count) == 0)
|
|
||||||
+ return NULL;
|
|
||||||
+
|
|
||||||
+ return ⦥
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int subordinate_put (const void *ent, FILE * file)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range = ent;
|
|
||||||
+
|
|
||||||
+ return fprintf(file, "%s:%lu:%lu\n",
|
|
||||||
+ range->owner,
|
|
||||||
+ range->start,
|
|
||||||
+ range->count) < 0 ? -1 : 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static struct commonio_ops subordinate_ops = {
|
|
||||||
+ subordinate_dup, /* dup */
|
|
||||||
+ subordinate_free, /* free */
|
|
||||||
+ NULL, /* getname */
|
|
||||||
+ subordinate_parse, /* parse */
|
|
||||||
+ subordinate_put, /* put */
|
|
||||||
+ fgets, /* fgets */
|
|
||||||
+ fputs, /* fputs */
|
|
||||||
+ NULL, /* open_hook */
|
|
||||||
+ NULL, /* close_hook */
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static /*@observer@*/ /*@null*/const struct subordinate_range *subordinate_next(struct commonio_db *db)
|
|
||||||
+{
|
|
||||||
+ commonio_next (db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool is_range_free(struct commonio_db *db, unsigned long start,
|
|
||||||
+ unsigned long count)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range;
|
|
||||||
+ unsigned long end = start + count - 1;
|
|
||||||
+
|
|
||||||
+ commonio_rewind(db);
|
|
||||||
+ while ((range = commonio_next(db)) != NULL) {
|
|
||||||
+ unsigned long first = range->start;
|
|
||||||
+ unsigned long last = first + range->count - 1;
|
|
||||||
+
|
|
||||||
+ if ((end >= first) && (start <= last))
|
|
||||||
+ return false;
|
|
||||||
+ }
|
|
||||||
+ return true;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static const bool range_exists(struct commonio_db *db, const char *owner)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range;
|
|
||||||
+ commonio_rewind(db);
|
|
||||||
+ while ((range = commonio_next(db)) != NULL) {
|
|
||||||
+ unsigned long first = range->start;
|
|
||||||
+ unsigned long last = first + range->count - 1;
|
|
||||||
+
|
|
||||||
+ if (0 == strcmp(range->owner, owner))
|
|
||||||
+ return true;
|
|
||||||
+ }
|
|
||||||
+ return false;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static const struct subordinate_range *find_range(struct commonio_db *db,
|
|
||||||
+ const char *owner, unsigned long val)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range;
|
|
||||||
+ commonio_rewind(db);
|
|
||||||
+ while ((range = commonio_next(db)) != NULL) {
|
|
||||||
+ unsigned long first = range->start;
|
|
||||||
+ unsigned long last = first + range->count - 1;
|
|
||||||
+
|
|
||||||
+ if (0 != strcmp(range->owner, owner))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ if ((val >= first) && (val <= last))
|
|
||||||
+ return range;
|
|
||||||
+ }
|
|
||||||
+ return NULL;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool have_range(struct commonio_db *db,
|
|
||||||
+ const char *owner, unsigned long start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range;
|
|
||||||
+ unsigned long end;
|
|
||||||
+
|
|
||||||
+ if (count == 0)
|
|
||||||
+ return false;
|
|
||||||
+
|
|
||||||
+ end = start + count - 1;
|
|
||||||
+ range = find_range (db, owner, start);
|
|
||||||
+ while (range) {
|
|
||||||
+ unsigned long last;
|
|
||||||
+
|
|
||||||
+ last = range->start + range->count - 1;
|
|
||||||
+ if (last >= (start + count - 1))
|
|
||||||
+ return true;
|
|
||||||
+
|
|
||||||
+ count = end - last;
|
|
||||||
+ start = last + 1;
|
|
||||||
+ range = find_range(db, owner, start);
|
|
||||||
+ }
|
|
||||||
+ return false;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int subordinate_range_cmp (const void *p1, const void *p2)
|
|
||||||
+{
|
|
||||||
+ struct subordinate_range *range1, *range2;
|
|
||||||
+
|
|
||||||
+ if ((*(struct commonio_entry **) p1)->eptr == NULL)
|
|
||||||
+ return 1;
|
|
||||||
+ if ((*(struct commonio_entry **) p2)->eptr == NULL)
|
|
||||||
+ return -1;
|
|
||||||
+
|
|
||||||
+ range1 = ((struct subordinate_range *) (*(struct commonio_entry **) p1)->eptr);
|
|
||||||
+ range2 = ((struct subordinate_range *) (*(struct commonio_entry **) p2)->eptr);
|
|
||||||
+
|
|
||||||
+ if (range1->start < range2->start)
|
|
||||||
+ return -1;
|
|
||||||
+ else if (range1->start > range2->start)
|
|
||||||
+ return 1;
|
|
||||||
+ else if (range1->count < range2->count)
|
|
||||||
+ return -1;
|
|
||||||
+ else if (range1->count > range2->count)
|
|
||||||
+ return 1;
|
|
||||||
+ else
|
|
||||||
+ return strcmp(range1->owner, range2->owner);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static unsigned long find_free_range(struct commonio_db *db,
|
|
||||||
+ unsigned long min, unsigned long max,
|
|
||||||
+ unsigned long count)
|
|
||||||
+{
|
|
||||||
+ const struct subordinate_range *range;
|
|
||||||
+ unsigned long low, high;
|
|
||||||
+
|
|
||||||
+ /* When given invalid parameters fail */
|
|
||||||
+ if ((count == 0) || (max <= min))
|
|
||||||
+ goto fail;
|
|
||||||
+
|
|
||||||
+ /* Sort by range than by owner */
|
|
||||||
+ commonio_sort (db, subordinate_range_cmp);
|
|
||||||
+ commonio_rewind(db);
|
|
||||||
+
|
|
||||||
+ low = min;
|
|
||||||
+ while ((range = commonio_next(db)) != NULL) {
|
|
||||||
+ unsigned long first = range->start;
|
|
||||||
+ unsigned long last = first + range->count - 1;
|
|
||||||
+
|
|
||||||
+ /* Find the top end of the hole before this range */
|
|
||||||
+ high = first;
|
|
||||||
+ if (high > max)
|
|
||||||
+ high = max;
|
|
||||||
+
|
|
||||||
+ /* Is the hole before this range large enough? */
|
|
||||||
+ if ((high > low) && (((high - low) + 1) >= count))
|
|
||||||
+ return low;
|
|
||||||
+
|
|
||||||
+ /* Compute the low end of the next hole */
|
|
||||||
+ if (low < (last + 1))
|
|
||||||
+ low = last + 1;
|
|
||||||
+ if (low > max)
|
|
||||||
+ goto fail;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* Is the remaining unclaimed area large enough? */
|
|
||||||
+ if (((max - low) + 1) >= count)
|
|
||||||
+ return low;
|
|
||||||
+fail:
|
|
||||||
+ return ULONG_MAX;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int add_range(struct commonio_db *db,
|
|
||||||
+ const char *owner, unsigned long start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ struct subordinate_range range;
|
|
||||||
+ range.owner = owner;
|
|
||||||
+ range.start = start;
|
|
||||||
+ range.count = count;
|
|
||||||
+
|
|
||||||
+ /* See if the range is already present */
|
|
||||||
+ if (have_range(db, owner, start, count))
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
+ /* Oterwise append the range */
|
|
||||||
+ return commonio_append(db, &range);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int remove_range(struct commonio_db *db,
|
|
||||||
+ const char *owner, unsigned long start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ struct commonio_entry *ent;
|
|
||||||
+ unsigned long end;
|
|
||||||
+
|
|
||||||
+ if (count == 0)
|
|
||||||
+ return 1;
|
|
||||||
+
|
|
||||||
+ end = start + count - 1;
|
|
||||||
+ for (ent = db->head; ent; ent = ent->next) {
|
|
||||||
+ struct subordinate_range *range = ent->eptr;
|
|
||||||
+ unsigned long first;
|
|
||||||
+ unsigned long last;
|
|
||||||
+
|
|
||||||
+ /* Skip unparsed entries */
|
|
||||||
+ if (!range)
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ first = range->start;
|
|
||||||
+ last = first + range->count - 1;
|
|
||||||
+
|
|
||||||
+ /* Skip entries with a different owner */
|
|
||||||
+ if (0 != strcmp(range->owner, owner))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ /* Skip entries outside of the range to remove */
|
|
||||||
+ if ((end < first) || (start > last))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
+ /* Is entry completely contained in the range to remove? */
|
|
||||||
+ if ((start <= first) && (end >= last)) {
|
|
||||||
+ commonio_del_entry (db, ent);
|
|
||||||
+ }
|
|
||||||
+ /* Is just the start of the entry removed? */
|
|
||||||
+ else if ((start <= first) && (end < last)) {
|
|
||||||
+ range->start = end + 1;
|
|
||||||
+ range->count = (last - range->start) + 1;
|
|
||||||
+
|
|
||||||
+ ent->changed = true;
|
|
||||||
+ }
|
|
||||||
+ /* Is just the end of the entry removed? */
|
|
||||||
+ else if ((start > first) && (end >= last)) {
|
|
||||||
+ range->count = (start - range->start) + 1;
|
|
||||||
+
|
|
||||||
+ ent->changed = true;
|
|
||||||
+ }
|
|
||||||
+ /* The middle of the range is removed */
|
|
||||||
+ else {
|
|
||||||
+ struct subordinate_range tail;
|
|
||||||
+ tail.owner = range->owner;
|
|
||||||
+ tail.start = end + 1;
|
|
||||||
+ tail.count = (last - tail.start) + 1;
|
|
||||||
+
|
|
||||||
+ if (!commonio_append(db, &tail))
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ range->count = (start - range->start) + 1;
|
|
||||||
+
|
|
||||||
+ ent->changed = true;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static struct commonio_db subordinate_uid_db = {
|
|
||||||
+ "/etc/subuid", /* filename */
|
|
||||||
+ &subordinate_ops, /* ops */
|
|
||||||
+ NULL, /* fp */
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ NULL, /* scontext */
|
|
||||||
+#endif
|
|
||||||
+ NULL, /* head */
|
|
||||||
+ NULL, /* tail */
|
|
||||||
+ NULL, /* cursor */
|
|
||||||
+ false, /* changed */
|
|
||||||
+ false, /* isopen */
|
|
||||||
+ false, /* locked */
|
|
||||||
+ false /* readonly */
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+int sub_uid_setdbname (const char *filename)
|
|
||||||
+{
|
|
||||||
+ return commonio_setname (&subordinate_uid_db, filename);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*@observer@*/const char *sub_uid_dbname (void)
|
|
||||||
+{
|
|
||||||
+ return subordinate_uid_db.filename;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool sub_uid_file_present (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_present (&subordinate_uid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_lock (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_lock (&subordinate_uid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_open (int mode)
|
|
||||||
+{
|
|
||||||
+ return commonio_open (&subordinate_uid_db, mode);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool is_sub_uid_range_free(uid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return is_range_free (&subordinate_uid_db, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool sub_uid_assigned(const char *owner)
|
|
||||||
+{
|
|
||||||
+ return range_exists (&subordinate_uid_db, owner);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool have_sub_uids(const char *owner, uid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return have_range (&subordinate_uid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_add (const char *owner, uid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return add_range (&subordinate_uid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_remove (const char *owner, uid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return remove_range (&subordinate_uid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_close (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_close (&subordinate_uid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_uid_unlock (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_unlock (&subordinate_uid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ unsigned long start;
|
|
||||||
+ start = find_free_range (&subordinate_uid_db, min, max, count);
|
|
||||||
+ return start == ULONG_MAX ? (uid_t) -1 : start;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static struct commonio_db subordinate_gid_db = {
|
|
||||||
+ "/etc/subgid", /* filename */
|
|
||||||
+ &subordinate_ops, /* ops */
|
|
||||||
+ NULL, /* fp */
|
|
||||||
+#ifdef WITH_SELINUX
|
|
||||||
+ NULL, /* scontext */
|
|
||||||
+#endif
|
|
||||||
+ NULL, /* head */
|
|
||||||
+ NULL, /* tail */
|
|
||||||
+ NULL, /* cursor */
|
|
||||||
+ false, /* changed */
|
|
||||||
+ false, /* isopen */
|
|
||||||
+ false, /* locked */
|
|
||||||
+ false /* readonly */
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+int sub_gid_setdbname (const char *filename)
|
|
||||||
+{
|
|
||||||
+ return commonio_setname (&subordinate_gid_db, filename);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*@observer@*/const char *sub_gid_dbname (void)
|
|
||||||
+{
|
|
||||||
+ return subordinate_gid_db.filename;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool sub_gid_file_present (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_present (&subordinate_gid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_lock (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_lock (&subordinate_gid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_open (int mode)
|
|
||||||
+{
|
|
||||||
+ return commonio_open (&subordinate_gid_db, mode);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool is_sub_gid_range_free(gid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return is_range_free (&subordinate_gid_db, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool have_sub_gids(const char *owner, gid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return have_range(&subordinate_gid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool sub_gid_assigned(const char *owner)
|
|
||||||
+{
|
|
||||||
+ return range_exists (&subordinate_gid_db, owner);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_add (const char *owner, gid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return add_range (&subordinate_gid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_remove (const char *owner, gid_t start, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ return remove_range (&subordinate_gid_db, owner, start, count);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_close (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_close (&subordinate_gid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int sub_gid_unlock (void)
|
|
||||||
+{
|
|
||||||
+ return commonio_unlock (&subordinate_gid_db);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count)
|
|
||||||
+{
|
|
||||||
+ unsigned long start;
|
|
||||||
+ start = find_free_range (&subordinate_gid_db, min, max, count);
|
|
||||||
+ return start == ULONG_MAX ? (gid_t) -1 : start;
|
|
||||||
+}
|
|
||||||
Index: shadow/lib/subordinateio.h
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/lib/subordinateio.h 2013-02-01 15:27:51.680080379 -0600
|
|
||||||
@@ -0,0 +1,38 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright (c) 2012- Eric W. Biederman
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#ifndef _SUBORDINATEIO_H
|
|
||||||
+#define _SUBORDINATEIO_H
|
|
||||||
+
|
|
||||||
+#include <sys/types.h>
|
|
||||||
+
|
|
||||||
+extern int sub_uid_close(void);
|
|
||||||
+extern bool is_sub_uid_range_free(uid_t start, unsigned long count);
|
|
||||||
+extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count);
|
|
||||||
+extern bool sub_uid_file_present (void);
|
|
||||||
+extern bool sub_uid_assigned(const char *owner);
|
|
||||||
+extern int sub_uid_lock (void);
|
|
||||||
+extern int sub_uid_setdbname (const char *filename);
|
|
||||||
+extern /*@observer@*/const char *sub_uid_dbname (void);
|
|
||||||
+extern int sub_uid_open (int mode);
|
|
||||||
+extern int sub_uid_unlock (void);
|
|
||||||
+extern int sub_uid_add (const char *owner, uid_t start, unsigned long count);
|
|
||||||
+extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count);
|
|
||||||
+extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count);
|
|
||||||
+
|
|
||||||
+extern int sub_gid_close(void);
|
|
||||||
+extern bool is_sub_gid_range_free(gid_t start, unsigned long count);
|
|
||||||
+extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count);
|
|
||||||
+extern bool sub_gid_file_present (void);
|
|
||||||
+extern bool sub_gid_assigned(const char *owner);
|
|
||||||
+extern int sub_gid_lock (void);
|
|
||||||
+extern int sub_gid_setdbname (const char *filename);
|
|
||||||
+extern /*@observer@*/const char *sub_gid_dbname (void);
|
|
||||||
+extern int sub_gid_open (int mode);
|
|
||||||
+extern int sub_gid_unlock (void);
|
|
||||||
+extern int sub_gid_add (const char *owner, gid_t start, unsigned long count);
|
|
||||||
+extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count);
|
|
||||||
+extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count);
|
|
||||||
+
|
|
||||||
+#endif
|
|
||||||
@@ -1,283 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:17:02 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id 480ABC80F4; Tue, 22 Jan 2013 09:17:02 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 90ACFC80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:16:57 +0000 (UTC)
|
|
||||||
Received: from out01.mta.xmission.com ([166.70.13.231])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwp-0007cg-9X; Tue, 22 Jan 2013 02:15:15 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwo-0006DN-OT; Tue, 22 Jan 2013 02:15:14 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZwj-0004g0-9e; Tue, 22 Jan 2013 02:15:14 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:15:05 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87fw1tr33a.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX19KHX5xUOkaLY5iIEqDVLxZKDTByyA0Xk8=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 05/11] Implement find_new_sub_uids find_new_sub_gids
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2075
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 8108
|
|
||||||
Lines: 235
|
|
||||||
|
|
||||||
|
|
||||||
Functions for finding new subordinate uid and gids ranges for use
|
|
||||||
with useradd.
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
lib/prototypes.h | 9 ++++
|
|
||||||
libmisc/Makefile.am | 2 +
|
|
||||||
libmisc/find_new_sub_gids.c | 87 +++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
libmisc/find_new_sub_uids.c | 87 +++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
4 files changed, 185 insertions(+), 0 deletions(-)
|
|
||||||
create mode 100644 libmisc/find_new_sub_gids.c
|
|
||||||
create mode 100644 libmisc/find_new_sub_uids.c
|
|
||||||
|
|
||||||
Index: shadow/lib/prototypes.h
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/lib/prototypes.h 2013-02-01 15:27:52.044080373 -0600
|
|
||||||
+++ shadow/lib/prototypes.h 2013-02-01 15:27:52.040080373 -0600
|
|
||||||
@@ -149,6 +149,15 @@
|
|
||||||
uid_t *uid,
|
|
||||||
/*@null@*/uid_t const *preferred_uid);
|
|
||||||
|
|
||||||
+/* find_new_sub_gids.c */
|
|
||||||
+extern int find_new_sub_gids (const char *owner,
|
|
||||||
+ gid_t *range_start, unsigned long *range_count);
|
|
||||||
+
|
|
||||||
+/* find_new_sub_uids.c */
|
|
||||||
+extern int find_new_sub_uids (const char *owner,
|
|
||||||
+ uid_t *range_start, unsigned long *range_count);
|
|
||||||
+
|
|
||||||
+
|
|
||||||
/* get_gid.c */
|
|
||||||
extern int get_gid (const char *gidstr, gid_t *gid);
|
|
||||||
|
|
||||||
Index: shadow/libmisc/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/libmisc/Makefile.am 2013-02-01 15:27:52.044080373 -0600
|
|
||||||
+++ shadow/libmisc/Makefile.am 2013-02-01 15:27:52.040080373 -0600
|
|
||||||
@@ -25,6 +25,8 @@
|
|
||||||
failure.h \
|
|
||||||
find_new_gid.c \
|
|
||||||
find_new_uid.c \
|
|
||||||
+ find_new_sub_gids.c \
|
|
||||||
+ find_new_sub_uids.c \
|
|
||||||
getdate.h \
|
|
||||||
getdate.y \
|
|
||||||
getgr_nam_gid.c \
|
|
||||||
Index: shadow/libmisc/find_new_sub_gids.c
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/libmisc/find_new_sub_gids.c 2013-02-01 15:27:52.040080373 -0600
|
|
||||||
@@ -0,0 +1,87 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright (c) 2012 Eric Biederman
|
|
||||||
+ *
|
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
|
||||||
+ * modification, are permitted provided that the following conditions
|
|
||||||
+ * are met:
|
|
||||||
+ * 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer.
|
|
||||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ * documentation and/or other materials provided with the distribution.
|
|
||||||
+ * 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ * endorse or promote products derived from this software without
|
|
||||||
+ * specific prior written permission.
|
|
||||||
+ *
|
|
||||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <config.h>
|
|
||||||
+
|
|
||||||
+#include <assert.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <errno.h>
|
|
||||||
+
|
|
||||||
+#include "prototypes.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
+#include "getdef.h"
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * find_new_sub_gids - Find a new unused range of GIDs.
|
|
||||||
+ *
|
|
||||||
+ * If successful, find_new_sub_gids provides a range of unused
|
|
||||||
+ * user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range.
|
|
||||||
+ *
|
|
||||||
+ * Return 0 on success, -1 if no unused GIDs are available.
|
|
||||||
+ */
|
|
||||||
+int find_new_sub_gids (const char *owner,
|
|
||||||
+ gid_t *range_start, unsigned long *range_count)
|
|
||||||
+{
|
|
||||||
+ unsigned long min, max;
|
|
||||||
+ unsigned long count;
|
|
||||||
+ gid_t start;
|
|
||||||
+
|
|
||||||
+ assert (range_start != NULL);
|
|
||||||
+ assert (range_count != NULL);
|
|
||||||
+
|
|
||||||
+ min = getdef_ulong ("SUB_GID_MIN", 100000UL);
|
|
||||||
+ max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
|
|
||||||
+ count = getdef_ulong ("SUB_GID_COUNT", 10000);
|
|
||||||
+
|
|
||||||
+ /* Is there a preferred range that works? */
|
|
||||||
+ if ((*range_count != 0) &&
|
|
||||||
+ (*range_start >= min) &&
|
|
||||||
+ (((*range_start) + (*range_count) - 1) <= max) &&
|
|
||||||
+ is_sub_gid_range_free(*range_start, *range_count)) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (max < (min + count)) {
|
|
||||||
+ (void) fprintf (stderr,
|
|
||||||
+ _("%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu)\n"),
|
|
||||||
+ Prog, min, max);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ start = sub_gid_find_free_range(min, max, count);
|
|
||||||
+ if (start == (gid_t)-1) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: Can't get unique secondary GID range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ SYSLOG ((LOG_WARN, "no more available secondary GIDs on the system"));
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ *range_start = start;
|
|
||||||
+ *range_count = count;
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
Index: shadow/libmisc/find_new_sub_uids.c
|
|
||||||
===================================================================
|
|
||||||
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
|
||||||
+++ shadow/libmisc/find_new_sub_uids.c 2013-02-01 15:27:52.040080373 -0600
|
|
||||||
@@ -0,0 +1,87 @@
|
|
||||||
+/*
|
|
||||||
+ * Copyright (c) 2012 Eric Biederman
|
|
||||||
+ *
|
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
|
||||||
+ * modification, are permitted provided that the following conditions
|
|
||||||
+ * are met:
|
|
||||||
+ * 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer.
|
|
||||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer in the
|
|
||||||
+ * documentation and/or other materials provided with the distribution.
|
|
||||||
+ * 3. The name of the copyright holders or contributors may not be used to
|
|
||||||
+ * endorse or promote products derived from this software without
|
|
||||||
+ * specific prior written permission.
|
|
||||||
+ *
|
|
||||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
|
|
||||||
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <config.h>
|
|
||||||
+
|
|
||||||
+#include <assert.h>
|
|
||||||
+#include <stdio.h>
|
|
||||||
+#include <errno.h>
|
|
||||||
+
|
|
||||||
+#include "prototypes.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
+#include "getdef.h"
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * find_new_sub_uids - Find a new unused range of UIDs.
|
|
||||||
+ *
|
|
||||||
+ * If successful, find_new_sub_uids provides a range of unused
|
|
||||||
+ * user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range.
|
|
||||||
+ *
|
|
||||||
+ * Return 0 on success, -1 if no unused UIDs are available.
|
|
||||||
+ */
|
|
||||||
+int find_new_sub_uids (const char *owner,
|
|
||||||
+ uid_t *range_start, unsigned long *range_count)
|
|
||||||
+{
|
|
||||||
+ unsigned long min, max;
|
|
||||||
+ unsigned long count;
|
|
||||||
+ uid_t start;
|
|
||||||
+
|
|
||||||
+ assert (range_start != NULL);
|
|
||||||
+ assert (range_count != NULL);
|
|
||||||
+
|
|
||||||
+ min = getdef_ulong ("SUB_UID_MIN", 100000UL);
|
|
||||||
+ max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
|
|
||||||
+ count = getdef_ulong ("SUB_UID_COUNT", 10000);
|
|
||||||
+
|
|
||||||
+ /* Is there a preferred range that works? */
|
|
||||||
+ if ((*range_count != 0) &&
|
|
||||||
+ (*range_start >= min) &&
|
|
||||||
+ (((*range_start) + (*range_count) - 1) <= max) &&
|
|
||||||
+ is_sub_uid_range_free(*range_start, *range_count)) {
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (max < (min + count)) {
|
|
||||||
+ (void) fprintf (stderr,
|
|
||||||
+ _("%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu)\n"),
|
|
||||||
+ Prog, min, max);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ start = sub_uid_find_free_range(min, max, count);
|
|
||||||
+ if (start == (uid_t)-1) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: Can't get unique secondary UID range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ SYSLOG ((LOG_WARN, "no more available secondary UIDs on the system"));
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ *range_start = start;
|
|
||||||
+ *range_count = count;
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
-236
@@ -1,236 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:18:47 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id F2E6AC80F6; Tue, 22 Jan 2013 09:18:46 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 996B1C80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:18:42 +0000 (UTC)
|
|
||||||
Received: from out03.mta.xmission.com ([166.70.13.233])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZyW-0008Bi-3X; Tue, 22 Jan 2013 02:17:00 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZyU-0005NA-Qm; Tue, 22 Jan 2013 02:16:59 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZyQ-0004qs-T1; Tue, 22 Jan 2013 02:16:58 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:16:51 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <878v7lr30c.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1/1l7dElNy9uNLAXx8eC28OMs/pxPM8NEo=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 06/11] userdel: Add support for removing subordinate user and group ids.
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2076
|
|
||||||
Status: O
|
|
||||||
Content-Length: 5573
|
|
||||||
Lines: 186
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
src/userdel.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
1 files changed, 115 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/src/userdel.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/src/userdel.c 2013-02-01 15:27:52.380080367 -0600
|
|
||||||
+++ shadow/src/userdel.c 2013-02-01 15:27:52.372080367 -0600
|
|
||||||
@@ -65,6 +65,7 @@
|
|
||||||
#endif /* WITH_TCB */
|
|
||||||
/*@-exitarg@*/
|
|
||||||
#include "exitcodes.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
* exit status values
|
|
||||||
@@ -75,6 +76,8 @@
|
|
||||||
#define E_GRP_UPDATE 10 /* can't update group file */
|
|
||||||
#define E_HOMEDIR 12 /* can't remove home directory */
|
|
||||||
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
|
|
||||||
+#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
|
|
||||||
+#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Global variables
|
|
||||||
@@ -96,9 +99,13 @@
|
|
||||||
static bool is_shadow_grp;
|
|
||||||
static bool sgr_locked = false;
|
|
||||||
#endif /* SHADOWGRP */
|
|
||||||
+static bool is_sub_uid;
|
|
||||||
+static bool is_sub_gid;
|
|
||||||
static bool pw_locked = false;
|
|
||||||
static bool gr_locked = false;
|
|
||||||
static bool spw_locked = false;
|
|
||||||
+static bool sub_uid_locked = false;
|
|
||||||
+static bool sub_gid_locked = false;
|
|
||||||
|
|
||||||
/* local function prototypes */
|
|
||||||
static void usage (int status);
|
|
||||||
@@ -437,6 +444,34 @@
|
|
||||||
sgr_locked = false;
|
|
||||||
}
|
|
||||||
#endif /* SHADOWGRP */
|
|
||||||
+
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_close () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_close () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = false;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -474,6 +509,20 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* SHADOWGRP */
|
|
||||||
+ if (sub_uid_locked) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (sub_gid_locked) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
@@ -595,6 +644,58 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif /* SHADOWGRP */
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
+ "locking subordinate user file",
|
|
||||||
+ user_name, (unsigned int) user_id,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif /* WITH_AUDIT */
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = true;
|
|
||||||
+ if (sub_uid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
+ "opening subordinate user file",
|
|
||||||
+ user_name, (unsigned int) user_id,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif /* WITH_AUDIT */
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
+ "locking subordinate group file",
|
|
||||||
+ user_name, (unsigned int) user_id,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif /* WITH_AUDIT */
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = true;
|
|
||||||
+ if (sub_gid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
+ "opening subordinate group file",
|
|
||||||
+ user_name, (unsigned int) user_id,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif /* WITH_AUDIT */
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -619,6 +720,18 @@
|
|
||||||
Prog, user_name, spw_dbname ());
|
|
||||||
fail_exit (E_PW_UPDATE);
|
|
||||||
}
|
|
||||||
+ if (is_sub_uid && sub_uid_remove(user_name, 0, ULONG_MAX) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot remove entry %lu from %s\n"),
|
|
||||||
+ Prog, (unsigned long)user_id, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid && sub_gid_remove(user_name, 0, ULONG_MAX) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot remove entry %lu from %s\n"),
|
|
||||||
+ Prog, (unsigned long)user_id, sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_DEL_USER, Prog,
|
|
||||||
"deleting user entries",
|
|
||||||
@@ -966,6 +1079,8 @@
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif /* SHADOWGRP */
|
|
||||||
+ is_sub_uid = sub_uid_file_present ();
|
|
||||||
+ is_sub_gid = sub_gid_file_present ();
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Start with a quick check to see if the user exists.
|
|
||||||
-285
@@ -1,285 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:19:29 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id 61652C80DB; Tue, 22 Jan 2013 09:19:29 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id E0ABBC80F4
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:19:23 +0000 (UTC)
|
|
||||||
Received: from out03.mta.xmission.com ([166.70.13.233])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZzB-0008QG-Kq; Tue, 22 Jan 2013 02:17:41 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZz7-0005Ui-1H; Tue, 22 Jan 2013 02:17:37 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZz4-0004tF-BP; Tue, 22 Jan 2013 02:17:36 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:17:30 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <8738xtr2z9.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1/Jm5H2PcjgcLXEyKh9YL3DVs2WZBJhDB8=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 07/11] useradd: Add support for subordinate user identifiers
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2077
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 6886
|
|
||||||
Lines: 235
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
src/useradd.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
|
||||||
1 files changed, 140 insertions(+), 1 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/src/useradd.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/src/useradd.c 2013-02-01 15:27:52.668080362 -0600
|
|
||||||
+++ shadow/src/useradd.c 2013-02-01 15:27:52.660080362 -0600
|
|
||||||
@@ -65,6 +65,7 @@
|
|
||||||
#include "sgroupio.h"
|
|
||||||
#endif
|
|
||||||
#include "shadowio.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
#ifdef WITH_TCB
|
|
||||||
#include "tcbfuncs.h"
|
|
||||||
#endif
|
|
||||||
@@ -121,12 +122,20 @@
|
|
||||||
static bool is_shadow_grp;
|
|
||||||
static bool sgr_locked = false;
|
|
||||||
#endif
|
|
||||||
+static bool is_sub_uid = false;
|
|
||||||
+static bool is_sub_gid = false;
|
|
||||||
static bool pw_locked = false;
|
|
||||||
static bool gr_locked = false;
|
|
||||||
static bool spw_locked = false;
|
|
||||||
+static bool sub_uid_locked = false;
|
|
||||||
+static bool sub_gid_locked = false;
|
|
||||||
static char **user_groups; /* NULL-terminated list */
|
|
||||||
static long sys_ngroups;
|
|
||||||
static bool do_grp_update = false; /* group files need to be updated */
|
|
||||||
+static uid_t sub_uid_start; /* New subordinate uid range */
|
|
||||||
+static unsigned long sub_uid_count;
|
|
||||||
+static gid_t sub_gid_start; /* New subordinate gid range */
|
|
||||||
+static unsigned long sub_gid_count;
|
|
||||||
|
|
||||||
static bool
|
|
||||||
bflg = false, /* new default root of home directory */
|
|
||||||
@@ -168,6 +177,8 @@
|
|
||||||
#define E_GRP_UPDATE 10 /* can't update group file */
|
|
||||||
#define E_HOMEDIR 12 /* can't create home directory */
|
|
||||||
#define E_SE_UPDATE 14 /* can't update SELinux user mapping */
|
|
||||||
+#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
|
|
||||||
+#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
|
|
||||||
|
|
||||||
#define DGROUP "GROUP="
|
|
||||||
#define DHOME "HOME="
|
|
||||||
@@ -268,6 +279,32 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (sub_uid_locked) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
+ "unlocking subodinate user file",
|
|
||||||
+ user_name, AUDIT_NO_ID,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (sub_gid_locked) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
+ "unlocking subodinate group file",
|
|
||||||
+ user_name, AUDIT_NO_ID,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
@@ -1379,6 +1416,18 @@
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
+ if (is_sub_uid && (sub_uid_close () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid && (sub_gid_close () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
if (is_shadow_pwd) {
|
|
||||||
if (spw_unlock () == 0) {
|
|
||||||
fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ());
|
|
||||||
@@ -1433,6 +1482,34 @@
|
|
||||||
sgr_locked = false;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
+ "unlocking subordinate user file",
|
|
||||||
+ user_name, AUDIT_NO_ID,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = false;
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+#ifdef WITH_AUDIT
|
|
||||||
+ audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
+ "unlocking subordinate group file",
|
|
||||||
+ user_name, AUDIT_NO_ID,
|
|
||||||
+ SHADOW_AUDIT_FAILURE);
|
|
||||||
+#endif
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = false;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -1487,6 +1564,36 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = true;
|
|
||||||
+ if (sub_uid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = true;
|
|
||||||
+ if (sub_gid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
static void open_shadow (void)
|
|
||||||
@@ -1733,13 +1840,27 @@
|
|
||||||
#endif
|
|
||||||
fail_exit (E_PW_UPDATE);
|
|
||||||
}
|
|
||||||
+ if (is_sub_uid &&
|
|
||||||
+ (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to prepare the new %s entry\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid &&
|
|
||||||
+ (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to prepare the new %s entry\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_ADD_USER, Prog,
|
|
||||||
"adding user",
|
|
||||||
user_name, (unsigned int) user_id,
|
|
||||||
SHADOW_AUDIT_SUCCESS);
|
|
||||||
#endif
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* Do any group file updates for this user.
|
|
||||||
*/
|
|
||||||
@@ -1885,6 +2006,8 @@
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
+ is_sub_uid = sub_uid_file_present ();
|
|
||||||
+ is_sub_gid = sub_gid_file_present ();
|
|
||||||
|
|
||||||
get_defaults ();
|
|
||||||
|
|
||||||
@@ -2035,6 +2158,22 @@
|
|
||||||
grp_add ();
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: can't find subordinate user range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ fail_exit(E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: can't find subordinate group range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ fail_exit(E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
usr_update ();
|
|
||||||
|
|
||||||
if (mflg) {
|
|
||||||
-133
@@ -1,133 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:19:49 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id E0EA3C80F4; Tue, 22 Jan 2013 09:19:49 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00,
|
|
||||||
RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 1A2C7C80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:19:46 +0000 (UTC)
|
|
||||||
Received: from out03.mta.xmission.com ([166.70.13.233])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZzX-00006D-G7; Tue, 22 Jan 2013 02:18:03 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZzV-0005Zh-Qq; Tue, 22 Jan 2013 02:18:02 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZzN-0004ul-H6; Tue, 22 Jan 2013 02:18:01 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:17:50 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87y5flpoe9.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1/ZWJZMWIVV2ekPIrRQjHLl4Oh/kdyWJUw=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 08/11] Add support for detecting busy subordinate user ids
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2078
|
|
||||||
Status: RO
|
|
||||||
Content-Length: 2655
|
|
||||||
Lines: 83
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
libmisc/user_busy.c | 18 +++++++++++++-----
|
|
||||||
1 files changed, 13 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/libmisc/user_busy.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/libmisc/user_busy.c 2013-02-01 15:27:52.952080357 -0600
|
|
||||||
+++ shadow/libmisc/user_busy.c 2013-02-01 15:27:52.948080357 -0600
|
|
||||||
@@ -38,11 +38,13 @@
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <dirent.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
#include "defines.h"
|
|
||||||
#include "prototypes.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
|
|
||||||
#ifdef __linux__
|
|
||||||
-static int check_status (const char *sname, uid_t uid);
|
|
||||||
+static int check_status (const char *name, const char *sname, uid_t uid);
|
|
||||||
static int user_busy_processes (const char *name, uid_t uid);
|
|
||||||
#else /* !__linux__ */
|
|
||||||
static int user_busy_utmp (const char *name);
|
|
||||||
@@ -102,7 +104,7 @@
|
|
||||||
#endif /* !__linux__ */
|
|
||||||
|
|
||||||
#ifdef __linux__
|
|
||||||
-static int check_status (const char *sname, uid_t uid)
|
|
||||||
+static int check_status (const char *name, const char *sname, uid_t uid)
|
|
||||||
{
|
|
||||||
/* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */
|
|
||||||
char status[40];
|
|
||||||
@@ -125,7 +127,10 @@
|
|
||||||
&ruid, &euid, &suid) == 3) {
|
|
||||||
if ( (ruid == (unsigned long) uid)
|
|
||||||
|| (euid == (unsigned long) uid)
|
|
||||||
- || (suid == (unsigned long) uid)) {
|
|
||||||
+ || (suid == (unsigned long) uid)
|
|
||||||
+ || have_sub_uids(name, ruid, 1)
|
|
||||||
+ || have_sub_uids(name, euid, 1)
|
|
||||||
+ || have_sub_uids(name, suid, 1)) {
|
|
||||||
(void) fclose (sfile);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
@@ -153,6 +158,8 @@
|
|
||||||
struct stat sbroot;
|
|
||||||
struct stat sbroot_process;
|
|
||||||
|
|
||||||
+ sub_uid_open (O_RDONLY);
|
|
||||||
+
|
|
||||||
proc = opendir ("/proc");
|
|
||||||
if (proc == NULL) {
|
|
||||||
perror ("opendir /proc");
|
|
||||||
@@ -196,7 +203,7 @@
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (check_status (tmp_d_name, uid) != 0) {
|
|
||||||
+ if (check_status (name, tmp_d_name, uid) != 0) {
|
|
||||||
(void) closedir (proc);
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: user %s is currently used by process %d\n"),
|
|
||||||
@@ -216,7 +223,7 @@
|
|
||||||
if (tid == pid) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
- if (check_status (task_path+6, uid) != 0) {
|
|
||||||
+ if (check_status (name, task_path+6, uid) != 0) {
|
|
||||||
(void) closedir (proc);
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: user %s is currently used by process %d\n"),
|
|
||||||
@@ -231,6 +238,7 @@
|
|
||||||
}
|
|
||||||
|
|
||||||
(void) closedir (proc);
|
|
||||||
+ sub_uid_close();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* __linux__ */
|
|
||||||
-536
@@ -1,536 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:20:27 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id 8625BC80F4; Tue, 22 Jan 2013 09:20:27 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00
|
|
||||||
autolearn=no version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id 69CACC80D1
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:20:23 +0000 (UTC)
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1Txa08-0000JL-Uo; Tue, 22 Jan 2013 02:18:41 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1TxZzw-0004wm-8g; Tue, 22 Jan 2013 02:18:40 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:18:24 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87sj5tpodb.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1/EkNiL4owL54HOscHbdbK8RucFTofOBo8=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 09/11] usermod: Add support for subordinate uids and gids.
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2079
|
|
||||||
Status: O
|
|
||||||
Content-Length: 15455
|
|
||||||
Lines: 491
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
man/usermod.8.xml | 80 +++++++++++++++++
|
|
||||||
src/usermod.c | 255 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
|
|
||||||
2 files changed, 332 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/man/usermod.8.xml
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/usermod.8.xml 2013-02-01 15:27:53.240080352 -0600
|
|
||||||
+++ shadow/man/usermod.8.xml 2013-02-01 15:27:53.232080353 -0600
|
|
||||||
@@ -391,6 +391,86 @@
|
|
||||||
</varlistentry>
|
|
||||||
<varlistentry>
|
|
||||||
<term>
|
|
||||||
+ <option>-v</option>, <option>--add-sub-uids</option>
|
|
||||||
+ <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
|
|
||||||
+ </term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ Add a range of subordinate uids to the users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ This option may be specified multiple times to add multiple ranges to a users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ No checks will be performed with regard to
|
|
||||||
+ <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
|
|
||||||
+ <option>SUB_UID_COUNT</option> from /etc/login.defs.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term>
|
|
||||||
+ <option>-V</option>, <option>--del-sub-uids</option>
|
|
||||||
+ <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
|
|
||||||
+ </term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ Remove a range of subordinate uids from the users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ This option may be specified multiple times to remove multiple ranges to a users account.
|
|
||||||
+ When both <option>--del-sub-uids</option> and <option>--add-sub-uids</option> are specified
|
|
||||||
+ remove of all subordinate uid ranges happens before any subordinate uid ranges are added.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ No checks will be performed with regard to
|
|
||||||
+ <option>SUB_UID_MIN</option>, <option>SUB_UID_MAX</option>, or
|
|
||||||
+ <option>SUB_UID_COUNT</option> from /etc/login.defs.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term>
|
|
||||||
+ <option>-w</option>, <option>--add-sub-gids</option>
|
|
||||||
+ <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
|
|
||||||
+ </term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ Add a range of subordinate gids to the users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ This option may be specified multiple times to add multiple ranges to a users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ No checks will be performed with regard to
|
|
||||||
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
|
|
||||||
+ <option>SUB_GID_COUNT</option> from /etc/login.defs.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term>
|
|
||||||
+ <option>-W</option>, <option>--del-sub-gids</option>
|
|
||||||
+ <replaceable>FIRST</replaceable>-<replaceable>LAST</replaceable>
|
|
||||||
+ </term>
|
|
||||||
+ <listitem>
|
|
||||||
+ <para>
|
|
||||||
+ Remove a range of subordinate gids from the users account.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ This option may be specified multiple times to remove multiple ranges to a users account.
|
|
||||||
+ When both <option>--del-sub-gids</option> and <option>--add-sub-gids</option> are specified
|
|
||||||
+ remove of all subordinate gid ranges happens before any subordinate gid ranges are added.
|
|
||||||
+ </para>
|
|
||||||
+ <para>
|
|
||||||
+ No checks will be performed with regard to
|
|
||||||
+ <option>SUB_GID_MIN</option>, <option>SUB_GID_MAX</option>, or
|
|
||||||
+ <option>SUB_GID_COUNT</option> from /etc/login.defs.
|
|
||||||
+ </para>
|
|
||||||
+ </listitem>
|
|
||||||
+ </varlistentry>
|
|
||||||
+ <varlistentry>
|
|
||||||
+ <term>
|
|
||||||
<option>-Z</option>, <option>--selinux-user</option>
|
|
||||||
<replaceable>SEUSER</replaceable>
|
|
||||||
</term>
|
|
||||||
Index: shadow/src/usermod.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/src/usermod.c 2013-02-01 15:27:53.240080352 -0600
|
|
||||||
+++ shadow/src/usermod.c 2013-02-01 15:27:53.236080353 -0600
|
|
||||||
@@ -63,6 +63,7 @@
|
|
||||||
#include "sgroupio.h"
|
|
||||||
#endif
|
|
||||||
#include "shadowio.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
#ifdef WITH_TCB
|
|
||||||
#include "tcbfuncs.h"
|
|
||||||
#endif
|
|
||||||
@@ -86,6 +87,8 @@
|
|
||||||
/* #define E_NOSPACE 11 insufficient space to move home dir */
|
|
||||||
#define E_HOMEDIR 12 /* unable to complete home dir move */
|
|
||||||
#define E_SE_UPDATE 13 /* can't update SELinux user mapping */
|
|
||||||
+#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */
|
|
||||||
+#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */
|
|
||||||
#define VALID(s) (strcspn (s, ":\n") == strlen (s))
|
|
||||||
/*
|
|
||||||
* Global variables
|
|
||||||
@@ -133,7 +136,11 @@
|
|
||||||
Zflg = false, /* new selinux user */
|
|
||||||
#endif
|
|
||||||
uflg = false, /* specify new user ID */
|
|
||||||
- Uflg = false; /* unlock the password */
|
|
||||||
+ Uflg = false, /* unlock the password */
|
|
||||||
+ vflg = false, /* add subordinate uids */
|
|
||||||
+ Vflg = false, /* delete subordinate uids */
|
|
||||||
+ wflg = false, /* add subordinate gids */
|
|
||||||
+ Wflg = false; /* delete subordinate gids */
|
|
||||||
|
|
||||||
static bool is_shadow_pwd;
|
|
||||||
|
|
||||||
@@ -141,12 +148,17 @@
|
|
||||||
static bool is_shadow_grp;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+static bool is_sub_uid = false;
|
|
||||||
+static bool is_sub_gid = false;
|
|
||||||
+
|
|
||||||
static bool pw_locked = false;
|
|
||||||
static bool spw_locked = false;
|
|
||||||
static bool gr_locked = false;
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
static bool sgr_locked = false;
|
|
||||||
#endif
|
|
||||||
+static bool sub_uid_locked = false;
|
|
||||||
+static bool sub_gid_locked = false;
|
|
||||||
|
|
||||||
|
|
||||||
/* local function prototypes */
|
|
||||||
@@ -302,6 +314,69 @@
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+struct ulong_range
|
|
||||||
+{
|
|
||||||
+ unsigned long first;
|
|
||||||
+ unsigned long last;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static struct ulong_range getulong_range(const char *str)
|
|
||||||
+{
|
|
||||||
+ struct ulong_range result = { .first = ULONG_MAX, .last = 0 };
|
|
||||||
+ unsigned long long first, last;
|
|
||||||
+ char *pos;
|
|
||||||
+
|
|
||||||
+ errno = 0;
|
|
||||||
+ first = strtoll(str, &pos, 10);
|
|
||||||
+ if (('\0' == *str) || ('-' != *pos ) || (ERANGE == errno) ||
|
|
||||||
+ (first != (unsigned long int)first))
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
+ errno = 0;
|
|
||||||
+ last = strtoul(pos + 1, &pos, 10);
|
|
||||||
+ if (('\0' != *pos ) || (ERANGE == errno) ||
|
|
||||||
+ (last != (unsigned long int)last))
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
+ if (first > last)
|
|
||||||
+ goto out;
|
|
||||||
+
|
|
||||||
+ result.first = (unsigned long int)first;
|
|
||||||
+ result.last = (unsigned long int)last;
|
|
||||||
+out:
|
|
||||||
+ return result;
|
|
||||||
+
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+struct ulong_range_list_entry {
|
|
||||||
+ struct ulong_range_list_entry *next;
|
|
||||||
+ struct ulong_range range;
|
|
||||||
+};
|
|
||||||
+
|
|
||||||
+static struct ulong_range_list_entry *add_sub_uids = NULL, *del_sub_uids = NULL;
|
|
||||||
+static struct ulong_range_list_entry *add_sub_gids = NULL, *del_sub_gids = NULL;
|
|
||||||
+
|
|
||||||
+static int prepend_range(const char *str, struct ulong_range_list_entry **head)
|
|
||||||
+{
|
|
||||||
+ struct ulong_range range;
|
|
||||||
+ struct ulong_range_list_entry *entry;
|
|
||||||
+ range = getulong_range(str);
|
|
||||||
+ if (range.first > range.last)
|
|
||||||
+ return 0;
|
|
||||||
+
|
|
||||||
+ entry = malloc(sizeof(*entry));
|
|
||||||
+ if (!entry) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to allocate memory: %s\n"),
|
|
||||||
+ Prog, strerror (errno));
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ entry->next = *head;
|
|
||||||
+ entry->range = range;
|
|
||||||
+ *head = entry;
|
|
||||||
+ return 1;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* usage - display usage message and exit
|
|
||||||
*/
|
|
||||||
@@ -334,6 +409,10 @@
|
|
||||||
(void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
|
|
||||||
(void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
|
|
||||||
(void) fputs (_(" -U, --unlock unlock the user account\n"), usageout);
|
|
||||||
+ (void) fputs (_(" -v, --add-subuids FIRST-LAST add range of subordinate uids\n"), usageout);
|
|
||||||
+ (void) fputs (_(" -V, --del-subuids FIRST-LAST remvoe range of subordinate uids\n"), usageout);
|
|
||||||
+ (void) fputs (_(" -w, --add-subgids FIRST-LAST add range of subordinate gids\n"), usageout);
|
|
||||||
+ (void) fputs (_(" -W, --del-subgids FIRST-LAST remvoe range of subordinate gids\n"), usageout);
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
(void) fputs (_(" -Z, --selinux-user SEUSER new SELinux user mapping for the user account\n"), usageout);
|
|
||||||
#endif /* WITH_SELINUX */
|
|
||||||
@@ -590,6 +669,20 @@
|
|
||||||
/* continue */
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ if (sub_uid_locked) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (sub_gid_locked) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
#ifdef WITH_AUDIT
|
|
||||||
audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
|
|
||||||
@@ -889,6 +982,10 @@
|
|
||||||
{"shell", required_argument, NULL, 's'},
|
|
||||||
{"uid", required_argument, NULL, 'u'},
|
|
||||||
{"unlock", no_argument, NULL, 'U'},
|
|
||||||
+ {"add-subuids", required_argument, NULL, 'v'},
|
|
||||||
+ {"del-subuids", required_argument, NULL, 'V'},
|
|
||||||
+ {"add-subgids", required_argument, NULL, 'w'},
|
|
||||||
+ {"del-subgids", required_argument, NULL, 'W'},
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
{"selinux-user", required_argument, NULL, 'Z'},
|
|
||||||
#endif /* WITH_SELINUX */
|
|
||||||
@@ -1018,6 +1115,41 @@
|
|
||||||
case 'U':
|
|
||||||
Uflg = true;
|
|
||||||
break;
|
|
||||||
+ case 'v':
|
|
||||||
+ if (prepend_range (optarg, &add_sub_uids) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: invalid subordinate uid range '%s'\n"),
|
|
||||||
+ Prog, optarg);
|
|
||||||
+ exit(E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ vflg = true;
|
|
||||||
+ break;
|
|
||||||
+ case 'V':
|
|
||||||
+ if (prepend_range (optarg, &del_sub_uids) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: invalid subordinate uid range '%s'\n"),
|
|
||||||
+ Prog, optarg);
|
|
||||||
+ exit(E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ Vflg = true;
|
|
||||||
+ break;
|
|
||||||
+ case 'w':
|
|
||||||
+ if (prepend_range (optarg, &add_sub_gids) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: invalid subordinate gid range '%s'\n"),
|
|
||||||
+ Prog, optarg);
|
|
||||||
+ exit(E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ wflg = true;
|
|
||||||
+ case 'W':
|
|
||||||
+ if (prepend_range (optarg, &del_sub_gids) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: invalid subordinate gid range '%s'\n"),
|
|
||||||
+ Prog, optarg);
|
|
||||||
+ exit(E_BAD_ARG);
|
|
||||||
+ }
|
|
||||||
+ Wflg = true;
|
|
||||||
+ break;
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
case 'Z':
|
|
||||||
if (is_selinux_enabled () > 0) {
|
|
||||||
@@ -1170,6 +1302,7 @@
|
|
||||||
|
|
||||||
if (!(Uflg || uflg || sflg || pflg || mflg || Lflg ||
|
|
||||||
lflg || Gflg || gflg || fflg || eflg || dflg || cflg
|
|
||||||
+ || vflg || Vflg || wflg || Wflg
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
|| Zflg
|
|
||||||
#endif /* WITH_SELINUX */
|
|
||||||
@@ -1200,6 +1333,7 @@
|
|
||||||
Prog, (unsigned long) user_newid);
|
|
||||||
exit (E_UID_IN_USE);
|
|
||||||
}
|
|
||||||
+
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -1248,6 +1382,10 @@
|
|
||||||
sgr_dbname ()));
|
|
||||||
fail_exit (E_GRP_UPDATE);
|
|
||||||
}
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
+#ifdef SHADOWGRP
|
|
||||||
+ if (is_shadow_grp) {
|
|
||||||
if (sgr_unlock () == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to unlock %s\n"),
|
|
||||||
@@ -1296,6 +1434,33 @@
|
|
||||||
sgr_locked = false;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
+ if (vflg || Vflg) {
|
|
||||||
+ if (!is_sub_uid || (sub_uid_close () == 0)) {
|
|
||||||
+ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (!is_sub_uid || (sub_uid_unlock () == 0)) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = false;
|
|
||||||
+ }
|
|
||||||
+ if (wflg || Wflg) {
|
|
||||||
+ if (!is_sub_gid || (sub_gid_close () == 0)) {
|
|
||||||
+ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ if (!is_sub_gid || (sub_gid_unlock () == 0)) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = false;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Close the DBM and/or flat files
|
|
||||||
*/
|
|
||||||
@@ -1375,6 +1540,36 @@
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
+ if (vflg || Vflg) {
|
|
||||||
+ if (!is_sub_uid || (sub_uid_lock () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = true;
|
|
||||||
+ if (!is_sub_uid || (sub_uid_open (O_RDWR) == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (wflg || Wflg) {
|
|
||||||
+ if (!is_sub_gid || (sub_gid_lock () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = true;
|
|
||||||
+ if (!is_sub_gid || (sub_gid_open (O_RDWR) == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -1476,6 +1671,58 @@
|
|
||||||
fail_exit (E_PW_UPDATE);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ if (Vflg) {
|
|
||||||
+ struct ulong_range_list_entry *ptr;
|
|
||||||
+ for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
+ unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
+ if (sub_uid_remove(user_name, ptr->range.first, count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to remove uid range %lu-%lu from '%s'\n"),
|
|
||||||
+ Prog, ptr->range.first, ptr->range.last,
|
|
||||||
+ sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (vflg) {
|
|
||||||
+ struct ulong_range_list_entry *ptr;
|
|
||||||
+ for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
+ unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
+ if (sub_uid_add(user_name, ptr->range.first, count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to add uid range %lu-%lu from '%s'\n"),
|
|
||||||
+ Prog, ptr->range.first, ptr->range.last,
|
|
||||||
+ sub_uid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_UID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (Wflg) {
|
|
||||||
+ struct ulong_range_list_entry *ptr;
|
|
||||||
+ for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
+ unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
+ if (sub_gid_remove(user_name, ptr->range.first, count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to remove gid range %lu-%lu from '%s'\n"),
|
|
||||||
+ Prog, ptr->range.first, ptr->range.last,
|
|
||||||
+ sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (wflg) {
|
|
||||||
+ struct ulong_range_list_entry *ptr;
|
|
||||||
+ for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) {
|
|
||||||
+ unsigned long count = ptr->range.last - ptr->range.first + 1;
|
|
||||||
+ if (sub_gid_add(user_name, ptr->range.first, count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to add gid range %lu-%lu from '%s'\n"),
|
|
||||||
+ Prog, ptr->range.first, ptr->range.last,
|
|
||||||
+ sub_gid_dbname ());
|
|
||||||
+ fail_exit (E_SUB_GID_UPDATE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -1811,6 +2058,8 @@
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
+ is_sub_uid = sub_uid_file_present ();
|
|
||||||
+ is_sub_gid = sub_gid_file_present ();
|
|
||||||
|
|
||||||
process_flags (argc, argv);
|
|
||||||
|
|
||||||
@@ -1818,7 +2067,7 @@
|
|
||||||
* The home directory, the username and the user's UID should not
|
|
||||||
* be changed while the user is logged in.
|
|
||||||
*/
|
|
||||||
- if ( (uflg || lflg || dflg)
|
|
||||||
+ if ( (uflg || lflg || dflg || Vflg || Wflg)
|
|
||||||
&& (user_busy (user_name, user_id) != 0)) {
|
|
||||||
exit (E_USER_BUSY);
|
|
||||||
}
|
|
||||||
@@ -1871,7 +2120,7 @@
|
|
||||||
*/
|
|
||||||
open_files ();
|
|
||||||
if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg
|
|
||||||
- || sflg || uflg || Uflg) {
|
|
||||||
+ || sflg || uflg || Uflg || vflg || Vflg || wflg || Wflg) {
|
|
||||||
usr_update ();
|
|
||||||
}
|
|
||||||
if (Gflg || lflg) {
|
|
||||||
-256
@@ -1,256 +0,0 @@
|
|||||||
From ebiederm@xmission.com Tue Jan 22 09:21:21 2013
|
|
||||||
Return-Path: <ebiederm@xmission.com>
|
|
||||||
X-Original-To: serge@hallyn.com
|
|
||||||
Delivered-To: serge@hallyn.com
|
|
||||||
Received: by mail.hallyn.com (Postfix, from userid 5001)
|
|
||||||
id ADE59C80F5; Tue, 22 Jan 2013 09:21:21 +0000 (UTC)
|
|
||||||
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail
|
|
||||||
X-Spam-Level:
|
|
||||||
X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00,
|
|
||||||
RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
|
|
||||||
Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232])
|
|
||||||
(using TLSv1 with cipher AES256-SHA (256/256 bits))
|
|
||||||
(No client certificate requested)
|
|
||||||
by mail.hallyn.com (Postfix) with ESMTPS id D56AEC80DB
|
|
||||||
for <serge@hallyn.com>; Tue, 22 Jan 2013 09:21:17 +0000 (UTC)
|
|
||||||
Received: from out03.mta.xmission.com ([166.70.13.233])
|
|
||||||
by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1Txa11-0000bo-MQ; Tue, 22 Jan 2013 02:19:35 -0700
|
|
||||||
Received: from in02.mta.xmission.com ([166.70.13.52])
|
|
||||||
by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1Txa11-0005wx-1p; Tue, 22 Jan 2013 02:19:35 -0700
|
|
||||||
Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com)
|
|
||||||
by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
|
|
||||||
(Exim 4.76)
|
|
||||||
(envelope-from <ebiederm@xmission.com>)
|
|
||||||
id 1Txa0y-000519-2O; Tue, 22 Jan 2013 02:19:34 -0700
|
|
||||||
From: ebiederm@xmission.com (Eric W. Biederman)
|
|
||||||
To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= <nicolas.francois@centraliens.net>
|
|
||||||
Cc: <Pkg-shadow-devel@lists.alioth.debian.org>, Linux Containers <containers@lists.linux-foundation.org>, "Michael Kerrisk \(man-pages\)" <mtk.manpages@gmail.com>, "Serge E. Hallyn" <serge@hallyn.com>
|
|
||||||
References: <87d2wxshu0.fsf@xmission.com>
|
|
||||||
Date: Tue, 22 Jan 2013 01:19:28 -0800
|
|
||||||
In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of
|
|
||||||
"Tue, 22 Jan 2013 01:11:19 -0800")
|
|
||||||
Message-ID: <87k3r5pobj.fsf@xmission.com>
|
|
||||||
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain
|
|
||||||
X-XM-AID: U2FsdGVkX1+qhualZ5pxk+DVqanIJA7JrJwlPXicL8c=
|
|
||||||
X-SA-Exim-Connect-IP: 98.207.153.68
|
|
||||||
X-SA-Exim-Mail-From: ebiederm@xmission.com
|
|
||||||
Subject: [PATCH 10/11] newusers: Add support for assiging subordinate uids and gids.
|
|
||||||
X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700)
|
|
||||||
X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com)
|
|
||||||
X-UID: 2080
|
|
||||||
Status: O
|
|
||||||
Content-Length: 5597
|
|
||||||
Lines: 206
|
|
||||||
|
|
||||||
|
|
||||||
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
---
|
|
||||||
src/newusers.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
||||||
1 files changed, 124 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
Index: shadow/src/newusers.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/src/newusers.c 2013-02-01 15:27:53.548080347 -0600
|
|
||||||
+++ shadow/src/newusers.c 2013-02-01 15:27:53.540080347 -0600
|
|
||||||
@@ -65,6 +65,7 @@
|
|
||||||
#include "pwio.h"
|
|
||||||
#include "sgroupio.h"
|
|
||||||
#include "shadowio.h"
|
|
||||||
+#include "subordinateio.h"
|
|
||||||
#include "chkname.h"
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -82,6 +83,8 @@
|
|
||||||
#endif /* USE_SHA_CRYPT */
|
|
||||||
#endif /* !USE_PAM */
|
|
||||||
|
|
||||||
+static bool is_sub_uid = false;
|
|
||||||
+static bool is_sub_gid = false;
|
|
||||||
static bool is_shadow;
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
static bool is_shadow_grp;
|
|
||||||
@@ -90,6 +93,8 @@
|
|
||||||
static bool pw_locked = false;
|
|
||||||
static bool gr_locked = false;
|
|
||||||
static bool spw_locked = false;
|
|
||||||
+static bool sub_uid_locked = false;
|
|
||||||
+static bool sub_gid_locked = false;
|
|
||||||
|
|
||||||
/* local function prototypes */
|
|
||||||
static void usage (int status);
|
|
||||||
@@ -178,6 +183,20 @@
|
|
||||||
}
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (sub_uid_locked) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (sub_gid_locked) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
|
|
||||||
exit (code);
|
|
||||||
}
|
|
||||||
@@ -732,6 +751,24 @@
|
|
||||||
sgr_locked = true;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = true;
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_lock () == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot lock %s; try again later.\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = true;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if (pw_open (O_RDWR) == 0) {
|
|
||||||
fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ());
|
|
||||||
@@ -751,6 +788,22 @@
|
|
||||||
fail_exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_open (O_RDWR) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: cannot open %s\n"),
|
|
||||||
+ Prog, sub_gid_dbname ());
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -795,6 +848,19 @@
|
|
||||||
SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ()));
|
|
||||||
fail_exit (EXIT_FAILURE);
|
|
||||||
}
|
|
||||||
+ if (is_sub_uid && (sub_uid_close () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ()));
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid && (sub_gid_close () == 0)) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ()));
|
|
||||||
+ fail_exit (EXIT_FAILURE);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if (gr_unlock () == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
_("%s: failed to unlock %s\n"),
|
|
||||||
@@ -823,6 +889,22 @@
|
|
||||||
sgr_locked = false;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
+ if (is_sub_uid) {
|
|
||||||
+ if (sub_uid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_uid_locked = false;
|
|
||||||
+ }
|
|
||||||
+ if (is_sub_gid) {
|
|
||||||
+ if (sub_gid_unlock () == 0) {
|
|
||||||
+ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ());
|
|
||||||
+ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
|
|
||||||
+ /* continue */
|
|
||||||
+ }
|
|
||||||
+ sub_gid_locked = false;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
int main (int argc, char **argv)
|
|
||||||
@@ -864,6 +946,8 @@
|
|
||||||
#ifdef SHADOWGRP
|
|
||||||
is_shadow_grp = sgr_file_present ();
|
|
||||||
#endif
|
|
||||||
+ is_sub_uid = sub_uid_file_present ();
|
|
||||||
+ is_sub_gid = sub_gid_file_present ();
|
|
||||||
|
|
||||||
open_files ();
|
|
||||||
|
|
||||||
@@ -1044,6 +1128,46 @@
|
|
||||||
errors++;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Add subordinate uids if the user does not have them.
|
|
||||||
+ */
|
|
||||||
+ if (is_sub_uid && !sub_uid_assigned(fields[0])) {
|
|
||||||
+ uid_t sub_uid_start = 0;
|
|
||||||
+ unsigned long sub_uid_count = 0;
|
|
||||||
+ if (find_new_sub_uids(fields[0], &sub_uid_start, &sub_uid_count) == 0) {
|
|
||||||
+ if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to prepare new %s entry\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: can't find subordinate user range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ errors++;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Add subordinate gids if the user does not have them.
|
|
||||||
+ */
|
|
||||||
+ if (is_sub_gid && !sub_gid_assigned(fields[0])) {
|
|
||||||
+ gid_t sub_gid_start = 0;
|
|
||||||
+ unsigned long sub_gid_count = 0;
|
|
||||||
+ if (find_new_sub_gids(fields[0], &sub_gid_start, &sub_gid_count) == 0) {
|
|
||||||
+ if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: failed to prepare new %s entry\n"),
|
|
||||||
+ Prog, sub_uid_dbname ());
|
|
||||||
+ }
|
|
||||||
+ } else {
|
|
||||||
+ fprintf (stderr,
|
|
||||||
+ _("%s: can't find subordinate group range\n"),
|
|
||||||
+ Prog);
|
|
||||||
+ errors++;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
-1004
File diff suppressed because it is too large
Load Diff
-13
@@ -1,13 +0,0 @@
|
|||||||
Index: shadow-4.1.5.1/src/Makefile.am
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.1.5.1.orig/src/Makefile.am 2013-02-04 11:56:40.485335430 -0600
|
|
||||||
+++ shadow-4.1.5.1/src/Makefile.am 2013-02-04 11:57:49.525334261 -0600
|
|
||||||
@@ -80,6 +80,8 @@
|
|
||||||
endif
|
|
||||||
|
|
||||||
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
|
||||||
+newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
|
||||||
+newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
|
||||||
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
|
||||||
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
|
||||||
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
|
||||||
@@ -1,23 +0,0 @@
|
|||||||
Description: subordinateio: Fix subordinate_parse to have an internal static buffer
|
|
||||||
subordinate_parse is supposed to return a static structure that
|
|
||||||
represents one line in /etc/subuid or /etc/subgid. I goofed and
|
|
||||||
failed to make the variable rangebuf that holds the username of
|
|
||||||
in the returned structure static.
|
|
||||||
.
|
|
||||||
Add this missing static specification.
|
|
||||||
Author: <Eric W. Biederman" <ebiederm@xmission.com>
|
|
||||||
Origin: upstream
|
|
||||||
Forwarded: no
|
|
||||||
Index: shadow-4.1.5.1/lib/subordinateio.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-4.1.5.1.orig/lib/subordinateio.c 2013-02-04 11:56:40.265335433 -0600
|
|
||||||
+++ shadow-4.1.5.1/lib/subordinateio.c 2013-02-04 12:32:46.653298752 -0600
|
|
||||||
@@ -48,7 +48,7 @@
|
|
||||||
static void *subordinate_parse (const char *line)
|
|
||||||
{
|
|
||||||
static struct subordinate_range range;
|
|
||||||
- char rangebuf[1024];
|
|
||||||
+ static char rangebuf[1024];
|
|
||||||
int i;
|
|
||||||
char *cp;
|
|
||||||
char *fields[NFIELDS];
|
|
||||||
Vendored
-24
@@ -1,24 +0,0 @@
|
|||||||
Index: shadow-userns/src/usermod.c
|
|
||||||
===================================================================
|
|
||||||
--- shadow-userns.orig/src/usermod.c 2013-02-05 16:35:10.608485591 +0000
|
|
||||||
+++ shadow-userns/src/usermod.c 2013-02-05 17:16:20.540485591 +0000
|
|
||||||
@@ -993,9 +993,9 @@
|
|
||||||
};
|
|
||||||
while ((c = getopt_long (argc, argv,
|
|
||||||
#ifdef WITH_SELINUX
|
|
||||||
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
|
|
||||||
+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:v:w:V:W:",
|
|
||||||
#else /* !WITH_SELINUX */
|
|
||||||
- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
|
|
||||||
+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:w:V:W:",
|
|
||||||
#endif /* !WITH_SELINUX */
|
|
||||||
long_options, NULL)) != -1) {
|
|
||||||
switch (c) {
|
|
||||||
@@ -1141,6 +1141,7 @@
|
|
||||||
exit(E_BAD_ARG);
|
|
||||||
}
|
|
||||||
wflg = true;
|
|
||||||
+ break;
|
|
||||||
case 'W':
|
|
||||||
if (prepend_range (optarg, &del_sub_gids) == 0) {
|
|
||||||
fprintf (stderr,
|
|
||||||
@@ -1,80 +0,0 @@
|
|||||||
From df3c8c1f7f47ceff607595067458f1d8e53eaab8 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
||||||
Date: Fri, 21 Jun 2013 11:47:36 -0500
|
|
||||||
Subject: [PATCH 1/1] userns: add argument sanity checking
|
|
||||||
|
|
||||||
In find_new_sub_{u,g}ids, check for min, count and max values.
|
|
||||||
|
|
||||||
In idmapping.c:get_map_ranges(), make sure that the value passed
|
|
||||||
in for ranges did not overflow. Couldn't happen with the current
|
|
||||||
code, but this is a sanity check for any future potential mis-uses.
|
|
||||||
|
|
||||||
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
|
|
||||||
---
|
|
||||||
libmisc/find_new_sub_gids.c | 8 ++++++++
|
|
||||||
libmisc/find_new_sub_uids.c | 8 ++++++++
|
|
||||||
libmisc/idmapping.c | 10 ++++++++++
|
|
||||||
3 files changed, 26 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/libmisc/find_new_sub_gids.c b/libmisc/find_new_sub_gids.c
|
|
||||||
index 68046ac..fd44978 100644
|
|
||||||
--- a/libmisc/find_new_sub_gids.c
|
|
||||||
+++ b/libmisc/find_new_sub_gids.c
|
|
||||||
@@ -58,6 +58,14 @@ int find_new_sub_gids (const char *owner,
|
|
||||||
max = getdef_ulong ("SUB_GID_MAX", 600100000UL);
|
|
||||||
count = getdef_ulong ("SUB_GID_COUNT", 10000);
|
|
||||||
|
|
||||||
+ if (min >= max || count >= max || (min + count) >= max) {
|
|
||||||
+ (void) fprintf (stderr,
|
|
||||||
+ _("%s: Invalid configuration: SUB_GID_MIN (%lu),"
|
|
||||||
+ " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"),
|
|
||||||
+ Prog, min, max, count);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Is there a preferred range that works? */
|
|
||||||
if ((*range_count != 0) &&
|
|
||||||
(*range_start >= min) &&
|
|
||||||
diff --git a/libmisc/find_new_sub_uids.c b/libmisc/find_new_sub_uids.c
|
|
||||||
index f1720f9..b608c59 100644
|
|
||||||
--- a/libmisc/find_new_sub_uids.c
|
|
||||||
+++ b/libmisc/find_new_sub_uids.c
|
|
||||||
@@ -58,6 +58,14 @@ int find_new_sub_uids (const char *owner,
|
|
||||||
max = getdef_ulong ("SUB_UID_MAX", 600100000UL);
|
|
||||||
count = getdef_ulong ("SUB_UID_COUNT", 10000);
|
|
||||||
|
|
||||||
+ if (min >= max || count >= max || (min + count) >= max) {
|
|
||||||
+ (void) fprintf (stderr,
|
|
||||||
+ _("%s: Invalid configuration: SUB_UID_MIN (%lu),"
|
|
||||||
+ " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"),
|
|
||||||
+ Prog, min, max, count);
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* Is there a preferred range that works? */
|
|
||||||
if ((*range_count != 0) &&
|
|
||||||
(*range_start >= min) &&
|
|
||||||
diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c
|
|
||||||
index cb9e898..4147796 100644
|
|
||||||
--- a/libmisc/idmapping.c
|
|
||||||
+++ b/libmisc/idmapping.c
|
|
||||||
@@ -41,6 +41,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv)
|
|
||||||
struct map_range *mappings, *mapping;
|
|
||||||
int idx, argidx;
|
|
||||||
|
|
||||||
+ if (ranges < 0 || argc < 0) {
|
|
||||||
+ fprintf(stderr, "%s: error calculating number of arguments\n", Prog);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (ranges != ((argc - 2) + 2) / 3) {
|
|
||||||
+ fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc);
|
|
||||||
+ return NULL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
if ((ranges * 3) > argc) {
|
|
||||||
fprintf(stderr, "ranges: %u argc: %d\n",
|
|
||||||
ranges, argc);
|
|
||||||
--
|
|
||||||
1.8.1.2
|
|
||||||
|
|
||||||
Vendored
-26
@@ -1,26 +0,0 @@
|
|||||||
Index: shadow/man/subgid.5.xml
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/subgid.5.xml 2013-03-06 15:19:23.848386200 -0600
|
|
||||||
+++ shadow/man/subgid.5.xml 2013-03-06 15:19:51.240386816 -0600
|
|
||||||
@@ -104,7 +104,7 @@
|
|
||||||
<refentrytitle>subuid</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>,
|
|
||||||
<citerefentry>
|
|
||||||
- <refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>,
|
|
||||||
<citerefentry>
|
|
||||||
<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
Index: shadow/man/subuid.5.xml
|
|
||||||
===================================================================
|
|
||||||
--- shadow.orig/man/subuid.5.xml 2013-03-06 15:19:09.660385881 -0600
|
|
||||||
+++ shadow/man/subuid.5.xml 2013-03-06 15:19:44.956386675 -0600
|
|
||||||
@@ -104,7 +104,7 @@
|
|
||||||
<refentrytitle>subgid</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>,
|
|
||||||
<citerefentry>
|
|
||||||
- <refentrytitle>logindefs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
+ <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
|
||||||
</citerefentry>,
|
|
||||||
<citerefentry>
|
|
||||||
<refentrytitle>newuidmap</refentrytitle><manvolnum>1</manvolnum>
|
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user