- Update to 4.17.1:
* su: Fix `su -` regression #1163 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=186
This commit is contained in:
commit
113257727e
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
28
disable_new_audit_function.patch
Normal file
28
disable_new_audit_function.patch
Normal file
@ -0,0 +1,28 @@
|
||||
Index: shadow-4.5/src/lastlog.c
|
||||
===================================================================
|
||||
--- shadow-4.5.orig/src/lastlog.c
|
||||
+++ shadow-4.5/src/lastlog.c
|
||||
@@ -221,12 +221,15 @@ static void update_one (/*@null@*/const
|
||||
strcpy (ll.ll_host, "localhost");
|
||||
#endif
|
||||
strcpy (ll.ll_line, "lastlog");
|
||||
+/*
|
||||
#ifdef WITH_AUDIT
|
||||
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
"clearing-lastlog",
|
||||
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
#endif
|
||||
+*/
|
||||
}
|
||||
+/*
|
||||
#ifdef WITH_AUDIT
|
||||
else {
|
||||
audit_logger (AUDIT_ACCT_UNLOCK, Prog,
|
||||
@@ -234,6 +237,7 @@ static void update_one (/*@null@*/const
|
||||
pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
|
||||
}
|
||||
#endif
|
||||
+*/
|
||||
|
||||
if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
|
||||
fprintf (stderr,
|
BIN
pamd.tar.bz2
(Stored with Git LFS)
Normal file
BIN
pamd.tar.bz2
(Stored with Git LFS)
Normal file
Binary file not shown.
3
shadow-4.16.0.tar.xz
Normal file
3
shadow-4.16.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b
|
||||
size 2204832
|
16
shadow-4.16.0.tar.xz.asc
Normal file
16
shadow-4.16.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmZyBfQACgkQfcJMNsM0
|
||||
HSA4PxAA57RSvccAbXTTmp2sHMZVPbzizydThuGgqY/4F9egRvywUUlNy0vz/QAA
|
||||
e0u8ja+paKhLjXg4HvA/Ejy+gtAE5NuvNCr/ihL8Xii6s/GH6OaW8EDcL0509j7L
|
||||
PchWYkHYSqwdqdjLoy6NroaaEEllAzVEeNp2UzN9F7jllteF8gDjqY2j8SLqrkmm
|
||||
Xb15kzk6mbqk5BxAOoZmgoRRDw+YRCBA2EzN0ztwR0h1rjwoCjebQk3E/qV+fM1t
|
||||
pKKYVTnLRmb9E2tvPR1Oibzercisi/+6Z7br+Xh1Gz/mfZ++4CiOQrJndUTBj9zU
|
||||
v7GEHMEdV8qz/Qzvh1eyxA7KX5zZqbXT3I/+kRvX01CJtI64MVdEOOqSeup794fr
|
||||
QlaptfoAfe+ZS6exe1SwY2tZkoX4qXeeUNQXRBo8GJlG9auMA46U2CjtRGgyK6BK
|
||||
cf/YkzUr9aTWExL3d2tZJzvEX80AHSR+MF2kW8UzIQI8hch1Pncp8an6NfLFbmsl
|
||||
nyz5+GqrSuc1gNe7wnz5Lkxk3q4epmvdPcyrb16XDr42k3dP0IWZE50c8Caf05Nq
|
||||
9zJC+It75nX7PFbGcZnNgE6sjsc6MB28O2wUb4Z51IU+s8hzthk2P4v0gq30TgrZ
|
||||
vKTXxIYwp+yLii1sSTWUdE8a6vNK93cQki5uuB3R6VeNVBMZJA0=
|
||||
=bB1D
|
||||
-----END PGP SIGNATURE-----
|
3
shadow-4.17.0.tar.xz
Normal file
3
shadow-4.17.0.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:df0d29d09ed1db609234aaec670f55ebf724bc7bd0b377c8a299913669b7878e
|
||||
size 2215120
|
11
shadow-4.17.0.tar.xz.asc
Normal file
11
shadow-4.17.0.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmdsil0ACgkQNXDaFycK
|
||||
ziTmHggAxiGaTy3ji/emoJfqrShivle3axD3ZtMQlQfqPZxlYeGlAHjLNlWJwZ1T
|
||||
G8rfyXCFNgYK0Y9gbrnKZE8bRtiDTCqZsNuy3hZ7GnMfmz+nRpW2xJebEg8IeKO6
|
||||
SSA7XrPvoCjoICYDq8oSnQ/eAkximD9/1BwXALJzi7SQ2nvuQh0J7LkhIB1rvfqN
|
||||
EYlw1lRosxb6nRbX0NCd4RPI0e1TlrNyKOxiUdyHacxjDrmBtybpi038+O8qpzhB
|
||||
TmdrJHYRh7tJKZWZx5s/hTlvY+b881/lHaPvOENhQ36Dw6YL7CflTgYemMLTv/rD
|
||||
Ztp08iv/DogJzE1wPPrqw+LED3ePbQ==
|
||||
=2jUF
|
||||
-----END PGP SIGNATURE-----
|
3
shadow-4.17.1.tar.xz
Normal file
3
shadow-4.17.1.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:4115a57f9404a038085e160920fb395827fe34363287f709bb9d8c1ed8cbce02
|
||||
size 2217588
|
11
shadow-4.17.1.tar.xz.asc
Normal file
11
shadow-4.17.1.tar.xz.asc
Normal file
@ -0,0 +1,11 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmd0SHAACgkQNXDaFycK
|
||||
ziR66Af/XxOlsvOU+ZUO/femk90p9isAzv3qT06EfcKCG/H4WHZ2j/exhR+YiZOD
|
||||
Svp+yPMghv5pZQl1F5WhR96B6zvfh5ldulXDTItDDytwQTQCPS1PQa4nJXqWMX6f
|
||||
K3DWhEQql2wnE4gxL5TpbvziQeigbPeDUvqfw1lLe4IzQyxGC+IHxSIN3J3t33xd
|
||||
naC3FSrchnPAWUhk6iLy5MXJWDdTI4DX3Vy43BAWvDE+eg+RYqOU92QwnhZ98raS
|
||||
O4a9ZPtWn4SkyssvG58IQjaZOAtm5atR4jD2z2W7fbh3So/dhkDijVwzJczLeOxj
|
||||
ru7RkYTDCfYJBqF+HKZout9Fyv2opA==
|
||||
=wDSA
|
||||
-----END PGP SIGNATURE-----
|
286
shadow-login_defs-check.sh
Normal file
286
shadow-login_defs-check.sh
Normal file
@ -0,0 +1,286 @@
|
||||
#!/bin/bash
|
||||
|
||||
# login.defs and lib/getdef.c contain support for third party variables.
|
||||
# It also contains support for variables that are unusable in installations with PAM support enabled.
|
||||
# This script generates a list of used and unused variables in login.defs
|
||||
# with respect to the current configuration.
|
||||
# Arguments: arguments of osc build
|
||||
# If the shadow-login_defs-check-unused.lst is generated, you should
|
||||
# update login.defs.
|
||||
|
||||
set -o errexit
|
||||
|
||||
echo "Preparing..."
|
||||
|
||||
# Check for required commands
|
||||
which quilt >/dev/null
|
||||
which osc >/dev/null
|
||||
|
||||
# login.defs is shared with util-linux login, su and runuser.
|
||||
# Extract list of referenced variables.
|
||||
if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
|
||||
echo "Checking out util-linux..."
|
||||
if test -d ../util-linux ; then
|
||||
echo -n "../util-linux found. Are you preparing new version? (y/N) "
|
||||
read
|
||||
if test "${REPLY:0:1}" = "y" ; then
|
||||
mkdir -p openSUSE:Factory
|
||||
cp -a ../util-linux openSUSE:Factory/
|
||||
else
|
||||
osc co openSUSE:Factory util-linux
|
||||
fi
|
||||
else
|
||||
osc co openSUSE:Factory util-linux
|
||||
fi
|
||||
cd openSUSE:Factory/util-linux
|
||||
quilt setup -d BUILD util-linux.spec
|
||||
cd BUILD/*
|
||||
quilt push -a
|
||||
cd ../../../..
|
||||
fi
|
||||
|
||||
echo "Extracting variables from util-linux..."
|
||||
cd openSUSE:Factory/util-linux/BUILD/*
|
||||
(
|
||||
grep -rh getlogindefs . |
|
||||
sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
|
||||
grep -rh logindefs_setenv . |
|
||||
sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", "\([A-Z0-9_]*\)".*$/\1/p'
|
||||
) |
|
||||
LC_ALL=C sort -u >../../../../shadow-login_defs-check-util-linux.lst
|
||||
cd ../../../..
|
||||
|
||||
# login.defs is shared pam_unix*.so, pam_faildelay.so and pam_umask.so.
|
||||
# Extract list of referenced variables.
|
||||
if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
|
||||
echo "Checking out pam..."
|
||||
if test -d ../pam ; then
|
||||
echo -n "../pam found. Are you preparing new version? (y/N) "
|
||||
read
|
||||
if test "${REPLY:0:1}" = "y" ; then
|
||||
mkdir -p openSUSE:Factory
|
||||
cp -a ../pam openSUSE:Factory/
|
||||
else
|
||||
osc co openSUSE:Factory pam
|
||||
fi
|
||||
else
|
||||
osc co openSUSE:Factory pam
|
||||
fi
|
||||
cd openSUSE:Factory/pam
|
||||
quilt setup -d BUILD pam.spec
|
||||
cd BUILD/*
|
||||
quilt push -a
|
||||
cd ../../../..
|
||||
fi
|
||||
|
||||
echo "Extracting variables from pam..."
|
||||
cd openSUSE:Factory/pam/BUILD/*
|
||||
grep -rh LOGIN_DEFS . |
|
||||
sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
|
||||
LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
|
||||
cd ../../../..
|
||||
|
||||
if ! test -f shadow-login_defs-check-build/stamp ; then
|
||||
echo "Performing preprocessing of shadow by osc..."
|
||||
if ! test -f shadow.spec.shadow-login_defs-check-save ; then
|
||||
cp -a shadow.spec shadow.spec.shadow-login_defs-check-save
|
||||
|
||||
# In case of shadow, variables extraction is more complicated. The list
|
||||
# depends on configure options, so we have to perform a fake build and
|
||||
# extract variables from prepreocessed sources.
|
||||
# sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
|
||||
sed -i 's/^%make_build/%make_build -k CPPFLAGS=\\"-E\\"/' shadow.spec
|
||||
if cmp -s shadow.spec shadow.spec.shadow-login_defs-check-save ; then
|
||||
echo "$0: Please fix sed expression modifying shadow.spec."
|
||||
mv shadow.spec.shadow-login_defs-check-save shadow.spec
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if osc build "$@" ; then
|
||||
echo "This build command was expected to fail, but it succeeded."
|
||||
echo "$0: Please fix sed expression modifying shadow.spec."
|
||||
mv shadow.spec.shadow-login_defs-check-save shadow.spec
|
||||
exit 1
|
||||
else
|
||||
echo "This build command was expected to fail."
|
||||
echo ""
|
||||
fi
|
||||
mv shadow.spec.shadow-login_defs-check-save shadow.spec
|
||||
|
||||
BUILD_ROOT=$(osc lbl | sed -n 's/^.*Using BUILD_ROOT=//p')
|
||||
BUILD_DIR=$(osc lbl | sed -n 's/^.* cd //p' | head -n1)
|
||||
rm -rf shadow-login_defs-check-build
|
||||
mkdir shadow-login_defs-check-build
|
||||
cp -a "$BUILD_ROOT/$BUILD_DIR"/shadow-* shadow-login_defs-check-build/
|
||||
touch shadow-login_defs-check-build/stamp
|
||||
fi
|
||||
|
||||
echo "Extracting list of deleted binaries..."
|
||||
sed -n 's~rm %{buildroot}/%{_\(s\|\)bindir}/\(.*\)$~\2~p' <shadow.spec >shadow-login_defs-check-deleted.lst
|
||||
|
||||
# The build above is optional only for case of failure or edits in the
|
||||
# code below. If any other build was performed, don't expect correct
|
||||
# results.
|
||||
|
||||
cd shadow-login_defs-check-build/shadow-*
|
||||
|
||||
echo "Extracting variables from etc/login.defs..."
|
||||
# Extract variables referenced in login.defs, both active and commented out.
|
||||
sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
|
||||
LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst
|
||||
|
||||
echo "Extracting variables from lib/getdef.c..."
|
||||
# Extract variables referenced in lib/getdef.c using current defines.
|
||||
sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' <lib/libshadow_la-getdef.o >../../shadow-login_defs-check-getdef.lst
|
||||
LC_ALL=C sort -u ../../shadow-login_defs-check-getdef.lst >../../shadow-login_defs-check-getdef-sorted.lst
|
||||
|
||||
echo "Extracting variables from shadow..."
|
||||
# Extract variables referenced in preprocessed files.
|
||||
grep -r '\(getdef[a-z_]*\|call_script\|is_listed\) *( *"[A-Za-z0-9_]*"' |
|
||||
grep '[^ ]*\.o:' >../../shadow-login_defs-check-shadow.log
|
||||
|
||||
cd ../..
|
||||
|
||||
export RC=0
|
||||
echo ""
|
||||
echo ""
|
||||
echo "Performing checks..."
|
||||
|
||||
sed '
|
||||
s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
|
||||
' <shadow-login_defs-check-shadow.log | LC_ALL=C sort -u >../../shadow-login_defs-check-shadow-all.lst
|
||||
|
||||
sed 's%^\(.*\)%/^.*\\\/\1\.o:/d%' <shadow-login_defs-check-deleted.lst >shadow-login_defs-check-deleted.sed
|
||||
sed -f shadow-login_defs-check-deleted.sed <shadow-login_defs-check-shadow.log |
|
||||
sed '
|
||||
s/^.*\(getdef[a-z_]*\|call_script\|is_listed*\) *( *"\([A-Za-z0-9_]*\)".*$/\2/
|
||||
' | LC_ALL=C sort -u >shadow-login_defs-check-shadow-used.lst
|
||||
|
||||
if ! test -s shadow-login_defs-check-deleted.sed ; then
|
||||
echo " BUG: Empty shadow-login_defs-check-deleted.sed Results will be unreliable!"
|
||||
if test $RC -le 4 ; then export RC=4 ; fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Checking that variables in login.defs are referred only once..."
|
||||
if test $(wc -l shadow-login_defs-check-login_defs.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-login_defs-sorted.lst | sed 's/ .*//') ; then
|
||||
echo " ERROR: Some variable referred at more places of login.defs!"
|
||||
LC_ALL=C sort shadow-login_defs-check-login_defs.lst >shadow-login_defs-check-login_defs-sorted-nu.lst
|
||||
diff shadow-login_defs-check-login_defs-sorted-nu.lst shadow-login_defs-check-login_defs-sorted.lst
|
||||
if test $RC -le 3 ; then export RC=3 ; fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Checking that variables in lib/getdef.c are referred only once..."
|
||||
if test $(wc -l shadow-login_defs-check-getdef.lst | sed 's/ .*//') != $(wc -l shadow-login_defs-check-getdef-sorted.lst | sed 's/ .*//') ; then
|
||||
echo " ERROR: Some variable referred at more places of lib/getdef.c!"
|
||||
LC_ALL=C sort shadow-login_defs-check-getdef.lst >shadow-login_defs-check-getdef-sorted-nu.lst
|
||||
diff shadow-login_defs-check-getdef-sorted-nu.lst shadow-login_defs-check-getdef-sorted.lst
|
||||
if test $RC -le 3 ; then export RC=3 ; fi
|
||||
fi
|
||||
|
||||
cat shadow-login_defs-check-shadow-used.lst shadow-login_defs-check-util-linux.lst shadow-login_defs-check-pam.lst | LC_ALL=C sort -u >shadow-login_defs-check-all-used.lst
|
||||
# RC inside pipe cannot be read directly. Use 3 for a real stdout inside the pipe, and use stdout for RC.
|
||||
exec 3>&1
|
||||
function report_packages() {
|
||||
echo -n " ("
|
||||
grep -l $1 shadow-login_defs-check-{shadow-used,util-linux,pam}.lst |
|
||||
sed 's/shadow-login_defs-check-//;s/\.lst//;s/-used//;s/$/, /;$s/, $//' |
|
||||
tr -d '\n'
|
||||
echo -n ")"
|
||||
}
|
||||
|
||||
# Extracting variables from shadow is not capable to identify compiled-but-unused library code.
|
||||
# This function will identify known false matches.
|
||||
function falsematch() {
|
||||
case "$1" in
|
||||
# MAIL_* used by library call mailcheck() used only by login.c that is deleted in the spec.
|
||||
MAIL_* ) return 0 ;;
|
||||
# FTMP_FILE used by library call failtmp() used only by login.c that is deleted in the spec.
|
||||
FTMP_FILE ) return 0 ;;
|
||||
# ISSUE_FILE used by library call login_prompt() used only by login.c that is deleted in the spec.
|
||||
ISSUE_FILE ) return 0 ;;
|
||||
# PREVENT_NO_AUTH us used only by login.c and su.c that are deleted in the spec.
|
||||
PREVENT_NO_AUTH ) return 0 ;;
|
||||
* ) return 1 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
echo ""
|
||||
echo "Checking that all used variables are covered by login.defs..."
|
||||
RC=$(cat shadow-login_defs-check-all-used.lst | (
|
||||
while read ; do
|
||||
if falsematch "$REPLY" ; then
|
||||
echo " FALSE MATCH: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
|
||||
continue
|
||||
fi
|
||||
if ! grep -q -x "$REPLY" shadow-login_defs-check-login_defs-sorted.lst ; then
|
||||
echo " NOTICE: Variable $REPLY is not present in login.defs$(report_packages $REPLY)" >&3
|
||||
if test $RC -le 2 ; then RC=2 ; fi
|
||||
fi
|
||||
done
|
||||
echo $RC
|
||||
) )
|
||||
|
||||
echo ""
|
||||
echo "Checking that all used variables are covered by lib/getdef.c..."
|
||||
RC=$(cat shadow-login_defs-check-all-used.lst | (
|
||||
while read ; do
|
||||
if falsematch "$REPLY" ; then continue ; fi
|
||||
if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
|
||||
echo " ERROR: Variable $REPLY is missing in the parser$(report_packages $REPLY)" >&3
|
||||
if test $RC -le 3 ; then RC=3 ; fi
|
||||
fi
|
||||
done
|
||||
echo $RC
|
||||
) )
|
||||
|
||||
echo ""
|
||||
echo "Checking that all used variables referred in login.defs are valid..."
|
||||
RC=$(cat shadow-login_defs-check-login_defs.lst | (
|
||||
while read ; do
|
||||
if ! grep -q -x "$REPLY" shadow-login_defs-check-all-used.lst ; then
|
||||
echo " ERROR: Failed to find reference for $REPLY" >&3
|
||||
if test $RC -le 3 ; then RC=3 ; fi
|
||||
fi
|
||||
if ! grep -q -x "$REPLY" shadow-login_defs-check-getdef.lst ; then
|
||||
echo " BUG: Parser does not contain reference for $REPLY" >&3
|
||||
if test $RC -le 4 ; then RC=4 ; fi
|
||||
fi
|
||||
done
|
||||
echo $RC
|
||||
) )
|
||||
|
||||
|
||||
echo ""
|
||||
echo ""
|
||||
echo "All checks finished."
|
||||
echo -n "Result: "
|
||||
case $RC in
|
||||
0) echo "OK." ;;
|
||||
1) echo "Notices only. Action is optional." ;;
|
||||
2) echo "Warnings only. Evaluation is needed." ;;
|
||||
3) echo "Errors found. Fix is recommended." ;;
|
||||
4) echo "Fatal error. Fix has to be done." ;;
|
||||
esac
|
||||
|
||||
if test $RC -ge 1 ; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo "
|
||||
If you ported shadow-util-linux.patch to the new util-linux version,
|
||||
please submit these updates:
|
||||
Change in util-linux.spec:"
|
||||
sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-util-linux >= /p' <openSUSE\:Factory/util-linux/util-linux.spec
|
||||
echo "Change in shadow.spec:"
|
||||
sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-util-linux = /p' <openSUSE\:Factory/util-linux/util-linux.spec
|
||||
|
||||
echo "
|
||||
If you ported shadow-login_defs-unused-by-pam.patch to the new pam version,
|
||||
please submit these updates:
|
||||
Change in pam.spec:"
|
||||
sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-pam >= /p' <openSUSE\:Factory/pam/pam.spec
|
||||
echo "Change in shadow.spec:"
|
||||
sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-pam = /p' <openSUSE\:Factory/pam/pam.spec
|
72
shadow-login_defs-comments.patch
Normal file
72
shadow-login_defs-comments.patch
Normal file
@ -0,0 +1,72 @@
|
||||
Improve comments in login.defs.
|
||||
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -3,8 +3,6 @@
|
||||
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
||||
# package as well pam pam_unix(8) from pam package.
|
||||
#
|
||||
-# $Id$
|
||||
-#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin
|
||||
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
-# If this variable is set to "yes", su will always set path. every su
|
||||
-# call will overwrite the PATH variable.
|
||||
+# If this variable is set to "yes" (default is "no"), su will always set
|
||||
+# path. every su call will overwrite the PATH variable.
|
||||
#
|
||||
# Per default, only "su -" will set a new PATH.
|
||||
#
|
||||
+# The recommended value is "yes". The default "no" behavior could have
|
||||
+# a security implication in applications that use commands without path.
|
||||
+#
|
||||
ALWAYS_SET_PATH no
|
||||
|
||||
#
|
||||
@@ -148,6 +149,11 @@ PASS_WARN_AGE 7
|
||||
#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
|
||||
+# UIDs for dynamically allocated administrative and system accounts.
|
||||
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
|
||||
+# allocated user accounts.
|
||||
+#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd(8)
|
||||
#
|
||||
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
|
||||
+# GIDs for dynamically allocated administrative and system groups.
|
||||
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
|
||||
+# allocated groups.
|
||||
+#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
@@ -196,7 +207,6 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
-# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
# It supports passwords of unlimited length and longer salt strings.
|
||||
@@ -211,7 +221,6 @@ CHFN_RESTRICT rwh
|
||||
#MD5_CRYPT_ENAB no
|
||||
|
||||
#
|
||||
-# Only works if compiled with ENCRYPTMETHOD_SELECT defined:
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
|
||||
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
|
148
shadow-login_defs-suse.patch
Normal file
148
shadow-login_defs-suse.patch
Normal file
@ -0,0 +1,148 @@
|
||||
Set login.defs defaults for SUSE Linux.
|
||||
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -3,6 +3,9 @@
|
||||
# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
||||
# package as well pam pam_unix(8) from pam package.
|
||||
#
|
||||
+# For more, see login.defs(5). Please note that SUSE supports only variables
|
||||
+# listed here! Not listed variables from login.defs(5) have no effect.
|
||||
+#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -52,8 +55,8 @@ CONSOLE /etc/securetty
|
||||
# If defined, ":" delimited list of "message of the day" files to
|
||||
# be displayed upon login.
|
||||
#
|
||||
-MOTD_FILE /etc/motd
|
||||
-#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
+MOTD_FILE ""
|
||||
+#MOTD_FILE /etc/motd:/usr/share/misc/motd
|
||||
|
||||
#
|
||||
# If set to "yes", login stops display content specified by MOTD_FILE after
|
||||
@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
-HUSHLOGIN_FILE .hushlogin
|
||||
-#HUSHLOGIN_FILE /etc/hushlogins
|
||||
+#HUSHLOGIN_FILE .hushlogin
|
||||
+HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
# If this variable is set to "yes", hostname will be suppressed in the
|
||||
# login: prompt.
|
||||
@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin
|
||||
# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
||||
# (and falback for login).
|
||||
#
|
||||
-ENV_PATH /bin:/usr/bin
|
||||
-ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
-#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
+ENV_PATH /usr/local/bin:/bin:/usr/bin
|
||||
+ENV_ROOTPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
+#ENV_SUPATH /usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
# If this variable is set to "yes" (default is "no"), su will always set
|
||||
# path. every su call will overwrite the PATH variable.
|
||||
@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b
|
||||
# The recommended value is "yes". The default "no" behavior could have
|
||||
# a security implication in applications that use commands without path.
|
||||
#
|
||||
-ALWAYS_SET_PATH no
|
||||
+ALWAYS_SET_PATH yes
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no
|
||||
# set TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
-TTYPERM 0600
|
||||
+TTYPERM 0620
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -133,7 +136,7 @@ UMASK 022
|
||||
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
|
||||
# home directories.
|
||||
# If HOME_MODE is not set, the value of UMASK is used to create the mode.
|
||||
-#HOME_MODE 0700
|
||||
+HOME_MODE 0700
|
||||
|
||||
#
|
||||
# Password aging controls:
|
||||
@@ -157,8 +160,8 @@ PASS_WARN_AGE 7
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_UID_MIN 101
|
||||
-SYS_UID_MAX 999
|
||||
+SYS_UID_MIN 100
|
||||
+SYS_UID_MAX 499
|
||||
# Extra per user uids
|
||||
SUB_UID_MIN 100000
|
||||
SUB_UID_MAX 600100000
|
||||
@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_GID_MIN 101
|
||||
-SYS_GID_MAX 999
|
||||
+SYS_GID_MIN 100
|
||||
+SYS_GID_MAX 499
|
||||
# Extra per user group ids
|
||||
SUB_GID_MIN 100000
|
||||
SUB_GID_MAX 600100000
|
||||
@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536
|
||||
#
|
||||
# Max number of login(1) retries if password is bad
|
||||
#
|
||||
-LOGIN_RETRIES 5
|
||||
+LOGIN_RETRIES 3
|
||||
|
||||
#
|
||||
# Tell login to only re-prompt for the password if authentication
|
||||
@@ -207,18 +210,9 @@ LOGIN_TIMEOUT 60
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
-# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
-# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
-# It supports passwords of unlimited length and longer salt strings.
|
||||
-# Set to "no" if you need to copy encrypted passwords to other systems
|
||||
-# which don't understand the new algorithm. Default is "no".
|
||||
-#
|
||||
-# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
-# the PAM modules configuration.
|
||||
-#
|
||||
-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
|
||||
+# This variable is deprecated. Use ENCRYPT_METHOD instead!
|
||||
#
|
||||
-#MD5_CRYPT_ENAB no
|
||||
+#MD5_CRYPT_ENAB DO_NOT_USE
|
||||
|
||||
#
|
||||
# If set to MD5, MD5-based algorithm will be used for encrypting password
|
||||
@@ -233,7 +227,7 @@ CHFN_RESTRICT rwh
|
||||
# Note: If you use PAM, it is recommended to use a value consistent with
|
||||
# the PAM modules configuration.
|
||||
#
|
||||
-#ENCRYPT_METHOD DES
|
||||
+ENCRYPT_METHOD SHA512
|
||||
|
||||
#
|
||||
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
|
||||
@@ -299,7 +293,7 @@ USERGROUPS_ENAB yes
|
||||
# This option is overridden with the -M or -m flags on the useradd(8)
|
||||
# command-line.
|
||||
#
|
||||
-#CREATE_HOME yes
|
||||
+CREATE_HOME yes
|
||||
|
||||
#
|
||||
# Force use shadow, even if shadow passwd & shadow group files are
|
280
shadow-login_defs-unused-by-pam.patch
Normal file
280
shadow-login_defs-unused-by-pam.patch
Normal file
@ -0,0 +1,280 @@
|
||||
Remove variables that are present in login.defs, but shadow with the
|
||||
current configuration (e. g. with PAM) does not use them.
|
||||
|
||||
It also includes variables used by the current configuration, but deleted
|
||||
in the spec file.
|
||||
|
||||
shadow-login_defs-unused-check.sh makes possible to verify that it is
|
||||
still up to date.
|
||||
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -12,11 +12,6 @@
|
||||
FAIL_DELAY 3
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/faillog login(1) failure info.
|
||||
-#
|
||||
-FAILLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable display of unknown usernames when login(1) failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/lastlog login(1) time info.
|
||||
-#
|
||||
-LASTLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
# be updated.
|
||||
#
|
||||
@@ -41,29 +31,6 @@ LASTLOG_ENAB yes
|
||||
#LASTLOG_UID_MAX
|
||||
|
||||
#
|
||||
-# Enable checking and display of mailbox status upon login.
|
||||
-#
|
||||
-# Disable if the shell startup files already check for mail
|
||||
-# ("mailx -e" or equivalent).
|
||||
-#
|
||||
-MAIL_CHECK_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable additional checks upon password changes.
|
||||
-#
|
||||
-OBSCURE_CHECKS_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable checking of time restrictions specified in /etc/porttime.
|
||||
-#
|
||||
-PORTTIME_CHECKS_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
|
||||
-#
|
||||
-QUOTAS_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
#
|
||||
@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
-# If defined, this file will be output before each login(1) prompt.
|
||||
-#
|
||||
-#ISSUE_FILE /etc/issue
|
||||
-
|
||||
-#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format similar to "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
-# If defined, login(1) failures will be logged here in a utmp format.
|
||||
-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
|
||||
-#
|
||||
-FTMP_FILE /var/log/btmp
|
||||
-
|
||||
-#
|
||||
-# If defined, name of file whose presence will inhibit non-root
|
||||
-# logins. The content of this file should be a message indicating
|
||||
-# why logins are inhibited.
|
||||
-#
|
||||
-NOLOGINS_FILE /etc/nologin
|
||||
-
|
||||
-#
|
||||
-# If defined, the command name to display when running "su -". For
|
||||
-# example, if this is defined as "su" then ps(1) will display the
|
||||
-# command as "-su". If not defined, then ps(1) will display the
|
||||
-# name of the shell actually being run, e.g. something like "-sh".
|
||||
-#
|
||||
-SU_NAME su
|
||||
-
|
||||
-#
|
||||
-# *REQUIRED*
|
||||
-# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
-# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||
-#
|
||||
-MAIL_DIR /var/spool/mail
|
||||
-#MAIL_FILE .mail
|
||||
-
|
||||
-#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
-# If defined, either a TZ environment parameter spec or the
|
||||
-# fully-rooted pathname of a file containing such a spec.
|
||||
-#
|
||||
-#ENV_TZ TZ=CST6CDT
|
||||
-#ENV_TZ /etc/tzname
|
||||
-
|
||||
-#
|
||||
-# If defined, an HZ environment parameter spec.
|
||||
-#
|
||||
-# for Linux/x86
|
||||
-ENV_HZ HZ=100
|
||||
-# For Linux/Alpha...
|
||||
-#ENV_HZ HZ=1024
|
||||
-
|
||||
-#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
@@ -180,17 +98,13 @@ TTYPERM 0600
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
-# ULIMIT Default "ulimit" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
-# The ULIMIT is used only if the system supports it.
|
||||
-# (now it works with setrlimit too; ulimit is in 512-byte units)
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
-#ULIMIT 2097152
|
||||
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
@@ -211,23 +125,13 @@ UMASK 022
|
||||
#
|
||||
# PASS_MAX_DAYS Maximum number of days a password may be used.
|
||||
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
|
||||
-# PASS_MIN_LEN Minimum acceptable password length.
|
||||
# PASS_WARN_AGE Number of days warning given before a password expires.
|
||||
#
|
||||
PASS_MAX_DAYS 99999
|
||||
PASS_MIN_DAYS 0
|
||||
-PASS_MIN_LEN 5
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
-# If "yes", the user must be listed as a member of the first gid 0 group
|
||||
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
|
||||
-# to uid 0 accounts. If the group doesn't exist or is empty, no one
|
||||
-# will be able to "su" to uid 0.
|
||||
-#
|
||||
-SU_WHEEL_ONLY no
|
||||
-
|
||||
-#
|
||||
# Min/max values for automatic uid selection in useradd(8)
|
||||
#
|
||||
UID_MIN 1000
|
||||
@@ -264,28 +168,6 @@ LOGIN_RETRIES 5
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
-# Maximum number of attempts to change password if rejected (too easy)
|
||||
-#
|
||||
-PASS_CHANGE_TRIES 5
|
||||
-
|
||||
-#
|
||||
-# Warn about weak passwords (but still allow them) if you are root.
|
||||
-#
|
||||
-PASS_ALWAYS_WARN yes
|
||||
-
|
||||
-#
|
||||
-# Number of significant characters in the password for crypt().
|
||||
-# Default is 8, don't change unless your crypt() is better.
|
||||
-# Ignored if MD5_CRYPT_ENAB set to "yes".
|
||||
-#
|
||||
-#PASS_MAX_LEN 8
|
||||
-
|
||||
-#
|
||||
-# Require password before chfn(1)/chsh(1) can make any changes.
|
||||
-#
|
||||
-CHFN_AUTH yes
|
||||
-
|
||||
-#
|
||||
# Which fields may be changed by regular users using chfn(1) - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
@@ -294,13 +176,6 @@ CHFN_AUTH yes
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
-# Password prompt (%s will be replaced by user name).
|
||||
-#
|
||||
-# XXX - it doesn't work correctly yet, for now leave it commented out
|
||||
-# to use the default which is just "Password: ".
|
||||
-#LOGIN_STRING "%s's Password: "
|
||||
-
|
||||
-#
|
||||
# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
@@ -349,45 +224,6 @@ CHFN_RESTRICT rwh
|
||||
#SHA_CRYPT_MAX_ROUNDS 5000
|
||||
|
||||
#
|
||||
-# Only works if ENCRYPT_METHOD is set to BCRYPT.
|
||||
-#
|
||||
-# Define the number of BCRYPT rounds.
|
||||
-# With a lot of rounds, it is more difficult to brute-force the password.
|
||||
-# However, more CPU resources will be needed to authenticate users if
|
||||
-# this value is increased.
|
||||
-#
|
||||
-# If not specified, 13 rounds will be attempted.
|
||||
-# If only one of the MIN or MAX values is set, then this value will be used.
|
||||
-# If MIN > MAX, the highest value will be used.
|
||||
-#
|
||||
-#BCRYPT_MIN_ROUNDS 13
|
||||
-#BCRYPT_MAX_ROUNDS 13
|
||||
-
|
||||
-#
|
||||
-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
|
||||
-#
|
||||
-# Define the YESCRYPT cost factor.
|
||||
-# With a higher cost factor, it is more difficult to brute-force the password.
|
||||
-# However, more CPU time and more memory will be needed to authenticate users
|
||||
-# if this value is increased.
|
||||
-#
|
||||
-# If not specified, a cost factor of 5 will be used.
|
||||
-# The value must be within the 1-11 range.
|
||||
-#
|
||||
-#YESCRYPT_COST_FACTOR 5
|
||||
-
|
||||
-#
|
||||
-# List of groups to add to the user's supplementary group set
|
||||
-# when logging in from the console (as determined by the CONSOLE
|
||||
-# setting). Default is none.
|
||||
-#
|
||||
-# Use with caution - it is possible for users to gain permanent
|
||||
-# access to these groups, even when not logged in from the console.
|
||||
-# How to do it is left as an exercise for the reader...
|
||||
-#
|
||||
-#CONSOLE_GROUPS floppy:audio:cdrom
|
||||
-
|
||||
-#
|
||||
# Should login be allowed if we can't cd to the home directory?
|
||||
# Default is no.
|
||||
#
|
||||
@@ -402,12 +238,6 @@ DEFAULT_HOME yes
|
||||
NONEXISTENT /nonexistent
|
||||
|
||||
#
|
||||
-# If this file exists and is readable, login environment will be
|
||||
-# read from it. Every line should be in the form name=value.
|
||||
-#
|
||||
-ENVIRON_FILE /etc/environment
|
||||
-
|
||||
-#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
139
shadow-util-linux.patch
Normal file
139
shadow-util-linux.patch
Normal file
@ -0,0 +1,139 @@
|
||||
Add variables referred by util-linux login, runuser and su, but not by
|
||||
shadow.
|
||||
|
||||
Delete variables used by shadow implementation of login, su and runuser
|
||||
that has no use in util-linux implementation.
|
||||
|
||||
Index: etc/login.defs
|
||||
===================================================================
|
||||
--- etc/login.defs.orig
|
||||
+++ etc/login.defs
|
||||
@@ -1,5 +1,7 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
+# Some variables are used by login(1), su(1) and runuser(1) from util-linux
|
||||
+# package as well pam pam_unix(8) from pam package.
|
||||
#
|
||||
# $Id$
|
||||
#
|
||||
@@ -17,9 +19,8 @@ FAIL_DELAY 3
|
||||
LOG_UNKFAIL_ENAB no
|
||||
|
||||
#
|
||||
-# Enable logging of successful logins
|
||||
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
|
||||
#
|
||||
-LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
# Limit the highest user ID number for which the lastlog entries should
|
||||
@@ -31,10 +32,9 @@ LOG_OK_LOGINS no
|
||||
#LASTLOG_UID_MAX
|
||||
|
||||
#
|
||||
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
|
||||
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
|
||||
+# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
|
||||
+# to sulog file logging.
|
||||
#
|
||||
-SYSLOG_SU_ENAB yes
|
||||
SYSLOG_SG_ENAB yes
|
||||
|
||||
#
|
||||
@@ -58,6 +58,12 @@ MOTD_FILE /etc/motd
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
+# If set to "yes", login stops display content specified by MOTD_FILE after
|
||||
+# the first accessible item in the list.
|
||||
+#
|
||||
+#MOTD_FIRSTONLY no
|
||||
+
|
||||
+#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format similar to "vt100 tty01".
|
||||
#
|
||||
@@ -72,12 +78,33 @@ MOTD_FILE /etc/motd
|
||||
HUSHLOGIN_FILE .hushlogin
|
||||
#HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
+# If this variable is set to "yes", hostname will be suppressed in the
|
||||
+# login: prompt.
|
||||
+#LOGIN_PLAIN_PROMPT no
|
||||
+
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
-ENV_PATH PATH=/bin:/usr/bin
|
||||
+#
|
||||
+# ENV_PATH: The default PATH settings for non-root.
|
||||
+#
|
||||
+# ENV_ROOTPATH: The default PATH settings for root
|
||||
+# (used by login, su and runuser).
|
||||
+#
|
||||
+# ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
|
||||
+# (and falback for login).
|
||||
+#
|
||||
+ENV_PATH /bin:/usr/bin
|
||||
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
+#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
+
|
||||
+# If this variable is set to "yes", su will always set path. every su
|
||||
+# call will overwrite the PATH variable.
|
||||
+#
|
||||
+# Per default, only "su -" will set a new PATH.
|
||||
+#
|
||||
+ALWAYS_SET_PATH no
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -93,19 +120,6 @@ ENV_PATH PATH=/bin:/usr/bin
|
||||
TTYGROUP tty
|
||||
TTYPERM 0600
|
||||
|
||||
-#
|
||||
-# Login configuration initializations:
|
||||
-#
|
||||
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
-#
|
||||
-# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
-#
|
||||
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
-#
|
||||
-ERASECHAR 0177
|
||||
-KILLCHAR 025
|
||||
-
|
||||
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask(8) on PAM enabled systems.
|
||||
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
|
||||
@@ -163,6 +177,12 @@ SUB_GID_COUNT 65536
|
||||
LOGIN_RETRIES 5
|
||||
|
||||
#
|
||||
+# Tell login to only re-prompt for the password if authentication
|
||||
+# failed, but the username is valid. The default value is no.
|
||||
+#
|
||||
+LOGIN_KEEP_USERNAME no
|
||||
+
|
||||
+#
|
||||
# Max time in seconds for login(1)
|
||||
#
|
||||
LOGIN_TIMEOUT 60
|
||||
@@ -315,14 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO
|
||||
#GRANT_AUX_GROUP_SUBIDS yes
|
||||
|
||||
#
|
||||
-# Prevents an empty password field to be interpreted as "no authentication
|
||||
-# required".
|
||||
-# Set to "yes" to prevent for all accounts
|
||||
-# Set to "superuser" to prevent for UID 0 / root (default)
|
||||
-# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||
-PREVENT_NO_AUTH superuser
|
||||
-
|
||||
-#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
# authentication code.
|
1229
shadow.changes
Normal file
1229
shadow.changes
Normal file
File diff suppressed because it is too large
Load Diff
239
shadow.keyring
Normal file
239
shadow.keyring
Normal file
@ -0,0 +1,239 @@
|
||||
Serge Hallyn <sergeh@kernel.org>
|
||||
Serge Hallyn <serge@hallyn.com>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQENBE+oKZQBCACz5WylGAr+eitZjuSigzR+y30W3E+gkU0DSNlBB3WlorOtmzMX
|
||||
9F2d+z+ozJuez4NPqwfQ5y2ExKSbL8i1rwYmExZIzTDpm1Q6N3hG+vLbxwbrbsKT
|
||||
qW9rPiXriU5yRwuvVJl4NOU6T/Pau3/VD8iFN7U4mVpNFVPlB8vCvDJ+07Z0xIH9
|
||||
MXe8uaERG3v2EL7Mv8L5w05XEeuTT/CJiw6NdzwjZc1FymVoFjntetl8HaJ+5JCB
|
||||
2ylAbnw/wZJHORgsLxZhOL6/zrJRG8GvjgB+1l8izgl4n0DOqjyyoQIZJ+mfuHR0
|
||||
6wDqwvP5F9RZqCh8Md4hYujop5a0BKfAzLfdABEBAAG0IFNlcmdlIEhhbGx5biA8
|
||||
c2VyZ2VoQGtlcm5lbC5vcmc+iQFOBBMBCgA4FiEEZtA4fbhdMg+ECBZtsXXPqY8Z
|
||||
KvIFAl2r0d0CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQsXXPqY8ZKvIM
|
||||
nAgAiTpLlXuzyD4C+9I/yCA9N/BqK43jnMfJOl/Ky56vgJ/WbrFJLuO3wubMlRLD
|
||||
3jurC6SK2g0TpygyoX2MjwZVT60Sq3ZcgIh71yyWHhtZ29NuUiKsKnajb9IlP+AM
|
||||
1V0g9py41YdDUmAuC/5crqyK+8u1CVrB/is7Eym598gIl9nyGvaZrzgjG1cRCjzf
|
||||
ZU8pRG+VPMr5Xla8rDKBZl+LcusV90eAUa0E/KVFS5N1dQ6HKckYXPSBN3DKHZy+
|
||||
qKa1k7Dq0CnkTjQmjaMu3j5sdOXg4QUfhCHeLDFAtadNdP04I6g5KZRvC44XdQ1A
|
||||
bxFMLyObhCsq/QxSh/nYrKsw0rQsU2VyZ2UgSGFsbHluIChrZXJuZWwub3JnKSA8
|
||||
c2VyZ2VAaGFsbHluLmNvbT6JATgEEwECACIFAk+oKZQCGwMGCwkIBwMCBhUIAgkK
|
||||
CwQWAgMBAh4BAheAAAoJELF1z6mPGSryYfEIAJviOHYwzXjnHWrsbQQ75rJq2wQ4
|
||||
NlM5FRljskufCXtIz/DUpKKT3aqG3y7ywtEwl4ePofJmLbC0O5bZF9blgSSCV02z
|
||||
zGdeUosAJsxumYHVi9CRHWsiAaNMX8gif9vePqz/iY/caPS4w4gBXJK8vLwvxToI
|
||||
4CZDwIlMkMov//3HQ5v5OKfeqbA1rnsGI74vUw9Zt/Sqgudz5bY65693OqeRRWU6
|
||||
tOH8zo4HkFew26Ydh80qAn1R7ALnk68zwfXj8vdyR9f05dEqbg/4thZWcjWC/Frn
|
||||
QOjcTwKu5DnUCE937a1MPzt4t1FCYUHrqcLN99uzGuOD42o9/S+JAa2HWhe5Ag0E
|
||||
Zb/8ygEQAPBwca/apgMnuaVqUSYOCz3qyQ9S65yyifznXrLRYjS3WwCl/yb8imer
|
||||
Hw5ykDij2WjlHQbod2j/pooCJuhOUfqg1JI5o2nNNFsLOxrYSGsScsK1pSDyOgA4
|
||||
Kg+wnAGzNAmW47fI05HfCILeK8CvHylxbpEHM0Ola/KivBmg9mqq7I/zTElL9oDT
|
||||
oOyyO7B0IHZUCbjjkApHZY8VH89kcyBsrXKh5o8BwjwyqiZKvt4uzEjOS58iUYts
|
||||
rxCDnyGLfp4MFsOWhQi2Z8mN+7iPEApUiKKu+Z4ESCq+/YUtjlIrmcAmw6aqlxLT
|
||||
/6RqEpoUj57zq+JuYZQKsnEJpnUayG/cFomrsPQuAz4pbWDb0Q/yXLqCw3QR1vjm
|
||||
kFmgaT8gtO4Idn2qfQ0Nnj8LCcSXjSsWBCaEPVF6Tq5TGMaJOjTwSCFWrW6AsNkw
|
||||
PI9G8OWfpUWB7ciF4sdGYnBpT11xhUeUg0UsBbOLWQCC8fVIs1gsrwDLbIxXx1lV
|
||||
XRncM9/6FYQ5IX95N8te2GBDkYzdpTpxgQAqaPHsHvbEoop10qn+HDem0zV66zT2
|
||||
6EAmD3w9PVlRFYqxGjiAjXC8nwsdnNxuGVBqrZjy2YFDI7JIk9k0qKVDrx3o7/L3
|
||||
tj0kPjg69Zg2QqgozBSLc4CCS2DzXKjeelxY7IAqfmXel4p5QHRnABEBAAGJA2wE
|
||||
GAEKACAWIQRm0Dh9uF0yD4QIFm2xdc+pjxkq8gUCZb/8ygIbAgJACRCxdc+pjxkq
|
||||
8sF0IAQZAQoAHRYhBH5W4sE/p3zjFVmtyX3CTDbDNB0gBQJlv/zKAAoJEH3CTDbD
|
||||
NB0gUxgQAMW3d6UYo3HdM56El7B8f1PiPKjNBU4A4rZTm/veZFvlr2hSlTQXxxgf
|
||||
5Y/Eh8VDal9yMhoI8VjfEsyDEmRBgv+KteDaC9YWv/WycImS1tcjF6ddX8s5sVLm
|
||||
yie1C+SZKxw0ExgWJJzQgJD0xCgEo/2ci4Xc14Et8ay4CiOscfONngAu0Su2WFSg
|
||||
dtFEcQcYtxR87E8wyPya34OtQuKpwS2+Om5m75/qi6odtnuaB84/TajMyFz/9Fvo
|
||||
lleUJ0HvnVOpbd2wdmprkTGP7lnhxrBYi2JCZTcaO32gvADZEY9m6zEimFx1fYJJ
|
||||
QPpl4mO5XhRHtImsg2BKSJZSKhp7IxWP4O2GkrL714c+BiOAYtXnGijBPW3K6h0P
|
||||
pToGS9DkNwBHJAULXQXydIbvy6knSvgrG44aOS/M1MnbgbfW8GuKOgYtOVyCRk/1
|
||||
463gsr92BkM1zHF/+Q0I88wB+ZiYjSyYXtJx1jtaUUUhio1GM76Z35YFCiZ9sdi3
|
||||
IA8hgc8WSW4FESFZq2hbaOc9j0uifPbsZY+uE1vcQN7niBGvdEidAzkKtroOhzBM
|
||||
I5qWDh3UxWj5pXeNntExucf4bhM9abb57NshNd1GFGE8uIIgiJAF45JAh922vHCr
|
||||
9T4NaKwf3MC7fGo+kBSTNNh7V35gxg96NTk+cq71eh13007l5GWy7B0H+gJ/V5J6
|
||||
5xXkUnIx04oUztD2a6YIPuWVRwuyRsHSCzpqFR8K2iRzJFBlrQdMslUSXQJ0kFcM
|
||||
W70cC0LO+nXF7G57mS5z3ZMILfEkLSFUIwHRdzFu0j9nDjQwcF9ws8ExBAgkAMi+
|
||||
2VzqMVHz4TekGMEgE/vP2RQSSR4T6JycYRI4gLyhDX9+uZsHBkb46Nn4nUGEqjJ1
|
||||
umVMYg1Ww6vJqzkKLjWnibkA0fKaUmhVJS2RZ1Dr6Xm+LFFFzSpHGGhy4vvik0FO
|
||||
RyTNv5jBmMwRcebLcodl8m22KpwjRTkSOOzx+cXlB9KOVlbLj1UxCxFirufHRqxy
|
||||
F9sprm3IKJxe4/65AQ0EXavhqwEIAMKECc/f8f0/CenKkz3wXGEtlG46YLjtTt2t
|
||||
WYXdt9Z04ihVaYePanFtvuujyO3I3jUQNv2foU1CtOuVyfZqX+TXqs0BUPXWwTCk
|
||||
MOyc/fEQ5u0BFJjWYtmr2sZY4Ag1juJsmzI7g3cnMLL9LbjpbHRruFIT5rnv9NwG
|
||||
7PURn1XnCt9tdZ/d0h7vEaNkD37j67rjy8UElVVcwVGhsCR8CkqwZ6ZwpQxE9wyq
|
||||
/Txb+v8qEJcohc5SWbYl70AtzHObokkW6cvRjNz+BcEpnPfu10lbPO/8a16B96VD
|
||||
djDGPj2shfNsFLaT8MtFfDAdjZRGlrfv3Wp4qFRlSUGrjInvOLMAEQEAAYkBNgQY
|
||||
AQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+GrAhsgAAoJELF1z6mPGSry
|
||||
W4wH/3Xk9x+WUxeJNtm+5hOfe/KBsXQUbBz+JHGFjd9YQw98jUvPNN1RfgtKf31b
|
||||
+FDKbk/cu+9bNLSfhKDz2AEREViogKRcVjJDy9XmmWQd1oo+M4GHNYhpIt5ZK1d3
|
||||
CROIiqisLQsih64/gl9gboMcsUuHRkc3hVKUb2umCZPG37hUdAvOmOMS7/0KCGS5
|
||||
pXnfsX+zegSKjps12siExYXiRpkxbF9MW7er6/6ukvHLx4jHpgiZ5Sjt/9OqUiAO
|
||||
gUSQfhpAUJlaLxe9E3nj+ABs7LV+FOjtI64skqgqbYo5VXobFSJhqFTog1+KmMzn
|
||||
fsdKaOZQuZh3v3TtGUzkxoMUHPe5AQ0EXavhYgEIAMd+iVOTx6FC3Ghv2PASeXsn
|
||||
xtb9Af+aBjNf0m8WKTLgIS9xQbxgNJctG6AEptkBfAStRLIA5qOa0iYIpkJynEPb
|
||||
onJ12qvtlJ6b6g1h3AThYXQBjTQ89X+rlFzVGQsieqanjI+fiSNbDarOLQUbeJOr
|
||||
kfFukr34o5xloKENL/kwu1lDG/Y2GMxZRLe1aVJUXQg4FiEiaE+LNFbrUHxdNR2P
|
||||
E4XuJHetneHEiT/zXpvEF4MCisjJTGAHEC43rl7OqHU/GDdcW0udyf9v33LCFWTR
|
||||
LlgKKHVyUrHVhVzbB2z1+xnxxh/bQXjgttIP3Zqn8LXiLnUNU5+ejJiuAwdwcn8A
|
||||
EQEAAYkBNgQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJdq+FiAhsMAAoJ
|
||||
ELF1z6mPGSry9/UH/0vOoYu6b57UxsJNR5dCMhsPYV7FFIX9uj5XIDo/bQt2RTMa
|
||||
2PuKMbcDGINsDqHXqOFpZq5WDHhq0cEoIqhlkgj1uC77LLGw7mWyiaMbITQDlRzP
|
||||
9c9Qj3NkGNKW6FTwR7LPh43kgXygO1StVADIdHapiw9hI52rF8FrNYy4oNRXhUcD
|
||||
Pfn03akuIbF75saCHaYO/xoQeEqE+0qV82V/FT5tISMygkzgq+9zUhiA4XQjxiVh
|
||||
SK2cAi0iUTXZecyEueLk6zZ9vkD8JZagSirTFgxtLrnhVpUBJMOgffv5jmO/Sun4
|
||||
s+3JbAdicmsFqw90hWmGNwa0F5HZ20rEVAwkdt25AQ0EXavgpgEIAOk8dMgYu4Q7
|
||||
hU461EC/MtxIiwSD8i7lizUB8SzxFPnyWgkvG2Fik5lUiDJmEstLdCm3dpapiJud
|
||||
zcTgl9Abo4xgoq+VbKRCPk0017JE2bNSbF3TmxhaHAHiBvhU/U+kRz+lDnUE1Smh
|
||||
zGd1yn1kCvmG9MmWjiQPkG9vLx3d46DBnqHO6wn1AFeKiKuyCs1igvtT2qz+2+iz
|
||||
Y9tyd+s2O95+1CDQslqQ8IQNP00cFTJljsk3dmZXQb6SkxxTNG+E/2vMdUZhUbb7
|
||||
UIFUOmFekZvGZMIf9sNMJGCVIN+vyMMhE1MA17iJGxtAFVqeMN4wA9+MA4z5udke
|
||||
gdbxnWxLtg0AEQEAAYkCbAQYAQoAIBYhBGbQOH24XTIPhAgWbbF1z6mPGSryBQJd
|
||||
q+CmAhsCAUAJELF1z6mPGSrywHQgBBkBCgAdFiEEqb0/8XByttt4D8+UNXDaFycK
|
||||
ziQFAl2r4KYACgkQNXDaFycKziT2fAf+PgS08m9Uiks9LWAp9BpaiVn0SXx/XYhT
|
||||
JmRr78UrCHogZstAET2haLqWwMIoyOpie5Vutxi2WXQtzsJ1BHV9LB/NP3nFT/P9
|
||||
asZXzFtBBRQsDwxW5ii20hkHKG10M2+QGiC0ssfi1zjQFKbaOpxvou5Pi+zBQuT1
|
||||
RQ65NQrFYQI4zdyLbnniX2EZpDipLFJeGs881HQt7RjwSUtAjXW9M/pQQDp/JWEj
|
||||
p6D3R4ys0/Y4cJblCci5rM8Un/aVvXYGBqEpsddhH9xGpk0JTWtGAfw1a0ovRv39
|
||||
D1uwG8uXTQiUDTGGlllXhzpLkcJBtT8VeogiAGZC99pbNW5BU8cbFyOHB/9Q/HBm
|
||||
Iqmj5MYvQZCQ//cf9Af9gc+o2YA4/Kg2pSf9GKZizd3J8NO05O6YSsXqIsBr2lIG
|
||||
jw4klkE7GyRd/KVMQOxrFY9vFcdSxQuklnFUeiH73RFP3nsdzw+MRr4Hcpbm9F0f
|
||||
CnB6aU1gqf74e/6Qiv6d2pq7Dzyzx7ZCm8BRLT2HZbFeYQ6GsdOIYgWzWXqurk/6
|
||||
8rlE1D7Fo9KK9lmrLOwrr7ez1pOLHA8pPDhZhxI5D3ZhDsLUux3caCUfFdP/VpaJ
|
||||
ijGNc1HYt8mk4U1Qb6ZlafTYb75F9d61v8/M/HATZ5KpT9gr0aGkfwptzCwlBJ8y
|
||||
pcRI9AuUUDCTAXIGuQENBE+oKZQBCADc9sYSnWAj3y6QE9sGNDUFaKpAFUsprpQ8
|
||||
LeA05nh3RUxYDd75qc0ewtGR1+SlgpehKQfSXVQT254jM5lJanNDPYffk9k9lMwg
|
||||
SVoTP2QaszfDgir7WKKQuj3dBwnmYHdIY2mq+eaAh/1cCU//ggdaATo4ENQhKTAI
|
||||
iuviGKBpYX/zHAlPIvyFjERsBmq0woQKvDGsoQEObx1zu1GaTWeTSIEnHyRhajMQ
|
||||
rKUAxSCh9Th2Vj6xOhvx9TK6li+ecxYuuBVP0Xllg1GdoQBC8KWITDOrU18suj1v
|
||||
EGK4YOzQQPxANs6I81SvVddd2bh71cyAjhHr1kugw3PWQvLe4yHHABEBAAGJAR8E
|
||||
GAECAAkFAk+oKZQCGwwACgkQsXXPqY8ZKvJrVAgAi7CVXJt8mZiN+yzwiZVlzrkR
|
||||
QduB2cgvGZD6Hm3MJc1aVA3Gh0tJcLo+SdutCOzKSmPRSsnWT19EKxpDMrc9j97P
|
||||
i9SDrGyUOx7Bz8gKjTI6BcfPNAhAyIr5Gr9SDyTx6tUduSmmErrvjYWP1/Jz7spI
|
||||
nN2wQd5ZVRSvS/rNZGh1NU31oeWlbpkU0JpGbZkMXv4JIy+1caH5zzrcRMC9JFxf
|
||||
m/bYdaq+jHhMufnSy0Qa3QgJkKvzxzvlIG9BaUmuNeR+XoA9ISEMQzAYXqxJQSL2
|
||||
8Er9IVaNgtz5mqCMf8vuDTPGpkYyqGnOjtQNF695wiA7CAr3/WTeiEl6kKsBFg==
|
||||
=/+gu
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
|
||||
Alejandro Colomar <alx@kernel.org>
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGI/tA8BEACYC5fPDOMDrT8SxNlsB9fRj9YAZt7okGtbCIlVuSPs81YMkeJm
|
||||
BxtPPnps5Vw2whZS13zaoyPykMg6k+komDWctWQKIF0VgpVYtIuezq4q8kMNmKLc
|
||||
MnHiZRKRh8dOqlK6jHcUlF8rBgQhk+RUBUPOqFEYeTveoZ9qqVmWhOVce5uUX01k
|
||||
iU2SjoGAGkNDBqmOkhhVUSQg/AVcc4web6Gu184VUbOXx7J5MPpRmXE610fAUeeJ
|
||||
1VzyB8U/hgPLrbZX3jQMJbcCSM+Qdxdr/gsptfx1XIm4NsvKXTUOpWg1DQFiQYTJ
|
||||
FN6Kz0NKN6MV/3AqbKGtWDqKhFt3u3a7T+uUP/qzi9jma+DruQuzQztI6xnthZCb
|
||||
RjFkQ/iUUtuGgmpOB14HrgwNaRjKWddzab+A7BL971Q3fFqDsvrntD+koYVUgTfq
|
||||
ErcQo9ZdGRAUL5icyyDg4cC6xgjdmYfnX1s4Rlo3cXJXTZpIOx5AvZV6HYNNm9pu
|
||||
EoPm5gjNtk4F+FENNjkB3c2ntFr2prpoxaN9ceNd8a1tkWAgh6ueFVA/tkd1hy+2
|
||||
bP7e5+Nk9NjsWLvnL2slep1cX38DU9hx91t21+x/8hCxN4gqtvDJY/eqUZ2d0uAR
|
||||
KhPEDZ8GzchxVtX9bGx1HSAVcdnkSzKIGFOJi3ivYqUEihXd5WQE57UovQARAQAB
|
||||
tCJBbGVqYW5kcm8gQ29sb21hciA8YWx4QGtlcm5lbC5vcmc+iQJOBBMBCgA4FiEE
|
||||
qTSFlM4xKDqCb73Y1XYz1EHiW7UFAmNDAAYCGwEFCwkIBwIGFQoJCAsCBBYCAwEC
|
||||
HgECF4AACgkQ1XYz1EHiW7Vm4g/+NDfrYWHAHSMBkQnTZdhrOFCR1tJsWTLABwe1
|
||||
fMLBW7djLZMZweDMU76UBrucAEsarKkIHyhqpBES5EXwmlvKSnEhzPjXZ+PoHmM0
|
||||
M8Lq7QFZ5IEbrhuJbvpfTCa0gleHKIVYCCeaf2AUpgwX1XMkG2mmRdvUDQ2M8NMH
|
||||
ljM/OZ+6tBGpw7zvx1kYsSfBerlHxmLXlRxHrr9nWi7zXa+HrHZQAhopuufIb1we
|
||||
8lI/gdfywq7s/e5Xelk4dnr/pEFx56G1vh0bc+zU36+C9gX5IXOJv2WrTmOfG3Am
|
||||
gaJgWZapJQlPFEByk+2oJf5UOgPRhdX7qLR8mVnQ4EHM1sr9B6UGwcySZpVwag9n
|
||||
51WhjgdqYoSPt9dpPSNfNavLJDR+paM0aEHi3/t3mGJSyOPM4E6ejrYk7791fOJF
|
||||
0J3VhKr9KR1rMxQpE1kMs7qO1uUJvnF+opzrueMELffwTfDDyvY1bV/ZNou/MPi4
|
||||
EbUJyZDvsq2shaKj/NB4nzYJIoGbUzUrz008buTagf+WZ+uTDIdOJbaVPcUUjtzr
|
||||
21KifSWxcokNhqSIrsCLzCJkbiKEK7nUoOvl9q3Wl9L5CWAOflr5499iyGqxlJ+E
|
||||
7xzerWy1ZqgQHJ3Zp0wVMgHTKvPsmDvwaXBvEZkrUQ4PnInWTNJ2yiNxJU/we7Xx
|
||||
kxo4Qk20MUFsZWphbmRybyBDb2xvbWFyIEFuZHJlcyA8YWx4Lm1hbnBhZ2VzQGdt
|
||||
YWlsLmNvbT6JAk4EEwEKADgWIQSpNIWUzjEoOoJvvdjVdjPUQeJbtQUCYj+0DwIb
|
||||
AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDVdjPUQeJbtTdsD/97XSXo3Dqb
|
||||
eaAWhjreKTwO9sPh9n79tS5CZMne44jvC7OCNGeFYq/MGyk0aDPcfN27dO4YSJXN
|
||||
d82t2K5vC85W5+tbnREN+OTNy8b6U4XxpeQhHP7jr5xeQt0aTkUH3Eo+0mzUq4fS
|
||||
hxMMch4FuDvMcohkOQs6LMKyvNo0jXAM3nE6nJeRipBjG5d8KKlx9dqmS5Zee9FA
|
||||
YayikSFp77aSGIvWFejTS3YDaN/APotN1SheEWHtGRY1zvbPbGKJKMy/k8O0b0TJ
|
||||
gGGe0RzFmPaQSCc/ZlpG2jk5BrnnspCDTq1I/2zcpgdwcR3/3Iuw2VAlOU48w7Qs
|
||||
fZecvYw+8zlrsJlB/NNU6s1YzeTi37jo43aqgyw4E7iev18f14W2ZQuIQY36hUmf
|
||||
4z49hAliWcoq7SZL6tsdmeQPjYWJb1lxds8s+iEH1PUsGObWUkjy1iIfJ+gXCe8E
|
||||
uKZKPGY7RWwYoSBliCVVXfgmD2XQja9i3pjRiJ6S7sYjZnugNwFaVbeptHE8NL4J
|
||||
Y3eRJpZdGizW58zTfxhvU/AjjDMhqqshW8ZSbAIRI05eGxzwk82qGq+cUVxsBeU8
|
||||
7i9DbqNOF50cYyltYVVJ9qPAxO+5sBtW6rq+yxkLArjTlpIRJsrXSiFJFqAp7FkC
|
||||
pUx66xvV8LgAVMKeD2o+Ae8mCTmYJfiCabkCDQRj2/4qARAAw4VXqcdlHsnCDqcC
|
||||
x5U+nHDOMsyEqG7F8mivt9covXkGUGoLI3ZlGU/5EoRwQB91uHJMU9zJwumQ4tLs
|
||||
szhOB/CNBSDZ4XTCcEej+dhQounRIdbY+DcXn4dVdx/mYCFPVb7OtUe68m6vyiai
|
||||
2KG288QbjnkzNA222caPQNDy6NsIGh8V5WDKCa7Jk0Zti+tTdi+vhkFjk7+brh5I
|
||||
qzahfuk/uVDWBUVT3OiNRywtouTBdfT33JhQyRqSMty6gjkkYyxX0QD5r5EIVrtr
|
||||
gre6aBWw3dy64pVs9nxVBhVCH4h6PwReXFB4kfjgw82Q1/DkF/ZMsH8bPPtvjI1N
|
||||
Yz+TMaLcUQX7fWlW7YbQSXSwF4mUSMYgdOZ8CTNQjKmpnpVhHYuL67cG26ev/+T4
|
||||
OrcT103j/InLipKvYUC3HwFMbq2P/9edqf85d/Nl1KMdByJ3qVVFMuXjiJr0uf1K
|
||||
oc7nfP3mqkPUHEdjsHnQnpNWZPBr5xs8iNtGmgltnJE2jacXFqtvJ6M9ugrMauoK
|
||||
s5sNMhqvf/zyZiLWkcZ8bWi6cGl/JD1RS66ViFFmVeg5xpVgspUAsADCZLneTCAW
|
||||
46DJ2Esq92afIVSz/AUtVjLUJyZIOBaVzY2JXR9s5/ePJAd4T42cg1Kdrdsi0dPY
|
||||
MOwPjQBpiuetA4dCWeL5qucnSAUAEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+9
|
||||
2NV2M9RB4lu1BQJj2/4qAhsMBQkB4TOAAAoJENV2M9RB4lu17J0P/3LN+ueOR4q4
|
||||
G5KOnLA5+u1y84d0LI16Z43iAm2NyAWCNkvjGj3RqQD8ZwFmckulf05mhvLOcwxE
|
||||
i8aAnEcsK4YfsGjgQRDJIChPnZCfssCkFVjfTyEcMgI4sr8hBjbp+ULL4LOnHu4B
|
||||
LjWjeWc48dtVQ7qcetVw7u9ZABfRBPxVBgY8Idxv1qVOQE13P2sPzbYKsFz+2mH5
|
||||
54VnMO64zqCbecxgV4NRFcTeNUaDgl6D7zNlNmh4j6c7sKjoEzYIVizApM4xMtOB
|
||||
syL4fGXRcNtenuBDc/1/PeHdDhqGGlZds1RmTLJm+gCzVio4z5EXPJMKjAVBHapM
|
||||
NMl4TiTay6gMG6QJMwkgVmS2F28wxj9KztkdnC+2YWJdWDeM07Le231X2hnRQE/D
|
||||
epN4MouHofOB3I3WY+sSR2KUik9WceL+ICIvUisCNk3GvXVg6hYXIukN8ZR4Sf3A
|
||||
rRPpePofDK0vZeWIGt6ZksVY9A3GQc0cMagqgCTK0gUxeDk/tPH8xyz/VvRZPGaC
|
||||
GlzeSQ1giSwgNXX1FDfnGOdn/rJh/aoDl1PzTBjyZcZ15s9HSPA6h36TMgCrSCai
|
||||
kWjbk8mOJhIhTbxclyI9JLu2AeKu+zP41Gi0AEEGkhFKZ9cG6cGG7AuSsiZ3OqOu
|
||||
sym/ZKz1uuXGo1iJJgkZ2yiq3ox7KHMZuQINBGI/t3UBEACr9ldxakkNdKp/Pc8+
|
||||
fRznR/+b29CfQWjOEv2njByhQa5CU18jMT6DIOokv2vU7xwaNJviBouaKWAIe5iy
|
||||
a3BWHhRpk6e2WnST/X3Zxmm8NjBZAMVl1JXS/vDEDhUu76y/Z82YcHZi52fRXRr3
|
||||
jwza/jGFyjLwem04G/CrS+tUHiWd3cbeh09LlQ/zN7cO8oOoYZWyoX0GNtXbUovy
|
||||
ssdUt1RODrSVde+8ec7AQm8fg7mRt3HCXhjwrdLxvqVRgG3wYCR3TnzL+rGuhYxa
|
||||
TEmbcjPLrKqSfZatsmVir1JJ2Cn8O9Ns5ROsqnulYa0foTo4LDwgqR82uel8mEaZ
|
||||
EQh4B7ob8mvqPLKBHbQXVeRTxuqLdyd3W/2yu5nIUi7kA6CIm5mdK8MT6CiHqYYx
|
||||
QD33HTN4OtFqrf3TbyjBG5wlzCD2mSrGB52FYgrkfSiKXBOxiqoFo++SpK1wSuHN
|
||||
a2ge1hkIdlE8wEPDBDSRqPta8t8ZazNPuc5tR6g0B/JUTIa6r8bDk5NgNj8jrGqv
|
||||
MvTWl+txcQ5uYo5OlvdiwHy2/YzEDhWcb1ls0faQQHn2CYFr6S9Ad9dOsMJZ2E29
|
||||
K4v/apGnGEjLqqqXWfIxPBq01bZY1pQI8fy+PJkp8IHZfQ2RrmUFaSOufLOgQE7c
|
||||
w8j/SxlSdbFrBZA7cMfGLPLT0QARAQABiQRsBBgBCgAgFiEEqTSFlM4xKDqCb73Y
|
||||
1XYz1EHiW7UFAmI/t3UCGwICQAkQ1XYz1EHiW7XBdCAEGQEKAB0WIQTqOofwpOug
|
||||
MORd8kCejBr7vv/bMgUCYj+3dQAKCRCejBr7vv/bMkq3D/48Y7jLfIB5jY9dzVCm
|
||||
ikbuexOAb0YDSZQS3Pt6GnPryIm1gLaRt0jw8HWVI80bMRvTKvJ7D7+kc6GCLK90
|
||||
MjxMBdlL/BfBFj8jNuVeaNfI7dTbon0kri56bMI3Ad/G7jryRcnPrRZo/nzGKcMD
|
||||
WxV3tgZkamh0pHYWjSttt0fr8t2qXzK74XO3PnU1RkGY1QAlMa89FJXUyW+veFpy
|
||||
AJWNW9zYVatjPKPyMLr8I7t9KLjviJBBWwE2fbXgvT58IqhqADKt+YJdXlNiD1Mn
|
||||
ZaBbbBCO7Mn+aG+yAJBJKPqmjoN1dOXy1FtuNrHHnTYIHyoRD/IR1DtEwlIYHlhZ
|
||||
+8uy2rXPMA/I8hSCxFgMEJaY8IzfP49sPvwFMfGgnEFk7jmTAczP7rwSeDuvRnWQ
|
||||
ztJqu9PQp3Wmek/ea7WV93rBmI6Vipl8P69m3CzQErnuIZUutsjP0BaiU+hENoXu
|
||||
ZmlV0MtnNix0j28sTIe49vtb5UTVRJjIwwI1BDGtM4Ukij9tNkDkntrTkpBE3MFk
|
||||
9SYi8aAN99kBCNmkwRdY0opwNhGFJwBEwycv7I7d7s/Y79ZSuZBrjB6nB5gU+Xh1
|
||||
tDdQZxzHLctnZ2cAjE8BcU2wrgZghWiRZ7YlI0bozXl6/VJaAVhZU7f6ebklXSYF
|
||||
JwTrCwam8VbcgoiukMsdv831NmkPD/4sjSJfoqdE4kGHHX/S/N/Q8LiflefYivLX
|
||||
X/WtGyRguuYH+8YDqGaCGco8IKmlRDhaME1achjMp/O808B2rxogpsLWu08AF4PJ
|
||||
97w01RfjBr8aA5qvZXnCfAnmpRzQjDrjIuNOle834dXvOAANugR22dBbjv7MRtOp
|
||||
Xn1whyAEJIwBeAgKe+p1zwWyQNv2Gq+9C0IQ2w4uJsodjNi6YzFnTvm3HulnNr4s
|
||||
L+x/i+24iuz0Gf2KbGiR2FtCyKIek0N2NAhPquoI7L0HEP2FKh3OeEH0aCdFcZf/
|
||||
Dw19fjqEROaJhVvSgTvXIVh3dnB4e7qlYsMSNQxqCcKQD4D79kjFrOygySU+6xMp
|
||||
vUQvOiF46MrPx8KtfiuPTuEji0Y0F9qz1u5vqwelsg5vpoa12h9qSdX/uWKbRqqQ
|
||||
x5gHERLoTXT7aMKYuDU3UAMxEEEOaXnOtWNlr3n4H7zMrZ3qvkTRRmGiH8iGkSFn
|
||||
w2WO3rr/flfIQAJLSUH5lTmR4j/XBNtOGSAWKaRU3N5cX2zHcS5YxkaBx3u4Ew+D
|
||||
qnBNL6oazpe1iaIoxsyC8MOFyoWHmv/ivv7FbpkWFHgN+R2nenIMiHuHQd/62/RC
|
||||
PVEoGmaL+XCfSpmstYz9phejRW7LacBt4BMCV7ghqD6vYCR0QBoENp0V5mKyXQ6P
|
||||
R2OsYRFGG7kCDQRiP7s5ARAAktZGlZIjclF0dkQxIpJ2cQ0FOEgzzG0hZzIfHzLW
|
||||
T7HvuY0XHWAI64yZbDSdHkKTSKbVnrToCayBDu0oISa3gZh+cd5a+Igf4NsIkGNR
|
||||
askGnmZYUM+RP1PzKPlVqdPIcXedZvTermRHIyO73f3p5kw+vDryGyubrt2n2IFb
|
||||
J7SopNed2kXIs5dyk89mvJ+muPCDD5wYHbdXfpEH+KznROMHOVHzwfHYQ++finuw
|
||||
2cjdJbAyZz6QSopAQeg46UEAk/aTGuI3cEFIzDq6cpqS8fvpbHGL5Oi657t2i1TL
|
||||
zUCo/4FK027ZLkTXpcB8hbmKFWhfWueDx3aRNvbloJn7kq97RhnE3tgewi+syJsK
|
||||
CrOlHc1rD8/JNL9lcr2yuSTmwY80QDVNU3U2ZeqLdxx47O31zR5VCpGu09Ro57bJ
|
||||
j5YaMukwmYLiPwTExkTqqryf7QsLq47Tgd+0YnUyq79XEv067ow+FCxbIoSNlQWB
|
||||
W2LbNi3JeNPCM0pWdgFuiQE2KFH0s4qulKxEbEtwpVXOH9fmUN23VkI1TnarfRlG
|
||||
XgSdOISRbXa0O9Ta85BF/NtoBXRU4CtDdcmT7343PjRPbAF1ixU+KOhDDuaDBUV5
|
||||
iD6BXqyHyL6rciYvqHQwmg2ztdFmTewapV112Vv2wpqvbyrzszTtMw8c92Y7Kfge
|
||||
fY8AEQEAAYkCPAQYAQoAJhYhBKk0hZTOMSg6gm+92NV2M9RB4lu1BQJiP7s5AhsM
|
||||
BQkB4TOAAAoJENV2M9RB4lu1mAsP/R/4E68Rt7oUI/30eTuiRb9C/Zx6EaZVIJBw
|
||||
G2cwKB9GkU4vGR2PU1f25vym92fywSP9OavWyDeVqtN8Ar4U4CbD/L9f2JgZMTXr
|
||||
HFgxU94uywKOxhLEL8ylgaU89l6af1BynBn3YU/mLQyMHAMTs0uaifjAedeNJq08
|
||||
XWP3bVdxRywj/rqAf52KA9Y/C59mCfx4vmYu2r2jbwCCVWOsL5sgWyThyGKuNv1A
|
||||
7+k0JYJlsJ8aro9sS0fjscvoyxajDX2u0Mq/dTbjFWiJQbdT2mWMgiOHxpGDGst9
|
||||
NH5+JbYZGV/TfeJFDIAW/Pw3gktKt40IP2t6y5vjyUCHEEn2E6pfnr1XmY6EOae5
|
||||
hPYJQNUbJw98RdpPPY3l4FY49M312v6dphAj2kBmMv7mbyLrIZoTsHw5Q++ig83V
|
||||
i/I1u4tTvZomFn2po3MO3+QL0FTqzwPjiTyUmSO4rMi5EZiLJF5ITSaESFXNGQb4
|
||||
UBTuXYgKXY4spWeYpSB2qREhrkXgXrDWEJBwIBJW4ppPI4hRhefGV6wHTRxF24No
|
||||
iVPz4ABaTQFkvZbpyTT+DT0CL8tHMwF7Tq3wFQ4Rr82LBS/fWxgzeyYTgZwXXUFY
|
||||
YqM7OXwJKVjlgC2B+OEwgXcdRxB4y5asd//D9wVeD0pfiWk+Ohmi/YF9WmFgmrWe
|
||||
vK53nZUH
|
||||
=V1ID
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
23
shadow.service
Normal file
23
shadow.service
Normal file
@ -0,0 +1,23 @@
|
||||
[Unit]
|
||||
Description=Verify integrity of password and group files
|
||||
|
||||
[Service]
|
||||
# added automatically, for details please see
|
||||
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
|
||||
ProtectSystem=full
|
||||
ProtectHome=read-only
|
||||
PrivateDevices=true
|
||||
ProtectHostname=true
|
||||
ProtectClock=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectControlGroups=true
|
||||
RestrictRealtime=true
|
||||
# end of automatic additions
|
||||
Type=oneshot
|
||||
ExecStart=/usr/sbin/pwck -r
|
||||
ExecStart=/usr/sbin/grpck -r
|
||||
Nice=19
|
||||
IOSchedulingClass=best-effort
|
||||
IOSchedulingPriority=7
|
387
shadow.spec
Normal file
387
shadow.spec
Normal file
@ -0,0 +1,387 @@
|
||||
#
|
||||
# spec file for package shadow
|
||||
#
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%if ! %{defined _distconfdir}
|
||||
%define _distconfdir %{_sysconfdir}
|
||||
%else
|
||||
%define no_config 1
|
||||
%endif
|
||||
Name: shadow
|
||||
Version: 4.17.1
|
||||
Release: 0
|
||||
Summary: Utilities to Manage User and Group Accounts
|
||||
License: BSD-3-Clause AND GPL-2.0-or-later
|
||||
Group: System/Base
|
||||
URL: https://github.com/shadow-maint/shadow
|
||||
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
|
||||
Source1: pamd.tar.bz2
|
||||
Source2: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
|
||||
Source3: %{name}.keyring
|
||||
Source4: shadow.service
|
||||
Source5: shadow.timer
|
||||
# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbrabec@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches.
|
||||
Source40: shadow-login_defs-check.sh
|
||||
# PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch kukuk@suse.com -- Remove variables that have no use with PAM.
|
||||
Patch0: shadow-login_defs-unused-by-pam.patch
|
||||
# PATCH-FEATURE-SUSE useradd-default.patch kukuk@suse.com -- Change useradd defaults group to 1000.
|
||||
Patch1: useradd-default.patch
|
||||
# PATCH-FEATURE-SUSE shadow-util-linux.patch sbrabec@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific.
|
||||
Patch2: shadow-util-linux.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments.
|
||||
Patch3: shadow-login_defs-comments.patch
|
||||
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
|
||||
Patch4: shadow-login_defs-suse.patch
|
||||
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
|
||||
Patch5: disable_new_audit_function.patch
|
||||
BuildRequires: audit-devel > 2.3
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libattr-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: xz
|
||||
# we depend on libbsd or glibc >= 2.38 for the strlcpy() (and readpassphrase()) functions
|
||||
BuildRequires: glibc-devel >= 2.38
|
||||
Requires: login_defs >= %{version}
|
||||
Requires(pre): group(root)
|
||||
Requires(pre): group(shadow)
|
||||
Requires(pre): permissions
|
||||
Requires(pre): user(root)
|
||||
Provides: pwdutils = 3.2.20
|
||||
Obsoletes: pwdutils <= 3.2.19
|
||||
Provides: useradd_or_adduser_dep
|
||||
BuildRequires: libeconf-devel
|
||||
|
||||
%description
|
||||
This package includes the necessary programs for converting plain
|
||||
password files to the shadow password format and to manage user and
|
||||
group accounts.
|
||||
|
||||
%package -n login_defs
|
||||
Summary: The login.defs configuration file
|
||||
# Virtual provides for supported variables in login.defs.
|
||||
# It prevents references to unknown variables.
|
||||
# Upgrade them only if shadow-util-linux.patch or
|
||||
# encryption_method_nis.patch has to be ported!
|
||||
# Call shadow-login_defs-check.sh before!
|
||||
Group: System/Base
|
||||
Provides: login_defs-support-for-pam = 1.5.2
|
||||
Provides: login_defs-support-for-util-linux = 2.37
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n login_defs
|
||||
This package contains the default login.defs configuration file
|
||||
as used by util-linux, pam and shadow.
|
||||
|
||||
%package -n libsubid5
|
||||
Summary: A library to manage subordinate uid and gid ranges
|
||||
Group: System/Base
|
||||
|
||||
%description -n libsubid5
|
||||
Utility library that provides a way to manage subid ranges.
|
||||
|
||||
%package -n libsubid-devel
|
||||
Summary: Development files for libsubid5
|
||||
Group: System/Base
|
||||
Requires: libsubid5 = %{version}
|
||||
|
||||
%description -n libsubid-devel
|
||||
Development files for libsubid5.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch -P 0
|
||||
%patch -P 1
|
||||
%patch -P 2
|
||||
%patch -P 3
|
||||
%patch -P 4
|
||||
%if 0%{?suse_version} < 1330
|
||||
%patch -P 5 -p1
|
||||
%endif
|
||||
|
||||
iconv -c -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -fpie"
|
||||
export LDFLAGS="-pie"
|
||||
|
||||
autoreconf -fvi
|
||||
# SSSD files provider is deprecated since 2.9.0, but still enabled in openSUSE Leap 15.6 and SLE 15 SP6
|
||||
%configure \
|
||||
--enable-shadowgrp \
|
||||
--enable-account-tools-setuid \
|
||||
--with-audit \
|
||||
--with-libpam \
|
||||
--with-sha-crypt \
|
||||
--with-acl \
|
||||
--with-attr \
|
||||
--with-nscd \
|
||||
--with-selinux \
|
||||
--without-libcrack \
|
||||
--without-libbsd \
|
||||
%if 0%{?suse_version} >= 1600
|
||||
--without-sssd \
|
||||
%endif
|
||||
--with-group-name-max-length=32 \
|
||||
--enable-vendordir=%{_distconfdir}
|
||||
%make_build
|
||||
# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336
|
||||
|
||||
%install
|
||||
%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389
|
||||
%make_install -C man install-man
|
||||
|
||||
install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service
|
||||
install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
|
||||
|
||||
# add empty /etc/sub{u,g}id files
|
||||
touch %{buildroot}/%{_sysconfdir}/subuid
|
||||
touch %{buildroot}/%{_sysconfdir}/subgid
|
||||
|
||||
rm %{buildroot}/%{_sbindir}/grpconv
|
||||
rm %{buildroot}/%{_mandir}/man8/grpconv.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
|
||||
rm %{buildroot}/%{_sbindir}/grpunconv
|
||||
rm %{buildroot}/%{_mandir}/man8/grpunconv.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/grpunconv.*
|
||||
|
||||
rm %{buildroot}/%{_sbindir}/groupmems
|
||||
rm %{buildroot}/%{_mandir}/man8/groupmems.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/groupmems.*
|
||||
rm %{buildroot}%{_sysconfdir}/pam.d/groupmems
|
||||
|
||||
rm %{buildroot}/%{_bindir}/login
|
||||
rm %{buildroot}/%{_mandir}/man1/login.*
|
||||
rm %{buildroot}/%{_mandir}/*/man1/login.*
|
||||
rm %{buildroot}%{_sysconfdir}/pam.d/login
|
||||
|
||||
rm %{buildroot}/%{_bindir}/su
|
||||
rm %{buildroot}/%{_mandir}/man1/su.*
|
||||
rm %{buildroot}/%{_mandir}/*/man1/su.*
|
||||
rm %{buildroot}/%{_mandir}/man5/suauth.*
|
||||
rm %{buildroot}/%{_mandir}/*/man5/suauth.*
|
||||
rm %{buildroot}%{_sysconfdir}/pam.d/su
|
||||
|
||||
rm %{buildroot}/%{_bindir}/faillog
|
||||
rm %{buildroot}/%{_mandir}/man5/faillog.*
|
||||
rm %{buildroot}/%{_mandir}/*/man5/faillog.*
|
||||
rm %{buildroot}/%{_mandir}/man8/faillog.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/faillog.*
|
||||
|
||||
rm %{buildroot}/%{_sbindir}/logoutd
|
||||
rm %{buildroot}/%{_mandir}/man8/logoutd.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/logoutd.*
|
||||
rm %{buildroot}/%{_sbindir}/nologin
|
||||
rm %{buildroot}/%{_mandir}/man8/nologin.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/nologin.*
|
||||
|
||||
rm %{buildroot}/%{_sbindir}/chgpasswd
|
||||
rm %{buildroot}/%{_mandir}/man8/chgpasswd.*
|
||||
rm %{buildroot}/%{_mandir}/*/man8/chgpasswd.*
|
||||
rm %{buildroot}%{_sysconfdir}/pam.d/chgpasswd
|
||||
|
||||
rm %{buildroot}/%{_mandir}/man3/getspnam.*
|
||||
rm %{buildroot}/%{_mandir}/*/man3/getspnam.*
|
||||
rm %{buildroot}/%{_mandir}/man5/gshadow.5*
|
||||
rm %{buildroot}/%{_mandir}/*/man5/gshadow.5*
|
||||
rm %{buildroot}/%{_mandir}/man5/passwd.5*
|
||||
rm %{buildroot}/%{_mandir}/*/man5/passwd.5*
|
||||
|
||||
rm -rf %{buildroot}%{_mandir}/{??,??_??}
|
||||
|
||||
rm %{buildroot}/%{_libdir}/libsubid.{la,a}
|
||||
|
||||
# Move /etc to /usr/etc
|
||||
if [ ! -d %{buildroot}%{_distconfdir} ]; then
|
||||
mkdir -p %{buildroot}%{_distconfdir}
|
||||
mkdir -p %{buildroot}%{_pam_vendordir}
|
||||
mv %{buildroot}%{_sysconfdir}/login.defs %{buildroot}%{_distconfdir}
|
||||
mv %{buildroot}%{_sysconfdir}/pam.d/* %{buildroot}%{_pam_vendordir}/
|
||||
fi
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d
|
||||
|
||||
%find_lang shadow
|
||||
|
||||
%pre
|
||||
%service_add_pre shadow.service shadow.timer
|
||||
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
|
||||
done
|
||||
|
||||
%pre -n login_defs
|
||||
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||:
|
||||
|
||||
%post
|
||||
%set_permissions %{_bindir}/chage
|
||||
%set_permissions %{_bindir}/chfn
|
||||
%set_permissions %{_bindir}/chsh
|
||||
%set_permissions %{_bindir}/expiry
|
||||
%set_permissions %{_bindir}/gpasswd
|
||||
%set_permissions %{_bindir}/newgrp
|
||||
%set_permissions %{_bindir}/passwd
|
||||
%set_permissions %{_bindir}/newgidmap
|
||||
%set_permissions %{_bindir}/newuidmap
|
||||
|
||||
%service_add_post shadow.service shadow.timer
|
||||
|
||||
%verifyscript
|
||||
%verify_permissions %{_bindir}/chage
|
||||
%verify_permissions %{_bindir}/chfn
|
||||
%verify_permissions %{_bindir}/chsh
|
||||
%verify_permissions %{_bindir}/expiry
|
||||
%verify_permissions %{_bindir}/gpasswd
|
||||
%verify_permissions %{_bindir}/newgrp
|
||||
%verify_permissions %{_bindir}/passwd
|
||||
%verify_permissions %{_bindir}/newgidmap
|
||||
%verify_permissions %{_bindir}/newuidmap
|
||||
|
||||
%preun
|
||||
%service_del_preun shadow.service shadow.timer
|
||||
|
||||
%postun
|
||||
%service_del_postun shadow.service shadow.timer
|
||||
|
||||
%posttrans
|
||||
%if %{defined no_config}
|
||||
# Migration to /usr/etc
|
||||
for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
|
||||
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
|
||||
done
|
||||
%endif
|
||||
|
||||
%posttrans -n login_defs
|
||||
# rpmsave file can be created by
|
||||
# - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3)
|
||||
# - Migration to /usr/etc (after SLE15 and Leap 15)
|
||||
test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:
|
||||
|
||||
%post -n libsubid5 -p /sbin/ldconfig
|
||||
%postun -n libsubid5 -p /sbin/ldconfig
|
||||
|
||||
%files -f shadow.lang
|
||||
%license COPYING
|
||||
%doc NEWS doc/HOWTO README
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
|
||||
%if %{defined no_config}
|
||||
%{_pam_vendordir}/chage
|
||||
%{_pam_vendordir}/chfn
|
||||
%{_pam_vendordir}/chsh
|
||||
%{_pam_vendordir}/passwd
|
||||
%{_pam_vendordir}/chpasswd
|
||||
%{_pam_vendordir}/groupadd
|
||||
%{_pam_vendordir}/groupdel
|
||||
%{_pam_vendordir}/groupmod
|
||||
%{_pam_vendordir}/newusers
|
||||
%{_pam_vendordir}/useradd
|
||||
%{_pam_vendordir}/userdel
|
||||
%{_pam_vendordir}/usermod
|
||||
%else
|
||||
%config %{_sysconfdir}/pam.d/chage
|
||||
%config %{_sysconfdir}/pam.d/chfn
|
||||
%config %{_sysconfdir}/pam.d/chsh
|
||||
%config %{_sysconfdir}/pam.d/passwd
|
||||
%config %{_sysconfdir}/pam.d/chpasswd
|
||||
%config %{_sysconfdir}/pam.d/groupadd
|
||||
%config %{_sysconfdir}/pam.d/groupdel
|
||||
%config %{_sysconfdir}/pam.d/groupmod
|
||||
%config %{_sysconfdir}/pam.d/newusers
|
||||
%config %{_sysconfdir}/pam.d/useradd
|
||||
%config %{_sysconfdir}/pam.d/userdel
|
||||
%config %{_sysconfdir}/pam.d/usermod
|
||||
%endif
|
||||
%verify(not mode) %attr(2755,root,shadow) %{_bindir}/chage
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/gpasswd
|
||||
%verify(not mode) %attr(4755,root,root) %{_bindir}/newgrp
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newgidmap
|
||||
%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap
|
||||
%{_bindir}/sg
|
||||
%{_bindir}/getsubids
|
||||
%attr(0755,root,root) %{_sbindir}/groupadd
|
||||
%attr(0755,root,root) %{_sbindir}/groupdel
|
||||
%attr(0755,root,root) %{_sbindir}/groupmod
|
||||
%{_sbindir}/grpck
|
||||
%{_sbindir}/pwck
|
||||
%attr(0755,root,root) %{_sbindir}/useradd
|
||||
%attr(0755,root,root) %{_sbindir}/userdel
|
||||
%attr(0755,root,root) %{_sbindir}/usermod
|
||||
%{_sbindir}/pwconv
|
||||
%{_sbindir}/pwunconv
|
||||
%attr(0755,root,root) %{_sbindir}/chpasswd
|
||||
%attr(0755,root,root) %{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
%{_mandir}/man1/chage.1%{?ext_man}
|
||||
%{_mandir}/man1/chfn.1%{?ext_man}
|
||||
%{_mandir}/man1/chsh.1%{?ext_man}
|
||||
%{_mandir}/man1/expiry.1%{?ext_man}
|
||||
%{_mandir}/man1/gpasswd.1%{?ext_man}
|
||||
%{_mandir}/man1/newgrp.1%{?ext_man}
|
||||
%{_mandir}/man1/passwd.1%{?ext_man}
|
||||
%{_mandir}/man1/sg.1%{?ext_man}
|
||||
%{_mandir}/man3/shadow.3%{?ext_man}
|
||||
%{_mandir}/man5/shadow.5%{?ext_man}
|
||||
%{_mandir}/man8/chpasswd.8%{?ext_man}
|
||||
%{_mandir}/man8/groupadd.8%{?ext_man}
|
||||
%{_mandir}/man8/groupdel.8%{?ext_man}
|
||||
%{_mandir}/man8/groupmod.8%{?ext_man}
|
||||
%{_mandir}/man8/grpck.8%{?ext_man}
|
||||
%{_mandir}/man8/newusers.8%{?ext_man}
|
||||
%{_mandir}/man8/pwck.8%{?ext_man}
|
||||
%{_mandir}/man8/pwconv.8%{?ext_man}
|
||||
%{_mandir}/man8/pwunconv.8%{?ext_man}
|
||||
%{_mandir}/man8/useradd.8%{?ext_man}
|
||||
%{_mandir}/man8/userdel.8%{?ext_man}
|
||||
%{_mandir}/man8/usermod.8%{?ext_man}
|
||||
%{_mandir}/man8/vigr.8%{?ext_man}
|
||||
%{_mandir}/man8/vipw.8%{?ext_man}
|
||||
%{_mandir}/man5/subuid.5%{?ext_man}
|
||||
%{_mandir}/man5/subgid.5%{?ext_man}
|
||||
%{_mandir}/man1/newgidmap.1%{?ext_man}
|
||||
%{_mandir}/man1/newuidmap.1%{?ext_man}
|
||||
%{_mandir}/man1/getsubids.1%{?ext_man}
|
||||
|
||||
%{_unitdir}/*
|
||||
|
||||
%files -n login_defs
|
||||
%dir %{_sysconfdir}/login.defs.d
|
||||
%if %{defined no_config}
|
||||
%attr(0644,root,root) %{_distconfdir}/login.defs
|
||||
%else
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
|
||||
%endif
|
||||
%{_mandir}/man5/login.defs.5%{?ext_man}
|
||||
|
||||
%files -n libsubid5
|
||||
%{_libdir}/libsubid.so.*
|
||||
|
||||
%files -n libsubid-devel
|
||||
%dir %{_includedir}/shadow
|
||||
%{_includedir}/shadow/subid.h
|
||||
%{_libdir}/libsubid.so
|
||||
|
||||
%changelog
|
7
shadow.timer
Normal file
7
shadow.timer
Normal file
@ -0,0 +1,7 @@
|
||||
[Unit]
|
||||
Description=Daily verification of password and group files
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
AccuracySec=12h
|
||||
Persistent=true
|
13
useradd-default.patch
Normal file
13
useradd-default.patch
Normal file
@ -0,0 +1,13 @@
|
||||
Index: src/useradd.c
|
||||
===================================================================
|
||||
--- src/useradd.c.orig
|
||||
+++ src/useradd.c
|
||||
@@ -87,7 +87,7 @@ const char *Prog;
|
||||
/*
|
||||
* These defaults are used if there is no defaults file.
|
||||
*/
|
||||
-static gid_t def_group = 1000;
|
||||
+static gid_t def_group = 100;
|
||||
static const char *def_groups = "";
|
||||
static const char *def_gname = "other";
|
||||
static const char *def_home = "/home";
|
Loading…
Reference in New Issue
Block a user