Accepting request 139680 from home:kukuk
FATE#314473: Replace pwdutils with shadow utilities OBS-URL: https://build.opensuse.org/request/show/139680 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=1
This commit is contained in:
commit
37abeb5bf8
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.osc
|
62
README.changes-pwdutils
Normal file
62
README.changes-pwdutils
Normal file
@ -0,0 +1,62 @@
|
||||
This file lists changes between pwdutils used in the past and
|
||||
the shadow utils used now.
|
||||
|
||||
General changes:
|
||||
================
|
||||
- No support to modify LDAP accounts anymore (-D and --service option)
|
||||
- No -P/--path option
|
||||
- /etc/default/passwd was removed. The configure options are
|
||||
partly available in /etc/login.defs.
|
||||
|
||||
/etc/login.defs:
|
||||
----------------
|
||||
SYSTEM_UID_MIN/SYSTEM_UID_MAX were renamed to SYS_UID_MIN/SYS_UID_MAX
|
||||
SYSTEM_GID_MIN/SYSTEM_GID_MAX were renamed to SYS_GID_MIN/SYS_GID_MAX
|
||||
|
||||
chfn
|
||||
----
|
||||
-m/--other has changed to -o/--other
|
||||
-o/--office has changed to -r/--room.
|
||||
-p/--phone has changed to -w/--work-phone
|
||||
|
||||
chpasswd
|
||||
--------
|
||||
-c blowfish is now longer supported, instead SHA256 and SHA512 were added.
|
||||
|
||||
chsh
|
||||
----
|
||||
-l/--list-shells was removed.
|
||||
|
||||
gpasswd
|
||||
-------
|
||||
-l/-u option are missing
|
||||
|
||||
groupadd
|
||||
--------
|
||||
/usr/sbin/groupadd.local is missing
|
||||
--preferred-gid was removed
|
||||
|
||||
groupmod
|
||||
--------
|
||||
-A/--add-user was removed
|
||||
-R/--remove-user was removed
|
||||
|
||||
passwd
|
||||
------
|
||||
-f was dropped (use chfn instead)
|
||||
-g was dropped (use gpasswd instead)
|
||||
-s was dropped (use chsh instead)
|
||||
|
||||
useradd
|
||||
-------
|
||||
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
|
||||
-U/--umask was removed, -U has now another meaning
|
||||
--preferred-uid was removed
|
||||
|
||||
userdel
|
||||
-------
|
||||
-r/--remove-home was renamed to -r/--remove
|
||||
|
||||
usermod
|
||||
-------
|
||||
-e/--expire has changed to -e/--expiredate (incompatible arguments!)
|
91
chkname-regex.diff
Normal file
91
chkname-regex.diff
Normal file
@ -0,0 +1,91 @@
|
||||
--- lib/getdef.c
|
||||
+++ lib/getdef.c 2012/09/26 14:14:15
|
||||
@@ -51,6 +51,7 @@
|
||||
|
||||
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
|
||||
static struct itemdef def_table[] = {
|
||||
+ {"CHARACTER_CLASS", NULL},
|
||||
{"CHFN_RESTRICT", NULL},
|
||||
{"CONSOLE_GROUPS", NULL},
|
||||
{"CONSOLE", NULL},
|
||||
--- libmisc/chkname.c
|
||||
+++ libmisc/chkname.c 2012/09/27 12:32:18
|
||||
@@ -43,31 +43,55 @@
|
||||
#ident "$Id: chkname.c 2828 2009-04-28 19:14:05Z nekral-guest $"
|
||||
|
||||
#include <ctype.h>
|
||||
+#include <regex.h>
|
||||
#include "defines.h"
|
||||
#include "chkname.h"
|
||||
+#include "getdef.h"
|
||||
+#include <stdio.h>
|
||||
|
||||
static bool is_valid_name (const char *name)
|
||||
{
|
||||
- /*
|
||||
- * User/group names must match [a-z_][a-z0-9_-]*[$]
|
||||
- */
|
||||
- if (('\0' == *name) ||
|
||||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
|
||||
- return false;
|
||||
- }
|
||||
+ const char *class;
|
||||
+ regex_t reg;
|
||||
+ int result;
|
||||
+ char *buf;
|
||||
+
|
||||
+ /* User/group names must match [A-Za-z_][A-Za-z0-9_-.]*[A-Za-z0-9_-.$]?.
|
||||
+ This is the POSIX portable character class. The $ at the end is
|
||||
+ needed for SAMBA. But user can also specify something else in
|
||||
+ /etc/login.defs. */
|
||||
+ class = getdef_str ("CHARACTER_CLASS");
|
||||
+ if (!class)
|
||||
+ class = "[a-z_][a-z0-9_.-]*[a-z0-9_.$-]\\?";
|
||||
+
|
||||
+ if (asprintf (&buf, "^%s$", class) < 0)
|
||||
+ return -1;
|
||||
+
|
||||
+ memset (®, 0, sizeof (regex_t));
|
||||
+ result = regcomp (®, buf, 0);
|
||||
+ free (buf);
|
||||
+
|
||||
+ if (result)
|
||||
+ {
|
||||
+ size_t length = regerror (result, ®, NULL, 0);
|
||||
+ char *buffer = malloc (length);
|
||||
+ if (buffer == NULL)
|
||||
+ fputs ("running out of memory!\n", stderr);
|
||||
+
|
||||
+ /* else
|
||||
+ {
|
||||
+ regerror (result, ®, buffer, length);
|
||||
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
|
||||
+ buffer);
|
||||
+ } */
|
||||
|
||||
- while ('\0' != *++name) {
|
||||
- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
|
||||
- ( ('0' <= *name) && ('9' >= *name) ) ||
|
||||
- ('_' == *name) ||
|
||||
- ('-' == *name) ||
|
||||
- ( ('$' == *name) && ('\0' == *(name + 1)) )
|
||||
- )) {
|
||||
- return false;
|
||||
- }
|
||||
- }
|
||||
+ return false;
|
||||
+ }
|
||||
+
|
||||
+ if (regexec (®, name, 0, NULL, 0) != 0)
|
||||
+ return false;
|
||||
|
||||
- return true;
|
||||
+ return true;
|
||||
}
|
||||
|
||||
bool is_valid_user_name (const char *name)
|
||||
@@ -96,4 +120,3 @@
|
||||
|
||||
return is_valid_name (name);
|
||||
}
|
||||
-
|
3
pamd.tar.bz2
Normal file
3
pamd.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:51dc6651d0c5abcc777db007b1dadfb8a5a1f2d7985e3cb93a24de91753eb1b4
|
||||
size 577
|
3
shadow-4.1.5.1.tar.bz2
Normal file
3
shadow-4.1.5.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:aa32333748d68b58ed3a83625f0165e0f6b9dc4639e6377c9300c6bf4fe978fb
|
||||
size 2193325
|
338
shadow-login_defs.diff
Normal file
338
shadow-login_defs.diff
Normal file
@ -0,0 +1,338 @@
|
||||
--- etc/login.defs
|
||||
+++ etc/login.defs 2012/09/26 12:02:14
|
||||
@@ -1,8 +1,6 @@
|
||||
#
|
||||
# /etc/login.defs - Configuration control definitions for the shadow package.
|
||||
#
|
||||
-# $Id: login.defs 3189 2010-03-26 11:53:06Z nekral-guest $
|
||||
-#
|
||||
|
||||
#
|
||||
# Delay in seconds before being allowed another attempt after a login failure
|
||||
@@ -12,11 +10,6 @@
|
||||
FAIL_DELAY 3
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/faillog login failure info.
|
||||
-#
|
||||
-FAILLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable display of unknown usernames when login failures are recorded.
|
||||
#
|
||||
LOG_UNKFAIL_ENAB no
|
||||
@@ -27,34 +20,6 @@
|
||||
LOG_OK_LOGINS no
|
||||
|
||||
#
|
||||
-# Enable logging and display of /var/log/lastlog login time info.
|
||||
-#
|
||||
-LASTLOG_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable checking and display of mailbox status upon login.
|
||||
-#
|
||||
-# Disable if the shell startup files already check for mail
|
||||
-# ("mailx -e" or equivalent).
|
||||
-#
|
||||
-MAIL_CHECK_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable additional checks upon password changes.
|
||||
-#
|
||||
-OBSCURE_CHECKS_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable checking of time restrictions specified in /etc/porttime.
|
||||
-#
|
||||
-PORTTIME_CHECKS_ENAB yes
|
||||
-
|
||||
-#
|
||||
-# Enable setting of ulimit, umask, and niceness from passwd gecos field.
|
||||
-#
|
||||
-QUOTAS_ENAB yes
|
||||
-
|
||||
-#
|
||||
# Enable "syslog" logging of su activity - in addition to sulog file logging.
|
||||
# SYSLOG_SG_ENAB does the same for newgrp and sg.
|
||||
#
|
||||
@@ -82,75 +47,31 @@
|
||||
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
|
||||
|
||||
#
|
||||
-# If defined, this file will be output before each login prompt.
|
||||
-#
|
||||
-#ISSUE_FILE /etc/issue
|
||||
-
|
||||
-#
|
||||
# If defined, file which maps tty line to TERM environment parameter.
|
||||
# Each line of the file is in a format something like "vt100 tty01".
|
||||
#
|
||||
#TTYTYPE_FILE /etc/ttytype
|
||||
|
||||
#
|
||||
-# If defined, login failures will be logged here in a utmp format.
|
||||
-# last, when invoked as lastb, will read /var/log/btmp, so...
|
||||
-#
|
||||
-FTMP_FILE /var/log/btmp
|
||||
-
|
||||
-#
|
||||
-# If defined, name of file whose presence which will inhibit non-root
|
||||
-# logins. The contents of this file should be a message indicating
|
||||
-# why logins are inhibited.
|
||||
-#
|
||||
-NOLOGINS_FILE /etc/nologin
|
||||
-
|
||||
-#
|
||||
-# If defined, the command name to display when running "su -". For
|
||||
-# example, if this is defined as "su" then a "ps" will display the
|
||||
-# command is "-su". If not defined, then "ps" would display the
|
||||
-# name of the shell actually being run, e.g. something like "-sh".
|
||||
-#
|
||||
-SU_NAME su
|
||||
-
|
||||
-#
|
||||
-# *REQUIRED*
|
||||
-# Directory where mailboxes reside, _or_ name of file, relative to the
|
||||
-# home directory. If you _do_ define both, MAIL_DIR takes precedence.
|
||||
-#
|
||||
-MAIL_DIR /var/spool/mail
|
||||
-#MAIL_FILE .mail
|
||||
-
|
||||
-#
|
||||
# If defined, file which inhibits all the usual chatter during the login
|
||||
# sequence. If a full pathname, then hushed mode will be enabled if the
|
||||
# user's name or shell are found in the file. If not a full pathname, then
|
||||
# hushed mode will be enabled if the file exists in the user's home directory.
|
||||
#
|
||||
-HUSHLOGIN_FILE .hushlogin
|
||||
-#HUSHLOGIN_FILE /etc/hushlogins
|
||||
-
|
||||
-#
|
||||
-# If defined, either a TZ environment parameter spec or the
|
||||
-# fully-rooted pathname of a file containing such a spec.
|
||||
-#
|
||||
-#ENV_TZ TZ=CST6CDT
|
||||
-#ENV_TZ /etc/tzname
|
||||
-
|
||||
-#
|
||||
-# If defined, an HZ environment parameter spec.
|
||||
-#
|
||||
-# for Linux/x86
|
||||
-ENV_HZ HZ=100
|
||||
-# For Linux/Alpha...
|
||||
-#ENV_HZ HZ=1024
|
||||
+#HUSHLOGIN_FILE .hushlogin
|
||||
+HUSHLOGIN_FILE /etc/hushlogins
|
||||
|
||||
#
|
||||
# *REQUIRED* The default PATH settings, for superuser and normal users.
|
||||
#
|
||||
# (they are minimal, add the rest in the shell startup files)
|
||||
ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
|
||||
-ENV_PATH PATH=/bin:/usr/bin
|
||||
+ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin
|
||||
+
|
||||
+#
|
||||
+# The default PATH settings for root (used by login):
|
||||
+#
|
||||
+ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
#
|
||||
# Terminal permissions
|
||||
@@ -164,24 +85,20 @@
|
||||
# TTYPERM to either 622 or 600.
|
||||
#
|
||||
TTYGROUP tty
|
||||
-TTYPERM 0600
|
||||
+TTYPERM 0620
|
||||
|
||||
#
|
||||
# Login configuration initializations:
|
||||
#
|
||||
# ERASECHAR Terminal ERASE character ('\010' = backspace).
|
||||
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
|
||||
-# ULIMIT Default "ulimit" value.
|
||||
#
|
||||
# The ERASECHAR and KILLCHAR are used only on System V machines.
|
||||
-# The ULIMIT is used only if the system supports it.
|
||||
-# (now it works with setrlimit too; ulimit is in 512-byte units)
|
||||
#
|
||||
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
|
||||
#
|
||||
ERASECHAR 0177
|
||||
KILLCHAR 025
|
||||
-#ULIMIT 2097152
|
||||
|
||||
# Default initial "umask" value used by login on non-PAM enabled systems.
|
||||
# Default "umask" value for pam_umask on PAM enabled systems.
|
||||
@@ -206,40 +123,37 @@
|
||||
PASS_WARN_AGE 7
|
||||
|
||||
#
|
||||
-# If "yes", the user must be listed as a member of the first gid 0 group
|
||||
-# in /etc/group (called "root" on most Linux systems) to be able to "su"
|
||||
-# to uid 0 accounts. If the group doesn't exist or is empty, no one
|
||||
-# will be able to "su" to uid 0.
|
||||
-#
|
||||
-SU_WHEEL_ONLY no
|
||||
-
|
||||
-#
|
||||
-# If compiled with cracklib support, where are the dictionaries
|
||||
-#
|
||||
-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
|
||||
-
|
||||
-#
|
||||
# Min/max values for automatic uid selection in useradd
|
||||
#
|
||||
+# SYS_UID_MIN to SYS_UID_MAX inclusive is the range for
|
||||
+# UIDs for dynamically allocated administrative and system accounts.
|
||||
+# UID_MIN to UID_MAX inclusive is the range of UIDs of dynamically
|
||||
+# allocated user accounts.
|
||||
+#
|
||||
UID_MIN 1000
|
||||
UID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_UID_MIN 101
|
||||
-SYS_UID_MAX 999
|
||||
+SYS_UID_MIN 100
|
||||
+SYS_UID_MAX 499
|
||||
|
||||
#
|
||||
# Min/max values for automatic gid selection in groupadd
|
||||
#
|
||||
+# SYS_GID_MIN to SYS_GID_MAX inclusive is the range for
|
||||
+# GIDs for dynamically allocated administrative and system groups.
|
||||
+# GID_MIN to GID_MAX inclusive is the range of GIDs of dynamically
|
||||
+# allocated groups.
|
||||
+#
|
||||
GID_MIN 1000
|
||||
GID_MAX 60000
|
||||
# System accounts
|
||||
-SYS_GID_MIN 101
|
||||
-SYS_GID_MAX 999
|
||||
+SYS_GID_MIN 100
|
||||
+SYS_GID_MAX 499
|
||||
|
||||
#
|
||||
# Max number of login retries if password is bad
|
||||
#
|
||||
-LOGIN_RETRIES 5
|
||||
+LOGIN_RETRIES 3
|
||||
|
||||
#
|
||||
# Max time in seconds for login
|
||||
@@ -247,28 +161,6 @@
|
||||
LOGIN_TIMEOUT 60
|
||||
|
||||
#
|
||||
-# Maximum number of attempts to change password if rejected (too easy)
|
||||
-#
|
||||
-PASS_CHANGE_TRIES 5
|
||||
-
|
||||
-#
|
||||
-# Warn about weak passwords (but still allow them) if you are root.
|
||||
-#
|
||||
-PASS_ALWAYS_WARN yes
|
||||
-
|
||||
-#
|
||||
-# Number of significant characters in the password for crypt().
|
||||
-# Default is 8, don't change unless your crypt() is better.
|
||||
-# Ignored if MD5_CRYPT_ENAB set to "yes".
|
||||
-#
|
||||
-#PASS_MAX_LEN 8
|
||||
-
|
||||
-#
|
||||
-# Require password before chfn/chsh can make any changes.
|
||||
-#
|
||||
-CHFN_AUTH yes
|
||||
-
|
||||
-#
|
||||
# Which fields may be changed by regular users using chfn - use
|
||||
# any combination of letters "frwh" (full name, room number, work
|
||||
# phone, home phone). If not defined, no changes are allowed.
|
||||
@@ -277,13 +169,6 @@
|
||||
CHFN_RESTRICT rwh
|
||||
|
||||
#
|
||||
-# Password prompt (%s will be replaced by user name).
|
||||
-#
|
||||
-# XXX - it doesn't work correctly yet, for now leave it commented out
|
||||
-# to use the default which is just "Password: ".
|
||||
-#LOGIN_STRING "%s's Password: "
|
||||
-
|
||||
-#
|
||||
# Only works if compiled with MD5_CRYPT defined:
|
||||
# If set to "yes", new passwords will be encrypted using the MD5-based
|
||||
# algorithm compatible with the one used by recent releases of FreeBSD.
|
||||
@@ -345,16 +230,12 @@
|
||||
DEFAULT_HOME yes
|
||||
|
||||
#
|
||||
-# If this file exists and is readable, login environment will be
|
||||
-# read from it. Every line should be in the form name=value.
|
||||
-#
|
||||
-ENVIRON_FILE /etc/environment
|
||||
-
|
||||
-#
|
||||
# If defined, this command is run when removing a user.
|
||||
# It should remove any at/cron/print jobs etc. owned by
|
||||
# the user to be removed (passed as the first argument).
|
||||
#
|
||||
+# See USERDEL_PRECMD/POSTCMD below.
|
||||
+#
|
||||
#USERDEL_CMD /usr/sbin/userdel_local
|
||||
|
||||
#
|
||||
@@ -364,7 +245,7 @@
|
||||
#
|
||||
# This also enables userdel to remove user groups if no members exist.
|
||||
#
|
||||
-USERGROUPS_ENAB yes
|
||||
+USERGROUPS_ENAB no
|
||||
|
||||
#
|
||||
# If set to a non-nul number, the shadow utilities will make sure that
|
||||
@@ -383,5 +264,41 @@
|
||||
# This option is overridden with the -M or -m flags on the useradd command
|
||||
# line.
|
||||
#
|
||||
-#CREATE_HOME yes
|
||||
+CREATE_HOME no
|
||||
+
|
||||
+#
|
||||
+# User/group names must match the following regex expression.
|
||||
+# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?,
|
||||
+# but be aware that the result could depend on the locale settings.
|
||||
+#
|
||||
+#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?
|
||||
+CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\?
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run when adding a group.
|
||||
+# It should rebuild any NIS database etc. to add the
|
||||
+# new created group.
|
||||
+#
|
||||
+GROUPADD_CMD /usr/sbin/groupadd.local
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run when adding a user.
|
||||
+# It should rebuild any NIS database etc. to add the
|
||||
+# new created account.
|
||||
+#
|
||||
+USERADD_CMD /usr/sbin/useradd.local
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run before removing a user.
|
||||
+# It should remove any at/cron/print jobs etc. owned by
|
||||
+# the user to be removed.
|
||||
+#
|
||||
+USERDEL_PRECMD /usr/sbin/userdel-pre.local
|
||||
+
|
||||
+#
|
||||
+# If defined, this command is run after removing a user.
|
||||
+# It should rebuild any NIS database etc. to remove the
|
||||
+# account from it.
|
||||
+#
|
||||
+USERDEL_POSTCMD /usr/sbin/userdel-post.local
|
||||
|
25
shadow.changes
Normal file
25
shadow.changes
Normal file
@ -0,0 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 27 15:20:44 CEST 2012 - kukuk@suse.de
|
||||
|
||||
- Implement CHARACTER_CLASS support
|
||||
(chkname-regex.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 26 15:20:06 CEST 2012 - kukuk@suse.de
|
||||
|
||||
- Add support for useradd.local
|
||||
(useradd-script.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 25 16:22:18 CEST 2012 - kukuk@suse.de
|
||||
|
||||
- Fix spec file
|
||||
- Adjust login.defs
|
||||
(shadow-login_defs.diff)
|
||||
- Add userdel*.local script support and scrips
|
||||
(userdel-scripts.diff)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 24 16:04:03 CEST 2012 - kukuk@suse.de
|
||||
|
||||
- Initial package [FATE#314473]
|
242
shadow.spec
Normal file
242
shadow.spec
Normal file
@ -0,0 +1,242 @@
|
||||
#
|
||||
# spec file for package shadow-utils
|
||||
#
|
||||
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
Summary: Utilities to Manage User and Group Accounts
|
||||
Name: shadow
|
||||
Version: 4.1.5.1
|
||||
Release: 1
|
||||
License: BSD-3-Clause ; GPL-2.0+
|
||||
Group: System/Base
|
||||
Url: http://pkg-shadow.alioth.debian.org/
|
||||
Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
|
||||
Source1: pamd.tar.bz2
|
||||
Source2: README.changes-pwdutils
|
||||
Source3: useradd.local
|
||||
Source4: userdel-pre.local
|
||||
Source5: userdel-post.local
|
||||
Patch: shadow-login_defs.diff
|
||||
Patch1: userdel-scripts.diff
|
||||
Patch2: useradd-script.diff
|
||||
Patch3: chkname-regex.diff
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: libacl-devel libattr-devel
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: permissions
|
||||
Provides: pwdutils = 3.2.20
|
||||
Obsoletes: pwdutils <= 3.2.19
|
||||
|
||||
%description
|
||||
This package includes the necessary programs for converting plain
|
||||
password files to the shadow password format and to manage user and
|
||||
group accounts.
|
||||
|
||||
%prep
|
||||
%setup -q -a 1
|
||||
%patch -p0
|
||||
%patch1 -p0
|
||||
%patch2 -p0
|
||||
%patch3 -p0
|
||||
|
||||
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
|
||||
mv -v doc/HOWTO.utf8 doc/HOWTO
|
||||
|
||||
%build
|
||||
export CFLAGS="$RPM_OPT_FLAGS -fpie"
|
||||
export LDFLAGS="-pie"
|
||||
|
||||
%configure \
|
||||
--disable-shadowgrp \
|
||||
--enable-account-tools-setuid \
|
||||
--with-audit \
|
||||
--with-libpam \
|
||||
--with-sha-crypt \
|
||||
--with-acl \
|
||||
--with-attr \
|
||||
--with-nscd \
|
||||
--with-selinux \
|
||||
--without-libcrack \
|
||||
--disable-shared \
|
||||
--with-group-name-max-length=32
|
||||
make
|
||||
|
||||
%install
|
||||
cp %SOURCE2 .
|
||||
make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
|
||||
|
||||
# install useradd.local, userdel.local, ...
|
||||
install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/
|
||||
install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/
|
||||
install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/
|
||||
|
||||
|
||||
# Remove binaries we don't use.
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/groups
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/groups.*
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/grpconv
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/grpconv.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/grpconv.*
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/grpunconv
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/grpunconv.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/grpunconv.*
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/groupmems
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/groupmems.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/groupmems.*
|
||||
rm $RPM_BUILD_ROOT/etc/pam.d/groupmems
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/login
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/login.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/login.*
|
||||
rm $RPM_BUILD_ROOT/etc/pam.d/login
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/su
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
|
||||
rm $RPM_BUILD_ROOT/etc/pam.d/su
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_bindir}/faillog
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.*
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
|
||||
rm $RPM_BUILD_ROOT/etc/pam.d/chgpasswd
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/gshadow.5*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/gshadow.5*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.5*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.5*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/man5/shadow.5*
|
||||
rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/shadow.5*
|
||||
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??}
|
||||
|
||||
%find_lang shadow
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%post
|
||||
%set_permissions /usr/bin/chage
|
||||
%set_permissions /usr/bin/chfn
|
||||
%set_permissions /usr/bin/chsh
|
||||
%set_permissions /usr/bin/expiry
|
||||
%set_permissions /usr/bin/gpasswd
|
||||
%set_permissions /usr/bin/newgrp
|
||||
%set_permissions /usr/bin/passwd
|
||||
|
||||
%verifyscript
|
||||
%verify_permissions /usr/bin/chage
|
||||
%verify_permissions /usr/bin/chfn
|
||||
%verify_permissions /usr/bin/chsh
|
||||
%verify_permissions /usr/bin/expiry
|
||||
%verify_permissions /usr/bin/gpasswd
|
||||
%verify_permissions /usr/bin/newgrp
|
||||
%verify_permissions /usr/bin/passwd
|
||||
|
||||
%files -f shadow.lang
|
||||
%defattr(-,root,root)
|
||||
%doc NEWS doc/HOWTO README README.changes-pwdutils
|
||||
%attr(0644,root,root) %config %{_sysconfdir}/login.defs
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
|
||||
%config /etc/pam.d/chage
|
||||
%config /etc/pam.d/chfn
|
||||
%config /etc/pam.d/chsh
|
||||
%config /etc/pam.d/passwd
|
||||
%config /etc/pam.d/useradd
|
||||
%config /etc/pam.d/chpasswd
|
||||
%config /etc/pam.d/groupadd
|
||||
%config /etc/pam.d/groupdel
|
||||
%config /etc/pam.d/groupmod
|
||||
%config /etc/pam.d/newusers
|
||||
%config /etc/pam.d/useradd
|
||||
%config /etc/pam.d/userdel
|
||||
%config /etc/pam.d/usermod
|
||||
%attr(4755,root,shadow) %{_bindir}/chage
|
||||
%attr(4755,root,shadow) %{_bindir}/chfn
|
||||
%attr(4755,root,shadow) %{_bindir}/chsh
|
||||
%attr(4755,root,shadow) %{_bindir}/expiry
|
||||
%attr(4755,root,shadow) %{_bindir}/gpasswd
|
||||
%{_bindir}/lastlog
|
||||
%attr(4755,root,root) %{_bindir}/newgrp
|
||||
%attr(4755,root,shadow) %{_bindir}/passwd
|
||||
%{_bindir}/sg
|
||||
%{_sbindir}/groupadd
|
||||
%{_sbindir}/groupdel
|
||||
%{_sbindir}/groupmod
|
||||
%{_sbindir}/grpck
|
||||
%{_sbindir}/pwck
|
||||
%{_sbindir}/useradd
|
||||
%{_sbindir}/userdel
|
||||
%{_sbindir}/usermod
|
||||
%{_sbindir}/pwconv
|
||||
%{_sbindir}/pwunconv
|
||||
%{_sbindir}/chpasswd
|
||||
%{_sbindir}/newusers
|
||||
%{_sbindir}/vipw
|
||||
%{_sbindir}/vigr
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-pre.local
|
||||
%verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-post.local
|
||||
%{_mandir}/man1/chage.1*
|
||||
%{_mandir}/man1/chfn.1*
|
||||
%{_mandir}/man1/chsh.1*
|
||||
%{_mandir}/man1/expiry.1*
|
||||
%{_mandir}/man1/gpasswd.1*
|
||||
%{_mandir}/man1/newgrp.1*
|
||||
%{_mandir}/man1/passwd.1*
|
||||
%{_mandir}/man1/sg.1*
|
||||
%{_mandir}/man3/shadow.3*
|
||||
%{_mandir}/man5/login.defs.5*
|
||||
%{_mandir}/man8/chpasswd.8*
|
||||
%{_mandir}/man8/groupadd.8*
|
||||
%{_mandir}/man8/groupdel.8*
|
||||
%{_mandir}/man8/groupmod.8*
|
||||
%{_mandir}/man8/grpck.8*
|
||||
%{_mandir}/man8/lastlog.8*
|
||||
%{_mandir}/man8/newusers.8*
|
||||
%{_mandir}/man8/pwck.8*
|
||||
%{_mandir}/man8/pwconv.8*
|
||||
%{_mandir}/man8/pwunconv.8*
|
||||
%{_mandir}/man8/useradd.8*
|
||||
%{_mandir}/man8/userdel.8*
|
||||
%{_mandir}/man8/usermod.8*
|
||||
%{_mandir}/man8/vigr.8*
|
||||
%{_mandir}/man8/vipw.8*
|
||||
|
||||
%changelog
|
42
useradd-script.diff
Normal file
42
useradd-script.diff
Normal file
@ -0,0 +1,42 @@
|
||||
--- src/useradd.c
|
||||
+++ src/useradd.c 2012/09/26 13:06:50
|
||||
@@ -1845,6 +1845,30 @@
|
||||
}
|
||||
|
||||
/*
|
||||
+ * call_script - call a script to do some work
|
||||
+ *
|
||||
+ * call_script calls a script for additional changes to the
|
||||
+ * account.
|
||||
+ */
|
||||
+
|
||||
+static void call_script (const char *user)
|
||||
+{
|
||||
+ const char *cmd;
|
||||
+ const char *argv[3];
|
||||
+ int status;
|
||||
+
|
||||
+ cmd = getdef_str ("USERADD_CMD");
|
||||
+ if (NULL == cmd) {
|
||||
+ return;
|
||||
+ }
|
||||
+ argv[0] = cmd;
|
||||
+ argv[1] = user;
|
||||
+ argv[2] = (char *)0;
|
||||
+ (void) run_command (cmd, argv, NULL, &status);
|
||||
+}
|
||||
+
|
||||
+
|
||||
+/*
|
||||
* main - useradd command
|
||||
*/
|
||||
int main (int argc, char **argv)
|
||||
@@ -2076,6 +2100,7 @@
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
|
||||
+ call_script (user_name);
|
||||
+
|
||||
return E_SUCCESS;
|
||||
}
|
||||
-
|
44
useradd.local
Normal file
44
useradd.local
Normal file
@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user who
|
||||
# was new created.
|
||||
#
|
||||
# When you create a user with useradd, this script will be called
|
||||
# with the login name as parameter. Optional, UID, GID and the HOME
|
||||
# directory are added.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username [uid gid home]
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# -lt 1 -o $# -gt 4 ]; then
|
||||
echo Usage: $0 username [uid gid home]
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Update NIS database
|
||||
# make -C /var/yp
|
||||
|
||||
# If SELinux is enabled, we have to run restorecon to assign
|
||||
# appropriate fcontexts to the respective $HOME and files under it
|
||||
if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
|
||||
test -x /sbin/restorecon || exit 2
|
||||
|
||||
if [ $# -lt 4 ]; then
|
||||
home_dir=/home/$1
|
||||
else
|
||||
home_dir=$4
|
||||
fi
|
||||
|
||||
if [ -d $home_dir ]; then
|
||||
/sbin/restorecon -R $home_dir
|
||||
fi
|
||||
fi
|
||||
|
||||
# All done.
|
||||
exit 0
|
29
userdel-post.local
Normal file
29
userdel-post.local
Normal file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user
|
||||
# which we deleted.
|
||||
#
|
||||
# If you delete a user with userdel, this script will be called
|
||||
# with the login name as parameter after the account and optional
|
||||
# home directory was removed from the system.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username uid gid home
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# != 1 ]; then
|
||||
echo Usage: $0 username
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Rebuild NIS database to remove the account from it.
|
||||
# make -C /var/yp
|
||||
|
||||
# All done.
|
||||
exit 0
|
||||
|
28
userdel-pre.local
Normal file
28
userdel-pre.local
Normal file
@ -0,0 +1,28 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Here you can add your own stuff, that should be done for every user
|
||||
# who will be deleted.
|
||||
#
|
||||
# When you delete a user with userdel, this script will be called
|
||||
# with the login name as parameter before any other action is done.
|
||||
#
|
||||
|
||||
case "$1" in
|
||||
--help|--version)
|
||||
echo Usage: $0 username uid gid home
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
# Check for the required argument.
|
||||
if [ $# != 1 ]; then
|
||||
echo Usage: $0 username
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Remove cron jobs
|
||||
test -x /usr/bin/crontab && /usr/bin/crontab -r -u $1
|
||||
|
||||
# All done.
|
||||
exit 0
|
||||
|
50
userdel-scripts.diff
Normal file
50
userdel-scripts.diff
Normal file
@ -0,0 +1,50 @@
|
||||
--- src/userdel.c
|
||||
+++ src/userdel.c 2012/09/25 13:46:38
|
||||
@@ -635,13 +635,13 @@
|
||||
* cron, at, or print jobs.
|
||||
*/
|
||||
|
||||
-static void user_cancel (const char *user)
|
||||
+static void call_script (const char *program, const char *user)
|
||||
{
|
||||
const char *cmd;
|
||||
const char *argv[3];
|
||||
int status;
|
||||
|
||||
- cmd = getdef_str ("USERDEL_CMD");
|
||||
+ cmd = getdef_str (program);
|
||||
if (NULL == cmd) {
|
||||
return;
|
||||
}
|
||||
@@ -1032,9 +1032,10 @@
|
||||
}
|
||||
|
||||
/*
|
||||
- * Do the hard stuff - open the files, create the user entries,
|
||||
- * create the home directory, then close and update the files.
|
||||
+ * Do the hard stuff - open the files, remove the user entries,
|
||||
+ * remove the home directory, then close and update the files.
|
||||
*/
|
||||
+ call_script ("USERDEL_PRECMD", user_name);
|
||||
open_files ();
|
||||
update_user ();
|
||||
update_groups ();
|
||||
@@ -1137,7 +1138,7 @@
|
||||
* Cancel any crontabs or at jobs. Have to do this before we remove
|
||||
* the entry from /etc/passwd.
|
||||
*/
|
||||
- user_cancel (user_name);
|
||||
+ call_script ("USERDEL_CMD", user_name);
|
||||
close_files ();
|
||||
|
||||
#ifdef WITH_TCB
|
||||
@@ -1147,6 +1148,8 @@
|
||||
nscd_flush_cache ("passwd");
|
||||
nscd_flush_cache ("group");
|
||||
|
||||
+ /* Call the post script, for example to rebuild NIS database */
|
||||
+ call_script ("USERDEL_POSTCMD", user_name);
|
||||
+
|
||||
return ((0 != errors) ? E_HOMEDIR : E_SUCCESS);
|
||||
}
|
||||
-
|
Loading…
Reference in New Issue
Block a user