diff options
author | Donnie Berkholz <dberkholz@gentoo.org> | 2006-09-02 00:20:34 -0700 |
---|---|---|
committer | Donnie Berkholz <donnie@comet.(none)> | 2006-09-02 00:20:34 -0700 |
commit | 38fd15d11765396ec95bb093dde0d46786a530bc (patch) | |
tree | 1389310325e20869a3f7b9f530940f88d6b8641a /sys-apps | |
parent | xsri: keyword ~ppc (diff) | |
download | dberkholz-38fd15d11765396ec95bb093dde0d46786a530bc.tar.gz dberkholz-38fd15d11765396ec95bb093dde0d46786a530bc.tar.bz2 dberkholz-38fd15d11765396ec95bb093dde0d46786a530bc.zip |
shadow: install /etc/default/useradd world-readable for libuser
Diffstat (limited to 'sys-apps')
56 files changed, 1656 insertions, 0 deletions
diff --git a/sys-apps/shadow/CVS/Entries b/sys-apps/shadow/CVS/Entries new file mode 100644 index 0000000..9cf4f56 --- /dev/null +++ b/sys-apps/shadow/CVS/Entries @@ -0,0 +1,9 @@ +/metadata.xml/1.3/Tue Dec 9 17:55:34 2003// +D/files//// +/shadow-4.0.15-r2.ebuild/1.11/Tue Jul 18 22:11:05 2006// +/shadow-4.0.16-r2.ebuild/1.1/Thu Jul 6 01:31:15 2006// +/shadow-4.0.17.ebuild/1.2/Sat Jul 15 04:55:12 2006// +/shadow-4.0.17-r1.ebuild/1.3/Mon Jul 31 18:21:11 2006// +/ChangeLog/1.159/Mon Aug 21 04:42:50 2006// +/Manifest/1.268/Mon Aug 21 04:42:50 2006// +/shadow-4.0.18.1.ebuild/1.1/Fri Aug 4 13:14:04 2006// diff --git a/sys-apps/shadow/CVS/Repository b/sys-apps/shadow/CVS/Repository new file mode 100644 index 0000000..e38733e --- /dev/null +++ b/sys-apps/shadow/CVS/Repository @@ -0,0 +1 @@ +gentoo-x86/sys-apps/shadow diff --git a/sys-apps/shadow/CVS/Root b/sys-apps/shadow/CVS/Root new file mode 100644 index 0000000..3295473 --- /dev/null +++ b/sys-apps/shadow/CVS/Root @@ -0,0 +1 @@ +dberkholz@cvs.gentoo.org:/var/cvsroot diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest new file mode 100644 index 0000000..2ad99c7 --- /dev/null +++ b/sys-apps/shadow/Manifest @@ -0,0 +1,156 @@ +AUX default/useradd 96 RMD160 55c38953c800c6aae1ebe4312028560f77e7414f SHA1 348916abd4f794ee99310e1c006fbf00296ea2d7 SHA256 31aa2cbe4a34a9f7d4d134c1fecd007c9bbf4d40e19d0dcddbcd396f1853b490 +MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 +RMD160 55c38953c800c6aae1ebe4312028560f77e7414f files/default/useradd 96 +SHA256 31aa2cbe4a34a9f7d4d134c1fecd007c9bbf4d40e19d0dcddbcd396f1853b490 files/default/useradd 96 +AUX login.defs 6254 RMD160 1daa093f13d56126833e6e97d6dd60498a68304a SHA1 0cb67ea901d9544f1bb6f8f147aa25bb2f50628e SHA256 b7bfd7b1c34ce3d35865b572abc69d278dea4eef4f349c26b238735547c4ac22 +MD5 b1efe75ceba3c645eaab09c580809342 files/login.defs 6254 +RMD160 1daa093f13d56126833e6e97d6dd60498a68304a files/login.defs 6254 +SHA256 b7bfd7b1c34ce3d35865b572abc69d278dea4eef4f349c26b238735547c4ac22 files/login.defs 6254 +AUX login.pamd 1019 RMD160 062e018d7c0e6c3b9963f695051322f762809edc SHA1 9d7d986a0e89efab8454c6528722e6e0d2ad5cb2 SHA256 4d1844dbfc9292ae82789c26767190b6ca2cad0f77a55fee86dbf292444762e0 +MD5 e01e197ed3b6d2ec6ae83d23b33088b8 files/login.pamd 1019 +RMD160 062e018d7c0e6c3b9963f695051322f762809edc files/login.pamd 1019 +SHA256 4d1844dbfc9292ae82789c26767190b6ca2cad0f77a55fee86dbf292444762e0 files/login.pamd 1019 +AUX login_defs.awk 738 RMD160 4c05e7ab04b1b630bba093fdb2c2501c11a2d5be SHA1 74a28544ec0de8dbc530846c54af763f8ebc9f18 SHA256 6ceb9e03c2f7df817f3162de48886c9c66a596cb2af98fbf523c93e26840113b +MD5 372a33c569b7078d247058c7dab1cae2 files/login_defs.awk 738 +RMD160 4c05e7ab04b1b630bba093fdb2c2501c11a2d5be files/login_defs.awk 738 +SHA256 6ceb9e03c2f7df817f3162de48886c9c66a596cb2af98fbf523c93e26840113b files/login_defs.awk 738 +AUX pam.d-include/login 245 RMD160 100e5514b65603d1fa0001cc0dce5dd2caaf232f SHA1 12c3524fe5565c722adffef58804b18bdaa1f411 SHA256 39bbe2ed696a22c7549a39a7cfd47c16e347e5af4fd71b8c01ec87fce59ba0a0 +MD5 4b7d75b12f1bea9f349dff4c48c18b8b files/pam.d-include/login 245 +RMD160 100e5514b65603d1fa0001cc0dce5dd2caaf232f files/pam.d-include/login 245 +SHA256 39bbe2ed696a22c7549a39a7cfd47c16e347e5af4fd71b8c01ec87fce59ba0a0 files/pam.d-include/login 245 +AUX pam.d-include/other 142 RMD160 ccd73af37364c1c7edbe9150255fd0bcf8b12b09 SHA1 e038542a11ff3da16756518f236b6d273da1d08d SHA256 5e05df2743ec0021364b05f4bbe2e5a3a670abb5af845c3fa760731e5b7272ca +MD5 5bff4f2134b72dabc4afa5bb296e874d files/pam.d-include/other 142 +RMD160 ccd73af37364c1c7edbe9150255fd0bcf8b12b09 files/pam.d-include/other 142 +SHA256 5e05df2743ec0021364b05f4bbe2e5a3a670abb5af845c3fa760731e5b7272ca files/pam.d-include/other 142 +AUX pam.d-include/passwd 104 RMD160 15f20c39c10b3ebd53d9ef41da3e35e84b37a8ca SHA1 11cfabf1c2620c8485a2dcd6b10fef0739adc3f0 SHA256 7ec450d9ca70382a524aacd42c979969aca21ef4d26433026d35bda398d3361c +MD5 5df27e06de913de76e24790642eecfd2 files/pam.d-include/passwd 104 +RMD160 15f20c39c10b3ebd53d9ef41da3e35e84b37a8ca files/pam.d-include/passwd 104 +SHA256 7ec450d9ca70382a524aacd42c979969aca21ef4d26433026d35bda398d3361c files/pam.d-include/passwd 104 +AUX pam.d-include/shadow 152 RMD160 7d411afa672ae0fc5bac7d2d72f818e991957f63 SHA1 545a8a22af457ef71bec657a2e3bff0500352a4b SHA256 7fc1ccca85d2b1ac4dad9909792453c8d26e9aeab48c620d861a92b9355ac69f +MD5 50d7c96eab701fd6ddbf4b283e493b4c files/pam.d-include/shadow 152 +RMD160 7d411afa672ae0fc5bac7d2d72f818e991957f63 files/pam.d-include/shadow 152 +SHA256 7fc1ccca85d2b1ac4dad9909792453c8d26e9aeab48c620d861a92b9355ac69f files/pam.d-include/shadow 152 +AUX pam.d-include/su 1059 RMD160 6829acf0231c9e89a513425a24fba2d7238e34d7 SHA1 f1fd36489612b3453239db85eef8ec04a55c5f19 SHA256 63a6a6fb6194f4dff8fdd16214a563242a4ea6cb682f49af337378dfddaf2962 +MD5 97b4f01b65fd3b8caa8983489e9b6848 files/pam.d-include/su 1059 +RMD160 6829acf0231c9e89a513425a24fba2d7238e34d7 files/pam.d-include/su 1059 +SHA256 63a6a6fb6194f4dff8fdd16214a563242a4ea6cb682f49af337378dfddaf2962 files/pam.d-include/su 1059 +AUX pam.d-include/su-openpam 249 RMD160 f89c58a177c15c8c6b515280c1c3e4a843eba191 SHA1 d4e2fad078873b09b1123cd45f1e19b6af41c982 SHA256 8d26b735b1b5aa598fc29a88a2d52eeed587210dd1dbd3180ef9bb440a3375b7 +MD5 e3a7d5b7abee1ba6e7f09ee607da87ba files/pam.d-include/su-openpam 249 +RMD160 f89c58a177c15c8c6b515280c1c3e4a843eba191 files/pam.d-include/su-openpam 249 +SHA256 8d26b735b1b5aa598fc29a88a2d52eeed587210dd1dbd3180ef9bb440a3375b7 files/pam.d-include/su-openpam 249 +AUX pam.d-include/system-auth 380 RMD160 21b5e82097a1d0bef37b40a56f47c6bdbcc6c7b2 SHA1 f8416f974e41156e7990bcbdfde1c6554088f106 SHA256 704c07b9bab8201d55d80970e5a086ea35d93d62969aeb27ee9ebef85a029ed9 +MD5 caa5f36d54cb7a75ce5728f7f1badafb files/pam.d-include/system-auth 380 +RMD160 21b5e82097a1d0bef37b40a56f47c6bdbcc6c7b2 files/pam.d-include/system-auth 380 +SHA256 704c07b9bab8201d55d80970e5a086ea35d93d62969aeb27ee9ebef85a029ed9 files/pam.d-include/system-auth 380 +AUX pam.d-include/system-auth-1.1 365 RMD160 28d216f6542554bf175a43a8763827831009224d SHA1 91af0856563242ca34c6f49ee57d90c8a9e6a0f8 SHA256 e073f573c88515cf38fb22faa26ccf87d55d34e6d460d28ad25682958de4c13e +MD5 33d9efd092b6999143ea42c99a59bfb1 files/pam.d-include/system-auth-1.1 365 +RMD160 28d216f6542554bf175a43a8763827831009224d files/pam.d-include/system-auth-1.1 365 +SHA256 e073f573c88515cf38fb22faa26ccf87d55d34e6d460d28ad25682958de4c13e files/pam.d-include/system-auth-1.1 365 +AUX pam.d/login 333 RMD160 8ace0beb3722c58397794265c09648d37eb217a1 SHA1 e57eee17d985274363941047c9eaea54d23e74be SHA256 7c678613cadb447e882c24fa491a4fd5d01d9345e5b7f115663fbe779c7535b9 +MD5 987d0bd2e5dd1f96dc28ae2963054022 files/pam.d/login 333 +RMD160 8ace0beb3722c58397794265c09648d37eb217a1 files/pam.d/login 333 +SHA256 7c678613cadb447e882c24fa491a4fd5d01d9345e5b7f115663fbe779c7535b9 files/pam.d/login 333 +AUX pam.d/other 142 RMD160 ccd73af37364c1c7edbe9150255fd0bcf8b12b09 SHA1 e038542a11ff3da16756518f236b6d273da1d08d SHA256 5e05df2743ec0021364b05f4bbe2e5a3a670abb5af845c3fa760731e5b7272ca +MD5 5bff4f2134b72dabc4afa5bb296e874d files/pam.d/other 142 +RMD160 ccd73af37364c1c7edbe9150255fd0bcf8b12b09 files/pam.d/other 142 +SHA256 5e05df2743ec0021364b05f4bbe2e5a3a670abb5af845c3fa760731e5b7272ca files/pam.d/other 142 +AUX pam.d/passwd 172 RMD160 27c31ba3ad64b6bf8bb465b51c1908d85a42da16 SHA1 d4b4e6106767cf618d9817767e3d2d54215d8388 SHA256 13c8375bf208924598422d35cf9066c9e77a234b90ee8e2b845e55bc0f5876ef +MD5 8a59937d720a19824db6e4a8cd173a4b files/pam.d/passwd 172 +RMD160 27c31ba3ad64b6bf8bb465b51c1908d85a42da16 files/pam.d/passwd 172 +SHA256 13c8375bf208924598422d35cf9066c9e77a234b90ee8e2b845e55bc0f5876ef files/pam.d/passwd 172 +AUX pam.d/shadow 171 RMD160 3cb1b04370f3492ab4caa13742e95485167cc1e8 SHA1 9d7a005421d78711d88703209f6f1b97cbcb2d97 SHA256 7f181ffaf004d4ae5ca1a6c3b9dbb87a6195c1c005d17c76b32602d812864b12 +MD5 a5721c39446539b751dceae4b054542b files/pam.d/shadow 171 +RMD160 3cb1b04370f3492ab4caa13742e95485167cc1e8 files/pam.d/shadow 171 +SHA256 7f181ffaf004d4ae5ca1a6c3b9dbb87a6195c1c005d17c76b32602d812864b12 files/pam.d/shadow 171 +AUX pam.d/su 1142 RMD160 031016dd8fb2721b668c6cf9c4e7be27ecdaa198 SHA1 dfc5a5a3c010d455dcb10cc34d686363f5c79c46 SHA256 6a8e7a11f8d7089676cecb52b2bcdc93bfb7459f6bca1b2ef01847c53fdfd9c2 +MD5 a1fc81dbd0d41face776fba4ca929d8f files/pam.d/su 1142 +RMD160 031016dd8fb2721b668c6cf9c4e7be27ecdaa198 files/pam.d/su 1142 +SHA256 6a8e7a11f8d7089676cecb52b2bcdc93bfb7459f6bca1b2ef01847c53fdfd9c2 files/pam.d/su 1142 +AUX pam.d/system-auth 373 RMD160 f0bbc8a9f69854ffadc81de532e9a993f9761ae7 SHA1 95cab48dff43b02b624050b5cb64d55159006590 SHA256 118ac8c88e9cb0f12fecfc2ff6b503f6ea151bb306cb6b58963068eea04c3668 +MD5 deed69f8fa52ca844f3669414bd5cf01 files/pam.d/system-auth 373 +RMD160 f0bbc8a9f69854ffadc81de532e9a993f9761ae7 files/pam.d/system-auth 373 +SHA256 118ac8c88e9cb0f12fecfc2ff6b503f6ea151bb306cb6b58963068eea04c3668 files/pam.d/system-auth 373 +AUX pam.d/system-auth-1.1 365 RMD160 28d216f6542554bf175a43a8763827831009224d SHA1 91af0856563242ca34c6f49ee57d90c8a9e6a0f8 SHA256 e073f573c88515cf38fb22faa26ccf87d55d34e6d460d28ad25682958de4c13e +MD5 33d9efd092b6999143ea42c99a59bfb1 files/pam.d/system-auth-1.1 365 +RMD160 28d216f6542554bf175a43a8763827831009224d files/pam.d/system-auth-1.1 365 +SHA256 e073f573c88515cf38fb22faa26ccf87d55d34e6d460d28ad25682958de4c13e files/pam.d/system-auth-1.1 365 +AUX securetty 253 RMD160 20e9b398e7bd3c6d50db92d403ade8e3f5b13cb1 SHA1 ca723296318773733d1e53486088579ff43e210b SHA256 158ba98d557a8e3241d8635e5f8e2d6712847ec0b92741f8bdd65daecd834843 +MD5 a744152ec905f4c06f3b92142b7fec8a files/securetty 253 +RMD160 20e9b398e7bd3c6d50db92d403ade8e3f5b13cb1 files/securetty 253 +SHA256 158ba98d557a8e3241d8635e5f8e2d6712847ec0b92741f8bdd65daecd834843 files/securetty 253 +AUX shadow-4.0.11.1-perms.patch 1659 RMD160 ee52a5ceee5edba881bfd16618e3c8f91fff86e3 SHA1 4338d459cda46b030769f40cb1a87c550aee6065 SHA256 71fec5c9214f6bbd2c2bb27426887d4a77e0d29a3dad024e1be56473c0cce4fa +MD5 ae5d078bc6b651b5f081dcfc64b5df69 files/shadow-4.0.11.1-perms.patch 1659 +RMD160 ee52a5ceee5edba881bfd16618e3c8f91fff86e3 files/shadow-4.0.11.1-perms.patch 1659 +SHA256 71fec5c9214f6bbd2c2bb27426887d4a77e0d29a3dad024e1be56473c0cce4fa files/shadow-4.0.11.1-perms.patch 1659 +AUX shadow-4.0.12-gcc2.patch 962 RMD160 957d464b6ed164496a99b8243a07103ddc5dd28a SHA1 2c7367740319e1b2a3f43f8de73e6700cf916973 SHA256 5a0099878940dbe4fe976e076841c869481c6ee473fdcf46f11f8270e7c98606 +MD5 e1c86a7766f97cff8d5196821b6b1913 files/shadow-4.0.12-gcc2.patch 962 +RMD160 957d464b6ed164496a99b8243a07103ddc5dd28a files/shadow-4.0.12-gcc2.patch 962 +SHA256 5a0099878940dbe4fe976e076841c869481c6ee473fdcf46f11f8270e7c98606 files/shadow-4.0.12-gcc2.patch 962 +AUX shadow-4.0.13-dots-in-usernames.patch 917 RMD160 999f1f6a6468527db1fbc21b7b2a1113fa2aef86 SHA1 bf8fd187ea3b80f98b3dbd5a7af6b17385673b42 SHA256 ddd255ec0e5abd2aeb708ddb3f03a8dd2ecf318cfa5cdbd179f599322d1092f3 +MD5 fc7dcebbbe2fae05629e848bc886f454 files/shadow-4.0.13-dots-in-usernames.patch 917 +RMD160 999f1f6a6468527db1fbc21b7b2a1113fa2aef86 files/shadow-4.0.13-dots-in-usernames.patch 917 +SHA256 ddd255ec0e5abd2aeb708ddb3f03a8dd2ecf318cfa5cdbd179f599322d1092f3 files/shadow-4.0.13-dots-in-usernames.patch 917 +AUX shadow-4.0.13-login.defs.patch 672 RMD160 bcd9b8714c26f79ea2eb7af23778d81d5397f366 SHA1 148fdb22beb5e4606d7eef6a060f19d866233442 SHA256 bc15f859c0d120b917c0a4a3c9351acbce93463bb1f9b4b76b76f11382766220 +MD5 08f11e5b0c4a987e49367f245f475728 files/shadow-4.0.13-login.defs.patch 672 +RMD160 bcd9b8714c26f79ea2eb7af23778d81d5397f366 files/shadow-4.0.13-login.defs.patch 672 +SHA256 bc15f859c0d120b917c0a4a3c9351acbce93463bb1f9b4b76b76f11382766220 files/shadow-4.0.13-login.defs.patch 672 +AUX shadow-4.0.13-long-groupnames.patch 398 RMD160 a1fdef5d2c87579838332558624f86d591b85c4b SHA1 ea8eb52bd13b4cd24c564db02ee73fff65fa0372 SHA256 e0f7969be35f190d09d355aa3b76a09f2b1b5ea9a461a27ac1b9ead982211a16 +MD5 acdc5a5ac62bfd3495bde25438b49734 files/shadow-4.0.13-long-groupnames.patch 398 +RMD160 a1fdef5d2c87579838332558624f86d591b85c4b files/shadow-4.0.13-long-groupnames.patch 398 +SHA256 e0f7969be35f190d09d355aa3b76a09f2b1b5ea9a461a27ac1b9ead982211a16 files/shadow-4.0.13-long-groupnames.patch 398 +AUX shadow-4.0.13-nonis.patch 1795 RMD160 ed7ece3f676283f24daa4d7506a0ed73a5bb4e77 SHA1 c2f1472da3865370201d1c43e26db86da7fdd6c5 SHA256 4a4bbed01da45aa7217e12a070e0a86c70a4c9049bddaa881d404a362e5df145 +MD5 dfa169094cacf64d4980b0c8d76374d8 files/shadow-4.0.13-nonis.patch 1795 +RMD160 ed7ece3f676283f24daa4d7506a0ed73a5bb4e77 files/shadow-4.0.13-nonis.patch 1795 +SHA256 4a4bbed01da45aa7217e12a070e0a86c70a4c9049bddaa881d404a362e5df145 files/shadow-4.0.13-nonis.patch 1795 +AUX shadow-4.0.13-su-fix-environment.patch 1070 RMD160 7bbac959459458a312a196388a6ab99b0e306897 SHA1 89916707d6fb4abc7516cfe7116c657c28e5ba18 SHA256 1554809ff2dbe6768ef8f8c7f14ccad8fa4eb2d5765ef67714a42fb35a34dab4 +MD5 223a6d64e1635462fcca48217644cfd0 files/shadow-4.0.13-su-fix-environment.patch 1070 +RMD160 7bbac959459458a312a196388a6ab99b0e306897 files/shadow-4.0.13-su-fix-environment.patch 1070 +SHA256 1554809ff2dbe6768ef8f8c7f14ccad8fa4eb2d5765ef67714a42fb35a34dab4 files/shadow-4.0.13-su-fix-environment.patch 1070 +AUX shadow-4.0.14-su-fix-environment.patch 701 RMD160 0375f0d5ef4e7f85b9465b0b4fad828ee6394e60 SHA1 d0bad5098f05f2194ce343a1bf95e930eadd8183 SHA256 15bf4978d71f4f3f96ddda031b608a0fecb6a95644f47b058fb1e3d38bfc99a8 +MD5 afc6edd720c3e704f48553ef9ca8631b files/shadow-4.0.14-su-fix-environment.patch 701 +RMD160 0375f0d5ef4e7f85b9465b0b4fad828ee6394e60 files/shadow-4.0.14-su-fix-environment.patch 701 +SHA256 15bf4978d71f4f3f96ddda031b608a0fecb6a95644f47b058fb1e3d38bfc99a8 files/shadow-4.0.14-su-fix-environment.patch 701 +AUX shadow-4.0.15-no-default-MAIL.patch 879 RMD160 c380e0a00ef0be8a99927de8bb6cf70f1dfd33ce SHA1 fc30b336b7f22c76ee2276d6b6d8cf361bdfffea SHA256 57aa93bae1cbaffc51250bc415384991992e6ebb6cc5bb1f3c0dc90bb3dd0354 +MD5 3ce54cb32b7564df1386544bf3d1e035 files/shadow-4.0.15-no-default-MAIL.patch 879 +RMD160 c380e0a00ef0be8a99927de8bb6cf70f1dfd33ce files/shadow-4.0.15-no-default-MAIL.patch 879 +SHA256 57aa93bae1cbaffc51250bc415384991992e6ebb6cc5bb1f3c0dc90bb3dd0354 files/shadow-4.0.15-no-default-MAIL.patch 879 +AUX shadow-4.0.15-sanity-checks.patch 1875 RMD160 10cf79e08349848cbfb407dd3e010e86c46938bd SHA1 79dd0697a5acdb9eb484a90581b8e46efa2f73be SHA256 54fbf4ab6c3593b5d66c6ad5e5e9eb1f6eef09f7198c9825ddd838835d6adfec +MD5 186ba47908dc805ae97cdee9248e873d files/shadow-4.0.15-sanity-checks.patch 1875 +RMD160 10cf79e08349848cbfb407dd3e010e86c46938bd files/shadow-4.0.15-sanity-checks.patch 1875 +SHA256 54fbf4ab6c3593b5d66c6ad5e5e9eb1f6eef09f7198c9825ddd838835d6adfec files/shadow-4.0.15-sanity-checks.patch 1875 +AUX shadow-4.0.15-uclibc-missing-l64a.patch 1354 RMD160 6d35c4ddad876edacdd41be056fa8abd567ae802 SHA1 27012d25d41a19dcafab1fb45921bbf7aa12885d SHA256 37ac2cdea64f849e0cf9e92ccefeab05b0466541268fb4844f18a94c377c8514 +MD5 f79f1051bedb185f81f24fb9d30dcc35 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354 +RMD160 6d35c4ddad876edacdd41be056fa8abd567ae802 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354 +SHA256 37ac2cdea64f849e0cf9e92ccefeab05b0466541268fb4844f18a94c377c8514 files/shadow-4.0.15-uclibc-missing-l64a.patch 1354 +AUX shadow-4.0.16-check-opendir.patch 534 RMD160 d90923cb1ee74ac653e818ac5e480866e2f974d9 SHA1 19a02a4c610bb235db4df2c5adb7fdd170f87359 SHA256 5d22bb16183a44e13482b5a72d8ea971b6df227aeb9d95020e48bc89aa004b3d +MD5 19045e99ca34233f1e790857d6aea4d8 files/shadow-4.0.16-check-opendir.patch 534 +RMD160 d90923cb1ee74ac653e818ac5e480866e2f974d9 files/shadow-4.0.16-check-opendir.patch 534 +SHA256 5d22bb16183a44e13482b5a72d8ea971b6df227aeb9d95020e48bc89aa004b3d files/shadow-4.0.16-check-opendir.patch 534 +AUX shadow-4.0.16-fix-useradd-usergroups.patch 3319 RMD160 22c4f916fe1f9da00b0d587b9976491426142f98 SHA1 b08cb5129717c040479f287e0c7851da27b77483 SHA256 b9428435b51341f23be148fa6921408b595dd965a02d1ba731d1ff5b9caba786 +MD5 1815781072561fc469f3eb8bded50009 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319 +RMD160 22c4f916fe1f9da00b0d587b9976491426142f98 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319 +SHA256 b9428435b51341f23be148fa6921408b595dd965a02d1ba731d1ff5b9caba786 files/shadow-4.0.16-fix-useradd-usergroups.patch 3319 +AUX shadow-4.0.16-mail-creation.patch 1636 RMD160 f682c683b795c36be8f2747d99733c34330a59f7 SHA1 e0d2732ddfdf67776b07b9c9e4f8a5edc85aeb85 SHA256 1eb04d054db0f7565fa528a6892ad3cbf52b303103c74fc1265b7e23f606848f +MD5 c340301909c430b8c7ebf0ca5be827b2 files/shadow-4.0.16-mail-creation.patch 1636 +RMD160 f682c683b795c36be8f2747d99733c34330a59f7 files/shadow-4.0.16-mail-creation.patch 1636 +SHA256 1eb04d054db0f7565fa528a6892ad3cbf52b303103c74fc1265b7e23f606848f files/shadow-4.0.16-mail-creation.patch 1636 +AUX shadow-4.0.17-login.defs.patch 367 RMD160 e538f7942dc58b9f5b2f40ba47730aa22b91be20 SHA1 cda5c26df5df855f6fabdad6bb1a3526cb44929e SHA256 cefe0ab1203f436b0c23ce4cde3133fdcc8146d3616542af4bbc69415acf18b0 +MD5 8806250f3d4b113d2afbdfbc8b25be09 files/shadow-4.0.17-login.defs.patch 367 +RMD160 e538f7942dc58b9f5b2f40ba47730aa22b91be20 files/shadow-4.0.17-login.defs.patch 367 +SHA256 cefe0ab1203f436b0c23ce4cde3133fdcc8146d3616542af4bbc69415acf18b0 files/shadow-4.0.17-login.defs.patch 367 +AUX shadow-4.0.17-no-local-getpass.patch 785 RMD160 e70027b07b4300c5a53a78f022f055f0e95891da SHA1 6a41c1677ffbdf81388a7e0d2c6481f2aace19b8 SHA256 694c3d2bdb101f2dde963525c6a46a36b87e3f85e1051753a3676b63b054c04c +MD5 391c3e007af4fe7929bb36bff5af8e8d files/shadow-4.0.17-no-local-getpass.patch 785 +RMD160 e70027b07b4300c5a53a78f022f055f0e95891da files/shadow-4.0.17-no-local-getpass.patch 785 +SHA256 694c3d2bdb101f2dde963525c6a46a36b87e3f85e1051753a3676b63b054c04c files/shadow-4.0.17-no-local-getpass.patch 785 +AUX shadow-4.0.18.1-useradd-usermod.patch 1081 RMD160 65bb85eba9f2e08f4febeea97d522d515f7d9fb7 SHA1 c13cf8b5c566e129d4fc62ad3ac08b6c856c992e SHA256 ca34bc36424585c9f1d64c6b4201ce62c964773c7c6c16faecdd2610ad655cfb +MD5 aa1259020b925cd3088cb7a36fbe7753 files/shadow-4.0.18.1-useradd-usermod.patch 1081 +RMD160 65bb85eba9f2e08f4febeea97d522d515f7d9fb7 files/shadow-4.0.18.1-useradd-usermod.patch 1081 +SHA256 ca34bc36424585c9f1d64c6b4201ce62c964773c7c6c16faecdd2610ad655cfb files/shadow-4.0.18.1-useradd-usermod.patch 1081 +DIST shadow-4.0.18.1.tar.bz2 1516296 RMD160 05a1f609370371de3112479cb6a98d966c45fa6c SHA1 1a30458e9db05560bfc82529048bd5d60b45cf9b SHA256 3da368d87a94270c3db4bae6ff634b8db5dcbc8822d554dbfea955a676c1ab12 +EBUILD shadow-4.0.18.1-r1.ebuild 6021 RMD160 1a9a04546db23e8d035d1f3db412a2043bd116c0 SHA1 273d998c83b30e6ec9f240ec96f5bfcde0f5fbbf SHA256 b977e82151941b3b276546943f648a3423356ecc118438d8917f01dd7a81ad90 +MD5 369d125953b4260b22687b3a9ac149a3 shadow-4.0.18.1-r1.ebuild 6021 +RMD160 1a9a04546db23e8d035d1f3db412a2043bd116c0 shadow-4.0.18.1-r1.ebuild 6021 +SHA256 b977e82151941b3b276546943f648a3423356ecc118438d8917f01dd7a81ad90 shadow-4.0.18.1-r1.ebuild 6021 +MD5 6be0a013e7aee78ebb6228308ca16fee files/digest-shadow-4.0.18.1-r1 253 +RMD160 31ec617739d2935bd1b4dfc1d676399d5c5f50bc files/digest-shadow-4.0.18.1-r1 253 +SHA256 6683d8ca173c809dedf056bf6e658284264bb277cab8c43e03b811ed4308d109 files/digest-shadow-4.0.18.1-r1 253 diff --git a/sys-apps/shadow/files/CVS/Entries b/sys-apps/shadow/files/CVS/Entries new file mode 100644 index 0000000..9a4214e --- /dev/null +++ b/sys-apps/shadow/files/CVS/Entries @@ -0,0 +1,29 @@ +D/default//// +D/pam.d//// +D/pam.d-include//// +/securetty/1.5/Sun Jul 24 02:47:51 2005// +/shadow-4.0.11.1-perms.patch/1.1/Mon Aug 1 11:47:37 2005// +/shadow-4.0.12-gcc2.patch/1.1/Wed Aug 24 11:33:19 2005// +/shadow-4.0.13-dots-in-usernames.patch/1.1/Mon Oct 10 22:42:44 2005// +/shadow-4.0.13-login.defs.patch/1.1/Mon Oct 10 22:42:44 2005// +/shadow-4.0.13-long-groupnames.patch/1.1/Mon Oct 10 22:42:44 2005// +/shadow-4.0.13-nonis.patch/1.1/Mon Oct 10 22:42:44 2005// +/shadow-4.0.13-su-fix-environment.patch/1.1/Mon Oct 10 22:42:44 2005// +/shadow-4.0.14-su-fix-environment.patch/1.1/Wed Jan 4 02:37:21 2006// +/login.defs/1.6/Sun Mar 12 23:47:08 2006// +/login.pamd/1.1/Sun Mar 12 23:47:08 2006// +/shadow-4.0.15-no-default-MAIL.patch/1.1/Sun May 7 19:11:26 2006// +/shadow-4.0.15-uclibc-missing-l64a.patch/1.2/Sun May 14 15:14:17 2006// +/digest-shadow-4.0.15-r2/1.1/Fri May 26 06:59:35 2006// +/shadow-4.0.15-sanity-checks.patch/1.1/Fri May 26 06:59:35 2006// +/digest-shadow-4.0.16-r2/1.1/Thu Jul 6 01:31:15 2006// +/digest-shadow-4.0.17/1.1/Tue Jul 11 03:36:54 2006// +/digest-shadow-4.0.17-r1/1.1/Sat Jul 15 20:14:08 2006// +/login_defs.awk/1.1/Tue Jul 18 08:25:41 2006// +/shadow-4.0.16-check-opendir.patch/1.1/Tue Jul 4 19:55:18 2006// +/shadow-4.0.16-fix-useradd-usergroups.patch/1.1/Tue Jul 4 19:55:18 2006// +/shadow-4.0.16-mail-creation.patch/1.1/Thu Jul 6 01:31:15 2006// +/shadow-4.0.17-login.defs.patch/1.1/Sat Jul 15 20:14:08 2006// +/shadow-4.0.17-no-local-getpass.patch/1.1/Sat Jul 15 04:55:12 2006// +/digest-shadow-4.0.18.1/1.1/Fri Aug 4 13:14:04 2006// +/shadow-4.0.18.1-useradd-usermod.patch/1.1/Fri Aug 4 13:14:04 2006// diff --git a/sys-apps/shadow/files/CVS/Entries.Log b/sys-apps/shadow/files/CVS/Entries.Log new file mode 100644 index 0000000..b32f296 --- /dev/null +++ b/sys-apps/shadow/files/CVS/Entries.Log @@ -0,0 +1,2 @@ +A D/cracklib//// +R D/cracklib//// diff --git a/sys-apps/shadow/files/CVS/Repository b/sys-apps/shadow/files/CVS/Repository new file mode 100644 index 0000000..5183698 --- /dev/null +++ b/sys-apps/shadow/files/CVS/Repository @@ -0,0 +1 @@ +gentoo-x86/sys-apps/shadow/files diff --git a/sys-apps/shadow/files/CVS/Root b/sys-apps/shadow/files/CVS/Root new file mode 100644 index 0000000..3295473 --- /dev/null +++ b/sys-apps/shadow/files/CVS/Root @@ -0,0 +1 @@ +dberkholz@cvs.gentoo.org:/var/cvsroot diff --git a/sys-apps/shadow/files/default/CVS/Entries b/sys-apps/shadow/files/default/CVS/Entries new file mode 100644 index 0000000..5ef54ec --- /dev/null +++ b/sys-apps/shadow/files/default/CVS/Entries @@ -0,0 +1,2 @@ +/useradd/1.1/Wed Dec 25 02:55:35 2002// +D diff --git a/sys-apps/shadow/files/default/CVS/Repository b/sys-apps/shadow/files/default/CVS/Repository new file mode 100644 index 0000000..e23e06b --- /dev/null +++ b/sys-apps/shadow/files/default/CVS/Repository @@ -0,0 +1 @@ +gentoo-x86/sys-apps/shadow/files/default diff --git a/sys-apps/shadow/files/default/CVS/Root b/sys-apps/shadow/files/default/CVS/Root new file mode 100644 index 0000000..3295473 --- /dev/null +++ b/sys-apps/shadow/files/default/CVS/Root @@ -0,0 +1 @@ +dberkholz@cvs.gentoo.org:/var/cvsroot diff --git a/sys-apps/shadow/files/default/useradd b/sys-apps/shadow/files/default/useradd new file mode 100644 index 0000000..ae81dbb --- /dev/null +++ b/sys-apps/shadow/files/default/useradd @@ -0,0 +1,7 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel diff --git a/sys-apps/shadow/files/digest-shadow-4.0.18.1-r1 b/sys-apps/shadow/files/digest-shadow-4.0.18.1-r1 new file mode 100644 index 0000000..8018753 --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.18.1-r1 @@ -0,0 +1,3 @@ +MD5 e7751d46ecf219c07ae0b028ab3335c6 shadow-4.0.18.1.tar.bz2 1516296 +RMD160 05a1f609370371de3112479cb6a98d966c45fa6c shadow-4.0.18.1.tar.bz2 1516296 +SHA256 3da368d87a94270c3db4bae6ff634b8db5dcbc8822d554dbfea955a676c1ab12 shadow-4.0.18.1.tar.bz2 1516296 diff --git a/sys-apps/shadow/files/login.defs b/sys-apps/shadow/files/login.defs new file mode 100644 index 0000000..4aa7044 --- /dev/null +++ b/sys-apps/shadow/files/login.defs @@ -0,0 +1,212 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# $Id: login.defs,v 1.6 2006/03/12 23:47:08 flameeyes Exp $ +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# +MAIL_DIR /var/spool/mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin +ENV_PATH PATH=/bin:/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 100 +GID_MAX 60000 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 3 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# When prompting for password without echo, getpass() can optionally +# display a random number (in the range 1 to GETPASS_ASTERISKS) of '*' +# characters for each character typed. This feature is designed to +# confuse people looking over your shoulder when you enter a password :-). +# Also, the new getpass() accepts both Backspace (8) and Delete (127) +# keys to delete previous character (to cope with different terminal +# types), Control-U to delete all characters, and beeps when there are +# no more characters to delete, or too many characters entered. +# +# Setting GETPASS_ASTERISKS to 1 results in more traditional behaviour - +# exactly one '*' displayed for each character typed. +# +# Setting GETPASS_ASTERISKS to 0 disables the '*' characters (Backspace, +# Delete, Control-U and beep continue to work as described above). +# +# Setting GETPASS_ASTERISKS to -1 reverts to the traditional getpass() +# without any new features. This is the default. +# +GETPASS_ASTERISKS 0 + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + diff --git a/sys-apps/shadow/files/login.pamd b/sys-apps/shadow/files/login.pamd new file mode 100644 index 0000000..f8f1f86 --- /dev/null +++ b/sys-apps/shadow/files/login.pamd @@ -0,0 +1,30 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth include system-auth +auth required pam_tally.so file=/var/log/faillog onerr=succeed no_magic_root +auth required pam_shells.so +auth required pam_nologin.so + +account required pam_access.so +account include system-auth +account required pam_tally.so deny=0 file=/var/log/faillog onerr=succeed no_magic_root + +password include system-auth + +@selinux@# pam_selinux.so close should be the first session rule +@selinux@session required pam_selinux.so close +@selinux@ +session include system-auth +session required pam_env.so +session optional pam_lastlog.so +session optional pam_motd.so motd=/etc/motd +session optional pam_mail.so + +# If you want to enable pam_console, uncomment the following line +# and read carefully README.pam_console in /usr/share/doc/pam* +#session optional pam_console.so + +@selinux@# pam_selinux.so open should be the last session rule +@selinux@session required pam_selinux.so multiple open +@selinux@ diff --git a/sys-apps/shadow/files/login_defs.awk b/sys-apps/shadow/files/login_defs.awk new file mode 100644 index 0000000..56087c6 --- /dev/null +++ b/sys-apps/shadow/files/login_defs.awk @@ -0,0 +1,32 @@ +# Fixes up login defs for PAM by commenting all non-PAM options and adding a +# comment that it is not supported with PAM. +# +# Call with lib/getdef.c and etc/login.defs as args in the root source directory +# of shadow, ie: +# +# gawk -f login_defs.awk lib/getdef.c etc/login.defs > login.defs.new +# + +(FILENAME == "lib/getdef.c") { + if ($2 == "USE_PAM") + start_printing = 1 + else if ($1 == "#endif") + nextfile + else if (start_printing == 1) + VARS[count++] = substr($1, 3, length($1) - 4) +} + +(FILENAME != "lib/getdef.c") { + print_line = 1 + for (x in VARS) { + regex = "(^|#)" VARS[x] + if ($0 ~ regex) { + print_line = 0 + printf("%s%s\t(NOT SUPPORTED WITH PAM)\n", + ($0 ~ /^#/) ? "" : "#", $0) + } + } + if (print_line) + print $0 +} + diff --git a/sys-apps/shadow/files/pam.d-include/CVS/Entries b/sys-apps/shadow/files/pam.d-include/CVS/Entries new file mode 100644 index 0000000..963aec8 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/CVS/Entries @@ -0,0 +1,9 @@ +/login/1.1/Fri Jun 3 18:02:25 2005// +/other/1.1/Fri Jun 3 18:02:25 2005// +/passwd/1.1/Fri Jun 3 18:02:25 2005// +/shadow/1.1/Fri Jun 3 18:02:25 2005// +/su/1.1/Fri Jun 3 18:02:25 2005// +/su-openpam/1.1/Fri Jun 3 18:02:25 2005// +/system-auth/1.1/Fri Jun 3 18:02:25 2005// +/system-auth-1.1/1.2/Sat Jul 2 00:26:09 2005// +D diff --git a/sys-apps/shadow/files/pam.d-include/CVS/Repository b/sys-apps/shadow/files/pam.d-include/CVS/Repository new file mode 100644 index 0000000..f741c50 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/CVS/Repository @@ -0,0 +1 @@ +gentoo-x86/sys-apps/shadow/files/pam.d-include diff --git a/sys-apps/shadow/files/pam.d-include/CVS/Root b/sys-apps/shadow/files/pam.d-include/CVS/Root new file mode 100644 index 0000000..3295473 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/CVS/Root @@ -0,0 +1 @@ +dberkholz@cvs.gentoo.org:/var/cvsroot diff --git a/sys-apps/shadow/files/pam.d-include/login b/sys-apps/shadow/files/pam.d-include/login new file mode 100644 index 0000000..9d21677 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/login @@ -0,0 +1,12 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth include system-auth +auth required pam_nologin.so + +account include system-auth + +password include system-auth + +session include system-auth +session optional pam_console.so diff --git a/sys-apps/shadow/files/pam.d-include/other b/sys-apps/shadow/files/pam.d-include/other new file mode 100644 index 0000000..bb0b964 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/other @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_deny.so + +account required pam_deny.so + +password required pam_deny.so + +session required pam_deny.so diff --git a/sys-apps/shadow/files/pam.d-include/passwd b/sys-apps/shadow/files/pam.d-include/passwd new file mode 100644 index 0000000..3a98715 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/passwd @@ -0,0 +1,5 @@ +#%PAM-1.0 + +auth include system-auth +account include system-auth +password include system-auth diff --git a/sys-apps/shadow/files/pam.d-include/shadow b/sys-apps/shadow/files/pam.d-include/shadow new file mode 100644 index 0000000..743b2f0 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/shadow @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +auth required pam_permit.so + +account include system-auth + +password required pam_permit.so diff --git a/sys-apps/shadow/files/pam.d-include/su b/sys-apps/shadow/files/pam.d-include/su new file mode 100644 index 0000000..d15c7ed --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/su @@ -0,0 +1,32 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so + +# If you want to restrict users begin allowed to su even more, +# create /etc/security/suauth.allow (or to that matter) that is only +# writable by root, and add users that are allowed to su to that +# file, one per line. +#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow + +# Uncomment this to allow users in the wheel group to su without +# entering a passwd. +#auth sufficient pam_wheel.so use_uid trust + +# Alternatively to above, you can implement a list of users that do +# not need to supply a passwd with a list. +#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass + +# Comment this to allow any user, even those not in the 'wheel' +# group to su +auth required pam_wheel.so use_uid + +auth include system-auth + +account include system-auth + +password include system-auth + +session include system-auth +session required pam_env.so +session optional pam_xauth.so + diff --git a/sys-apps/shadow/files/pam.d-include/su-openpam b/sys-apps/shadow/files/pam.d-include/su-openpam new file mode 100644 index 0000000..e9ec7d3 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/su-openpam @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so + +auth include system-auth + +account include system-auth + +password include system-auth + +session include system-auth +session required pam_env.so +session optional pam_xauth.so + diff --git a/sys-apps/shadow/files/pam.d-include/system-auth b/sys-apps/shadow/files/pam.d-include/system-auth new file mode 100644 index 0000000..b7c37af --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/system-auth @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth required pam_env.so +auth sufficient pam_unix.so likeauth nullok nodelay +auth required pam_deny.so + +account required pam_unix.so + +password required pam_cracklib.so retry=3 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so diff --git a/sys-apps/shadow/files/pam.d-include/system-auth-1.1 b/sys-apps/shadow/files/pam.d-include/system-auth-1.1 new file mode 100644 index 0000000..fe80483 --- /dev/null +++ b/sys-apps/shadow/files/pam.d-include/system-auth-1.1 @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth required pam_env.so +auth sufficient pam_unix.so likeauth nullok +auth required pam_deny.so + +account required pam_unix.so + +password required pam_cracklib.so retry=3 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so diff --git a/sys-apps/shadow/files/pam.d/CVS/Entries b/sys-apps/shadow/files/pam.d/CVS/Entries new file mode 100644 index 0000000..a10128a --- /dev/null +++ b/sys-apps/shadow/files/pam.d/CVS/Entries @@ -0,0 +1,8 @@ +/login/1.3/Sat Jul 2 00:26:09 2005// +/other/1.3/Sat Jul 2 00:26:09 2005// +/passwd/1.3/Sat Jul 2 00:26:09 2005// +/shadow/1.3/Sat Jul 2 00:26:09 2005// +/su/1.5/Sat Jul 2 00:26:09 2005// +/system-auth/1.5/Sat Jul 2 00:26:09 2005// +/system-auth-1.1/1.4/Sat Jul 2 00:26:09 2005// +D diff --git a/sys-apps/shadow/files/pam.d/CVS/Repository b/sys-apps/shadow/files/pam.d/CVS/Repository new file mode 100644 index 0000000..fdd48d9 --- /dev/null +++ b/sys-apps/shadow/files/pam.d/CVS/Repository @@ -0,0 +1 @@ +gentoo-x86/sys-apps/shadow/files/pam.d diff --git a/sys-apps/shadow/files/pam.d/CVS/Root b/sys-apps/shadow/files/pam.d/CVS/Root new file mode 100644 index 0000000..3295473 --- /dev/null +++ b/sys-apps/shadow/files/pam.d/CVS/Root @@ -0,0 +1 @@ +dberkholz@cvs.gentoo.org:/var/cvsroot diff --git a/sys-apps/shadow/files/pam.d/login b/sys-apps/shadow/files/pam.d/login new file mode 100644 index 0000000..31a664b --- /dev/null +++ b/sys-apps/shadow/files/pam.d/login @@ -0,0 +1,12 @@ +#%PAM-1.0 + +auth required pam_securetty.so +auth required pam_stack.so service=system-auth +auth required pam_nologin.so + +account required pam_stack.so service=system-auth + +password required pam_stack.so service=system-auth + +session required pam_stack.so service=system-auth +session optional pam_console.so diff --git a/sys-apps/shadow/files/pam.d/other b/sys-apps/shadow/files/pam.d/other new file mode 100644 index 0000000..bb0b964 --- /dev/null +++ b/sys-apps/shadow/files/pam.d/other @@ -0,0 +1,9 @@ +#%PAM-1.0 + +auth required pam_deny.so + +account required pam_deny.so + +password required pam_deny.so + +session required pam_deny.so diff --git a/sys-apps/shadow/files/pam.d/passwd b/sys-apps/shadow/files/pam.d/passwd new file mode 100644 index 0000000..c09409b --- /dev/null +++ b/sys-apps/shadow/files/pam.d/passwd @@ -0,0 +1,7 @@ +#%PAM-1.0 + +auth required pam_stack.so service=system-auth + +account required pam_stack.so service=system-auth + +password required pam_stack.so service=system-auth diff --git a/sys-apps/shadow/files/pam.d/shadow b/sys-apps/shadow/files/pam.d/shadow new file mode 100644 index 0000000..28db08c --- /dev/null +++ b/sys-apps/shadow/files/pam.d/shadow @@ -0,0 +1,8 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so +auth required pam_permit.so + +account required pam_stack.so service=system-auth + +password required pam_permit.so diff --git a/sys-apps/shadow/files/pam.d/su b/sys-apps/shadow/files/pam.d/su new file mode 100644 index 0000000..e5b1d83 --- /dev/null +++ b/sys-apps/shadow/files/pam.d/su @@ -0,0 +1,32 @@ +#%PAM-1.0 + +auth sufficient pam_rootok.so + +# If you want to restrict users begin allowed to su even more, +# create /etc/security/suauth.allow (or to that matter) that is only +# writable by root, and add users that are allowed to su to that +# file, one per line. +#auth required pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.allow + +# Uncomment this to allow users in the wheel group to su without +# entering a passwd. +#auth sufficient pam_wheel.so use_uid trust + +# Alternatively to above, you can implement a list of users that do +# not need to supply a passwd with a list. +#auth sufficient pam_listfile.so item=ruser sense=allow onerr=fail file=/etc/security/suauth.nopass + +# Comment this to allow any user, even those not in the 'wheel' +# group to su +auth required pam_wheel.so use_uid + +auth required pam_stack.so service=system-auth + +account required pam_stack.so service=system-auth + +password required pam_stack.so service=system-auth + +session required pam_stack.so service=system-auth +session required pam_env.so +session optional pam_xauth.so + diff --git a/sys-apps/shadow/files/pam.d/system-auth b/sys-apps/shadow/files/pam.d/system-auth new file mode 100644 index 0000000..d6d008f --- /dev/null +++ b/sys-apps/shadow/files/pam.d/system-auth @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth required pam_env.so +auth sufficient pam_unix.so likeauth nullok nodelay +auth required pam_deny.so + +account required pam_unix.so + +password required pam_cracklib.so retry=3 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so diff --git a/sys-apps/shadow/files/pam.d/system-auth-1.1 b/sys-apps/shadow/files/pam.d/system-auth-1.1 new file mode 100644 index 0000000..fe80483 --- /dev/null +++ b/sys-apps/shadow/files/pam.d/system-auth-1.1 @@ -0,0 +1,14 @@ +#%PAM-1.0 + +auth required pam_env.so +auth sufficient pam_unix.so likeauth nullok +auth required pam_deny.so + +account required pam_unix.so + +password required pam_cracklib.so retry=3 +password sufficient pam_unix.so nullok md5 shadow use_authtok +password required pam_deny.so + +session required pam_limits.so +session required pam_unix.so diff --git a/sys-apps/shadow/files/securetty b/sys-apps/shadow/files/securetty new file mode 100644 index 0000000..ca604be --- /dev/null +++ b/sys-apps/shadow/files/securetty @@ -0,0 +1,31 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +vc/0 +vc/1 +vc/2 +vc/3 +vc/4 +vc/5 +vc/6 +vc/7 +vc/8 +vc/9 +vc/10 +vc/11 +vc/12 +tty0 +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 + +tts/0 +ttyS0 diff --git a/sys-apps/shadow/files/shadow-4.0.11.1-perms.patch b/sys-apps/shadow/files/shadow-4.0.11.1-perms.patch new file mode 100644 index 0000000..3446fd7 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.11.1-perms.patch @@ -0,0 +1,46 @@ +--- src/Makefile.am 2005-08-01 12:29:59.000000000 +0200 ++++ src.az/Makefile.am 2005-08-01 12:30:44.000000000 +0200 +@@ -45,6 +45,8 @@ noinst_PROGRAMS = id sulogin + + suidbins = su + suidubins = chage chfn chsh expiry gpasswd newgrp passwd ++suidbinperms = 4711 ++suidubinperms = 4711 + + LDADD = $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/lib/libshadow.la +@@ -79,8 +81,8 @@ install-am: all-am + ln -sf newgrp $(DESTDIR)$(ubindir)/sg + ln -sf vipw $(DESTDIR)$(usbindir)/vigr + for i in $(suidbins); do \ +- chmod -f 4755 $(DESTDIR)$(bindir)/$$i; \ ++ chmod -f $(suidbinperms) $(DESTDIR)$(bindir)/$$i; \ + done + for i in $(suidubins); do \ +- chmod -f 4755 $(DESTDIR)$(ubindir)/$$i; \ ++ chmod -f $(suidubinperms) $(DESTDIR)$(ubindir)/$$i; \ + done +--- src/Makefile.in 2005-08-01 12:31:07.000000000 +0200 ++++ src.az/Makefile.in 2005-08-01 12:33:54.000000000 +0200 +@@ -346,6 +346,8 @@ INCLUDES = \ + + suidbins = su + suidubins = chage chfn chsh expiry gpasswd newgrp passwd ++suidbinperms = 4711 ++suidubinperms = 4711 + LDADD = $(top_builddir)/libmisc/libmisc.a \ + $(top_builddir)/lib/libshadow.la + +@@ -839,10 +841,10 @@ install-am: all-am + ln -sf newgrp $(DESTDIR)$(ubindir)/sg + ln -sf vipw $(DESTDIR)$(usbindir)/vigr + for i in $(suidbins); do \ +- chmod -f 4755 $(DESTDIR)$(bindir)/$$i; \ ++ chmod -f $(suidbinperms) $(DESTDIR)$(bindir)/$$i; \ + done + for i in $(suidubins); do \ +- chmod -f 4755 $(DESTDIR)$(ubindir)/$$i; \ ++ chmod -f $(suidubinperms) $(DESTDIR)$(ubindir)/$$i; \ + done + # Tell versions [3.59,3.63) of GNU make to not export all variables. + # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/sys-apps/shadow/files/shadow-4.0.12-gcc2.patch b/sys-apps/shadow/files/shadow-4.0.12-gcc2.patch new file mode 100644 index 0000000..b70dbce --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.12-gcc2.patch @@ -0,0 +1,30 @@ +Fix compiling with gcc-2.95.x: + +----- +newgrp.c: In function `main': +newgrp.c:459: parse error before `child' +newgrp.c:467: `child' undeclared (first use in this function) +newgrp.c:467: (Each undeclared identifier is reported only once +newgrp.c:467: for each function it appears in.) +newgrp.c:476: `pid' undeclared (first use in this function) +make[2]: *** [newgrp.o] Error 1 +----- + +--- shadow-4.0.12/src/newgrp.c 2005-08-24 13:30:51.000000000 +0200 ++++ shadow-4.0.12.az/src/newgrp.c 2005-08-24 13:31:01.000000000 +0200 +@@ -424,6 +424,7 @@ + if (getdef_bool ("SYSLOG_SG_ENAB")) { + char *loginname = getlogin (); + char *tty = ttyname (0); ++ pid_t child, pid; + + if (loginname != NULL) + loginname = xstrdup (loginname); +@@ -456,7 +457,6 @@ + * avoid any possibility of the parent being stopped when it + * receives SIGCHLD from the terminating subshell. -- JWP + */ +- pid_t child, pid; + + signal (SIGINT, SIG_IGN); + signal (SIGQUIT, SIG_IGN); diff --git a/sys-apps/shadow/files/shadow-4.0.13-dots-in-usernames.patch b/sys-apps/shadow/files/shadow-4.0.13-dots-in-usernames.patch new file mode 100644 index 0000000..54e1d72 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.13-dots-in-usernames.patch @@ -0,0 +1,28 @@ +Allow people to add users with dots in their names. + +http://bugs.gentoo.org/22920 + +Index: libmisc/chkname.c +=================================================================== +RCS file: /cvsroot/shadow/libmisc/chkname.c,v +retrieving revision 1.11 +diff -u -p -r1.11 chkname.c +--- libmisc/chkname.c 31 Aug 2005 17:24:57 -0000 1.11 ++++ libmisc/chkname.c 10 Oct 2005 22:20:16 -0000 +@@ -18,7 +18,7 @@ + static int good_name (const char *name) + { + /* +- * User/group names must match [a-z_][a-z0-9_-]*[$] ++ * User/group names must match [a-z_][a-z0-9_-.]*[$] + */ + if (!*name || !((*name >= 'a' && *name <= 'z') || *name == '_')) + return 0; +@@ -27,6 +27,7 @@ static int good_name (const char *name) + if (!((*name >= 'a' && *name <= 'z') || + (*name >= '0' && *name <= '9') || + *name == '_' || *name == '-' || ++ *name == '.' || + (*name == '$' && *(name + 1) == '\0'))) + return 0; + } diff --git a/sys-apps/shadow/files/shadow-4.0.13-login.defs.patch b/sys-apps/shadow/files/shadow-4.0.13-login.defs.patch new file mode 100644 index 0000000..4ac4b4e --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.13-login.defs.patch @@ -0,0 +1,25 @@ +Index: etc/login.defs +=================================================================== +RCS file: /cvsroot/shadow/etc/login.defs,v +retrieving revision 1.8 +diff -u -p -U0 -r1.8 login.defs +--- etc/login.defs 1 Sep 2005 19:57:45 -0000 1.8 ++++ etc/login.defs 10 Oct 2005 22:17:39 -0000 +@@ -38 +38 @@ +-MAIL_CHECK_ENAB yes ++MAIL_CHECK_ENAB no +@@ -205 +205 @@ +-SU_WHEEL_ONLY no ++SU_WHEEL_ONLY yes +@@ -210 +210 @@ +-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict ++CRACKLIB_DICTPATH /usr/lib/cracklib_dict +@@ -227 +227 @@ +-LOGIN_RETRIES 5 ++LOGIN_RETRIES 3 +@@ -279 +279 @@ +-#MD5_CRYPT_ENAB no ++MD5_CRYPT_ENAB yes +@@ -330 +330 @@ +-#GETPASS_ASTERISKS 1 ++GETPASS_ASTERISKS 0 diff --git a/sys-apps/shadow/files/shadow-4.0.13-long-groupnames.patch b/sys-apps/shadow/files/shadow-4.0.13-long-groupnames.patch new file mode 100644 index 0000000..df322cf --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.13-long-groupnames.patch @@ -0,0 +1,18 @@ +Remove arbitrary requirement on the length of groups. Perhaps we +should turn this into a configure option and send upstream ? + +http://bugs.gentoo.org/3485 + +--- libmisc/chkname.c ++++ libmisc/chkname.c +@@ -59,8 +60,10 @@ + * Arbitrary limit for group names - max 16 + * characters (same as on HP-UX 10). + */ ++#if 0 + if (strlen (name) > 16) + return 0; ++#endif + + return good_name (name); + } diff --git a/sys-apps/shadow/files/shadow-4.0.13-nonis.patch b/sys-apps/shadow/files/shadow-4.0.13-nonis.patch new file mode 100644 index 0000000..0c89e90 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.13-nonis.patch @@ -0,0 +1,53 @@ +--- src/login_nopam.c ++++ src/login_nopam.c +@@ -50,7 +50,9 @@ + #include <netinet/in.h> + #include <arpa/inet.h> /* for inet_ntoa() */ + extern struct group *getgrnam (); ++#ifdef USE_NIS + extern int innetgr (); ++#endif + + #if !defined(MAXHOSTNAMELEN) || (MAXHOSTNAMELEN < 64) + #undef MAXHOSTNAMELEN +@@ -178,6 +180,7 @@ static char *myhostname (void) + return (name); + } + ++#ifdef USE_NIS + /* netgroup_match - match group against machine or user */ + static int + netgroup_match (const char *group, const char *machine, const char *user) +@@ -193,6 +196,7 @@ netgroup_match (const char *group, const + + return innetgr (group, machine, user, mydomain); + } ++#endif + + /* user_match - match a username against one token */ + static int user_match (const char *tok, const char *string) +@@ -214,8 +218,10 @@ static int user_match (const char *tok, + *at = 0; + return (user_match (tok, string) + && from_match (at + 1, myhostname ())); ++#ifdef USE_NIS + } else if (tok[0] == '@') { /* netgroup */ + return (netgroup_match (tok + 1, (char *) 0, string)); ++#endif + } else if (string_match (tok, string)) { /* ALL or exact match */ + return (YES); + } else if ((group = getgrnam (tok))) { /* try group membership */ +@@ -271,9 +277,12 @@ static int from_match (const char *tok, + * contain a "." character. If the token is a network number, return YES + * if it matches the head of the string. + */ ++#ifdef USE_NIS + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match (tok + 1, string, (char *) 0)); +- } else if (string_match (tok, string)) { /* ALL or exact match */ ++ } else ++#endif ++ if (string_match (tok, string)) { /* ALL or exact match */ + return (YES); + } else if (tok[0] == '.') { /* domain: match last fields */ + if ((str_len = strlen (string)) > (tok_len = strlen (tok)) diff --git a/sys-apps/shadow/files/shadow-4.0.13-su-fix-environment.patch b/sys-apps/shadow/files/shadow-4.0.13-su-fix-environment.patch new file mode 100644 index 0000000..5db08fd --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.13-su-fix-environment.patch @@ -0,0 +1,39 @@ +The patch from upstream (shadow-4.0.11.1-SUPATH.patch) sets environ too +early when using PAM, so move it to !USE_PAM. Also set USER and SHELL. + +--- shadow-4.0.11.1/src/su.c 2005-08-04 12:34:35.000000000 +0200 ++++ shadow-4.0.11.1.az/src/su.c 2005-08-04 12:38:57.000000000 +0200 +@@ -594,11 +594,6 @@ + addenv ("PATH", cp); + } + +-#ifndef USE_PAM +- /* setup the environment for PAM later on, else we run into auth problems */ +- environ = newenvp; /* make new environment active */ +-#endif +- + if (getenv ("IFS")) /* don't export user IFS ... */ + addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ + +@@ -666,6 +664,8 @@ + exit (1); + } + #else /* !USE_PAM */ ++ environ = newenvp; /* make new environment active */ ++ + if (!amroot) /* no limits if su from root */ + setup_limits (&pwent); + +@@ -676,8 +676,11 @@ + if (fakelogin) + setup_env (&pwent); + #if 1 /* Suggested by Joey Hess. XXX - is this right? */ +- else ++ else { + addenv ("HOME", pwent.pw_dir); ++ addenv ("USER", pwent.pw_name); ++ addenv ("SHELL", pwent.pw_shell); ++ } + #endif + + /* diff --git a/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch b/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch new file mode 100644 index 0000000..b537c7b --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.14-su-fix-environment.patch @@ -0,0 +1,26 @@ +The patch from upstream (shadow-4.0.11.1-SUPATH.patch) sets environ too +early when using PAM, so move it to !USE_PAM. + +--- shadow-4.0.14/src/su.c ++++ shadow-4.0.14/src/su.c +@@ -594,11 +594,6 @@ + addenv ("PATH", cp); + } + +-#ifndef USE_PAM +- /* setup the environment for PAM later on, else we run into auth problems */ +- environ = newenvp; /* make new environment active */ +-#endif +- + if (getenv ("IFS")) /* don't export user IFS ... */ + addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ + +@@ -666,6 +664,8 @@ + exit (1); + } + #else /* !USE_PAM */ ++ environ = newenvp; /* make new environment active */ ++ + if (!amroot) /* no limits if su from root */ + setup_limits (&pwent); + diff --git a/sys-apps/shadow/files/shadow-4.0.15-no-default-MAIL.patch b/sys-apps/shadow/files/shadow-4.0.15-no-default-MAIL.patch new file mode 100644 index 0000000..f797293 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.15-no-default-MAIL.patch @@ -0,0 +1,30 @@ +if MAIL_CHECK_ENAB is disabled, then don't export the MAIL envvar + +--- libmisc/setupenv.c ++++ libmisc/setupenv.c +@@ -265,16 +265,18 @@ + * knows the prefix. + */ + +- if ((cp = getdef_str ("MAIL_DIR"))) +- addenv_path ("MAIL", cp, info->pw_name); +- else if ((cp = getdef_str ("MAIL_FILE"))) +- addenv_path ("MAIL", info->pw_dir, cp); +- else { ++ if (getdef_bool ("MAIL_CHECK_ENAB")) { ++ if ((cp = getdef_str ("MAIL_DIR"))) ++ addenv_path ("MAIL", cp, info->pw_name); ++ else if ((cp = getdef_str ("MAIL_FILE"))) ++ addenv_path ("MAIL", info->pw_dir, cp); ++ else { + #if defined(MAIL_SPOOL_FILE) +- addenv_path ("MAIL", info->pw_dir, MAIL_SPOOL_FILE); ++ addenv_path ("MAIL", info->pw_dir, MAIL_SPOOL_FILE); + #elif defined(MAIL_SPOOL_DIR) +- addenv_path ("MAIL", MAIL_SPOOL_DIR, info->pw_name); ++ addenv_path ("MAIL", MAIL_SPOOL_DIR, info->pw_name); + #endif ++ } + } + + /* diff --git a/sys-apps/shadow/files/shadow-4.0.15-sanity-checks.patch b/sys-apps/shadow/files/shadow-4.0.15-sanity-checks.patch new file mode 100644 index 0000000..2bced65 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.15-sanity-checks.patch @@ -0,0 +1,75 @@ +=================================================================== +RCS file: /cvsroot/shadow/src/useradd.c,v +retrieving revision 1.93 +retrieving revision 1.94 +diff -u -r1.93 -r1.94 +--- shadow/src/useradd.c 2006/05/07 17:44:39 1.93 ++++ shadow/src/useradd.c 2006/05/19 13:36:25 1.94 +@@ -1585,46 +1585,38 @@ + */ + static void create_mail (void) + { +- char *ms; ++ char *spool, *file; + int fd; +- struct group *mail; +- gid_t mail_gid; ++ struct group *gr; ++ gid_t gid; + mode_t mode; + ++ spool = getdef_str ("MAIL_DIR") ? : "/var/mail"; ++ file = alloca (strlen (spool) + strlen (user_name) + 2); ++ sprintf (file, "%s/%s", spool, user_name); ++ fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0); ++ if (fd < 0) { ++ perror (_("Creating mailbox")); ++ return; ++ } ++ + if (strcasecmp (create_mail_spool, "yes") == 0) { +- mail = getgrnam ("mail"); +- if (mail == NULL) { ++ gr = getgrnam ("mail"); ++ if (!gr) { + fprintf (stderr, + _ +- ("No group named \"mail\" exists, creating mail spool with mode 0600.\n")); ++ ("Group 'mail' not found. Creating the mailbox with 0600 mode.\n")); ++ gid = user_gid; + mode = 0600; +- mail_gid = user_gid; + } else { ++ gid = gr->gr_gid; + mode = 0660; +- mail_gid = mail->gr_gid; + } + +- ms = malloc (strlen (user_name) + 11); +- if (ms != NULL) { +- sprintf (ms, "/var/mail/%s", user_name); +- if (access (ms, R_OK) != 0) { +- fd = open (ms, +- O_CREAT | O_EXCL | +- O_WRONLY | O_TRUNC, 0); +- if (fd != -1) { +- fchown (fd, user_id, mail_gid); +- fchmod (fd, mode); +- close (fd); +- } +- } else { +- fprintf (stderr, +- _ +- ("Can't create mail spool for user %s.\n"), +- user_name); +- fail_exit (E_MAIL_SPOOL); +- } +- } +- free (ms); ++ if (fchown (fd, user_id, gid) || fchmod (fd, mode)) ++ perror (_("Setting mailbox permissions")); ++ ++ close (fd); + } + } + diff --git a/sys-apps/shadow/files/shadow-4.0.15-uclibc-missing-l64a.patch b/sys-apps/shadow/files/shadow-4.0.15-uclibc-missing-l64a.patch new file mode 100644 index 0000000..ac9aa8c --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.15-uclibc-missing-l64a.patch @@ -0,0 +1,57 @@ +uClibc svn has l64a() support in it, but not uClibc 0.9.28 release + +--- shadow-4.0.15/libmisc/salt.c ++++ shadow-4.0.15/libmisc/salt.c +@@ -14,6 +14,52 @@ + #include "prototypes.h" + #include "defines.h" + #include "getdef.h" ++ ++#ifndef HAVE_A64L ++ ++/* ++ * l64a - convert a long to a string of radix 64 characters ++ */ ++ ++static const char conv_table[64] = ++{ ++ '.', '/', '0', '1', '2', '3', '4', '5', ++ '6', '7', '8', '9', 'A', 'B', 'C', 'D', ++ 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', ++ 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', ++ 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', ++ 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', ++ 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', ++ 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' ++}; ++ ++char * ++l64a (n) ++ long int n; ++{ ++ unsigned long int m = (unsigned long int) n; ++ static char result[7]; ++ int cnt; ++ ++ /* The standard says that only 32 bits are used. */ ++ m &= 0xffffffff; ++ ++ if (m == 0ul) ++ /* The value for N == 0 is defined to be the empty string. */ ++ return (char *) ""; ++ ++ for (cnt = 0; m > 0ul; ++cnt) ++ { ++ result[cnt] = conv_table[m & 0x3f]; ++ m >>= 6; ++ } ++ result[cnt] = '\0'; ++ ++ return result; ++} ++ ++#endif /* !HAVE_A64L */ ++ + /* + * Generate 8 base64 ASCII characters of random salt. If MD5_CRYPT_ENAB + * in /etc/login.defs is "yes", the salt string will be prefixed by "$1$" diff --git a/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch b/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch new file mode 100644 index 0000000..e0403cb --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.16-check-opendir.patch @@ -0,0 +1,21 @@ +http://bugs.gentoo.org/139148 + +e-mailed upstream + +Index: libmisc/copydir.c +=================================================================== +RCS file: /cvsroot/shadow/libmisc/copydir.c,v +retrieving revision 1.14 +diff -u -p -r1.14 copydir.c +--- libmisc/copydir.c 7 May 2006 18:10:10 -0000 1.14 ++++ libmisc/copydir.c 4 Jul 2006 19:42:22 -0000 +@@ -396,7 +396,8 @@ int remove_tree (const char *root) + * is made set-ID. + */ + +- dir = opendir (root); ++ if (!(dir = opendir (root))) ++ return -1; + + while ((ent = readdir (dir))) { + diff --git a/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch b/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch new file mode 100644 index 0000000..3170869 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.16-fix-useradd-usergroups.patch @@ -0,0 +1,105 @@ +http://bugs.gentoo.org/128715 + +exact implementation details are still in discussion upstream, but this fixes +the behavior to not suck like current code + +Index: src/useradd.c +=================================================================== +RCS file: /cvsroot/shadow/src/useradd.c,v +retrieving revision 1.96 +diff -u -p -r1.96 useradd.c +--- src/useradd.c 30 May 2006 18:28:45 -0000 1.96 ++++ src/useradd.c 10 Jun 2006 22:13:32 -0000 +@@ -114,7 +114,7 @@ static int do_grp_update = 0; /* group f + static char *Prog; + + static int +- bflg = 0, /* new default root of home directory */ ++ bflg = 0, /* new default root of home directory */ + cflg = 0, /* comment (GECOS) field for new account */ + dflg = 0, /* home directory for new account */ + Dflg = 0, /* set/show new user default values */ +@@ -253,6 +253,12 @@ static void get_defaults (void) + const struct group *grp; + + /* ++ * Pull relevant settings from login.defs first. ++ */ ++ if (getdef_bool ("USERGROUPS_ENAB")) ++ nflg = -1; ++ ++ /* + * Open the defaults file for reading. + */ + +@@ -628,6 +634,8 @@ static void usage (void) + " -K, --key KEY=VALUE overrides /etc/login.defs defaults\n" + " -m, --create-home create home directory for the new user\n" + " account\n" ++ " -n, --user-group create a new group with the same name as the\n" ++ " new user\n" + " -o, --non-unique allow create user with duplicate\n" + " (non-unique) UID\n" + " -p, --password PASSWORD use encrypted password for the new user\n" +@@ -1009,6 +1017,7 @@ static void process_flags (int argc, cha + {"skel", required_argument, NULL, 'k'}, + {"key", required_argument, NULL, 'K'}, + {"create-home", no_argument, NULL, 'm'}, ++ {"user-group", no_argument, NULL, 'n'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, + {"shell", required_argument, NULL, 's'}, +@@ -1016,7 +1025,7 @@ static void process_flags (int argc, cha + {NULL, 0, NULL, '\0'} + }; + while ((c = +- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMop:s:u:", ++ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:K:mMnop:s:u:", + long_options, NULL)) != -1) { + switch (c) { + case 'b': +@@ -1156,6 +1165,9 @@ static void process_flags (int argc, cha + case 'm': + mflg++; + break; ++ case 'n': ++ nflg = 1; ++ break; + case 'o': + oflg++; + break; +@@ -1203,6 +1215,16 @@ static void process_flags (int argc, cha + usage (); + + /* ++ * Using --gid and --user-group doesn't make sense. ++ */ ++ if (nflg == -1 && gflg) ++ nflg = 0; ++ if (nflg && gflg) { ++ fprintf (stderr, _("%s: options -g and -n conflict\n"), Prog); ++ exit (E_BAD_ARG); ++ } ++ ++ /* + * Either -D or username is required. Defaults can be set with -D + * for the -b, -e, -f, -g, -s options only. + */ +@@ -1725,7 +1747,7 @@ int main (int argc, char **argv) + * to that group, use useradd -g username username. + * --bero + */ +- if (!gflg) { ++ if (nflg) { + if (getgrnam (user_name)) { + fprintf (stderr, + _ +@@ -1759,7 +1781,7 @@ int main (int argc, char **argv) + + /* do we have to add a group for that user? This is why we need to + * open the group files in the open_files() function --gafton */ +- if (!(nflg || gflg)) { ++ if (nflg) { + find_new_gid (); + grp_add (); + } diff --git a/sys-apps/shadow/files/shadow-4.0.16-mail-creation.patch b/sys-apps/shadow/files/shadow-4.0.16-mail-creation.patch new file mode 100644 index 0000000..f4772a0 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.16-mail-creation.patch @@ -0,0 +1,64 @@ +rip out fixes from upstream for mail creation bug + +http://bugs.gentoo.org/139346 + +Index: useradd.c +=================================================================== +RCS file: /cvsroot/shadow/src/useradd.c,v +retrieving revision 1.96 +retrieving revision 1.99 +diff -u -p -r1.96 -r1.99 +--- shadow/src/useradd.c 30 May 2006 18:28:45 -0000 1.96 ++++ shadow/src/useradd.c 22 Jun 2006 11:30:32 -0000 1.99 +@@ -1246,6 +1247,11 @@ static void process_flags (int argc, cha + + if (!sflg) + user_shell = def_shell; ++ ++ /* TODO: add handle change default spool mail creation by ++ -K CREATE_MAIL_SPOOL={yes,no}. It need rewrite internal API for handle ++ shadow tools configuration */ ++ create_mail_spool = def_create_mail_spool; + } + + /* +@@ -1599,24 +1605,24 @@ static void create_mail (void) + if (fd < 0) { + perror (_("Creating mailbox file")); + return; ++ } + +- gr = getgrnam ("mail"); +- if (!gr) { +- fprintf (stderr, +- _ +- ("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n")); +- gid = user_gid; +- mode = 0600; +- } else { +- gid = gr->gr_gid; +- mode = 0660; +- } ++ gr = getgrnam ("mail"); ++ if (!gr) { ++ fprintf (stderr, ++ _ ++ ("Group 'mail' not found. Creating the user mailbox file with 0600 mode.\n")); ++ gid = user_gid; ++ mode = 0600; ++ } else { ++ gid = gr->gr_gid; ++ mode = 0660; ++ } + +- if (fchown (fd, user_id, gid) || fchmod (fd, mode)) +- perror (_("Setting mailbox file permissions")); ++ if (fchown (fd, user_id, gid) || fchmod (fd, mode)) ++ perror (_("Setting mailbox file permissions")); + +- close (fd); +- } ++ close (fd); + } + } + diff --git a/sys-apps/shadow/files/shadow-4.0.17-login.defs.patch b/sys-apps/shadow/files/shadow-4.0.17-login.defs.patch new file mode 100644 index 0000000..26beb12 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.17-login.defs.patch @@ -0,0 +1,17 @@ +--- etc/login.defs ++++ etc/login.defs +@@ -38 +38 @@ +-MAIL_CHECK_ENAB yes ++MAIL_CHECK_ENAB no +@@ -205 +205 @@ +-SU_WHEEL_ONLY no ++SU_WHEEL_ONLY yes +@@ -210 +210 @@ +-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict ++CRACKLIB_DICTPATH /usr/lib/cracklib_dict +@@ -227 +227 @@ +-LOGIN_RETRIES 5 ++LOGIN_RETRIES 3 +@@ -279 +279 @@ +-#MD5_CRYPT_ENAB no ++MD5_CRYPT_ENAB yes diff --git a/sys-apps/shadow/files/shadow-4.0.17-no-local-getpass.patch b/sys-apps/shadow/files/shadow-4.0.17-no-local-getpass.patch new file mode 100644 index 0000000..3292e9a --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.17-no-local-getpass.patch @@ -0,0 +1,23 @@ +libshadow_getpass() was punted in 4.0.17 + +http://bugs.gentoo.org/139966 + +Patch by Ulrich Mueller + +Index: configure.in +=================================================================== +RCS file: /cvsroot/shadow/configure.in,v +retrieving revision 1.145 +diff -u -p -r1.145 configure.in +--- configure.in 25 Jun 2006 12:30:47 -0000 1.145 ++++ configure.in 15 Jul 2006 04:51:29 -0000 +@@ -329,9 +329,6 @@ if test "$with_skey" = "yes"; then + ],[ + skeychallenge((void*)0, (void*)0, (void*)0, 0); + ],[AC_DEFINE(SKEY_BSD_STYLE, 1, [Define to support newer BSD S/Key API])]) +- dnl libshadow_getpass() handles password prompt with enabled echo +- AC_DEFINE(getpass, libshadow_getpass, +- [Define to libshadow_getpass to use our own version of getpass().]) + fi + + AM_GNU_GETTEXT_VERSION(0.12.1) diff --git a/sys-apps/shadow/files/shadow-4.0.18.1-useradd-usermod.patch b/sys-apps/shadow/files/shadow-4.0.18.1-useradd-usermod.patch new file mode 100644 index 0000000..8fe1432 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.18.1-useradd-usermod.patch @@ -0,0 +1,42 @@ +--- shadow-4.0.18.1.orig/src/useradd.c 2006-07-28 19:42:48.000000000 +0200 ++++ shadow-4.0.18.1/src/useradd.c 2006-08-04 09:24:34.000000000 +0200 +@@ -203,13 +203,17 @@ + long gid; + char *errptr; + ++ struct group* grp = getgrnam (grname); ++ if (grp) ++ return grp; ++ + gid = strtol (grname, &errptr, 10); + if (*errptr || errno == ERANGE || gid < 0) { + fprintf (stderr, + _("%s: invalid numeric argument '%s'\n"), Prog, grname); + exit (E_BAD_ARG); + } +- return getgrnam (grname); ++ return getgrgid (gid); + } + + static long get_number (const char *numstr) +--- shadow-4.0.18.1.orig/src/usermod.c 2006-07-28 19:42:48.000000000 +0200 ++++ shadow-4.0.18.1/src/usermod.c 2006-08-04 09:24:21.000000000 +0200 +@@ -165,13 +165,17 @@ + long val; + char *errptr; + ++ struct group* grp = getgrnam (grname); ++ if (grp) ++ return grp; ++ + val = strtol (grname, &errptr, 10); + if (*errptr || errno == ERANGE || val < 0) { + fprintf (stderr, _("%s: invalid numeric argument '%s'\n"), Prog, + grname); + exit (E_BAD_ARG); + } +- return getgrnam (grname); ++ return getgrgid (val); + } + + /* diff --git a/sys-apps/shadow/shadow-4.0.18.1-r1.ebuild b/sys-apps/shadow/shadow-4.0.18.1-r1.ebuild new file mode 100644 index 0000000..29ea504 --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.18.1-r1.ebuild @@ -0,0 +1,213 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.18.1.ebuild,v 1.1 2006/08/04 13:14:04 vapier Exp $ + +inherit eutils libtool toolchain-funcs flag-o-matic autotools pam + +DESCRIPTION="Utilities to deal with user accounts" +HOMEPAGE="http://shadow.pld.org.pl/" +SRC_URI="ftp://ftp.pld.org.pl/software/${PN}/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" +IUSE="nls pam selinux skey nousuid" + +RDEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( virtual/pam ) + !sys-apps/pam-login + skey? ( app-admin/skey ) + selinux? ( >=sys-libs/libselinux-1.28 ) + nls? ( virtual/libintl )" +DEPEND="${RDEPEND} + >=sys-apps/portage-2.0.51-r2 + nls? ( sys-devel/gettext )" + +src_unpack() { + unpack ${A} + cd "${S}" + + # uclibc support, corrects NIS usage + epatch "${FILESDIR}"/${PN}-4.0.13-nonis.patch + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # *** This one could be a security hole; disable for now *** + #epatch "${FILESDIR}"/${P}-nologin-run-sh.patch + + # tweak the default login.defs + epatch "${FILESDIR}"/${PN}-4.0.17-login.defs.patch + + # Make user/group names more flexible #3485 / #22920 + epatch "${FILESDIR}"/${PN}-4.0.13-dots-in-usernames.patch + epatch "${FILESDIR}"/${PN}-4.0.13-long-groupnames.patch + + # Fix compiling with gcc-2.95.x + epatch "${FILESDIR}"/${PN}-4.0.12-gcc2.patch + + # lock down setuid perms #47208 + epatch "${FILESDIR}"/${PN}-4.0.11.1-perms.patch + + epatch "${FILESDIR}"/${PN}-4.0.15-uclibc-missing-l64a.patch + + epatch "${FILESDIR}"/${PN}-4.0.16-fix-useradd-usergroups.patch #128715 + + epatch "${FILESDIR}"/${PN}-4.0.18.1-useradd-usermod.patch + + # Needed by the UCLIBC patches + eautoconf || die + + elibtoolize + epunt_cxx +} + +src_compile() { + append-ldflags $(bindnow-flags) + tc-is-cross-compiler && export ac_cv_func_setpgrp_void=yes + econf \ + --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + $(use_with pam libpam) \ + $(use_with skey) \ + $(use_with selinux) \ + $(use_enable nls) \ + || die "bad configure" + emake || die "compile problem" +} + +src_install() { + local perms=4711 + use nousuid && perms=711 + make DESTDIR="${D}" suiduperms=${perms} install || die "install problem" + dosym useradd /usr/sbin/adduser + + # Remove libshadow and libmisc; see bug 37725 and the following + # comment from shadow's README.linux: + # Currently, libshadow.a is for internal use only, so if you see + # -lshadow in a Makefile of some other package, it is safe to + # remove it. + rm -f "${D}"/{,usr/}$(get_libdir)/lib{misc,shadow}.{a,la} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins "${FILESDIR}"/securetty + if ! use pam ; then + insopts -m0600 + doins etc/login.access etc/limits + else + newpamd "${FILESDIR}/login.pamd" login + use selinux || sed -i -e '/@selinux@/d' "${D}"/etc/pam.d/login + use selinux && sed -i -e 's:@selinux@::g' "${D}"/etc/pam.d/login + fi + # Output arch-specific cruft + case $(tc-arch) in + ppc*) echo "hvc0" >> "${D}"/etc/securetty + echo "hvsi0" >> "${D}"/etc/securetty;; + hppa) echo "ttyB0" >> "${D}"/etc/securetty;; + arm) echo "ttyFB0" >> "${D}"/etc/securetty;; + esac + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0644 + doins "${FILESDIR}"/default/useradd + + # move passwd to / to help recover broke systems #64441 + mv "${D}"/usr/bin/passwd "${D}"/bin/ + dosym /bin/passwd /usr/bin/passwd + + if use pam ; then + local INSTALL_SYSTEM_PAMD="yes" + + # Do not install below pam.d files if we have pam-0.78 or later + has_version '>=sys-libs/pam-0.78' && \ + INSTALL_SYSTEM_PAMD="no" + + for x in "${FILESDIR}"/pam.d-include/*; do + case "${x##*/}" in + "login") + # We do no longer install this one, as its from + # pam-login now. + ;; + "system-auth"|"system-auth-1.1"|"other") + # These we only install if we do not have pam-0.78 + # or later. + [ "${INSTALL_SYSTEM_PAMD}" = "yes" ] && [ -f ${x} ] && \ + dopamd ${x} + ;; + "su") + # Disable support for pam_env and pam_wheel on openpam + has_version sys-libs/pam && dopamd ${x} + ;; + "su-openpam") + has_version sys-libs/openpam && newpamd ${x} su + ;; + *) + [ -f ${x} ] && dopamd ${x} + ;; + esac + done + for x in chage chsh chfn chpasswd newusers \ + user{add,del,mod} group{add,del,mod} ; do + newpamd "${FILESDIR}"/pam.d-include/shadow ${x} + done + + # remove manpages that pam will install for us + # and/or don't apply when using pam + + find "${D}"/usr/share/man \ + '(' -name 'limits.5*' -o -name 'suauth.5*' ')' \ + -exec rm {} \; + fi + + cd "${S}" + insinto /etc + insopts -m0644 + newins etc/login.defs login.defs + + # comment out options that pam hates + if use pam ; then + awk -f "${FILESDIR}"/login_defs.awk \ + lib/getdef.c etc/login.defs \ + > "${D}"/etc/login.defs + fi + + # Remove manpages that are handled by other packages + find "${D}"/usr/share/man \ + '(' -name id.1 -o -name passwd.5 -o -name getspnam.3 ')' \ + -exec rm {} \; + + cd "${S}" + dodoc ChangeLog NEWS TODO + newdoc README README.download + cd doc + dodoc HOWTO README* WISHLIST *.txt +} + +pkg_preinst() { + rm -f "${ROOT}"/etc/pam.d/system-auth.new \ + "${ROOT}/etc/login.defs.new" +} + +pkg_postinst() { + # Enable shadow groups (we need ROOT=/ here, as grpconv only + # operate on / ...). + if [[ ${ROOT} == / && ! -f /etc/gshadow ]] ; then + if grpck -r &>/dev/null; then + grpconv + else + ewarn "Running 'grpck' returned errors. Please run it by hand, and then" + ewarn "run 'grpconv' afterwards!" + fi + fi + + # Installing with different permissions doesn't actually fix the problem + # if bad permissions already exist on the live filesystem + if [[ -e ${ROOT}/etc/default/useradd ]]; then + chmod 644 ${ROOT}/etc/default/useradd + fi +} |