From 1bb2648cde916ac27d3dd75d7b64a4ddc89787b7 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 10 Feb 2013 01:12:52 -0800 Subject: Sun Feb 10 01:12:35 PST 2013 --- core/shadow/adduser | 399 ------------------------- core/shadow/login | 21 -- core/shadow/nscd-error-reporting.patch | 17 -- core/shadow/shadow-add-missing-include.patch | 11 - core/shadow/userdel-avoid-bad-mem-access.patch | 57 ---- core/shadow/write-utmp-wtmp-entries.patch | 47 --- 6 files changed, 552 deletions(-) delete mode 100644 core/shadow/adduser delete mode 100644 core/shadow/login delete mode 100644 core/shadow/nscd-error-reporting.patch delete mode 100644 core/shadow/shadow-add-missing-include.patch delete mode 100644 core/shadow/userdel-avoid-bad-mem-access.patch delete mode 100644 core/shadow/write-utmp-wtmp-entries.patch (limited to 'core/shadow') diff --git a/core/shadow/adduser b/core/shadow/adduser deleted file mode 100644 index a5d7fd4fa..000000000 --- a/core/shadow/adduser +++ /dev/null @@ -1,399 +0,0 @@ -#!/bin/bash -# -# Copyright 1995 Hrvoje Dogan, Croatia. -# Copyright 2002, 2003, 2004 Stuart Winter, West Midlands, England, UK. -# Copyright 2004 Slackware Linux, Inc., Concord, CA, USA -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# -########################################################################## -# Program: /usr/sbin/adduser -# Purpose: Interactive front end to /usr/sbin/useradd for Slackware Linux -# Author : Stuart Winter -# Based on the original Slackware adduser by Hrvoje Dogan -# with modifications by Patrick Volkerding -# Version: 1.09 -########################################################################## -# Usage..: adduser [] -########################################################################## -# History # -########### -# v1.09 - 07/06/04 -# * Added standard Slackware script licence to the head of this file. -# v1.08 - 25/04/04 -# * Disallow user names that begin with a numeric because useradd -# (from shadow v4.03) does not allow them. -# v1.07 - 07/03/03 -# * When supplying a null string for the uid (meaning 'Choose next available'), -# if there were file names in the range 'a-z' in the pwd then the -# egrep command considered these files rather than the null string. -# The egrep expression is now in quotes. -# Reported & fixed by Vadim O. Ustiansky -# v1.06 - 31/03/03 -# * Ask to chown user.group the home directory if it already exists. -# This helps reduce later confusion when adding users whose home dir -# already exists (mounted partition for example) and is owned -# by a user other than the user to which the directory is being -# assigned as home. Default is not to chown. -# Brought to my attention by mRgOBLIN. -# v1.05 - 04/01/03 -# * Advise & prevent users from creating logins with '.' characters -# in the user name. -# * Made pending account creation info look neater -# v1.04 - 09/06/02 -# * Catered for shadow-4.0.3's 'useradd' binary that no longer -# will let you create a user that has any uppercase chars in it -# This was reported on the userlocal.org forums -# by 'xcp' - thanks. -# v1.03 - 20/05/02 -# * Support 'broken' (null lines in) /etc/passwd and -# /etc/group files -# * For recycling UIDs (default still 'off'), we now look in -# /etc/login.defs for the UID_MIN value and use it -# If not found then default to 1000 -# v1.02 - 10/04/02 -# * Fix user-specified UID bug. -# v1.01 - 23/03/02 -# * Match Slackware indenting style, simplify. -# v1.00 - 22/03/02 -# * Created -####################################################################### - -# Path to files -pfile=/etc/passwd -gfile=/etc/group -sfile=/etc/shells - -# Paths to binaries -useradd=/usr/sbin/useradd -chfn=/usr/bin/chfn -passwd=/usr/bin/passwd - -# Defaults -defhome=/home -defshell=/bin/bash -defgroup=users - -# Determine what the minimum UID is (for UID recycling) -# (we ignore it if it's not at the beginning of the line (i.e. commented out with #)) -export recycleUIDMIN="$(grep ^UID_MIN /etc/login.defs | awk '{print $2}' 2>/dev/null)" -# If we couldn't find it, set it to the default of 1000 -if [ -z "$recycleUIDMIN" ]; then - export recycleUIDMIN=1000 # this is the default from Slackware's /etc/login.defs -fi - - -# This setting enables the 'recycling' of older unused UIDs. -# When you userdel a user, it removes it from passwd and shadow but it will -# never get used again unless you specify it expliticly -- useradd (appears to) just -# look at the last line in passwd and increment the uid. I like the idea of -# recycling uids but you may have very good reasons not to (old forgotten -# confidential files still on the system could then be owned by this new user). -# We'll set this to no because this is what the original adduser shell script -# did and it's what users expect. -recycleuids=no - -# Function to read keyboard input. -# bash1 is broken (even ash will take read -ep!), so we work around -# it (even though bash1 is no longer supported on Slackware). -function get_input() { - local output - if [ "`echo $BASH_VERSION | cut -b1`" = "1" ]; then - echo -n "${1} " >&2 # fudge for use with bash v1 - read output - else # this should work with any other /bin/sh - read -ep "${1} " output - fi - echo $output -} - -# Function to display the account info -function display () { - local goose - goose="$(echo $2 | cut -d ' ' -f 2-)" # lop off the prefixed argument useradd needs - echo -n "$1 " - # If it's null then display the 'other' information - if [ -z "$goose" -a ! -z "$3" ]; then - echo "$3" - else - echo "$goose" - fi -} - -# Function to check whether groups exist in the /etc/group file -function check_group () { - local got_error group - if [ ! -z "$@" ]; then - for group in $@ ; do - local uid_not_named="" uid_not_num="" - grep -v "$^" $gfile | awk -F: '{print $1}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_named=yes - grep -v "$^" $gfile | awk -F: '{print $3}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_num=yes - if [ ! -z "$uid_not_named" -a ! -z "$uid_not_num" ]; then - echo "- Group '$group' does not exist" - got_error=yes - fi - done - fi - # Return exit code of 1 if at least one of the groups didn't exist - if [ ! -z "$got_error" ]; then - return 1 - fi -} - -#: Read the login name for the new user :# -# -# Remember that most Mail Transfer Agents are case independant, so having -# 'uSer' and 'user' may cause confusion/things to break. Because of this, -# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase, -# and we must reject them, too. - -# Set the login variable to the command line param -echo -LOGIN="$1" -needinput=yes -while [ ! -z $needinput ]; do - if [ -z "$LOGIN" ]; then - while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done - fi - grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used - if [ $? -eq 0 ]; then - echo "- User '$LOGIN' already exists; please choose another" - unset LOGIN - elif [ ! -z "$( echo $LOGIN | grep "^[0-9]" )" ]; then - echo "- User names cannot begin with a number; please choose another" - unset LOGIN - elif [ ! "$LOGIN" = "`echo $LOGIN | tr A-Z a-z`" ]; then # useradd does not allow uppercase - echo "- User '$LOGIN' contains illegal characters (uppercase); please choose another" - unset LOGIN - elif [ ! -z "$( echo $LOGIN | grep '\.' )" ]; then - echo "- User '$LOGIN' contains illegal characters (period/dot); please choose another" - unset LOGIN - else - unset needinput - fi -done - -# Display the user name passed from the shell if it hasn't changed -if [ "$1" = "$LOGIN" ]; then - echo "Login name for new user: $LOGIN" -fi - -#: Get the UID for the user & ensure it's not already in use :# -# -# Whilst we _can_ allow users with identical UIDs, it's not a 'good thing' because -# when you change password for the uid, it finds the first match in /etc/passwd -# which isn't necessarily the correct user -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - _UID="$(get_input "User ID ('UID') [ defaults to next available ]:")" - grep -v "^$" $pfile | awk -F: '{print $3}' | grep "^${_UID}$" >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "- That UID is already in use; please choose another" - elif [ ! -z "$(echo $_UID | egrep '[A-Za-z]')" ]; then - echo "- UIDs are numerics only" - else - unset needinput - fi -done -# If we were given a UID, then syntax up the variable to pass to useradd -if [ ! -z "$_UID" ]; then - U_ID="-u ${_UID}" -else - # Will we be recycling UIDs? - if [ "$recycleuids" = "yes" ]; then - U_ID="-u $(awk -F: '{uid[$3]=1} END { for (i=ENVIRON["recycleUIDMIN"];i in uid;i++);print i}' $pfile)" - fi -fi - -#: Get the initial group for the user & ensure it exists :# -# -# We check /etc/group for both the text version and the group ID number -echo -needinput=yes -while [ ! -z "$needinput" ]; do - GID="$(get_input "Initial group [ ${defgroup} ]:")" - check_group "$GID" - if [ $? -gt 0 ]; then - echo "- Please choose another" - else - unset needinput - fi -done -# Syntax the variable ready for useradd -if [ -z "$GID" ]; then - GID="-g ${defgroup}" -else - GID="-g ${GID}" -fi - -#: Get additional groups for the user :# -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - AGID="$(get_input "Additional groups (comma separated) []:")" - AGID="$(echo "$AGID" | tr -d ' ' | tr , ' ')" # fix up for parsing - if [ ! -z "$AGID" ]; then - check_group "$AGID" # check all groups at once (treated as N # of params) - if [ $? -gt 0 ]; then - echo "- Please re-enter the group(s)" - else - unset needinput # we found all groups specified - AGID="-G $(echo "$AGID" | tr ' ' ,)" - fi - else - unset needinput # we don't *have* to have additional groups - fi -done - -#: Get the new user's home dir :# -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - HME="$(get_input "Home directory [ ${defhome}/${LOGIN} ]")" - if [ -z "$HME" ]; then - HME="${defhome}/${LOGIN}" - fi - # Warn the user if the home dir already exists - if [ -d "$HME" ]; then - echo "- Warning: '$HME' already exists !" - getyn="$(get_input " Do you wish to change the home directory path ? (Y/n) ")" - if [ "$(echo $getyn | grep -i "n")" ]; then - unset needinput - # You're most likely going to only do this if you have the dir *mounted* for this user's $HOME - getyn="$(get_input " Do you want to chown $LOGIN.$( echo $GID | awk '{print $2}') $HME ? (y/N) ")" - if [ "$(echo $getyn | grep -i "y")" ]; then - CHOWNHOMEDIR=$HME # set this to the home directory - fi - fi - else - unset needinput - fi -done -HME="-d ${HME}" - -#: Get the new user's shell :# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - unset got_error - SHL="$(get_input "Shell [ ${defshell} ]")" - if [ -z "$SHL" ]; then - SHL="${defshell}" - fi - # Warn the user if the shell doesn't exist in /etc/shells or as a file - if [ -z "$(grep "^${SHL}$" $sfile)" ]; then - echo "- Warning: ${SHL} is not in ${sfile} (potential problem using FTP)" - got_error=yes - fi - if [ ! -f "$SHL" ]; then - echo "- Warning: ${SHL} does not exist as a file" - got_error=yes - fi - if [ ! -z "$got_error" ]; then - getyn="$(get_input " Do you wish to change the shell ? (Y/n) ")" - if [ "$(echo $getyn | grep -i "n")" ]; then - unset needinput - fi - else - unset needinput - fi -done -SHL="-s ${SHL}" - -#: Get the expiry date :# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - EXP="$(get_input "Expiry date (YYYY-MM-DD) []:")" - if [ ! -z "$EXP" ]; then - # Check to see whether the expiry date is in the valid format - if [ -z "$(echo "$EXP" | grep "^[[:digit:]]\{4\}[-]\?[[:digit:]]\{2\}[-]\?[[:digit:]]\{2\}$")" ]; then - echo "- That is not a valid expiration date" - else - unset needinput - EXP="-e ${EXP}" - fi - else - unset needinput - fi -done - -# Display the info about the new impending account -echo -echo "New account will be created as follows:" -echo -echo "---------------------------------------" -display "Login name.......: " "$LOGIN" -display "UID..............: " "$_UID" "[ Next available ]" -display "Initial group....: " "$GID" -display "Additional groups: " "$AGID" "[ None ]" -display "Home directory...: " "$HME" -display "Shell............: " "$SHL" -display "Expiry date......: " "$EXP" "[ Never ]" -echo - -echo "This is it... if you want to bail out, hit Control-C. Otherwise, press" -echo "ENTER to go ahead and make the account." -read junk - -echo -echo "Creating new account..." -echo -echo - -# Add the account to the system -CMD="$useradd "$HME" -m "$EXP" "$U_ID" "$GID" "$AGID" "$SHL" "$LOGIN"" -$CMD - -if [ $? -gt 0 ]; then - echo "- Error running useradd command -- account not created!" - echo "(cmd: $CMD)" - exit 1 -fi - -# chown the home dir ? We can only do this once the useradd has -# completed otherwise the user name doesn't exist. -if [ ! -z "${CHOWNHOMEDIR}" ]; then - chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}" -fi - -# Set the finger information -$chfn "$LOGIN" -if [ $? -gt 0 ]; then - echo "- Warning: an error occurred while setting finger information" -fi - -# Set a password -$passwd "$LOGIN" -if [ $? -gt 0 ]; then - echo "* WARNING: An error occured while setting the password for" - echo " this account. Please manually investigate this *" - exit 1 -fi - -echo -echo -echo "Account setup complete." -exit 0 - diff --git a/core/shadow/login b/core/shadow/login deleted file mode 100644 index b8555f89c..000000000 --- a/core/shadow/login +++ /dev/null @@ -1,21 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth requisite pam_nologin.so -auth required pam_unix.so nullok -auth required pam_tally.so onerr=succeed file=/var/log/faillog -# use this to lockout accounts for 10 minutes after 3 failed attempts -#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog -account required pam_access.so -account required pam_time.so -account required pam_unix.so -#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -#password required pam_unix.so sha512 shadow use_authtok -session required pam_unix.so -session required pam_env.so -session required pam_motd.so -session required pam_limits.so -session optional pam_mail.so dir=/var/spool/mail standard -session optional pam_lastlog.so -session optional pam_loginuid.so --session optional pam_ck_connector.so nox11 --session optional pam_systemd.so diff --git a/core/shadow/nscd-error-reporting.patch b/core/shadow/nscd-error-reporting.patch deleted file mode 100644 index a4075756e..000000000 --- a/core/shadow/nscd-error-reporting.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/upstream/trunk/lib/nscd.c b/upstream/trunk/lib/nscd.c -index 227c205..7adb58f 100644 ---- a/lib/nscd.c -+++ b/lib/nscd.c -@@ -39,8 +39,11 @@ int nscd_flush_cache (const char *service) - /* nscd is not installed, or it is installed but uses an - interpreter that is missing. Probably the former. */ - return 0; -+ } else if (code == 1) { -+ /* nscd is installed, but it isn't active. */ -+ return 0; - } else if (code != 0) { -- (void) fprintf (stderr, _("%s: nscd exited with status %d"), -+ (void) fprintf (stderr, _("%s: nscd exited with status %d\n"), - Prog, code); - (void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog); - return -1; diff --git a/core/shadow/shadow-add-missing-include.patch b/core/shadow/shadow-add-missing-include.patch deleted file mode 100644 index 5c9e946ef..000000000 --- a/core/shadow/shadow-add-missing-include.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur shadow-4.1.4.2+svn3283/libmisc/copydir.c shadow-4.1.4.2+svn3283.new/libmisc/copydir.c ---- shadow-4.1.4.2+svn3283/libmisc/copydir.c 2010-09-05 11:35:26.000000000 -0400 -+++ shadow-4.1.4.2+svn3283.new/libmisc/copydir.c 2011-06-26 01:26:52.000000000 -0400 -@@ -34,6 +34,7 @@ - - #ident "$Id: copydir.c 3283 2010-09-05 15:34:42Z nekral-guest $" - -+#include - #include - #include - #include diff --git a/core/shadow/userdel-avoid-bad-mem-access.patch b/core/shadow/userdel-avoid-bad-mem-access.patch deleted file mode 100644 index 1d36562b2..000000000 --- a/core/shadow/userdel-avoid-bad-mem-access.patch +++ /dev/null @@ -1,57 +0,0 @@ -Index: src/userdel.c -=================================================================== ---- src/userdel.c (revision 3713) -+++ src/userdel.c (working copy) -@@ -329,26 +329,33 @@ - } - - if (NULL == pwd) { -+ char gr_name[GROUP_NAME_MAX_LENGTH + 1]; -+ -+ /* make a copy of the group name before we delete it. -+ * we can't use ->gr_name after the group is deleted -+ * for logging purposes */ -+ snprintf(gr_name, GROUP_NAME_MAX_LENGTH, "%s", grp->gr_name); -+ - /* - * We can remove this group, it is not the primary - * group of any remaining user. - */ -- if (gr_remove (grp->gr_name) == 0) { -+ if (gr_remove (gr_name) == 0) { - fprintf (stderr, - _("%s: cannot remove entry '%s' from %s\n"), -- Prog, grp->gr_name, gr_dbname ()); -+ Prog, gr_name, gr_dbname ()); - fail_exit (E_GRP_UPDATE); - } - - #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_GROUP, Prog, - "deleting group", -- grp->gr_name, AUDIT_NO_ID, -+ gr_name, AUDIT_NO_ID, - SHADOW_AUDIT_SUCCESS); - #endif /* WITH_AUDIT */ - SYSLOG ((LOG_INFO, - "removed group '%s' owned by '%s'\n", -- grp->gr_name, user_name)); -+ gr_name, user_name)); - - #ifdef SHADOWGRP - if (sgr_locate (user_name) != NULL) { -@@ -361,12 +368,12 @@ - #ifdef WITH_AUDIT - audit_logger (AUDIT_DEL_GROUP, Prog, - "deleting shadow group", -- grp->gr_name, AUDIT_NO_ID, -+ gr_name, AUDIT_NO_ID, - SHADOW_AUDIT_SUCCESS); - #endif /* WITH_AUDIT */ - SYSLOG ((LOG_INFO, - "removed shadow group '%s' owned by '%s'\n", -- grp->gr_name, user_name)); -+ gr_name, user_name)); - - } - #endif /* SHADOWGRP */ diff --git a/core/shadow/write-utmp-wtmp-entries.patch b/core/shadow/write-utmp-wtmp-entries.patch deleted file mode 100644 index b4272ca61..000000000 --- a/core/shadow/write-utmp-wtmp-entries.patch +++ /dev/null @@ -1,47 +0,0 @@ -Index: upstream/trunk/src/login.c -=================================================================== ---- a/src/login.c (revision 3437) -+++ b/src/login.c (revision 3438) -@@ -126,10 +126,12 @@ - static void setup_tty (void); - static void process_flags (int argc, char *const *argv); - static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user); -+#ifndef USE_PAM - static void update_utmp (const char *user, - const char *tty, - const char *host, - /*@null@*/const struct utmp *utent); -+#endif /* ! USE_PAM */ - - #ifndef USE_PAM - static struct faillog faillog; -@@ -471,6 +473,7 @@ - return failent_user; - } - -+#ifndef USE_PAM - /* - * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and - * wtmpx -@@ -496,6 +499,7 @@ - free (utx); - #endif /* USE_UTMPX */ - } -+#endif /* ! USE_PAM */ - - /* - * login - create a new login session for a user -@@ -1208,11 +1212,13 @@ - } - } - -+#ifndef USE_PAM - /* - * The utmp entry needs to be updated to indicate the new status - * of the session, the new PID and SID. - */ - update_utmp (username, tty, hostname, utent); -+#endif /* ! USE_PAM */ - - /* The pwd and spwd entries for the user have been copied. - * -- cgit v1.2.3-54-g00ecf