diff options
| author | Parabola <dev@list.parabolagnulinux.org> | 2011-07-01 04:58:03 +0000 |
|---|---|---|
| committer | Parabola <dev@list.parabolagnulinux.org> | 2011-07-01 04:58:03 +0000 |
| commit | 76400556d9e8a5dedc692487c13b76a541813a23 (patch) | |
| tree | fb8b06b7dea0e79577a77e3748ed551d9ac1b34b /testing/shadow | |
| parent | 64e72407414ce0badfb541782125cd8e3a25c12e (diff) | |
Fri Jul 1 04:58:02 UTC 2011
Diffstat (limited to 'testing/shadow')
| -rw-r--r-- | testing/shadow/LICENSE | 31 | ||||
| -rw-r--r-- | testing/shadow/PKGBUILD | 106 | ||||
| -rw-r--r-- | testing/shadow/adduser | 399 | ||||
| -rw-r--r-- | testing/shadow/chgpasswd | 4 | ||||
| -rw-r--r-- | testing/shadow/chpasswd | 6 | ||||
| -rw-r--r-- | testing/shadow/defaults.pam | 6 | ||||
| -rw-r--r-- | testing/shadow/login | 20 | ||||
| -rw-r--r-- | testing/shadow/login.defs | 197 | ||||
| -rw-r--r-- | testing/shadow/newusers | 6 | ||||
| -rw-r--r-- | testing/shadow/passwd | 4 | ||||
| -rw-r--r-- | testing/shadow/shadow-add-missing-include.patch | 11 | ||||
| -rw-r--r-- | testing/shadow/shadow-strncpy-usage.patch | 27 | ||||
| -rwxr-xr-x | testing/shadow/shadow.cron.daily | 6 | ||||
| -rw-r--r-- | testing/shadow/shadow.install | 8 | ||||
| -rw-r--r-- | testing/shadow/shadow_CVE-2011-0721.patch | 57 | ||||
| -rw-r--r-- | testing/shadow/useradd.defaults | 9 | ||||
| -rw-r--r-- | testing/shadow/xstrdup.patch | 9 |
17 files changed, 0 insertions, 906 deletions
diff --git a/testing/shadow/LICENSE b/testing/shadow/LICENSE deleted file mode 100644 index c5ab15a56..000000000 --- a/testing/shadow/LICENSE +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 1990 - 1994, Julianne Frances Haugh - * Copyright (c) 1996 - 2000, Marek Michałkiewicz - * Copyright (c) 2001 - 2006, Tomasz Kłoczko - * Copyright (c) 2007 - 2009, Nicolas François - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the copyright holders or contributors may not be used to - * endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ diff --git a/testing/shadow/PKGBUILD b/testing/shadow/PKGBUILD deleted file mode 100644 index b3a130166..000000000 --- a/testing/shadow/PKGBUILD +++ /dev/null @@ -1,106 +0,0 @@ -# $Id: PKGBUILD 129320 2011-06-26 16:36:48Z eric $ -# Maintainer: Aaron Griffin <aaron@archlinux.org> - -pkgname=shadow -pkgver=4.1.4.3 -pkgrel=2 -pkgdesc="Password and account management tool suite with support for shadow files and PAM" -arch=('i686' 'x86_64') -url='http://pkg-shadow.alioth.debian.org/' -license=('BSD') -groups=('base') -depends=('bash' 'pam' 'acl') -backup=(etc/login.defs - etc/pam.d/{chage,login,passwd,shadow,useradd,usermod,userdel} - etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} - etc/pam.d/{chfn,chgpasswd,groupmems,chsh} - etc/default/useradd) -options=('!libtool') -install=shadow.install -#http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.bz2 -# shadow 4.1.4.3 is just shadow 4.1.4.2 with shadow_CVE-2011-0721.patch applied -source=(ftp://ftp.archlinux.org/other/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz - adduser chgpasswd chpasswd defaults.pam login login.defs newusers - passwd shadow.cron.daily useradd.defaults LICENSE - xstrdup.patch shadow_CVE-2011-0721.patch shadow-strncpy-usage.patch - shadow-add-missing-include.patch) -sha1sums=('8b704b8f07718e329205f23d457c3121c0f3679e' - '78ec184a499f9708adcfcf0b7a3b22a60bf39f91' - '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' - 'd66096ed9477bd7242e8d2cc28eaa23170269788' - '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' - '0b2d98a0ee3bfde8551ade48d4d35cc20ec702a1' - 'e5cab2118ecb1e61874cde842d7d04d1003f35cb' - 'd66096ed9477bd7242e8d2cc28eaa23170269788' - '6f183bc7709b0a8d20ad17481a4ad025cf6e5056' - '5d83ba7e11c765c951867cbe00b0ae7ff57148fa' - '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' - '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' - '6010fffeed1fc6673ad9875492e1193b1a847b53' - '6bfe6528391eb38d338beacedd620407877b637d' - '9db9e62ad173f31e1039121c0124cf60826ffd7e' - '0697a21f7519de30821da7772677035652df4ad2') - -build() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" - - #Ugh, force this to build shared libraries, for god's sake - sed -i "s/noinst_LTLIBRARIES/lib_LTLIBRARIES/g" lib/Makefile.am - libtoolize - autoreconf - export LDFLAGS="$LDFLAGS -lcrypt" - - patch -p1 -i "$srcdir/xstrdup.patch" - patch -p1 -i "$srcdir/shadow_CVE-2011-0721.patch" - patch -p1 -i "$srcdir/shadow-strncpy-usage.patch" - patch -p1 -i "$srcdir/shadow-add-missing-include.patch" - - # supress etc/pam.d/*, we provide our own - sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in - - ./configure \ - --prefix=/usr --libdir=/lib \ - --mandir=/usr/share/man --sysconfdir=/etc \ - --enable-shared --disable-static \ - --with-libpam --without-selinux - make -} - -package() { - cd "$srcdir/$pkgname-4.1.4.2+svn3283" - make DESTDIR="$pkgdir" install - - # license - install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" - - # interactive useradd - install -Dm755 "$srcdir/adduser" "$pkgdir/usr/sbin/adduser" - - # useradd defaults - install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" - - # cron job - install -Dm744 "$srcdir/shadow.cron.daily" "$pkgdir/etc/cron.daily/shadow" - - # login.defs - install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" - - # PAM config - custom - install -Dm644 "$srcdir/login" "$pkgdir/etc/pam.d/login" - install -Dm644 "$srcdir/passwd" "$pkgdir/etc/pam.d/passwd" - install -Dm644 "$srcdir/chgpasswd" "$pkgdir/etc/pam.d/chgpasswd" - install -Dm644 "$srcdir/chpasswd" "$pkgdir/etc/pam.d/chpasswd" - install -Dm644 "$srcdir/newusers" "$pkgdir/etc/pam.d/newusers" - # PAM config - from tarball - install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" - - # we use the 'useradd' PAM file for other similar utilities - for file in chage chfn chsh groupadd groupdel groupmod shadow \ - useradd usermod userdel; do - install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file" - done - - # Remove su - using su from coreutils instead - rm "$pkgdir/bin/su" - find "$pkgdir/usr/share/man" -name 'su.1' -delete -} diff --git a/testing/shadow/adduser b/testing/shadow/adduser deleted file mode 100644 index a5d7fd4fa..000000000 --- a/testing/shadow/adduser +++ /dev/null @@ -1,399 +0,0 @@ -#!/bin/bash -# -# Copyright 1995 Hrvoje Dogan, Croatia. -# Copyright 2002, 2003, 2004 Stuart Winter, West Midlands, England, UK. -# Copyright 2004 Slackware Linux, Inc., Concord, CA, USA -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# -########################################################################## -# Program: /usr/sbin/adduser -# Purpose: Interactive front end to /usr/sbin/useradd for Slackware Linux -# Author : Stuart Winter <stuart@polplex.co.uk> -# Based on the original Slackware adduser by Hrvoje Dogan -# with modifications by Patrick Volkerding -# Version: 1.09 -########################################################################## -# Usage..: adduser [<new_user_name>] -########################################################################## -# History # -########### -# v1.09 - 07/06/04 -# * Added standard Slackware script licence to the head of this file. -# v1.08 - 25/04/04 -# * Disallow user names that begin with a numeric because useradd -# (from shadow v4.03) does not allow them. <sw> -# v1.07 - 07/03/03 -# * When supplying a null string for the uid (meaning 'Choose next available'), -# if there were file names in the range 'a-z' in the pwd then the -# egrep command considered these files rather than the null string. -# The egrep expression is now in quotes. -# Reported & fixed by Vadim O. Ustiansky <sw> -# v1.06 - 31/03/03 -# * Ask to chown user.group the home directory if it already exists. -# This helps reduce later confusion when adding users whose home dir -# already exists (mounted partition for example) and is owned -# by a user other than the user to which the directory is being -# assigned as home. Default is not to chown. -# Brought to my attention by mRgOBLIN. <sw> -# v1.05 - 04/01/03 -# * Advise & prevent users from creating logins with '.' characters -# in the user name. <sw> -# * Made pending account creation info look neater <sw> -# v1.04 - 09/06/02 -# * Catered for shadow-4.0.3's 'useradd' binary that no longer -# will let you create a user that has any uppercase chars in it -# This was reported on the userlocal.org forums -# by 'xcp' - thanks. <sw,pjv> -# v1.03 - 20/05/02 -# * Support 'broken' (null lines in) /etc/passwd and -# /etc/group files <sw> -# * For recycling UIDs (default still 'off'), we now look in -# /etc/login.defs for the UID_MIN value and use it -# If not found then default to 1000 <sw> -# v1.02 - 10/04/02 -# * Fix user-specified UID bug. <pjv> -# v1.01 - 23/03/02 -# * Match Slackware indenting style, simplify. <pjv> -# v1.00 - 22/03/02 -# * Created -####################################################################### - -# Path to files -pfile=/etc/passwd -gfile=/etc/group -sfile=/etc/shells - -# Paths to binaries -useradd=/usr/sbin/useradd -chfn=/usr/bin/chfn -passwd=/usr/bin/passwd - -# Defaults -defhome=/home -defshell=/bin/bash -defgroup=users - -# Determine what the minimum UID is (for UID recycling) -# (we ignore it if it's not at the beginning of the line (i.e. commented out with #)) -export recycleUIDMIN="$(grep ^UID_MIN /etc/login.defs | awk '{print $2}' 2>/dev/null)" -# If we couldn't find it, set it to the default of 1000 -if [ -z "$recycleUIDMIN" ]; then - export recycleUIDMIN=1000 # this is the default from Slackware's /etc/login.defs -fi - - -# This setting enables the 'recycling' of older unused UIDs. -# When you userdel a user, it removes it from passwd and shadow but it will -# never get used again unless you specify it expliticly -- useradd (appears to) just -# look at the last line in passwd and increment the uid. I like the idea of -# recycling uids but you may have very good reasons not to (old forgotten -# confidential files still on the system could then be owned by this new user). -# We'll set this to no because this is what the original adduser shell script -# did and it's what users expect. -recycleuids=no - -# Function to read keyboard input. -# bash1 is broken (even ash will take read -ep!), so we work around -# it (even though bash1 is no longer supported on Slackware). -function get_input() { - local output - if [ "`echo $BASH_VERSION | cut -b1`" = "1" ]; then - echo -n "${1} " >&2 # fudge for use with bash v1 - read output - else # this should work with any other /bin/sh - read -ep "${1} " output - fi - echo $output -} - -# Function to display the account info -function display () { - local goose - goose="$(echo $2 | cut -d ' ' -f 2-)" # lop off the prefixed argument useradd needs - echo -n "$1 " - # If it's null then display the 'other' information - if [ -z "$goose" -a ! -z "$3" ]; then - echo "$3" - else - echo "$goose" - fi -} - -# Function to check whether groups exist in the /etc/group file -function check_group () { - local got_error group - if [ ! -z "$@" ]; then - for group in $@ ; do - local uid_not_named="" uid_not_num="" - grep -v "$^" $gfile | awk -F: '{print $1}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_named=yes - grep -v "$^" $gfile | awk -F: '{print $3}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_num=yes - if [ ! -z "$uid_not_named" -a ! -z "$uid_not_num" ]; then - echo "- Group '$group' does not exist" - got_error=yes - fi - done - fi - # Return exit code of 1 if at least one of the groups didn't exist - if [ ! -z "$got_error" ]; then - return 1 - fi -} - -#: Read the login name for the new user :# -# -# Remember that most Mail Transfer Agents are case independant, so having -# 'uSer' and 'user' may cause confusion/things to break. Because of this, -# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase, -# and we must reject them, too. - -# Set the login variable to the command line param -echo -LOGIN="$1" -needinput=yes -while [ ! -z $needinput ]; do - if [ -z "$LOGIN" ]; then - while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done - fi - grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used - if [ $? -eq 0 ]; then - echo "- User '$LOGIN' already exists; please choose another" - unset LOGIN - elif [ ! -z "$( echo $LOGIN | grep "^[0-9]" )" ]; then - echo "- User names cannot begin with a number; please choose another" - unset LOGIN - elif [ ! "$LOGIN" = "`echo $LOGIN | tr A-Z a-z`" ]; then # useradd does not allow uppercase - echo "- User '$LOGIN' contains illegal characters (uppercase); please choose another" - unset LOGIN - elif [ ! -z "$( echo $LOGIN | grep '\.' )" ]; then - echo "- User '$LOGIN' contains illegal characters (period/dot); please choose another" - unset LOGIN - else - unset needinput - fi -done - -# Display the user name passed from the shell if it hasn't changed -if [ "$1" = "$LOGIN" ]; then - echo "Login name for new user: $LOGIN" -fi - -#: Get the UID for the user & ensure it's not already in use :# -# -# Whilst we _can_ allow users with identical UIDs, it's not a 'good thing' because -# when you change password for the uid, it finds the first match in /etc/passwd -# which isn't necessarily the correct user -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - _UID="$(get_input "User ID ('UID') [ defaults to next available ]:")" - grep -v "^$" $pfile | awk -F: '{print $3}' | grep "^${_UID}$" >/dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "- That UID is already in use; please choose another" - elif [ ! -z "$(echo $_UID | egrep '[A-Za-z]')" ]; then - echo "- UIDs are numerics only" - else - unset needinput - fi -done -# If we were given a UID, then syntax up the variable to pass to useradd -if [ ! -z "$_UID" ]; then - U_ID="-u ${_UID}" -else - # Will we be recycling UIDs? - if [ "$recycleuids" = "yes" ]; then - U_ID="-u $(awk -F: '{uid[$3]=1} END { for (i=ENVIRON["recycleUIDMIN"];i in uid;i++);print i}' $pfile)" - fi -fi - -#: Get the initial group for the user & ensure it exists :# -# -# We check /etc/group for both the text version and the group ID number -echo -needinput=yes -while [ ! -z "$needinput" ]; do - GID="$(get_input "Initial group [ ${defgroup} ]:")" - check_group "$GID" - if [ $? -gt 0 ]; then - echo "- Please choose another" - else - unset needinput - fi -done -# Syntax the variable ready for useradd -if [ -z "$GID" ]; then - GID="-g ${defgroup}" -else - GID="-g ${GID}" -fi - -#: Get additional groups for the user :# -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - AGID="$(get_input "Additional groups (comma separated) []:")" - AGID="$(echo "$AGID" | tr -d ' ' | tr , ' ')" # fix up for parsing - if [ ! -z "$AGID" ]; then - check_group "$AGID" # check all groups at once (treated as N # of params) - if [ $? -gt 0 ]; then - echo "- Please re-enter the group(s)" - else - unset needinput # we found all groups specified - AGID="-G $(echo "$AGID" | tr ' ' ,)" - fi - else - unset needinput # we don't *have* to have additional groups - fi -done - -#: Get the new user's home dir :# -# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - HME="$(get_input "Home directory [ ${defhome}/${LOGIN} ]")" - if [ -z "$HME" ]; then - HME="${defhome}/${LOGIN}" - fi - # Warn the user if the home dir already exists - if [ -d "$HME" ]; then - echo "- Warning: '$HME' already exists !" - getyn="$(get_input " Do you wish to change the home directory path ? (Y/n) ")" - if [ "$(echo $getyn | grep -i "n")" ]; then - unset needinput - # You're most likely going to only do this if you have the dir *mounted* for this user's $HOME - getyn="$(get_input " Do you want to chown $LOGIN.$( echo $GID | awk '{print $2}') $HME ? (y/N) ")" - if [ "$(echo $getyn | grep -i "y")" ]; then - CHOWNHOMEDIR=$HME # set this to the home directory - fi - fi - else - unset needinput - fi -done -HME="-d ${HME}" - -#: Get the new user's shell :# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - unset got_error - SHL="$(get_input "Shell [ ${defshell} ]")" - if [ -z "$SHL" ]; then - SHL="${defshell}" - fi - # Warn the user if the shell doesn't exist in /etc/shells or as a file - if [ -z "$(grep "^${SHL}$" $sfile)" ]; then - echo "- Warning: ${SHL} is not in ${sfile} (potential problem using FTP)" - got_error=yes - fi - if [ ! -f "$SHL" ]; then - echo "- Warning: ${SHL} does not exist as a file" - got_error=yes - fi - if [ ! -z "$got_error" ]; then - getyn="$(get_input " Do you wish to change the shell ? (Y/n) ")" - if [ "$(echo $getyn | grep -i "n")" ]; then - unset needinput - fi - else - unset needinput - fi -done -SHL="-s ${SHL}" - -#: Get the expiry date :# -echo -needinput=yes -while [ ! -z "$needinput" ]; do - EXP="$(get_input "Expiry date (YYYY-MM-DD) []:")" - if [ ! -z "$EXP" ]; then - # Check to see whether the expiry date is in the valid format - if [ -z "$(echo "$EXP" | grep "^[[:digit:]]\{4\}[-]\?[[:digit:]]\{2\}[-]\?[[:digit:]]\{2\}$")" ]; then - echo "- That is not a valid expiration date" - else - unset needinput - EXP="-e ${EXP}" - fi - else - unset needinput - fi -done - -# Display the info about the new impending account -echo -echo "New account will be created as follows:" -echo -echo "---------------------------------------" -display "Login name.......: " "$LOGIN" -display "UID..............: " "$_UID" "[ Next available ]" -display "Initial group....: " "$GID" -display "Additional groups: " "$AGID" "[ None ]" -display "Home directory...: " "$HME" -display "Shell............: " "$SHL" -display "Expiry date......: " "$EXP" "[ Never ]" -echo - -echo "This is it... if you want to bail out, hit Control-C. Otherwise, press" -echo "ENTER to go ahead and make the account." -read junk - -echo -echo "Creating new account..." -echo -echo - -# Add the account to the system -CMD="$useradd "$HME" -m "$EXP" "$U_ID" "$GID" "$AGID" "$SHL" "$LOGIN"" -$CMD - -if [ $? -gt 0 ]; then - echo "- Error running useradd command -- account not created!" - echo "(cmd: $CMD)" - exit 1 -fi - -# chown the home dir ? We can only do this once the useradd has -# completed otherwise the user name doesn't exist. -if [ ! -z "${CHOWNHOMEDIR}" ]; then - chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}" -fi - -# Set the finger information -$chfn "$LOGIN" -if [ $? -gt 0 ]; then - echo "- Warning: an error occurred while setting finger information" -fi - -# Set a password -$passwd "$LOGIN" -if [ $? -gt 0 ]; then - echo "* WARNING: An error occured while setting the password for" - echo " this account. Please manually investigate this *" - exit 1 -fi - -echo -echo -echo "Account setup complete." -exit 0 - diff --git a/testing/shadow/chgpasswd b/testing/shadow/chgpasswd deleted file mode 100644 index 8f49f5cc8..000000000 --- a/testing/shadow/chgpasswd +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -account required pam_permit.so -password include system-auth diff --git a/testing/shadow/chpasswd b/testing/shadow/chpasswd deleted file mode 100644 index bc14857dc..000000000 --- a/testing/shadow/chpasswd +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_unix.so md5 shadow diff --git a/testing/shadow/defaults.pam b/testing/shadow/defaults.pam deleted file mode 100644 index a7bf8a4a5..000000000 --- a/testing/shadow/defaults.pam +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_permit.so diff --git a/testing/shadow/login b/testing/shadow/login deleted file mode 100644 index 51ff96a4a..000000000 --- a/testing/shadow/login +++ /dev/null @@ -1,20 +0,0 @@ -#%PAM-1.0 -auth required pam_securetty.so -auth requisite pam_nologin.so -auth required pam_unix.so nullok -auth required pam_tally.so onerr=succeed file=/var/log/faillog -# use this to lockout accounts for 10 minutes after 3 failed attempts -#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog -account required pam_access.so -account required pam_time.so -account required pam_unix.so -#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -#password required pam_unix.so md5 shadow use_authtok -session required pam_unix.so -session required pam_env.so -session required pam_motd.so -session required pam_limits.so -session optional pam_mail.so dir=/var/spool/mail standard -session optional pam_lastlog.so -session optional pam_loginuid.so --session optional pam_ck_connector.so nox11 diff --git a/testing/shadow/login.defs b/testing/shadow/login.defs deleted file mode 100644 index 2500ee447..000000000 --- a/testing/shadow/login.defs +++ /dev/null @@ -1,197 +0,0 @@ -# -# /etc/login.defs - Configuration control definitions for the login package. -# -# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. -# If unspecified, some arbitrary (and possibly incorrect) value will -# be assumed. All other items are optional - if not specified then -# the described action or option will be inhibited. -# -# Comment lines (lines beginning with "#") and blank lines are ignored. -# -# Modified for Linux. --marekm - -# -# Delay in seconds before being allowed another attempt after a login failure -# -FAIL_DELAY 3 - -# -# Enable display of unknown usernames when login failures are recorded. -# -LOG_UNKFAIL_ENAB no - -# -# Enable logging of successful logins -# -LOG_OK_LOGINS no - -# -# Enable "syslog" logging of su activity - in addition to sulog file logging. -# SYSLOG_SG_ENAB does the same for newgrp and sg. -# -SYSLOG_SU_ENAB yes -SYSLOG_SG_ENAB yes - -# -# If defined, either full pathname of a file containing device names or -# a ":" delimited list of device names. Root logins will be allowed only -# upon these devices. -# -CONSOLE /etc/securetty -#CONSOLE console:tty01:tty02:tty03:tty04 - -# -# If defined, all su activity is logged to this file. -# -#SULOG_FILE /var/log/sulog - -# -# If defined, file which maps tty line to TERM environment parameter. -# Each line of the file is in a format something like "vt100 tty01". -# -#TTYTYPE_FILE /etc/ttytype - -# -# If defined, the command name to display when running "su -". For -# example, if this is defined as "su" then a "ps" will display the -# command is "-su". If not defined, then "ps" would display the -# name of the shell actually being run, e.g. something like "-sh". -# -SU_NAME su - -# -# *REQUIRED* -# Directory where mailboxes reside, _or_ name of file, relative to the -# home directory. If you _do_ define both, MAIL_DIR takes precedence. -# QMAIL_DIR is for Qmail -# -#QMAIL_DIR Maildir -MAIL_DIR /var/spool/mail - -# -# If defined, file which inhibits all the usual chatter during the login -# sequence. If a full pathname, then hushed mode will be enabled if the -# user's name or shell are found in the file. If not a full pathname, then -# hushed mode will be enabled if the file exists in the user's home directory. -# -HUSHLOGIN_FILE .hushlogin -#HUSHLOGIN_FILE /etc/hushlogins - -# -# *REQUIRED* The default PATH settings, for superuser and normal users. -# -# (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin -ENV_PATH PATH=/bin:/usr/bin - -# -# Terminal permissions -# -# TTYGROUP Login tty will be assigned this group ownership. -# TTYPERM Login tty will be set to this permission. -# -# If you have a "write" program which is "setgid" to a special group -# which owns the terminals, define TTYGROUP to the group number and -# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign -# TTYPERM to either 622 or 600. -# -TTYGROUP tty -TTYPERM 0600 - -# -# Login configuration initializations: -# -# ERASECHAR Terminal ERASE character ('\010' = backspace). -# KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# UMASK Default "umask" value. -# -# The ERASECHAR and KILLCHAR are used only on System V machines. -# The ULIMIT is used only if the system supports it. -# (now it works with setrlimit too; ulimit is in 512-byte units) -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# -ERASECHAR 0177 -KILLCHAR 025 -UMASK 077 - -# -# Password aging controls: -# -# PASS_MAX_DAYS Maximum number of days a password may be used. -# PASS_MIN_DAYS Minimum number of days allowed between password changes. -# PASS_WARN_AGE Number of days warning given before a password expires. -# -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -PASS_WARN_AGE 7 - -# -# Min/max values for automatic uid selection in useradd -# -UID_MIN 1000 -UID_MAX 60000 -# System accounts -SYS_UID_MIN 500 -SYS_UID_MAX 999 - -# -# Min/max values for automatic gid selection in groupadd -# -GID_MIN 1000 -GID_MAX 60000 -# System accounts -SYS_GID_MIN 500 -SYS_GID_MAX 999 - -# -# Max number of login retries if password is bad -# -LOGIN_RETRIES 5 - -# -# Max time in seconds for login -# -LOGIN_TIMEOUT 60 - -# -# Which fields may be changed by regular users using chfn - use -# any combination of letters "frwh" (full name, room number, work -# phone, home phone). If not defined, no changes are allowed. -# For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# -CHFN_RESTRICT rwh - -# -# List of groups to add to the user's supplementary group set -# when logging in on the console (as determined by the CONSOLE -# setting). Default is none. -# -# Use with caution - it is possible for users to gain permanent -# access to these groups, even when not logged in on the console. -# How to do it is left as an exercise for the reader... -# -#CONSOLE_GROUPS floppy:audio:cdrom - -# -# Should login be allowed if we can't cd to the home directory? -# Default in no. -# -DEFAULT_HOME yes - -# -# If defined, this command is run when removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed (passed as the first argument). -# -#USERDEL_CMD /usr/sbin/userdel_local - -# -# Enable setting of the umask group bits to be the same as owner bits -# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is -# the same as gid, and username is the same as the primary group name. -# -# This also enables userdel to remove user groups if no members exist. -# -USERGROUPS_ENAB yes - diff --git a/testing/shadow/newusers b/testing/shadow/newusers deleted file mode 100644 index bc14857dc..000000000 --- a/testing/shadow/newusers +++ /dev/null @@ -1,6 +0,0 @@ -#%PAM-1.0 -auth sufficient pam_rootok.so -auth required pam_unix.so -account required pam_unix.so -session required pam_unix.so -password required pam_unix.so md5 shadow diff --git a/testing/shadow/passwd b/testing/shadow/passwd deleted file mode 100644 index 1ffd1bdd8..000000000 --- a/testing/shadow/passwd +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 -#password required pam_unix.so md5 shadow use_authtok -password required pam_unix.so md5 shadow nullok diff --git a/testing/shadow/shadow-add-missing-include.patch b/testing/shadow/shadow-add-missing-include.patch deleted file mode 100644 index 5c9e946ef..000000000 --- a/testing/shadow/shadow-add-missing-include.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naur shadow-4.1.4.2+svn3283/libmisc/copydir.c shadow-4.1.4.2+svn3283.new/libmisc/copydir.c ---- shadow-4.1.4.2+svn3283/libmisc/copydir.c 2010-09-05 11:35:26.000000000 -0400 -+++ shadow-4.1.4.2+svn3283.new/libmisc/copydir.c 2011-06-26 01:26:52.000000000 -0400 -@@ -34,6 +34,7 @@ - - #ident "$Id: copydir.c 3283 2010-09-05 15:34:42Z nekral-guest $" - -+#include <stdarg.h> - #include <assert.h> - #include <sys/stat.h> - #include <sys/types.h> diff --git a/testing/shadow/shadow-strncpy-usage.patch b/testing/shadow/shadow-strncpy-usage.patch deleted file mode 100644 index 46df74ace..000000000 --- a/testing/shadow/shadow-strncpy-usage.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -ur shadow-4.1.4.3.orig/src/login.c shadow-4.1.4.3/src/login.c ---- shadow-4.1.4.3.orig/src/login.c 2011-03-05 22:17:10.032524948 -0800 -+++ shadow-4.1.4.3/src/login.c 2011-03-05 22:17:59.154342059 -0800 -@@ -748,8 +748,9 @@ - sizeof (loginprompt), - _("%s login: "), hostn); - } else { -+ loginprompt[sizeof (loginprompt) - 1] = '\0'; - strncpy (loginprompt, _("login: "), -- sizeof (loginprompt)); -+ sizeof (loginprompt) - 1); - } - - retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); -diff -ur shadow-4.1.4.3.orig/src/usermod.c shadow-4.1.4.3/src/usermod.c ---- shadow-4.1.4.3.orig/src/usermod.c 2011-03-05 22:17:10.029191265 -0800 -+++ shadow-4.1.4.3/src/usermod.c 2011-03-05 22:18:42.665576968 -0800 -@@ -182,7 +182,8 @@ - struct tm *tp; - - if ((negativ != NULL) && (date < 0)) { -- strncpy (buf, negativ, maxsize); -+ buf[maxsize - 1] = '\0'; -+ strncpy (buf, negativ, maxsize - 1); - } else { - time_t t = (time_t) date; - tp = gmtime (&t); diff --git a/testing/shadow/shadow.cron.daily b/testing/shadow/shadow.cron.daily deleted file mode 100755 index 1931a793e..000000000 --- a/testing/shadow/shadow.cron.daily +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -# Verify integrity of password and group files -/usr/sbin/pwck -r -/usr/sbin/grpck -r - diff --git a/testing/shadow/shadow.install b/testing/shadow/shadow.install deleted file mode 100644 index c1bd1066b..000000000 --- a/testing/shadow/shadow.install +++ /dev/null @@ -1,8 +0,0 @@ -post_upgrade() { - grpck -r &>/dev/null - if [ $? -eq 2 ]; then - echo "Fixing gshadow file ..." - while :; do echo "y"; done | grpck &>/dev/null - fi - return 0 -} diff --git a/testing/shadow/shadow_CVE-2011-0721.patch b/testing/shadow/shadow_CVE-2011-0721.patch deleted file mode 100644 index eb9ad80a2..000000000 --- a/testing/shadow/shadow_CVE-2011-0721.patch +++ /dev/null @@ -1,57 +0,0 @@ -Goal: Input sanitization for chfn and chsh - -Fixes: CVE-2011-0721 - -Status wrt upstream: Already applied upstream (4.1.4.3) - ---- a/src/chfn.c -+++ b/src/chfn.c -@@ -551,14 +551,14 @@ - static void check_fields (void) - { - int err; -- err = valid_field (fullnm, ":,="); -+ err = valid_field (fullnm, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: name with non-ASCII characters: '%s'\n"), Prog, fullnm); - } else if (err < 0) { - fprintf (stderr, _("%s: invalid name: '%s'\n"), Prog, fullnm); - fail_exit (E_NOPERM); - } -- err = valid_field (roomno, ":,="); -+ err = valid_field (roomno, ":,=\n"); - if (err > 0) { - fprintf (stderr, _("%s: room number with non-ASCII characters: '%s'\n"), Prog, roomno); - } else if (err < 0) { -@@ -566,17 +566,17 @@ - Prog, roomno); - fail_exit (E_NOPERM); - } -- if (valid_field (workph, ":,=") != 0) { -+ if (valid_field (workph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid work phone: '%s'\n"), - Prog, workph); - fail_exit (E_NOPERM); - } -- if (valid_field (homeph, ":,=") != 0) { -+ if (valid_field (homeph, ":,=\n") != 0) { - fprintf (stderr, _("%s: invalid home phone: '%s'\n"), - Prog, homeph); - fail_exit (E_NOPERM); - } -- err = valid_field (slop, ":"); -+ err = valid_field (slop, ":\n"); - if (err > 0) { - fprintf (stderr, _("%s: '%s' contains non-ASCII characters\n"), Prog, slop); - } else if (err < 0) { ---- a/src/chsh. -+++ b/src/chsh.c -@@ -528,7 +528,7 @@ - * users are restricted to using the shells in /etc/shells. - * The shell must be executable by the user. - */ -- if (valid_field (loginsh, ":,=") != 0) { -+ if (valid_field (loginsh, ":,=\n") != 0) { - fprintf (stderr, _("%s: Invalid entry: %s\n"), Prog, loginsh); - fail_exit (1); - } diff --git a/testing/shadow/useradd.defaults b/testing/shadow/useradd.defaults deleted file mode 100644 index b800b1777..000000000 --- a/testing/shadow/useradd.defaults +++ /dev/null @@ -1,9 +0,0 @@ -# useradd defaults file for ArchLinux -# original changes by TomK -GROUP=100 -HOME=/home -INACTIVE=-1 -EXPIRE= -SHELL=/bin/bash -SKEL=/etc/skel -CREATE_MAIL_SPOOL=no diff --git a/testing/shadow/xstrdup.patch b/testing/shadow/xstrdup.patch deleted file mode 100644 index bce434264..000000000 --- a/testing/shadow/xstrdup.patch +++ /dev/null @@ -1,9 +0,0 @@ ---- shadow-4.1.2.1/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500 -+++ shadow-4.1.2.1/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500 -@@ -61,5 +61,6 @@ - - char *xstrdup (const char *str) - { -+ if(str == NULL) return NULL; - return strcpy (xmalloc (strlen (str) + 1), str); - } |