summaryrefslogtreecommitdiff
path: root/core/shadow
diff options
context:
space:
mode:
Diffstat (limited to 'core/shadow')
-rw-r--r--core/shadow/adduser399
-rw-r--r--core/shadow/login21
-rw-r--r--core/shadow/nscd-error-reporting.patch17
-rw-r--r--core/shadow/shadow-add-missing-include.patch11
-rw-r--r--core/shadow/userdel-avoid-bad-mem-access.patch57
-rw-r--r--core/shadow/write-utmp-wtmp-entries.patch47
6 files changed, 0 insertions, 552 deletions
diff --git a/core/shadow/adduser b/core/shadow/adduser
deleted file mode 100644
index a5d7fd4fa..000000000
--- a/core/shadow/adduser
+++ /dev/null
@@ -1,399 +0,0 @@
-#!/bin/bash
-#
-# Copyright 1995 Hrvoje Dogan, Croatia.
-# Copyright 2002, 2003, 2004 Stuart Winter, West Midlands, England, UK.
-# Copyright 2004 Slackware Linux, Inc., Concord, CA, USA
-# All rights reserved.
-#
-# Redistribution and use of this script, with or without modification, is
-# permitted provided that the following conditions are met:
-#
-# 1. Redistributions of this script must retain the above copyright
-# notice, this list of conditions and the following disclaimer.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
-# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-##########################################################################
-# Program: /usr/sbin/adduser
-# Purpose: Interactive front end to /usr/sbin/useradd for Slackware Linux
-# Author : Stuart Winter <stuart@polplex.co.uk>
-# Based on the original Slackware adduser by Hrvoje Dogan
-# with modifications by Patrick Volkerding
-# Version: 1.09
-##########################################################################
-# Usage..: adduser [<new_user_name>]
-##########################################################################
-# History #
-###########
-# v1.09 - 07/06/04
-# * Added standard Slackware script licence to the head of this file.
-# v1.08 - 25/04/04
-# * Disallow user names that begin with a numeric because useradd
-# (from shadow v4.03) does not allow them. <sw>
-# v1.07 - 07/03/03
-# * When supplying a null string for the uid (meaning 'Choose next available'),
-# if there were file names in the range 'a-z' in the pwd then the
-# egrep command considered these files rather than the null string.
-# The egrep expression is now in quotes.
-# Reported & fixed by Vadim O. Ustiansky <sw>
-# v1.06 - 31/03/03
-# * Ask to chown user.group the home directory if it already exists.
-# This helps reduce later confusion when adding users whose home dir
-# already exists (mounted partition for example) and is owned
-# by a user other than the user to which the directory is being
-# assigned as home. Default is not to chown.
-# Brought to my attention by mRgOBLIN. <sw>
-# v1.05 - 04/01/03
-# * Advise & prevent users from creating logins with '.' characters
-# in the user name. <sw>
-# * Made pending account creation info look neater <sw>
-# v1.04 - 09/06/02
-# * Catered for shadow-4.0.3's 'useradd' binary that no longer
-# will let you create a user that has any uppercase chars in it
-# This was reported on the userlocal.org forums
-# by 'xcp' - thanks. <sw,pjv>
-# v1.03 - 20/05/02
-# * Support 'broken' (null lines in) /etc/passwd and
-# /etc/group files <sw>
-# * For recycling UIDs (default still 'off'), we now look in
-# /etc/login.defs for the UID_MIN value and use it
-# If not found then default to 1000 <sw>
-# v1.02 - 10/04/02
-# * Fix user-specified UID bug. <pjv>
-# v1.01 - 23/03/02
-# * Match Slackware indenting style, simplify. <pjv>
-# v1.00 - 22/03/02
-# * Created
-#######################################################################
-
-# Path to files
-pfile=/etc/passwd
-gfile=/etc/group
-sfile=/etc/shells
-
-# Paths to binaries
-useradd=/usr/sbin/useradd
-chfn=/usr/bin/chfn
-passwd=/usr/bin/passwd
-
-# Defaults
-defhome=/home
-defshell=/bin/bash
-defgroup=users
-
-# Determine what the minimum UID is (for UID recycling)
-# (we ignore it if it's not at the beginning of the line (i.e. commented out with #))
-export recycleUIDMIN="$(grep ^UID_MIN /etc/login.defs | awk '{print $2}' 2>/dev/null)"
-# If we couldn't find it, set it to the default of 1000
-if [ -z "$recycleUIDMIN" ]; then
- export recycleUIDMIN=1000 # this is the default from Slackware's /etc/login.defs
-fi
-
-
-# This setting enables the 'recycling' of older unused UIDs.
-# When you userdel a user, it removes it from passwd and shadow but it will
-# never get used again unless you specify it expliticly -- useradd (appears to) just
-# look at the last line in passwd and increment the uid. I like the idea of
-# recycling uids but you may have very good reasons not to (old forgotten
-# confidential files still on the system could then be owned by this new user).
-# We'll set this to no because this is what the original adduser shell script
-# did and it's what users expect.
-recycleuids=no
-
-# Function to read keyboard input.
-# bash1 is broken (even ash will take read -ep!), so we work around
-# it (even though bash1 is no longer supported on Slackware).
-function get_input() {
- local output
- if [ "`echo $BASH_VERSION | cut -b1`" = "1" ]; then
- echo -n "${1} " >&2 # fudge for use with bash v1
- read output
- else # this should work with any other /bin/sh
- read -ep "${1} " output
- fi
- echo $output
-}
-
-# Function to display the account info
-function display () {
- local goose
- goose="$(echo $2 | cut -d ' ' -f 2-)" # lop off the prefixed argument useradd needs
- echo -n "$1 "
- # If it's null then display the 'other' information
- if [ -z "$goose" -a ! -z "$3" ]; then
- echo "$3"
- else
- echo "$goose"
- fi
-}
-
-# Function to check whether groups exist in the /etc/group file
-function check_group () {
- local got_error group
- if [ ! -z "$@" ]; then
- for group in $@ ; do
- local uid_not_named="" uid_not_num=""
- grep -v "$^" $gfile | awk -F: '{print $1}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_named=yes
- grep -v "$^" $gfile | awk -F: '{print $3}' | grep "^${group}$" >/dev/null 2>&1 || uid_not_num=yes
- if [ ! -z "$uid_not_named" -a ! -z "$uid_not_num" ]; then
- echo "- Group '$group' does not exist"
- got_error=yes
- fi
- done
- fi
- # Return exit code of 1 if at least one of the groups didn't exist
- if [ ! -z "$got_error" ]; then
- return 1
- fi
-}
-
-#: Read the login name for the new user :#
-#
-# Remember that most Mail Transfer Agents are case independant, so having
-# 'uSer' and 'user' may cause confusion/things to break. Because of this,
-# useradd from shadow-4.0.3 no longer accepts usernames containing uppercase,
-# and we must reject them, too.
-
-# Set the login variable to the command line param
-echo
-LOGIN="$1"
-needinput=yes
-while [ ! -z $needinput ]; do
- if [ -z "$LOGIN" ]; then
- while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done
- fi
- grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used
- if [ $? -eq 0 ]; then
- echo "- User '$LOGIN' already exists; please choose another"
- unset LOGIN
- elif [ ! -z "$( echo $LOGIN | grep "^[0-9]" )" ]; then
- echo "- User names cannot begin with a number; please choose another"
- unset LOGIN
- elif [ ! "$LOGIN" = "`echo $LOGIN | tr A-Z a-z`" ]; then # useradd does not allow uppercase
- echo "- User '$LOGIN' contains illegal characters (uppercase); please choose another"
- unset LOGIN
- elif [ ! -z "$( echo $LOGIN | grep '\.' )" ]; then
- echo "- User '$LOGIN' contains illegal characters (period/dot); please choose another"
- unset LOGIN
- else
- unset needinput
- fi
-done
-
-# Display the user name passed from the shell if it hasn't changed
-if [ "$1" = "$LOGIN" ]; then
- echo "Login name for new user: $LOGIN"
-fi
-
-#: Get the UID for the user & ensure it's not already in use :#
-#
-# Whilst we _can_ allow users with identical UIDs, it's not a 'good thing' because
-# when you change password for the uid, it finds the first match in /etc/passwd
-# which isn't necessarily the correct user
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- _UID="$(get_input "User ID ('UID') [ defaults to next available ]:")"
- grep -v "^$" $pfile | awk -F: '{print $3}' | grep "^${_UID}$" >/dev/null 2>&1
- if [ $? -eq 0 ]; then
- echo "- That UID is already in use; please choose another"
- elif [ ! -z "$(echo $_UID | egrep '[A-Za-z]')" ]; then
- echo "- UIDs are numerics only"
- else
- unset needinput
- fi
-done
-# If we were given a UID, then syntax up the variable to pass to useradd
-if [ ! -z "$_UID" ]; then
- U_ID="-u ${_UID}"
-else
- # Will we be recycling UIDs?
- if [ "$recycleuids" = "yes" ]; then
- U_ID="-u $(awk -F: '{uid[$3]=1} END { for (i=ENVIRON["recycleUIDMIN"];i in uid;i++);print i}' $pfile)"
- fi
-fi
-
-#: Get the initial group for the user & ensure it exists :#
-#
-# We check /etc/group for both the text version and the group ID number
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- GID="$(get_input "Initial group [ ${defgroup} ]:")"
- check_group "$GID"
- if [ $? -gt 0 ]; then
- echo "- Please choose another"
- else
- unset needinput
- fi
-done
-# Syntax the variable ready for useradd
-if [ -z "$GID" ]; then
- GID="-g ${defgroup}"
-else
- GID="-g ${GID}"
-fi
-
-#: Get additional groups for the user :#
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- AGID="$(get_input "Additional groups (comma separated) []:")"
- AGID="$(echo "$AGID" | tr -d ' ' | tr , ' ')" # fix up for parsing
- if [ ! -z "$AGID" ]; then
- check_group "$AGID" # check all groups at once (treated as N # of params)
- if [ $? -gt 0 ]; then
- echo "- Please re-enter the group(s)"
- else
- unset needinput # we found all groups specified
- AGID="-G $(echo "$AGID" | tr ' ' ,)"
- fi
- else
- unset needinput # we don't *have* to have additional groups
- fi
-done
-
-#: Get the new user's home dir :#
-#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- HME="$(get_input "Home directory [ ${defhome}/${LOGIN} ]")"
- if [ -z "$HME" ]; then
- HME="${defhome}/${LOGIN}"
- fi
- # Warn the user if the home dir already exists
- if [ -d "$HME" ]; then
- echo "- Warning: '$HME' already exists !"
- getyn="$(get_input " Do you wish to change the home directory path ? (Y/n) ")"
- if [ "$(echo $getyn | grep -i "n")" ]; then
- unset needinput
- # You're most likely going to only do this if you have the dir *mounted* for this user's $HOME
- getyn="$(get_input " Do you want to chown $LOGIN.$( echo $GID | awk '{print $2}') $HME ? (y/N) ")"
- if [ "$(echo $getyn | grep -i "y")" ]; then
- CHOWNHOMEDIR=$HME # set this to the home directory
- fi
- fi
- else
- unset needinput
- fi
-done
-HME="-d ${HME}"
-
-#: Get the new user's shell :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- unset got_error
- SHL="$(get_input "Shell [ ${defshell} ]")"
- if [ -z "$SHL" ]; then
- SHL="${defshell}"
- fi
- # Warn the user if the shell doesn't exist in /etc/shells or as a file
- if [ -z "$(grep "^${SHL}$" $sfile)" ]; then
- echo "- Warning: ${SHL} is not in ${sfile} (potential problem using FTP)"
- got_error=yes
- fi
- if [ ! -f "$SHL" ]; then
- echo "- Warning: ${SHL} does not exist as a file"
- got_error=yes
- fi
- if [ ! -z "$got_error" ]; then
- getyn="$(get_input " Do you wish to change the shell ? (Y/n) ")"
- if [ "$(echo $getyn | grep -i "n")" ]; then
- unset needinput
- fi
- else
- unset needinput
- fi
-done
-SHL="-s ${SHL}"
-
-#: Get the expiry date :#
-echo
-needinput=yes
-while [ ! -z "$needinput" ]; do
- EXP="$(get_input "Expiry date (YYYY-MM-DD) []:")"
- if [ ! -z "$EXP" ]; then
- # Check to see whether the expiry date is in the valid format
- if [ -z "$(echo "$EXP" | grep "^[[:digit:]]\{4\}[-]\?[[:digit:]]\{2\}[-]\?[[:digit:]]\{2\}$")" ]; then
- echo "- That is not a valid expiration date"
- else
- unset needinput
- EXP="-e ${EXP}"
- fi
- else
- unset needinput
- fi
-done
-
-# Display the info about the new impending account
-echo
-echo "New account will be created as follows:"
-echo
-echo "---------------------------------------"
-display "Login name.......: " "$LOGIN"
-display "UID..............: " "$_UID" "[ Next available ]"
-display "Initial group....: " "$GID"
-display "Additional groups: " "$AGID" "[ None ]"
-display "Home directory...: " "$HME"
-display "Shell............: " "$SHL"
-display "Expiry date......: " "$EXP" "[ Never ]"
-echo
-
-echo "This is it... if you want to bail out, hit Control-C. Otherwise, press"
-echo "ENTER to go ahead and make the account."
-read junk
-
-echo
-echo "Creating new account..."
-echo
-echo
-
-# Add the account to the system
-CMD="$useradd "$HME" -m "$EXP" "$U_ID" "$GID" "$AGID" "$SHL" "$LOGIN""
-$CMD
-
-if [ $? -gt 0 ]; then
- echo "- Error running useradd command -- account not created!"
- echo "(cmd: $CMD)"
- exit 1
-fi
-
-# chown the home dir ? We can only do this once the useradd has
-# completed otherwise the user name doesn't exist.
-if [ ! -z "${CHOWNHOMEDIR}" ]; then
- chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}"
-fi
-
-# Set the finger information
-$chfn "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "- Warning: an error occurred while setting finger information"
-fi
-
-# Set a password
-$passwd "$LOGIN"
-if [ $? -gt 0 ]; then
- echo "* WARNING: An error occured while setting the password for"
- echo " this account. Please manually investigate this *"
- exit 1
-fi
-
-echo
-echo
-echo "Account setup complete."
-exit 0
-
diff --git a/core/shadow/login b/core/shadow/login
deleted file mode 100644
index b8555f89c..000000000
--- a/core/shadow/login
+++ /dev/null
@@ -1,21 +0,0 @@
-#%PAM-1.0
-auth required pam_securetty.so
-auth requisite pam_nologin.so
-auth required pam_unix.so nullok
-auth required pam_tally.so onerr=succeed file=/var/log/faillog
-# use this to lockout accounts for 10 minutes after 3 failed attempts
-#auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
-account required pam_access.so
-account required pam_time.so
-account required pam_unix.so
-#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
-#password required pam_unix.so sha512 shadow use_authtok
-session required pam_unix.so
-session required pam_env.so
-session required pam_motd.so
-session required pam_limits.so
-session optional pam_mail.so dir=/var/spool/mail standard
-session optional pam_lastlog.so
-session optional pam_loginuid.so
--session optional pam_ck_connector.so nox11
--session optional pam_systemd.so
diff --git a/core/shadow/nscd-error-reporting.patch b/core/shadow/nscd-error-reporting.patch
deleted file mode 100644
index a4075756e..000000000
--- a/core/shadow/nscd-error-reporting.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/upstream/trunk/lib/nscd.c b/upstream/trunk/lib/nscd.c
-index 227c205..7adb58f 100644
---- a/lib/nscd.c
-+++ b/lib/nscd.c
-@@ -39,8 +39,11 @@ int nscd_flush_cache (const char *service)
- /* nscd is not installed, or it is installed but uses an
- interpreter that is missing. Probably the former. */
- return 0;
-+ } else if (code == 1) {
-+ /* nscd is installed, but it isn't active. */
-+ return 0;
- } else if (code != 0) {
-- (void) fprintf (stderr, _("%s: nscd exited with status %d"),
-+ (void) fprintf (stderr, _("%s: nscd exited with status %d\n"),
- Prog, code);
- (void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
- return -1;
diff --git a/core/shadow/shadow-add-missing-include.patch b/core/shadow/shadow-add-missing-include.patch
deleted file mode 100644
index 5c9e946ef..000000000
--- a/core/shadow/shadow-add-missing-include.patch
+++ /dev/null
@@ -1,11 +0,0 @@
-diff -Naur shadow-4.1.4.2+svn3283/libmisc/copydir.c shadow-4.1.4.2+svn3283.new/libmisc/copydir.c
---- shadow-4.1.4.2+svn3283/libmisc/copydir.c 2010-09-05 11:35:26.000000000 -0400
-+++ shadow-4.1.4.2+svn3283.new/libmisc/copydir.c 2011-06-26 01:26:52.000000000 -0400
-@@ -34,6 +34,7 @@
-
- #ident "$Id: copydir.c 3283 2010-09-05 15:34:42Z nekral-guest $"
-
-+#include <stdarg.h>
- #include <assert.h>
- #include <sys/stat.h>
- #include <sys/types.h>
diff --git a/core/shadow/userdel-avoid-bad-mem-access.patch b/core/shadow/userdel-avoid-bad-mem-access.patch
deleted file mode 100644
index 1d36562b2..000000000
--- a/core/shadow/userdel-avoid-bad-mem-access.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-Index: src/userdel.c
-===================================================================
---- src/userdel.c (revision 3713)
-+++ src/userdel.c (working copy)
-@@ -329,26 +329,33 @@
- }
-
- if (NULL == pwd) {
-+ char gr_name[GROUP_NAME_MAX_LENGTH + 1];
-+
-+ /* make a copy of the group name before we delete it.
-+ * we can't use ->gr_name after the group is deleted
-+ * for logging purposes */
-+ snprintf(gr_name, GROUP_NAME_MAX_LENGTH, "%s", grp->gr_name);
-+
- /*
- * We can remove this group, it is not the primary
- * group of any remaining user.
- */
-- if (gr_remove (grp->gr_name) == 0) {
-+ if (gr_remove (gr_name) == 0) {
- fprintf (stderr,
- _("%s: cannot remove entry '%s' from %s\n"),
-- Prog, grp->gr_name, gr_dbname ());
-+ Prog, gr_name, gr_dbname ());
- fail_exit (E_GRP_UPDATE);
- }
-
- #ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "deleting group",
-- grp->gr_name, AUDIT_NO_ID,
-+ gr_name, AUDIT_NO_ID,
- SHADOW_AUDIT_SUCCESS);
- #endif /* WITH_AUDIT */
- SYSLOG ((LOG_INFO,
- "removed group '%s' owned by '%s'\n",
-- grp->gr_name, user_name));
-+ gr_name, user_name));
-
- #ifdef SHADOWGRP
- if (sgr_locate (user_name) != NULL) {
-@@ -361,12 +368,12 @@
- #ifdef WITH_AUDIT
- audit_logger (AUDIT_DEL_GROUP, Prog,
- "deleting shadow group",
-- grp->gr_name, AUDIT_NO_ID,
-+ gr_name, AUDIT_NO_ID,
- SHADOW_AUDIT_SUCCESS);
- #endif /* WITH_AUDIT */
- SYSLOG ((LOG_INFO,
- "removed shadow group '%s' owned by '%s'\n",
-- grp->gr_name, user_name));
-+ gr_name, user_name));
-
- }
- #endif /* SHADOWGRP */
diff --git a/core/shadow/write-utmp-wtmp-entries.patch b/core/shadow/write-utmp-wtmp-entries.patch
deleted file mode 100644
index b4272ca61..000000000
--- a/core/shadow/write-utmp-wtmp-entries.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-Index: upstream/trunk/src/login.c
-===================================================================
---- a/src/login.c (revision 3437)
-+++ b/src/login.c (revision 3438)
-@@ -126,10 +126,12 @@
- static void setup_tty (void);
- static void process_flags (int argc, char *const *argv);
- static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user);
-+#ifndef USE_PAM
- static void update_utmp (const char *user,
- const char *tty,
- const char *host,
- /*@null@*/const struct utmp *utent);
-+#endif /* ! USE_PAM */
-
- #ifndef USE_PAM
- static struct faillog faillog;
-@@ -471,6 +473,7 @@
- return failent_user;
- }
-
-+#ifndef USE_PAM
- /*
- * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and
- * wtmpx
-@@ -496,6 +499,7 @@
- free (utx);
- #endif /* USE_UTMPX */
- }
-+#endif /* ! USE_PAM */
-
- /*
- * login - create a new login session for a user
-@@ -1208,11 +1212,13 @@
- }
- }
-
-+#ifndef USE_PAM
- /*
- * The utmp entry needs to be updated to indicate the new status
- * of the session, the new PID and SID.
- */
- update_utmp (username, tty, hostname, utent);
-+#endif /* ! USE_PAM */
-
- /* The pwd and spwd entries for the user have been copied.
- *