Date: Friday, March 28, 2014 @ 22:02:36 Author: thomas Revision: 208934
archrelease: copy trunk to testing-i686, testing-x86_64 Added: shadow/repos/testing-i686/ shadow/repos/testing-i686/LICENSE (from rev 208933, shadow/trunk/LICENSE) shadow/repos/testing-i686/PKGBUILD (from rev 208933, shadow/trunk/PKGBUILD) shadow/repos/testing-i686/chgpasswd (from rev 208933, shadow/trunk/chgpasswd) shadow/repos/testing-i686/chpasswd (from rev 208933, shadow/trunk/chpasswd) shadow/repos/testing-i686/defaults.pam (from rev 208933, shadow/trunk/defaults.pam) shadow/repos/testing-i686/lastlog.tmpfiles (from rev 208933, shadow/trunk/lastlog.tmpfiles) shadow/repos/testing-i686/login.defs (from rev 208933, shadow/trunk/login.defs) shadow/repos/testing-i686/newusers (from rev 208933, shadow/trunk/newusers) shadow/repos/testing-i686/passwd (from rev 208933, shadow/trunk/passwd) shadow/repos/testing-i686/shadow-strncpy-usage.patch (from rev 208933, shadow/trunk/shadow-strncpy-usage.patch) shadow/repos/testing-i686/shadow.install (from rev 208933, shadow/trunk/shadow.install) shadow/repos/testing-i686/shadow.service (from rev 208933, shadow/trunk/shadow.service) shadow/repos/testing-i686/shadow.timer (from rev 208933, shadow/trunk/shadow.timer) shadow/repos/testing-i686/useradd.defaults (from rev 208933, shadow/trunk/useradd.defaults) shadow/repos/testing-i686/xstrdup.patch (from rev 208933, shadow/trunk/xstrdup.patch) shadow/repos/testing-x86_64/ shadow/repos/testing-x86_64/LICENSE (from rev 208933, shadow/trunk/LICENSE) shadow/repos/testing-x86_64/PKGBUILD (from rev 208933, shadow/trunk/PKGBUILD) shadow/repos/testing-x86_64/chgpasswd (from rev 208933, shadow/trunk/chgpasswd) shadow/repos/testing-x86_64/chpasswd (from rev 208933, shadow/trunk/chpasswd) shadow/repos/testing-x86_64/defaults.pam (from rev 208933, shadow/trunk/defaults.pam) shadow/repos/testing-x86_64/lastlog.tmpfiles (from rev 208933, shadow/trunk/lastlog.tmpfiles) shadow/repos/testing-x86_64/login.defs (from rev 208933, shadow/trunk/login.defs) shadow/repos/testing-x86_64/newusers (from rev 208933, shadow/trunk/newusers) shadow/repos/testing-x86_64/passwd (from rev 208933, shadow/trunk/passwd) shadow/repos/testing-x86_64/shadow-strncpy-usage.patch (from rev 208933, shadow/trunk/shadow-strncpy-usage.patch) shadow/repos/testing-x86_64/shadow.install (from rev 208933, shadow/trunk/shadow.install) shadow/repos/testing-x86_64/shadow.service (from rev 208933, shadow/trunk/shadow.service) shadow/repos/testing-x86_64/shadow.timer (from rev 208933, shadow/trunk/shadow.timer) shadow/repos/testing-x86_64/useradd.defaults (from rev 208933, shadow/trunk/useradd.defaults) shadow/repos/testing-x86_64/xstrdup.patch (from rev 208933, shadow/trunk/xstrdup.patch) -------------------------------------------+ testing-i686/LICENSE | 31 ++++ testing-i686/PKGBUILD | 146 ++++++++++++++++++++ testing-i686/chgpasswd | 4 testing-i686/chpasswd | 6 testing-i686/defaults.pam | 6 testing-i686/lastlog.tmpfiles | 1 testing-i686/login.defs | 203 ++++++++++++++++++++++++++++ testing-i686/newusers | 6 testing-i686/passwd | 4 testing-i686/shadow-strncpy-usage.patch | 25 +++ testing-i686/shadow.install | 9 + testing-i686/shadow.service | 10 + testing-i686/shadow.timer | 7 testing-i686/useradd.defaults | 9 + testing-i686/xstrdup.patch | 9 + testing-x86_64/LICENSE | 31 ++++ testing-x86_64/PKGBUILD | 146 ++++++++++++++++++++ testing-x86_64/chgpasswd | 4 testing-x86_64/chpasswd | 6 testing-x86_64/defaults.pam | 6 testing-x86_64/lastlog.tmpfiles | 1 testing-x86_64/login.defs | 203 ++++++++++++++++++++++++++++ testing-x86_64/newusers | 6 testing-x86_64/passwd | 4 testing-x86_64/shadow-strncpy-usage.patch | 25 +++ testing-x86_64/shadow.install | 9 + testing-x86_64/shadow.service | 10 + testing-x86_64/shadow.timer | 7 testing-x86_64/useradd.defaults | 9 + testing-x86_64/xstrdup.patch | 9 + 30 files changed, 952 insertions(+) Copied: shadow/repos/testing-i686/LICENSE (from rev 208933, shadow/trunk/LICENSE) =================================================================== --- testing-i686/LICENSE (rev 0) +++ testing-i686/LICENSE 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,31 @@ +/* + * Copyright (c) 1990 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 2000, Marek Michałkiewicz + * Copyright (c) 2001 - 2006, Tomasz Kłoczko + * Copyright (c) 2007 - 2009, Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ Copied: shadow/repos/testing-i686/PKGBUILD (from rev 208933, shadow/trunk/PKGBUILD) =================================================================== --- testing-i686/PKGBUILD (rev 0) +++ testing-i686/PKGBUILD 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,146 @@ +# $Id$ +# Maintainer: Dave Reisner <dreis...@archlinux.org> +# Maintainer: Aaron Griffin <aa...@archlinux.org> + +pkgname=shadow +pkgver=4.1.5.1 +pkgrel=8 +pkgdesc="Password and account management tool suite with support for shadow files and PAM" +arch=('i686' 'x86_64') +url='http://pkg-shadow.alioth.debian.org/' +license=('BSD') +groups=('base') +depends=('bash' 'pam' 'acl') +backup=(etc/login.defs + etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} + etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} + etc/pam.d/{chgpasswd,groupmems} + etc/default/useradd) +options=(strip debug) +install='shadow.install' +source=("ftp://ftp.archlinux.org/other/packages/$pkgname/$pkgname-$pkgver.tar.bz2"{,.sig} + LICENSE + chgpasswd + chpasswd + defaults.pam + login.defs + newusers + passwd + shadow.{timer,service} + useradd.defaults + xstrdup.patch + shadow-strncpy-usage.patch + lastlog.tmpfiles) +sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30' + 'SKIP' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' + 'e92045fb75e0c21a3f294a00de0bd2cd252e9463' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '611be25d91c3f8f307c7fe2485d5f781e5dee75f' + 'a154a94b47a3d0c6c287253b98c0d10b861226d0' + 'e40fc20894e69a07fb0070b41f567d0c27133720' + '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' + '6010fffeed1fc6673ad9875492e1193b1a847b53' + '21e12966a6befb25ec123b403cd9b5c492fe5b16' + 'f57ecde3f72b4738fad75c097d19cf46a412350f') + +build() { + cd "$pkgname-$pkgver" + + # avoid transitive linking issues with binutils 2.22 + sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am + + # link to glibc's crypt(3) + export LIBS="-lcrypt" + + # need to offer these upstream + patch -Np1 <"$srcdir/xstrdup.patch" + patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" + + # supress etc/pam.d/*, we provide our own + sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --sbindir=/usr/bin \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --with-libpam \ + --without-selinux \ + --with-group-name-max-length=32 + + make +} + +package() { + cd "$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install + + # license + install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" + + # useradd defaults + install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" + + # systemd timer + install -D -m644 ${srcdir}/shadow.timer ${pkgdir}/usr/lib/systemd/system/shadow.timer + install -D -m644 ${srcdir}/shadow.service ${pkgdir}/usr/lib/systemd/system/shadow.service + install -d -m755 ${pkgdir}/usr/lib/systemd/system/multi-user.target.wants + ln -s ../shadow.timer ${pkgdir}//usr/lib/systemd/system/multi-user.target.wants/shadow.timer + + # login.defs + install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" + + # PAM config - custom + install -dm755 "$pkgdir/etc/pam.d" + install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers} + + # PAM config - from tarball + install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" + + # we use the 'useradd' PAM file for other similar utilities + for file in chage groupadd groupdel groupmod shadow \ + useradd usermod userdel; do + install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file" + done + + # lastlog log file creation + install -Dm644 "$srcdir/lastlog.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/lastlog.conf" + + # Remove evil/broken tools + rm "$pkgdir"/usr/sbin/logoutd + + # Remove utilities provided by util-linux + rm \ + "$pkgdir"/usr/bin/{login,su,chsh,chfn,sg,nologin} \ + "$pkgdir"/usr/sbin/{vipw,vigr} + + # but we keep newgrp, as sg is really an alias to it + mv "$pkgdir"/usr/bin/{newgrp,sg} + + # ...and their many man pages + find "$pkgdir"/usr/share/man \ + '(' -name 'chsh.1' -o \ + -name 'chfn.1' -o \ + -name 'su.1' -o \ + -name 'logoutd.8' -o \ + -name 'login.1' -o \ + -name 'nologin.8' -o \ + -name 'vipw.8' -o \ + -name 'vigr.8' -o \ + -name 'newgrp.1' ')' \ + -delete + rmdir \ + "$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \ + "$pkgdir"/usr/share/man/{fi,ko/man8} + + # move everything else to /usr/bin, because this isn't handled by ./configure + mv "$pkgdir"/usr/sbin/* "$pkgdir"/usr/bin + rmdir "$pkgdir/usr/sbin" +} Copied: shadow/repos/testing-i686/chgpasswd (from rev 208933, shadow/trunk/chgpasswd) =================================================================== --- testing-i686/chgpasswd (rev 0) +++ testing-i686/chgpasswd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth Copied: shadow/repos/testing-i686/chpasswd (from rev 208933, shadow/trunk/chpasswd) =================================================================== --- testing-i686/chpasswd (rev 0) +++ testing-i686/chpasswd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow Copied: shadow/repos/testing-i686/defaults.pam (from rev 208933, shadow/trunk/defaults.pam) =================================================================== --- testing-i686/defaults.pam (rev 0) +++ testing-i686/defaults.pam 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so Copied: shadow/repos/testing-i686/lastlog.tmpfiles (from rev 208933, shadow/trunk/lastlog.tmpfiles) =================================================================== --- testing-i686/lastlog.tmpfiles (rev 0) +++ testing-i686/lastlog.tmpfiles 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1 @@ +f /var/log/lastlog 0644 root root Copied: shadow/repos/testing-i686/login.defs (from rev 208933, shadow/trunk/login.defs) =================================================================== --- testing-i686/login.defs (rev 0) +++ testing-i686/login.defs 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,203 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# QMAIL_DIR is for Qmail +# +#QMAIL_DIR Maildir +MAIL_DIR /var/spool/mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/bin +ENV_PATH PATH=/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 077 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 500 +SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 500 +SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# Controls display of the motd file. This is better handled by pam_motd.so +# so the declaration here is empty is suppress display by readers of this +# file. +# +MOTD_FILE Copied: shadow/repos/testing-i686/newusers (from rev 208933, shadow/trunk/newusers) =================================================================== --- testing-i686/newusers (rev 0) +++ testing-i686/newusers 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow Copied: shadow/repos/testing-i686/passwd (from rev 208933, shadow/trunk/passwd) =================================================================== --- testing-i686/passwd (rev 0) +++ testing-i686/passwd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,4 @@ +#%PAM-1.0 +#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 +#password required pam_unix.so sha512 shadow use_authtok +password required pam_unix.so sha512 shadow nullok Copied: shadow/repos/testing-i686/shadow-strncpy-usage.patch (from rev 208933, shadow/trunk/shadow-strncpy-usage.patch) =================================================================== --- testing-i686/shadow-strncpy-usage.patch (rev 0) +++ testing-i686/shadow-strncpy-usage.patch 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,25 @@ +diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c +--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 ++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 +@@ -182,7 +182,7 @@ + struct tm *tp; + + if (date < 0) { +- strncpy (buf, "never", maxsize); ++ strncpy (buf, "never", maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); +diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c +--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 ++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 +@@ -752,7 +752,8 @@ + _("%s login: "), hostn); + } else { + strncpy (loginprompt, _("login: "), +- sizeof (loginprompt)); ++ sizeof (loginprompt) - 1); ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; + } + + retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); Copied: shadow/repos/testing-i686/shadow.install (from rev 208933, shadow/trunk/shadow.install) =================================================================== --- testing-i686/shadow.install (rev 0) +++ testing-i686/shadow.install 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +post_upgrade() { + grpck -r >/dev/null 2>&1 + if [ $? -eq 2 ]; then + printf '%s\n' \ + "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ + " Run 'grpck' to correct this." + fi + return 0 +} Copied: shadow/repos/testing-i686/shadow.service (from rev 208933, shadow/trunk/shadow.service) =================================================================== --- testing-i686/shadow.service (rev 0) +++ testing-i686/shadow.service 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,10 @@ +[Unit] +Description=Verify integrity of password and group files + +[Service] +Type=oneshot +ExecStart=/usr/bin/pwck -r +ExecStart=/usr/bin/grpck -r +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 Copied: shadow/repos/testing-i686/shadow.timer (from rev 208933, shadow/trunk/shadow.timer) =================================================================== --- testing-i686/shadow.timer (rev 0) +++ testing-i686/shadow.timer 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,7 @@ +[Unit] +Description=Daily verification of password and group files + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true Copied: shadow/repos/testing-i686/useradd.defaults (from rev 208933, shadow/trunk/useradd.defaults) =================================================================== --- testing-i686/useradd.defaults (rev 0) +++ testing-i686/useradd.defaults 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +# useradd defaults file for ArchLinux +# original changes by TomK +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel +CREATE_MAIL_SPOOL=no Copied: shadow/repos/testing-i686/xstrdup.patch (from rev 208933, shadow/trunk/xstrdup.patch) =================================================================== --- testing-i686/xstrdup.patch (rev 0) +++ testing-i686/xstrdup.patch 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +--- shadow-4.1.2.1/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500 ++++ shadow-4.1.2.1/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500 +@@ -61,5 +61,6 @@ + + char *xstrdup (const char *str) + { ++ if(str == NULL) return NULL; + return strcpy (xmalloc (strlen (str) + 1), str); + } Copied: shadow/repos/testing-x86_64/LICENSE (from rev 208933, shadow/trunk/LICENSE) =================================================================== --- testing-x86_64/LICENSE (rev 0) +++ testing-x86_64/LICENSE 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,31 @@ +/* + * Copyright (c) 1990 - 1994, Julianne Frances Haugh + * Copyright (c) 1996 - 2000, Marek Michałkiewicz + * Copyright (c) 2001 - 2006, Tomasz Kłoczko + * Copyright (c) 2007 - 2009, Nicolas François + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the copyright holders or contributors may not be used to + * endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ Copied: shadow/repos/testing-x86_64/PKGBUILD (from rev 208933, shadow/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,146 @@ +# $Id$ +# Maintainer: Dave Reisner <dreis...@archlinux.org> +# Maintainer: Aaron Griffin <aa...@archlinux.org> + +pkgname=shadow +pkgver=4.1.5.1 +pkgrel=8 +pkgdesc="Password and account management tool suite with support for shadow files and PAM" +arch=('i686' 'x86_64') +url='http://pkg-shadow.alioth.debian.org/' +license=('BSD') +groups=('base') +depends=('bash' 'pam' 'acl') +backup=(etc/login.defs + etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel} + etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod} + etc/pam.d/{chgpasswd,groupmems} + etc/default/useradd) +options=(strip debug) +install='shadow.install' +source=("ftp://ftp.archlinux.org/other/packages/$pkgname/$pkgname-$pkgver.tar.bz2"{,.sig} + LICENSE + chgpasswd + chpasswd + defaults.pam + login.defs + newusers + passwd + shadow.{timer,service} + useradd.defaults + xstrdup.patch + shadow-strncpy-usage.patch + lastlog.tmpfiles) +sha1sums=('81f38720b953ef9c2c100c43d02dfe19cafd6c30' + 'SKIP' + '33a6cf1e44a1410e5c9726c89e5de68b78f5f922' + '4ad0e059406a305c8640ed30d93c2a1f62c2f4ad' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '0e56fed7fc93572c6bf0d8f3b099166558bb46f1' + 'e92045fb75e0c21a3f294a00de0bd2cd252e9463' + '12427b1ca92a9b85ca8202239f0d9f50198b818f' + '611be25d91c3f8f307c7fe2485d5f781e5dee75f' + 'a154a94b47a3d0c6c287253b98c0d10b861226d0' + 'e40fc20894e69a07fb0070b41f567d0c27133720' + '9ae93de5987dd0ae428f0cc1a5a5a5cd53583f19' + '6010fffeed1fc6673ad9875492e1193b1a847b53' + '21e12966a6befb25ec123b403cd9b5c492fe5b16' + 'f57ecde3f72b4738fad75c097d19cf46a412350f') + +build() { + cd "$pkgname-$pkgver" + + # avoid transitive linking issues with binutils 2.22 + sed -i '/^user\(mod\|add\)_LDADD/s|$| -lattr|' src/Makefile.am + + # link to glibc's crypt(3) + export LIBS="-lcrypt" + + # need to offer these upstream + patch -Np1 <"$srcdir/xstrdup.patch" + patch -Np1 <"$srcdir/shadow-strncpy-usage.patch" + + # supress etc/pam.d/*, we provide our own + sed -i '/^SUBDIRS/s/pam.d//' etc/Makefile.in + + ./configure \ + --prefix=/usr \ + --bindir=/usr/bin \ + --sbindir=/usr/bin \ + --libdir=/lib \ + --mandir=/usr/share/man \ + --sysconfdir=/etc \ + --with-libpam \ + --without-selinux \ + --with-group-name-max-length=32 + + make +} + +package() { + cd "$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install + + # license + install -Dm644 "$srcdir/LICENSE" "$pkgdir/usr/share/licenses/shadow/LICENSE" + + # useradd defaults + install -Dm644 "$srcdir/useradd.defaults" "$pkgdir/etc/default/useradd" + + # systemd timer + install -D -m644 ${srcdir}/shadow.timer ${pkgdir}/usr/lib/systemd/system/shadow.timer + install -D -m644 ${srcdir}/shadow.service ${pkgdir}/usr/lib/systemd/system/shadow.service + install -d -m755 ${pkgdir}/usr/lib/systemd/system/multi-user.target.wants + ln -s ../shadow.timer ${pkgdir}//usr/lib/systemd/system/multi-user.target.wants/shadow.timer + + # login.defs + install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs" + + # PAM config - custom + install -dm755 "$pkgdir/etc/pam.d" + install -t "$pkgdir/etc/pam.d" -m644 "$srcdir"/{passwd,chgpasswd,chpasswd,newusers} + + # PAM config - from tarball + install -Dm644 etc/pam.d/groupmems "$pkgdir/etc/pam.d/groupmems" + + # we use the 'useradd' PAM file for other similar utilities + for file in chage groupadd groupdel groupmod shadow \ + useradd usermod userdel; do + install -Dm644 "$srcdir/defaults.pam" "$pkgdir/etc/pam.d/$file" + done + + # lastlog log file creation + install -Dm644 "$srcdir/lastlog.tmpfiles" "${pkgdir}/usr/lib/tmpfiles.d/lastlog.conf" + + # Remove evil/broken tools + rm "$pkgdir"/usr/sbin/logoutd + + # Remove utilities provided by util-linux + rm \ + "$pkgdir"/usr/bin/{login,su,chsh,chfn,sg,nologin} \ + "$pkgdir"/usr/sbin/{vipw,vigr} + + # but we keep newgrp, as sg is really an alias to it + mv "$pkgdir"/usr/bin/{newgrp,sg} + + # ...and their many man pages + find "$pkgdir"/usr/share/man \ + '(' -name 'chsh.1' -o \ + -name 'chfn.1' -o \ + -name 'su.1' -o \ + -name 'logoutd.8' -o \ + -name 'login.1' -o \ + -name 'nologin.8' -o \ + -name 'vipw.8' -o \ + -name 'vigr.8' -o \ + -name 'newgrp.1' ')' \ + -delete + rmdir \ + "$pkgdir"/usr/share/man/{fi,id,zh_TW}/man1 \ + "$pkgdir"/usr/share/man/{fi,ko/man8} + + # move everything else to /usr/bin, because this isn't handled by ./configure + mv "$pkgdir"/usr/sbin/* "$pkgdir"/usr/bin + rmdir "$pkgdir/usr/sbin" +} Copied: shadow/repos/testing-x86_64/chgpasswd (from rev 208933, shadow/trunk/chgpasswd) =================================================================== --- testing-x86_64/chgpasswd (rev 0) +++ testing-x86_64/chgpasswd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +account required pam_permit.so +password include system-auth Copied: shadow/repos/testing-x86_64/chpasswd (from rev 208933, shadow/trunk/chpasswd) =================================================================== --- testing-x86_64/chpasswd (rev 0) +++ testing-x86_64/chpasswd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow Copied: shadow/repos/testing-x86_64/defaults.pam (from rev 208933, shadow/trunk/defaults.pam) =================================================================== --- testing-x86_64/defaults.pam (rev 0) +++ testing-x86_64/defaults.pam 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_permit.so Copied: shadow/repos/testing-x86_64/lastlog.tmpfiles (from rev 208933, shadow/trunk/lastlog.tmpfiles) =================================================================== --- testing-x86_64/lastlog.tmpfiles (rev 0) +++ testing-x86_64/lastlog.tmpfiles 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1 @@ +f /var/log/lastlog 0644 root root Copied: shadow/repos/testing-x86_64/login.defs (from rev 208933, shadow/trunk/login.defs) =================================================================== --- testing-x86_64/login.defs (rev 0) +++ testing-x86_64/login.defs 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,203 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# +# Delay in seconds before being allowed another attempt after a login failure +# +FAIL_DELAY 3 + +# +# Enable display of unknown usernames when login failures are recorded. +# +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +CONSOLE /etc/securetty +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# *REQUIRED* +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define both, MAIL_DIR takes precedence. +# QMAIL_DIR is for Qmail +# +#QMAIL_DIR Maildir +MAIL_DIR /var/spool/mail + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/bin +ENV_PATH PATH=/usr/bin + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# The ULIMIT is used only if the system supports it. +# (now it works with setrlimit too; ulimit is in 512-byte units) +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 077 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +SYS_UID_MIN 500 +SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +SYS_GID_MIN 500 +SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# This also enables userdel to remove user groups if no members exist. +# +USERGROUPS_ENAB yes + +# +# Controls display of the motd file. This is better handled by pam_motd.so +# so the declaration here is empty is suppress display by readers of this +# file. +# +MOTD_FILE Copied: shadow/repos/testing-x86_64/newusers (from rev 208933, shadow/trunk/newusers) =================================================================== --- testing-x86_64/newusers (rev 0) +++ testing-x86_64/newusers 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_unix.so +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so sha512 shadow Copied: shadow/repos/testing-x86_64/passwd (from rev 208933, shadow/trunk/passwd) =================================================================== --- testing-x86_64/passwd (rev 0) +++ testing-x86_64/passwd 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,4 @@ +#%PAM-1.0 +#password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 +#password required pam_unix.so sha512 shadow use_authtok +password required pam_unix.so sha512 shadow nullok Copied: shadow/repos/testing-x86_64/shadow-strncpy-usage.patch (from rev 208933, shadow/trunk/shadow-strncpy-usage.patch) =================================================================== --- testing-x86_64/shadow-strncpy-usage.patch (rev 0) +++ testing-x86_64/shadow-strncpy-usage.patch 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,25 @@ +diff -u shadow-4.1.5/src/usermod.c.orig shadow-4.1.5/src/usermod.c +--- shadow-4.1.5/src/usermod.c.orig 2012-02-13 08:19:43.792146449 -0500 ++++ shadow-4.1.5/src/usermod.c 2012-02-13 08:21:19.375114500 -0500 +@@ -182,7 +182,7 @@ + struct tm *tp; + + if (date < 0) { +- strncpy (buf, "never", maxsize); ++ strncpy (buf, "never", maxsize - 1); + } else { + time_t t = (time_t) date; + tp = gmtime (&t); +diff -u shadow-4.1.5/src/login.c.orig shadow-4.1.5/src/login.c +--- shadow-4.1.5/src/login.c.orig 2012-02-13 08:19:50.951994454 -0500 ++++ shadow-4.1.5/src/login.c 2012-02-13 08:21:04.490430937 -0500 +@@ -752,7 +752,8 @@ + _("%s login: "), hostn); + } else { + strncpy (loginprompt, _("login: "), +- sizeof (loginprompt)); ++ sizeof (loginprompt) - 1); ++ loginprompt[sizeof (loginprompt) - 1] = '\0'; + } + + retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt); Copied: shadow/repos/testing-x86_64/shadow.install (from rev 208933, shadow/trunk/shadow.install) =================================================================== --- testing-x86_64/shadow.install (rev 0) +++ testing-x86_64/shadow.install 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +post_upgrade() { + grpck -r >/dev/null 2>&1 + if [ $? -eq 2 ]; then + printf '%s\n' \ + "==> Warning: /etc/group or /etc/gshadow are inconsistent." \ + " Run 'grpck' to correct this." + fi + return 0 +} Copied: shadow/repos/testing-x86_64/shadow.service (from rev 208933, shadow/trunk/shadow.service) =================================================================== --- testing-x86_64/shadow.service (rev 0) +++ testing-x86_64/shadow.service 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,10 @@ +[Unit] +Description=Verify integrity of password and group files + +[Service] +Type=oneshot +ExecStart=/usr/bin/pwck -r +ExecStart=/usr/bin/grpck -r +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 Copied: shadow/repos/testing-x86_64/shadow.timer (from rev 208933, shadow/trunk/shadow.timer) =================================================================== --- testing-x86_64/shadow.timer (rev 0) +++ testing-x86_64/shadow.timer 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,7 @@ +[Unit] +Description=Daily verification of password and group files + +[Timer] +OnCalendar=daily +AccuracySec=12h +Persistent=true Copied: shadow/repos/testing-x86_64/useradd.defaults (from rev 208933, shadow/trunk/useradd.defaults) =================================================================== --- testing-x86_64/useradd.defaults (rev 0) +++ testing-x86_64/useradd.defaults 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +# useradd defaults file for ArchLinux +# original changes by TomK +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel +CREATE_MAIL_SPOOL=no Copied: shadow/repos/testing-x86_64/xstrdup.patch (from rev 208933, shadow/trunk/xstrdup.patch) =================================================================== --- testing-x86_64/xstrdup.patch (rev 0) +++ testing-x86_64/xstrdup.patch 2014-03-28 21:02:36 UTC (rev 208934) @@ -0,0 +1,9 @@ +--- shadow-4.1.2.1/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500 ++++ shadow-4.1.2.1/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500 +@@ -61,5 +61,6 @@ + + char *xstrdup (const char *str) + { ++ if(str == NULL) return NULL; + return strcpy (xmalloc (strlen (str) + 1), str); + }