[Pkg-shadow-commits] r624 - trunk/debian/patches
Christian Perrier
bubulle at costa.debian.org
Fri Oct 28 20:51:44 UTC 2005
Author: bubulle
Date: 2005-10-28 20:51:39 +0000 (Fri, 28 Oct 2005)
New Revision: 624
Added:
trunk/debian/patches/460_vipw-quiet
trunk/debian/patches/461_keep_sticky_bit_for_dirs
trunk/debian/patches/462_warn_to_edit_shadow
trunk/debian/patches/463_login_delay_obeys_to_PAM
trunk/debian/patches/464_login_service_configurable
trunk/debian/patches/465_su_logs_like_login
trunk/debian/patches/466_useradd_-r_LSB
Modified:
trunk/debian/patches/series
Log:
Add all patches I produced in my train trip
Added: trunk/debian/patches/460_vipw-quiet
===================================================================
--- trunk/debian/patches/460_vipw-quiet 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/460_vipw-quiet 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,53 @@
+Goal: Add a "quiet" mode to vipw and have it display on stdout
+
+Fixes: #190252
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/src/vipw.c
+===================================================================
+--- shadow-4.0.13.orig/src/vipw.c 2005-10-27 14:28:08.238320024 +0200
++++ shadow-4.0.13/src/vipw.c 2005-10-27 14:36:15.101305600 +0200
+@@ -45,6 +45,7 @@
+ static const char *progname, *filename, *fileeditname;
+ static int filelocked = 0, createedit = 0;
+ static int (*unlock) (void);
++static int quiet = 0;
+
+ /* local function prototypes */
+ static int create_backup_file (FILE *, const char *, struct stat *);
+@@ -104,7 +105,8 @@
+ fprintf (stderr, "%s: %s", progname, msg);
+ if (syserr)
+ fprintf (stderr, ": %s", strerror (err));
+- fprintf (stderr, _("\n%s: %s is unchanged\n"), progname, filename);
++ if (!quiet)
++ fprintf (stdout, _("\n%s: %s is unchanged\n"), progname, filename);
+ exit (ret);
+ }
+
+@@ -218,13 +220,15 @@
+ progname = ((c = strrchr (*argv, '/')) ? c + 1 : *argv);
+ do_vipw = (strcmp (progname, "vigr") != 0);
+
+- while ((flag = getopt (argc, argv, "ghps")) != EOF) {
++ while ((flag = getopt (argc, argv, "ghpqs")) != EOF) {
+ switch (flag) {
+ case 'g':
+ do_vipw = 0;
+ break;
+ case 'h':
+ e = 0;
++ case 'q':
++ quiet = 1;
+ case 'p':
+ do_vipw = 1;
+ break;
+@@ -235,6 +239,7 @@
+ printf (_("Usage:\n\
+ `vipw' edits /etc/passwd `vipw -s' edits /etc/shadow\n\
+ `vigr' edits /etc/group `vigr -s' edits /etc/gshadow\n\
++`{vipw|vigr} -q' quiet mode\n\
+ "));
+ exit (e);
+ }
Added: trunk/debian/patches/461_keep_sticky_bit_for_dirs
===================================================================
--- trunk/debian/patches/461_keep_sticky_bit_for_dirs 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/461_keep_sticky_bit_for_dirs 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,24 @@
+Goal: Keep sticky bit on dirs when copied with copy_tree. This should allo
+ to keep them when copying the skeleton directory in useradd
+
+Fixes: #296729
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/libmisc/copydir.c
+===================================================================
+--- shadow-4.0.13.orig/libmisc/copydir.c 2005-10-27 15:02:29.379978864 +0200
++++ shadow-4.0.13/libmisc/copydir.c 2005-10-27 15:00:43.179123848 +0200
+@@ -225,10 +225,11 @@
+ #ifdef WITH_SELINUX
+ selinux_file_context (dst_name);
+ #endif
+- mkdir (dst_name, sb.st_mode & 0777);
++ mkdir (dst_name, sb.st_mode);
+ chown (dst_name,
+ uid == (uid_t) - 1 ? sb.st_uid : uid,
+ gid == (gid_t) - 1 ? sb.st_gid : gid);
++ chmod (dst_name, sb.st_mode);
+
+ if (copy_tree (src_name, dst_name, uid, gid)) {
+ err++;
Added: trunk/debian/patches/462_warn_to_edit_shadow
===================================================================
--- trunk/debian/patches/462_warn_to_edit_shadow 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/462_warn_to_edit_shadow 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,41 @@
+Goal: Warn about possible need to edit shadow files when editing the
+ master files with vipw
+
+Fixes: #62821
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/src/vipw.c
+===================================================================
+--- shadow-4.0.13.orig/src/vipw.c 2005-10-27 15:30:16.567527832 +0200
++++ shadow-4.0.13/src/vipw.c 2005-10-27 15:36:24.261629832 +0200
+@@ -248,15 +248,27 @@
+ if (do_vipw) {
+ if (editshadow)
+ vipwedit (SHADOW_FILE, spw_lock, spw_unlock);
+- else
++ else {
+ vipwedit (PASSWD_FILE, pw_lock, pw_unlock);
++ printf (_("You have modified the password file.\n\
++You may need to modify the shadow file for consistency.\n\
++Please use the command `vipw -s' to do so.\n\
++"));
++ }
+ } else {
+ #ifdef SHADOWGRP
+ if (editshadow)
+ vipwedit (SGROUP_FILE, sgr_lock, sgr_unlock);
+- else
++ else {
+ #endif
+ vipwedit (GROUP_FILE, gr_lock, gr_unlock);
++#ifdef SHADOWGRP
++ printf (_("You have modified the group file.\n\
++You may need to modify the shadow group file for consistency.\n\
++Please use the command `vigr -s' to do so.\n \
++"));
++#endif
++ }
+ }
+
+ nscd_flush_cache ("passwd");
Added: trunk/debian/patches/463_login_delay_obeys_to_PAM
===================================================================
--- trunk/debian/patches/463_login_delay_obeys_to_PAM 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/463_login_delay_obeys_to_PAM 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,44 @@
+Goal: Do not hardcode pam_fail_delay and let pam_unix do its
+ job to set a delay...or not
+
+Fixes: #87648
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/src/login.c
+===================================================================
+--- shadow-4.0.13.orig/src/login.c 2005-10-27 16:10:53.130114016 +0200
++++ shadow-4.0.13/src/login.c 2005-10-27 16:18:17.602543936 +0200
+@@ -595,10 +595,6 @@
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_FAIL_CHECK;
+-#ifdef HAVE_PAM_FAIL_DELAY
+- retcode = pam_fail_delay (pamh, 1000000 * delay);
+- PAM_FAIL_CHECK;
+-#endif
+ /* if fflg == 1, then the user has already been authenticated */
+ if (!fflg || (getuid () != 0)) {
+ int failcount = 0;
+@@ -639,8 +635,6 @@
+ failed = 0;
+
+ failcount++;
+- if (delay > 0)
+- retcode = pam_fail_delay(pamh, 1000000*delay);
+
+ retcode = pam_authenticate (pamh, 0);
+
+@@ -915,10 +909,9 @@
+ * before the sleep() below completes, login will exit.
+ */
+ #ifndef USE_PAM
+- if (delay > 0)
+- sleep (delay);
++ if (delay > 0)
++ sleep (delay); */
+ #endif
+-
+ puts (_("Login incorrect"));
+
+ /* allow only one attempt with -r or -f */
Added: trunk/debian/patches/464_login_service_configurable
===================================================================
--- trunk/debian/patches/464_login_service_configurable 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/464_login_service_configurable 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,108 @@
+Goal: Allow login PAM service name to be configurable
+
+Fixes: #187921
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/src/login.c
+===================================================================
+--- shadow-4.0.13.orig/src/login.c 2005-10-27 16:18:17.602543936 +0200
++++ shadow-4.0.13/src/login.c 2005-10-27 16:50:28.978930096 +0200
+@@ -64,6 +64,8 @@
+ #define PAM_END { retcode = pam_close_session(pamh,0); \
+ pam_end(pamh,retcode); }
+
++static const char* pam_service = "login";
++
+ #endif /* USE_PAM */
+
+ /*
+@@ -97,6 +99,12 @@
+ #else
+ #define rflg 0
+ #endif
++#ifdef USE_PAM
++static int sflg = 0;
++#else
++#define sflg 0
++#endif
++
+ static int hflg = 0;
+ static int preauth_flag = 0;
+
+@@ -153,15 +161,34 @@
+ * login -h hostname (for telnetd, etc.)
+ * login -f name (for pre-authenticated login: datakit, xterm, etc.)
+ */
+-static void usage (void)
+-{
++#ifdef USE_PAM
++static void usage_nonroot (void) {
++ fprintf (stderr, _("usage: %s [-p] [-s pam_service ] [name]\n"), Prog);
++}
++
++static void usage_root (void) {
++ fprintf (stderr, _(" %s [-p] [-s pam_service ] [-h host] [-f name]\n"), Prog);
++#ifdef RLOGIN
++ fprintf (stderr, _(" %s [-p] [-s pam_service ] -r host\n"), Prog);
++#endif
++}
++#else /* USE_PAM */
++static void usage_nonroot (void) {
+ fprintf (stderr, _("Usage: %s [-p] [name]\n"), Prog);
+- if (!amroot)
+- exit (1);
++}
++static void usage_root (void) {
+ fprintf (stderr, _(" %s [-p] [-h host] [-f name]\n"), Prog);
+ #ifdef RLOGIN
+ fprintf (stderr, _(" %s [-p] -r host\n"), Prog);
+ #endif
++}
++#endif /* USE_PAM */
++
++static void usage (void)
++{
++ usage_nonroot();
++ if (amroot)
++ usage_root();
+ exit (1);
+ }
+
+@@ -370,11 +397,17 @@
+
+ check_flags (argc, argv);
+
+- while ((flag = getopt (argc, argv, "d:f::h:pr:")) != EOF) {
++ while ((flag = getopt (argc, argv, "d:f::h:pr:s:")) != EOF) {
+ switch (flag) {
+ case 'd':
+ /* "-d device" ignored for compatibility */
+ break;
++#ifdef USE_PAM
++ case 's':
++ pam_service = optarg;
++ sflg++;
++ break;
++#endif
+ case 'f':
+ /*
+ * username must be a separate token
+@@ -423,7 +456,7 @@
+ * Allow authentication bypass only if real UID is zero.
+ */
+
+- if ((rflg || fflg || hflg) && !amroot) {
++ if ((rflg || fflg || hflg || sflg) && !amroot) {
+ fprintf (stderr, _("%s: Permission denied.\n"), Prog);
+ exit (1);
+ }
+@@ -576,7 +609,7 @@
+ retries = getdef_num ("LOGIN_RETRIES", RETRIES);
+
+ #ifdef USE_PAM
+- retcode = pam_start ("login", username, &conv, &pamh);
++ retcode = pam_start (pam_service, username, &conv, &pamh);
+ if (retcode != PAM_SUCCESS) {
+ fprintf (stderr,
+ _("login: PAM Failure, aborting: %s\n"),
Added: trunk/debian/patches/465_su_logs_like_login
===================================================================
--- trunk/debian/patches/465_su_logs_like_login 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/465_su_logs_like_login 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,25 @@
+Goal: Log successful/failed su through syslog
+
+Fixes: #190215
+
+Status wrt upstream: Forwarded but not applied yet
+
+Index: shadow-4.0.13/libmisc/sulog.c
+===================================================================
+--- shadow-4.0.13.orig/libmisc/sulog.c 2005-08-31 19:24:58.000000000 +0200
++++ shadow-4.0.13/libmisc/sulog.c 2005-10-27 18:19:27.168072616 +0200
+@@ -49,6 +49,14 @@
+ FILE *fp;
+ mode_t oldmask;
+
++ if (success) {
++ SYSLOG ((LOG_INFO,
++ "Successful su for %s by %s",name,oldname));
++ } else {
++ SYSLOG ((LOG_NOTICE,
++ "FAILED su for %s by %s",name,oldname));
++ }
++
+ if ((sulog_file = getdef_str ("SULOG_FILE")) == (char *) 0)
+ return;
+
Added: trunk/debian/patches/466_useradd_-r_LSB
===================================================================
--- trunk/debian/patches/466_useradd_-r_LSB 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/466_useradd_-r_LSB 2005-10-28 20:51:39 UTC (rev 624)
@@ -0,0 +1,126 @@
+Index: shadow-4.0.13/src/useradd.c
+===================================================================
+--- shadow-4.0.13.orig/src/useradd.c 2005-10-27 14:28:27.288423968 +0200
++++ shadow-4.0.13/src/useradd.c 2005-10-27 18:57:02.880152256 +0200
+@@ -128,6 +128,7 @@
+ mflg = 0, /* create user's home directory if it doesn't exist */
+ nflg = 0, /* create a group having the same name as the user */
+ oflg = 0, /* permit non-unique user ID to be specified with -u */
++ rflg = 0, /* create a system account (LSB compliance) */
+ sflg = 0, /* shell program for new account */
+ uflg = 0; /* specify user ID for new account */
+
+@@ -640,6 +641,7 @@
+ " (non-unique) UID\n"
+ " -p, --password PASSWORD use encrypted password for the new user\n"
+ " account\n"
++ " -r, --system create a system account\n"
+ " -s, --shell SHELL the login shell for the new user account\n"
+ " -u, --uid UID force use the UID for the new user account\n"));
+ exit (E_USAGE);
+@@ -687,11 +689,19 @@
+ spent->sp_namp = (char *) user_name;
+ spent->sp_pwdp = (char *) user_pass;
+ spent->sp_lstchg = time ((time_t *) 0) / SCALE;
+- spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
+- spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
+- spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
+- spent->sp_inact = scale_age (def_inactive);
+- spent->sp_expire = scale_age (user_expire);
++ if (!rflg) {
++ spent->sp_min = scale_age (getdef_num ("PASS_MIN_DAYS", -1));
++ spent->sp_max = scale_age (getdef_num ("PASS_MAX_DAYS", -1));
++ spent->sp_warn = scale_age (getdef_num ("PASS_WARN_AGE", -1));
++ spent->sp_inact = scale_age (def_inactive);
++ spent->sp_expire = scale_age (user_expire);
++ } else {
++ spent->sp_min = scale_age(-1);
++ spent->sp_max = scale_age(-1);
++ spent->sp_warn = scale_age(-1);
++ spent->sp_inact = scale_age(-1);
++ spent->sp_expire = scale_age(-1);
++ }
+ spent->sp_flag = -1;
+ }
+
+@@ -838,8 +848,13 @@
+ const struct passwd *pwd;
+ uid_t uid_min, uid_max;
+
+- uid_min = getdef_unum ("UID_MIN", 1000);
+- uid_max = getdef_unum ("UID_MAX", 60000);
++ if (!rflg) {
++ uid_min = getdef_unum ("UID_MIN", 1000);
++ uid_max = getdef_unum ("UID_MAX", 60000);
++ } else {
++ uid_min = 1;
++ uid_max = getdef_unum ("UID_MIN", 1000) - 1;
++ }
+
+ /*
+ * Start with some UID value if the user didn't provide us with
+@@ -944,12 +959,13 @@
+ {"create-home", no_argument, NULL, 'm'},
+ {"non-unique", no_argument, NULL, 'o'},
+ {"password", required_argument, NULL, 'p'},
++ {"system", no_argument, NULL, 'r'},
+ {"shell", required_argument, NULL, 's'},
+ {"uid", required_argument, NULL, 'u'},
+ {NULL, 0, NULL, '\0'}
+ };
+ while ((c =
+- getopt_long (argc, argv, "b:c:d:De:f:g:G:k:O:K:mMop:s:u:",
++ getopt_long (argc, argv, "b:c:d:De:f:g:G:k:O:K:mMop:r:s:u:",
+ long_options, NULL)) != -1) {
+ switch (c) {
+ case 'b':
+@@ -1103,6 +1119,9 @@
+ }
+ user_pass = optarg;
+ break;
++ case 'r':
++ rflg++;
++ break;
+ case 's':
+ if (!VALID (optarg)
+ || (optarg[0]
+@@ -1386,23 +1405,25 @@
+ */
+ static void create_home (void)
+ {
+- if (access (user_home, F_OK)) {
+- /* XXX - create missing parent directories. --marekm */
+- if (mkdir (user_home, 0)) {
+- fprintf (stderr,
+- _
+- ("%s: cannot create directory %s\n"),
+- Prog, user_home);
+- fail_exit (E_HOMEDIR);
+- }
+- chown (user_home, user_id, user_gid);
+- chmod (user_home, 0777 & ~getdef_num ("UMASK", 022));
+- home_added++;
++ if (!rflg) /* for system accounts defaults are ignored and we
++ * do not create a home dir -- gafton */
++ if (access (user_home, F_OK)) {
++ /* XXX - create missing parent directories. --marekm */
++ if (mkdir (user_home, 0)) {
++ fprintf (stderr,
++ _
++ ("%s: cannot create directory %s\n"),
++ Prog, user_home);
++ fail_exit (E_HOMEDIR);
++ }
++ chown (user_home, user_id, user_gid);
++ chmod (user_home, 0777 & ~getdef_num ("UMASK", 022));
++ home_added++;
+ #ifdef WITH_AUDIT
+- audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ "adding home directory", user_name, user_id, 1);
+ #endif
+- }
++ }
+ }
+
+ /*
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-10-27 10:40:47 UTC (rev 623)
+++ trunk/debian/patches/series 2005-10-28 20:51:39 UTC (rev 624)
@@ -56,6 +56,16 @@
457_document_useradd_groupadd_nis
459_better_document_useradd_-d
458_manpages_typos
+# All these below need more investigation and advice from Tomasz
+# kept here during bubulle's holidays..:-)
+#460_vipw-quiet
+#461_keep_sticky_bit_for_dirs
+#462_warn_to_edit_shadow
+#463_login_delay_obeys_to_PAM
+#464_login_service_configurable
+#465_su_logs_like_login
+#466_useradd_-r_LSB
+#End of holiday patches
# 999-2 is about using cdbs. It does not patch upstream files
# so shouldn't be here, but we keep it for the future
# 999-2_build_using_cdbs
More information about the Pkg-shadow-commits
mailing list