diff options
author | Martin Schlemmer <azarah@gentoo.org> | 2004-01-22 19:20:09 +0000 |
---|---|---|
committer | Martin Schlemmer <azarah@gentoo.org> | 2004-01-22 19:20:09 +0000 |
commit | 3eaedfcf8e9d5432b18734d0d7fb85574f42ac79 (patch) | |
tree | e738377b8de6937b0781ab42c90d806235d76f33 /sys-apps/shadow | |
parent | fix dodoc #39054 (diff) | |
download | historical-3eaedfcf8e9d5432b18734d0d7fb85574f42ac79.tar.gz historical-3eaedfcf8e9d5432b18734d0d7fb85574f42ac79.tar.bz2 historical-3eaedfcf8e9d5432b18734d0d7fb85574f42ac79.zip |
Update version.
Diffstat (limited to 'sys-apps/shadow')
-rw-r--r-- | sys-apps/shadow/ChangeLog | 9 | ||||
-rw-r--r-- | sys-apps/shadow/Manifest | 24 | ||||
-rw-r--r-- | sys-apps/shadow/files/digest-shadow-4.0.4.1 | 1 | ||||
-rw-r--r-- | sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch | 210 | ||||
-rw-r--r-- | sys-apps/shadow/files/shadow-4.0.4.1-useradd-manpage-update.patch | 17 | ||||
-rw-r--r-- | sys-apps/shadow/shadow-4.0.3-r9.ebuild | 4 | ||||
-rw-r--r-- | sys-apps/shadow/shadow-4.0.4.1.ebuild | 197 |
7 files changed, 449 insertions, 13 deletions
diff --git a/sys-apps/shadow/ChangeLog b/sys-apps/shadow/ChangeLog index b5b744e73a9b..07e028bf2c14 100644 --- a/sys-apps/shadow/ChangeLog +++ b/sys-apps/shadow/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-apps/shadow # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.47 2004/01/10 02:37:14 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/ChangeLog,v 1.48 2004/01/22 19:20:09 azarah Exp $ + +*shadow-4.0.4.1 (22 Jan 2004) + + 22 Jan 2004; Martin Schlemmer <azarah@gentoo.org> shadow-4.0.4.1.ebuild, + files/shadow-4.0.4.1-su-pam_open_session.patch, + files/shadow-4.0.4.1-useradd-manpage-update.patch: + Update version. *shadow-4.0.3-r10 (09 Jan 2004) diff --git a/sys-apps/shadow/Manifest b/sys-apps/shadow/Manifest index 6b4fe1028468..b971dc97428a 100644 --- a/sys-apps/shadow/Manifest +++ b/sys-apps/shadow/Manifest @@ -1,20 +1,24 @@ MD5 7452616f9e23975f06b648553542e190 shadow-4.0.3-r10.ebuild 5680 -MD5 e8541b13efd1985eb9e1175545c374e7 shadow-4.0.3-r9.ebuild 5428 -MD5 c0e4cb74513dd41eccff94322beb7938 ChangeLog 9414 +MD5 0bfea38d38f50550c81a99bd920f8c6c ChangeLog 9640 MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164 -MD5 13c8bec4c2cffb2d73c2f5aa01229d03 files/shadow-4.0.3-su-pam_open_session.patch-v2 4882 -MD5 e70a5f61d37c3c67a4b860d8a6191dbc files/securetty 230 +MD5 62cc9812d368c9201eb3bb993481a05a shadow-4.0.3-r9.ebuild 5425 +MD5 1aa1fb968ea9691590663522962a7430 shadow-4.0.4.1.ebuild 5430 +MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r9 65 MD5 6dfd34cef0901f49a1899aa59219bc8f files/shadow-4.0.3-shared-needs-pam.patch 646 MD5 94728414b91e556a211379f6acc9b52d files/shadow-4.0.3-selinux.diff 3940 -MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r9 65 -MD5 de1e23b4a7d38545475dffc3c9dc73a0 files/shadow-4.0.3-useradd-manpage-update.patch 804 MD5 52fc2a150fc27350a5f9990e0007d064 files/digest-shadow-4.0.3-r10 65 +MD5 e70a5f61d37c3c67a4b860d8a6191dbc files/securetty 230 +MD5 13c8bec4c2cffb2d73c2f5aa01229d03 files/shadow-4.0.3-su-pam_open_session.patch-v2 4882 MD5 5be850b601aabd73a43b1a3bbb893386 files/shadow-4.0.3-nologin-run-sh.patch 972 +MD5 201f1321262da41ccd1a0283216ae9a7 files/shadow-4.0.4.1-su-pam_open_session.patch 4886 +MD5 cef6788bc7c8c5468c1b1f68df77ed9e files/digest-shadow-4.0.4.1 67 +MD5 bb55107c3a9354ef2d1977547fdb5a83 files/shadow-4.0.4.1-useradd-manpage-update.patch 958 +MD5 de1e23b4a7d38545475dffc3c9dc73a0 files/shadow-4.0.3-useradd-manpage-update.patch 804 MD5 6e0bc0211949c624da0ea08d994a7038 files/default/useradd 96 -MD5 0a8b62ed0426b607b92e275d63fa7cbf files/pam.d/su 1247 -MD5 a5311bbc9c1fc378a6b0bfb3ca1b2394 files/pam.d/login 431 MD5 344d17a865edc40adebe07797853c839 files/pam.d/other 198 -MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth-1.1 491 +MD5 0a8b62ed0426b607b92e275d63fa7cbf files/pam.d/su 1247 +MD5 51b0337bd261f6ed5e53af5dc196431a files/pam.d/system-auth 499 MD5 a1c7fb84c2dc309db86ba7b8d3dfae76 files/pam.d/passwd 214 MD5 60d44a6f43aafcb9ca35858ab2534a49 files/pam.d/shadow 227 -MD5 51b0337bd261f6ed5e53af5dc196431a files/pam.d/system-auth 499 +MD5 a5311bbc9c1fc378a6b0bfb3ca1b2394 files/pam.d/login 431 +MD5 1baa646400c4a596290e9d4b9e1c09b2 files/pam.d/system-auth-1.1 491 diff --git a/sys-apps/shadow/files/digest-shadow-4.0.4.1 b/sys-apps/shadow/files/digest-shadow-4.0.4.1 new file mode 100644 index 000000000000..86c719561f0b --- /dev/null +++ b/sys-apps/shadow/files/digest-shadow-4.0.4.1 @@ -0,0 +1 @@ +MD5 3a3d17d3d7c630b602baf66ae7434c61 shadow-4.0.4.1.tar.bz2 814234 diff --git a/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch b/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch new file mode 100644 index 000000000000..3bdeb9795401 --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch @@ -0,0 +1,210 @@ +--- shadow-4.0.3/src/su.c.orig 2002-10-20 16:43:21.000000000 +0200 ++++ shadow-4.0.3/src/su.c 2002-10-20 16:50:57.000000000 +0200 +@@ -134,6 +134,108 @@ + exit (1); + } + ++#ifdef USE_PAM ++static int caught=0; ++ ++/* Signal handler for parent process later */ ++static void su_catch_sig(int sig) ++{ ++ ++caught; ++} ++ ++/* This I ripped out of su.c from sh-utils after the Mandrake pam patch ++ * have been applied. Some work was needed to get it integrated into ++ * su.c from shadow. ++ */ ++static void run_shell (const char *shellstr, char *args[], int doshell) ++{ ++ int child; ++ sigset_t ourset; ++ int status; ++ int ret; ++ ++ child = fork(); ++ if (child == 0) { /* child shell */ ++ pam_end (pamh, PAM_SUCCESS); ++ ++ if (doshell) ++ shell (shellstr, (char *) args[0]); ++ else ++ (void) execv (shellstr, (char **) args); ++ { ++ int exit_status = (errno == ENOENT ? 127 : 126); ++ exit (exit_status); ++ } ++ } else if (child == -1) { ++ (void) fprintf(stderr, "%s: Cannot fork user shell\n", Prog); ++ SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell)); ++ closelog (); ++ exit(1); ++ } ++ /* parent only */ ++ sigfillset(&ourset); ++ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) { ++ (void) fprintf(stderr, "%s: signal malfunction\n", Prog); ++ caught = 1; ++ } ++ if (!caught) { ++ struct sigaction action; ++ action.sa_handler = su_catch_sig; ++ sigemptyset(&action.sa_mask); ++ action.sa_flags = 0; ++ sigemptyset(&ourset); ++ ++ if (sigaddset(&ourset, SIGTERM) ++ || sigaddset(&ourset, SIGALRM) ++ || sigaction(SIGTERM, &action, NULL) ++ || sigprocmask(SIG_UNBLOCK, &ourset, NULL) ++ ) { ++ fprintf(stderr, "%s: signal masking malfunction\n", Prog); ++ caught = 1; ++ } ++ } ++ ++ if (!caught) { ++ do { ++ int pid; ++ ++ pid = waitpid(-1, &status, WUNTRACED); ++ ++ if (WIFSTOPPED(status)) { ++ kill(getpid(), SIGSTOP); ++ /* once we get here, we must have resumed */ ++ kill(pid, SIGCONT); ++ } ++ } while (WIFSTOPPED(status)); ++ } ++ ++ if (caught) { ++ fprintf(stderr, "\nSession terminated, killing shell..."); ++ kill (child, SIGTERM); ++ } ++ ++ ret = pam_close_session(pamh, 0); ++ if (ret != PAM_SUCCESS) { ++ SYSLOG ((LOG_ERR, "pam_close_session: %s", ++ pam_strerror (pamh, ret))); ++ fprintf (stderr, "%s: %s\n", Prog, ++ pam_strerror (pamh, ret)); ++ pam_end (pamh, ret); ++ exit (1); ++ } ++ ++ ret = pam_end(pamh, PAM_SUCCESS); ++ ++ if (caught) { ++ sleep(2); ++ kill(child, SIGKILL); ++ fprintf(stderr, " ...killed.\n"); ++ exit(-1); ++ } ++ ++ exit (WEXITSTATUS(status)); ++} ++#endif + + /* + * su - switch user id +@@ -152,6 +254,7 @@ + int main (int argc, char **argv) + { + char *cp; ++ char **envcp; + const char *tty = 0; /* Name of tty SU is run from */ + int doshell = 0; + int fakelogin = 0; +@@ -252,6 +355,14 @@ + */ + if ((cp = getenv ("TERM"))) + addenv ("TERM", cp); ++ /* ++ * Also leave DISPLAY and XAUTHORITY if present, else ++ * pam_xauth will not work. ++ */ ++ if ((cp = getenv ("DISPLAY"))) ++ addenv ("DISPLAY", cp); ++ if ((cp = getenv ("XAUTHORITY"))) ++ addenv ("XAUTHORITY", cp); + } else { + while (*envp) + addenv (*envp++, NULL); +@@ -507,7 +618,10 @@ + } + #endif + ++/* setup the environment for pam later on, else we run into auth problems */ ++#ifndef USE_PAM + environ = newenvp; /* make new environment active */ ++#endif + + if (getenv ("IFS")) /* don't export user IFS ... */ + addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */ +@@ -555,6 +669,31 @@ + exit (1); + } + ++ ret = pam_open_session (pamh, 0); ++ if (ret != PAM_SUCCESS) { ++ SYSLOG ((LOG_ERR, "pam_open_session: %s", ++ pam_strerror (pamh, ret))); ++ fprintf (stderr, "%s: %s\n", Prog, ++ pam_strerror (pamh, ret)); ++ pam_end (pamh, ret); ++ exit (1); ++ } ++ ++ /* we need to setup the environment *after* pam_open_session(), ++ * else the UID is changed before stuff like pam_xauth could ++ * run, and we cannot access /etc/shadow and co ++ */ ++ environ = newenvp; /* make new environment active */ ++ ++ /* update environment with all pam set variables */ ++ envcp = pam_getenvlist(pamh); ++ if(envcp) { ++ while(*envcp) { ++ putenv(*envcp); ++ envcp++; ++ } ++ } ++ + /* become the new user */ + if (change_uid (&pwent)) { + pam_setcred (pamh, PAM_DELETE_CRED); +@@ -562,9 +701,6 @@ + exit (1); + } + +- /* now we are done using PAM */ +- pam_end (pamh, PAM_SUCCESS); +- + #else /* !USE_PAM */ + if (!amroot) /* no limits if su from root */ + setup_limits (&pwent); +@@ -622,13 +758,21 @@ + */ + + argv[-1] = pwent.pw_shell; ++#ifndef USE_PAM + (void) execv (pwent.pw_shell, &argv[-1]); ++#else ++ run_shell (pwent.pw_shell, &argv[-1], 0); ++#endif + (void) fprintf (stderr, _("No shell\n")); + SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell)); + closelog (); + exit (1); + } + ++#ifndef USE_PAM + shell (pwent.pw_shell, cp); ++#else ++ run_shell (pwent.pw_shell, &cp, 1); ++#endif + /* NOT REACHED */ + exit (1); + } diff --git a/sys-apps/shadow/files/shadow-4.0.4.1-useradd-manpage-update.patch b/sys-apps/shadow/files/shadow-4.0.4.1-useradd-manpage-update.patch new file mode 100644 index 000000000000..b444d118356a --- /dev/null +++ b/sys-apps/shadow/files/shadow-4.0.4.1-useradd-manpage-update.patch @@ -0,0 +1,17 @@ +--- shadow-4.0.4.1.orig/man/useradd.8 2004-01-22 21:09:46.369993928 +0200 ++++ shadow-4.0.4.1/man/useradd.8 2004-01-22 21:12:39.043743528 +0200 +@@ -49,10 +49,10 @@ + .SS Creating New Users + When invoked without the \fB-D\fR option, the \fBuseradd\fR command creates + a new user account using the values specified on the command line and the +-default values from the system. The new user account will be entered into +-the system files as needed, the home directory will be created, and initial +-files copied, depending on the command line options. The options which apply +-to the \fBuseradd\fR command are: ++default values from the system. Depending on command line options, the ++useradd command will update system files and may also create the new user's ++home directory and copy initial files. The options which apply to the ++\fBuseradd\fR command are: + .IP "\fB-c\fR \fIcomment\fR" + The new user's password file comment field. + .IP "\fB-d\fR \fIhome_dir\fR" diff --git a/sys-apps/shadow/shadow-4.0.3-r9.ebuild b/sys-apps/shadow/shadow-4.0.3-r9.ebuild index 8c14828e110a..ccefe1b5887a 100644 --- a/sys-apps/shadow/shadow-4.0.3-r9.ebuild +++ b/sys-apps/shadow/shadow-4.0.3-r9.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. +# Copyright 1999-2004 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.3-r9.ebuild,v 1.6 2003/12/17 04:07:23 brad_mssw Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.3-r9.ebuild,v 1.7 2004/01/22 19:20:09 azarah Exp $ IUSE="pam selinux" diff --git a/sys-apps/shadow/shadow-4.0.4.1.ebuild b/sys-apps/shadow/shadow-4.0.4.1.ebuild new file mode 100644 index 000000000000..0e5ce81369c0 --- /dev/null +++ b/sys-apps/shadow/shadow-4.0.4.1.ebuild @@ -0,0 +1,197 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/shadow/shadow-4.0.4.1.ebuild,v 1.1 2004/01/22 19:20:09 azarah Exp $ + +IUSE="pam selinux" + +inherit eutils libtool gnuconfig + +FORCE_SYSTEMAUTH_UPDATE="no" + +SELINUX_PATCH="shadow-4.0.3-selinux.diff" + +S="${WORKDIR}/${P}" +HOMEPAGE="http://shadow.pld.org.pl/" +DESCRIPTION="Utilities to deal with user accounts" +SRC_URI="ftp://ftp.pld.org.pl/software/shadow/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~x86 ~amd64 ~ppc ~sparc ~alpha ~mips ~hppa ~arm ~ia64 ~ppc64" + +DEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( >=sys-libs/pam-0.75-r4 ) + nls? ( sys-devel/gettext ) + selinux? ( sys-libs/libselinux )" + +RDEPEND=">=sys-libs/cracklib-2.7-r3 + pam? ( >=sys-libs/pam-0.75-r4 ) + selinux? ( sys-libs/libselinux )" + + +pkg_preinst() { + rm -f ${ROOT}/etc/pam.d/system-auth.new +} + +src_unpack() { + unpack ${A} + + cd ${S} + + use selinux && epatch ${FILESDIR}/${SELINUX_PATCH} + + # Get su to call pam_open_session(), and also set DISPLAY and XAUTHORITY, + # else the session entries in /etc/pam.d/su never get executed, and + # pam_xauth for one, is then never used. This should close bug #8831. + # + # <azarah@gentoo.org> (19 Oct 2002) + use pam && epatch ${FILESDIR}/${P}-su-pam_open_session.patch + + # If su should not simulate a login shell, use '/bin/sh' as shell to enable + # running of commands as user with /bin/false as shell, closing bug #15015. + # + # <azarah@gentoo.org> (23 Feb 2003) +# This one could be a security hole ... +# cd ${S}; epatch ${FILESDIR}/${P}-nologin-run-sh.patch + + # Patch the useradd manpage to be a bit more clear, closing bug #13203. + # Thanks to Guy <guycad@mindspring.com>. + epatch ${FILESDIR}/${P}-useradd-manpage-update.patch +} + +src_compile() { + # Allows shadow configure detect mips systems properly + gnuconfig_update + + elibtoolize + + local myconf= + use pam \ + && myconf="${myconf} --with-libpam --with-libcrack" \ + || myconf="${myconf} --without-libpam" + + ./configure --disable-desrpc \ + --with-libcrypt \ + --with-libcrack \ + --enable-shared=no \ + --enable-static=yes \ + --host=${CHOST} \ + `use_enable nls` \ + ${myconf} || die "bad configure" + + # Parallel make fails sometimes + make || die "compile problem" +} + +src_install() { + dodir /etc/default /etc/skel + + make prefix=${D}/usr \ + exec_prefix=${D} \ + mandir=${D}/usr/share/man \ + install || die "install problem" + + # Do not install this login, but rather the one from + # pam-login, as this one have a serious root exploit + # with pam_limits in use. + use pam && rm ${D}/bin/login + + mv ${D}/lib ${D}/usr + dosed "s:/lib':/usr/lib':g" /usr/lib/libshadow.la + dosed "s:/lib/:/usr/lib/:g" /usr/lib/libshadow.la + dosed "s:/lib':/usr/lib':g" /usr/lib/libmisc.la + dosed "s:/lib/:/usr/lib/:g" /usr/lib/libmisc.la + dosym /usr/bin/newgrp /usr/bin/sg + dosym /usr/sbin/useradd /usr/sbin/adduser + dosym /usr/sbin/vipw /usr/sbin/vigr + # Remove dead links + rm -f ${D}/bin/{sg,vipw} + + insinto /etc + # Using a securetty with devfs device names added + # (compat names kept for non-devfs compatibility) + insopts -m0600 ; doins ${FILESDIR}/securetty + insopts -m0600 ; doins ${S}/etc/login.access + insopts -m0644 ; doins ${S}/etc/limits + + # needed for 'adduser -D' + insinto /etc/default + insopts -m0600 + doins ${FILESDIR}/default/useradd +# From sys-apps/pam-login now +# insopts -m0644 ; doins ${FILESDIR}/login.defs + + if [ `use pam` ] ; then + insinto /etc/pam.d ; insopts -m0644 + for x in ${FILESDIR}/pam.d/* + do + [ -f ${x} ] && doins ${x} + done + cd ${FILESDIR}/pam.d + # Make sure /etc/pam.d/system-auth is the new version .. + mv ${D}/etc/pam.d/system-auth-1.1 ${D}/etc/pam.d/system-auth + newins system-auth-1.1 system-auth.new || die + newins shadow chage + newins shadow chsh + newins shadow chfn + newins shadow useradd + newins shadow groupadd + fi + + cd ${S} + # The manpage install is beyond my comprehension, and + # also broken. Just do it over. + rm -rf ${D}/usr/share/man/* + + rm -f man/id.1 man/getspnam.3 man/passwd.5 + for x in man/*.[0-9] + do + [ -f ${x} ] && doman ${x} + done + + if [ ! `use pam` ] ; then + # Dont install the manpage, since we dont use + # login with shadow + rm -f ${D}/usr/share/man/man1/login.* + # We use pam, so this is not applicable. + rm -f ${D}/usr/share/man/man5/suauth.* + fi + + cd ${S}/doc + dodoc ANNOUNCE INSTALL LICENSE README WISHLIST + docinto txt + dodoc HOWTO LSM README.* *.txt + + # Fix sparc serial console + if [ "${ARCH}" = "sparc" -o "${ARCH}" = "" ] + then + # ttyS0 and its devfsd counterpart (Sparc serial port "A") + dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty + dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty + fi +} + +pkg_postinst() { + use pam || return 0; + local CHECK1="$(md5sum ${ROOT}/etc/pam.d/system-auth | cut -d ' ' -f 1)" + local CHECK2="$(md5sum ${ROOT}/etc/pam.d/system-auth.new | cut -d ' ' -f 1)" + + if [ "${CHECK1}" != "${CHECK2}" -a "${FORCE_SYSTEMAUTH_UPDATE}" = "yes" ] + then + ewarn "Due to a security issue, ${ROOT}etc/pam.d/system-auth " + ewarn "is being updated automatically. Your old " + ewarn "system-auth will be backed up as:" + ewarn + ewarn " ${ROOT}etc/pam.d/system-auth.bak" + echo + + cp -a ${ROOT}/etc/pam.d/system-auth \ + ${ROOT}/etc/pam.d/system-auth.bak; + mv -f ${ROOT}/etc/pam.d/system-auth.new \ + ${ROOT}/etc/pam.d/system-auth + rm -f ${ROOT}/etc/pam.d/._cfg????_system-auth + else + rm -f ${ROOT}/etc/pam.d/system-auth.new + fi +} + |