[Lunar-commits] r19289 - moonbase/trunk/security/shadow

Stefan Wold ratler at lunar-linux.org
Fri Mar 17 08:29:05 UTC 2006 

Author: ratler
Date: 2006-03-17 08:29:04 +0000 (Fri, 17 Mar 2006)
New Revision: 19289

Modified:
   moonbase/trunk/security/shadow/BUILD
   moonbase/trunk/security/shadow/DETAILS
Log:
This is a long overdue update.
* Fixes issues with pam_console not restoring permissions when session end
* Now properly decrease counter on logout for next user to get permissions 
  set by pam_console
* Install a different login.defs when Linux-PAM is installed
* Removed two invalid download URLs
* Added a few patches for /bin/su (fixed upstream but not released)

This change have been tested against 2.4 and 2.6 kernel headers. 
Also been tested with and without Linux-PAM. florin gave thumbs up.

Beware that if you modified your login.defs you can run into trouble.
If that happen rm /etc/login.defs && lin shadow.

Report any problem ASAP to me (ratler)



Modified: moonbase/trunk/security/shadow/BUILD
===================================================================
--- moonbase/trunk/security/shadow/BUILD	2006-03-17 06:33:22 UTC (rev 19288)
+++ moonbase/trunk/security/shadow/BUILD	2006-03-17 08:29:04 UTC (rev 19289)
@@ -1,26 +1,45 @@
 (
 
-  touch *
-  patch_it $SOURCE_CACHE/$SOURCE2 1 &&
+  patch_it $SOURCE_CACHE/$SOURCE3 1 &&
+  patch_it $SOURCE_CACHE/$SOURCE4 1 &&
+  patch_it $SOURCE_CACHE/$SOURCE5 1 &&
 
   if  module_installed  Linux-PAM;  then
     OPTS="$OPTS --with-libpam"
-  fi
-  OPTS="$OPTS --with-libcrack"
+  fi 
 
-  ./configure --prefix=/ --libdir=/usr/lib --datadir=/usr/share --infodir=/usr/share/info --mandir=/usr/share/man $OPTS &&
+  ./configure --prefix=/ \
+	      --libdir=/usr/lib \
+              --datadir=/usr/share \
+              --infodir=/usr/share/info \
+              --mandir=/usr/share/man \
+              --with-libcrypt \
+              --with-libcrack \
+              --without-selinux \
+              --without-skey \
+              $OPTS &&
 
-  sedit 's|^ENV_TZ|#ENV_TZ|' etc/login.defs*
-  sedit 's|#CRACKLIB_DICTPATH.*$|CRACKLIB_DICTPATH /lib/cracklib/|g' etc/login.defs*
-  sedit 's|#MD5_CRYPT_ENAB.*$|MD5_CRYPT_ENAB yes|' etc/login.defs*
-  sedit 's|^ULIMIT|#ULIMIT|' etc/login.defs*
-
   default_make &&
 
-  for FILE in limits login.access login.defs ; do
-    [ -e /etc/$FILE ] || install etc/$FILE /etc/
-  done
-  [ -e /etc/securetty  ] || install $SCRIPT_DIRECTORY/securetty /etc/
+  # libshadow.a and libshadow.la should not be installed,
+  # they are for internal use only and may break compilation
+  # for other modules
+  rm -f /usr/lib/libshadow.{a,la} &&
+
+  # We only need these files without PAM
+  if ! module_installed Linux-PAM; then
+    sedit 's|^CRACKLIB_DICTPATH.*$|CRACKLIB_DICTPATH /lib/cracklib/|g' etc/login.defs
+    sedit 's|#MD5_CRYPT_ENAB.*$|MD5_CRYPT_ENAB yes|' etc/login.defs
+    sedit 's|^#GETPASS_ASTERISKS.*|GETPASS_ASTERISKS 0|' etc/login.defs
+    sedit 's|^USERGROUPS_ENAB.*|USERGROUPS_ENAB no|' etc/login.defs
+    [ -e /etc/limits ] || install -m 0644 etc/limits /etc/
+    [ -e /etc/login.access ] || install -m 0644 etc/login.access /etc/
+    [ -e /etc/login.defs ] || install -m 0644 etc/login.defs /etc/
+  else
+    [ -e /etc/login.defs ] || install -m 0644 $SOURCE_CACHE/$SOURCE2 /etc/login.defs
+  fi 
+
+  [ -e /etc/securetty  ] || install -m 0644 $SCRIPT_DIRECTORY/securetty /etc/
   ln -sf /sbin/vipw /sbin/vigr &&
   install $SCRIPT_DIRECTORY/adduser /sbin/ &&
   install $SCRIPT_DIRECTORY/deluser /sbin/

Modified: moonbase/trunk/security/shadow/DETAILS
===================================================================
--- moonbase/trunk/security/shadow/DETAILS	2006-03-17 06:33:22 UTC (rev 19288)
+++ moonbase/trunk/security/shadow/DETAILS	2006-03-17 08:29:04 UTC (rev 19289)
@@ -1,18 +1,23 @@
           MODULE=shadow
-		  ####### warning: 4.0.8 is a dud. please sign off this module
-		  ####### first before upgrading.
-         VERSION=4.0.7
+         VERSION=4.0.14
           SOURCE=$MODULE-$VERSION.tar.bz2
-         SOURCE2=$MODULE-4.0.4.1.newgrp_getlogin.patch
-   SOURCE_URL[0]=http://www.wiretapped.be/security/host-security/$MODULE/old/
-   SOURCE_URL[1]=ftp://ftp.pld.org.pl/software/$MODULE/old/
-   SOURCE_URL[2]=ftp://ftp.pld.net.pl/software/$MODULE/
+         SOURCE2=login-1.0.defs.pam
+         SOURCE3=shadow-4.0.14-su-cvs.patch
+         SOURCE4=shadow-4.0.14-su-fix-environment.patch
+         SOURCE5=shadow-4.0.14-suid-perm.patch
+      SOURCE_URL=ftp://ftp.pld.org.pl/software/$MODULE/
      SOURCE2_URL=$PATCH_URL/
-      SOURCE_VFY=sha1:5af35730c7fdff8d23021e05f0b7823abb658949
-     SOURCE2_VFY=sha1:6c8776f0df157b0f18d4f6c5effd854e5ec208ce
+     SOURCE3_URL=$PATCH_URL/
+     SOURCE4_URL=$PATCH_URL/
+     SOURCE5_URL=$PATCH_URL/
+      SOURCE_VFY=sha1:7d8c504ae03421f9a75cfef3b97b9713782a6e91
+     SOURCE2_VFY=sha1:4a0a30ee8101550b8e09e09d3b7538f41b562e3c
+     SOURCE3_VFY=sha1:10c597bbc6a397e386178c186cc79be5bbf2cd8d
+     SOURCE4_VFY=sha1:c80a080fad18ec2312dfeaf312f31edfb3c18d6d
+     SOURCE5_VFY=sha1:1880a7f4846103e9c194395f3a111035de49bdf0
         WEB_SITE=ftp://ftp.pld.org.pl/software/shadow
          ENTERED=20010922
-         UPDATED=20050820
+         UPDATED=20060317
            SHORT="Contains the shadow password file utilities"
 
 cat << EOF

More information about the Lunar-commits mailing list