diff --git a/README.md b/README.md index 9cdcf11..22b198f 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,10 @@ # shadow +The shadow package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. +- The pwconv command converts passwords to the shadow password format. +- The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). +- The pwck command checks the integrity of password and shadow files. +- The lastlog command prints out the last login times for all users. +- The useradd, userdel and usermod commands are used for managing user accounts. +- The groupadd, groupdel and groupmod commands are used for managing group accounts. + diff --git a/shadow-4.0.3.patch b/shadow-4.0.3.patch new file mode 100644 index 0000000..8578edd --- /dev/null +++ b/shadow-4.0.3.patch @@ -0,0 +1,91 @@ +diff -ru shadow-4.0.3/libmisc/age.c shadow-4.0.3-new/libmisc/age.c +--- shadow-4.0.3/libmisc/age.c 2001-12-22 07:59:30.000000000 +0100 ++++ shadow-4.0.3-new/libmisc/age.c 2002-04-02 23:38:48.000000000 ++0200 +@@ -107,7 +107,9 @@ + + endspent (); + endpwent (); ++#ifdef SHADOWGRP + endsgent (); ++#endif + endgrent (); + + /* +diff -ru shadow-4.0.3/libmisc/pwdcheck.c +shadow-4.0.3-new/libmisc/pwdcheck.c +--- shadow-4.0.3/libmisc/pwdcheck.c 2000-10-15 19:07:26.000000000 ++0200 ++++ shadow-4.0.3-new/libmisc/pwdcheck.c 2002-04-02 +23:40:55.000000000 +0200 +@@ -6,6 +6,7 @@ + #include "prototypes.h" + #include "defines.h" + ++#include + #include + #include "pwauth.h" + +diff -ru shadow-4.0.3/man/Makefile.am shadow-4.0.3-new/man/Makefile.am +--- shadow-4.0.3/man/Makefile.am 2002-03-13 09:35:46.000000000 ++0100 ++++ shadow-4.0.3-new/man/Makefile.am 2002-04-02 23:38:48.000000000 ++0200 +@@ -1,6 +1,6 @@ + + # subdirectories for translated manual pages +-SUBDIRS = cs de fr hu id it ja ko pl pt_BR ++SUBDIRS = + + man_MANS = \ + adduser.8 \ +@@ -41,13 +41,13 @@ + useradd.8 \ + userdel.8 \ + usermod.8 \ ++ groups.1 \ + vigr.8 \ + vipw.8 + + EXTRA_DIST = $(man_MANS) \ + dpasswd.8 \ + getspnam.3 \ +- groups.1 \ + id.1 \ + pw_auth.3 \ + pwauth.8 \ +diff -ru shadow-4.0.3/src/Makefile.am shadow-4.0.3-new/src/Makefile.am +--- shadow-4.0.3/src/Makefile.am 2002-03-10 08:12:52.000000000 ++0100 ++++ shadow-4.0.3-new/src/Makefile.am 2002-04-02 23:38:48.000000000 ++0200 +@@ -21,8 +21,8 @@ + # and installation would be much simpler (just two directories, + # $prefix/bin and $prefix/sbin, no install-data hacks...) + +-bin_PROGRAMS = groups login su +-ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd ++bin_PROGRAMS = login su ++ubin_PROGRAMS = groups faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd + usbin_PROGRAMS = chpasswd dpasswd groupadd groupdel groupmod \ + logoutd mkpasswd newusers useradd userdel usermod grpck \ + pwck vipw grpconv grpunconv pwconv pwunconv +diff -ru shadow-4.0.3/src/login.c shadow-4.0.3-new/src/login.c +--- shadow-4.0.3/src/login.c 2002-03-08 05:30:28.000000000 +0100 ++++ shadow-4.0.3-new/src/login.c 2002-04-02 23:38:48.000000000 ++0200 +@@ -848,13 +848,8 @@ + } + preauth_flag = 0; + #ifndef LOGIN_PROMPT +-#ifdef __linux__ /* hostname login: - like in util-linux login */ +- login_prompt (_("\n%s login: "), username, +- sizeof username); +-#else + login_prompt (_("login: "), username, + sizeof username); +-#endif + #else + login_prompt (LOGIN_PROMPT, username, + sizeof username); + diff --git a/shadow-4.0.7-fixpam.patch b/shadow-4.0.7-fixpam.patch new file mode 100644 index 0000000..650b3bc --- /dev/null +++ b/shadow-4.0.7-fixpam.patch @@ -0,0 +1,39 @@ +diff -Nru shadow-4.0.7.orig/src/Makefile.in shadow-4.0.7/src/Makefile.in +--- shadow-4.0.7.orig/src/Makefile.in 2005-02-25 17:41:09.000000000 +0100 ++++ shadow-4.0.7/src/Makefile.in 2005-02-25 17:44:54.000000000 +0100 +@@ -359,17 +359,35 @@ + chage_LDADD = $(LDADD) $(LIBPAM) + chfn_LDADD = $(LDADD) $(LIBPAM) + chsh_LDADD = $(LDADD) $(LIBPAM) ++dpasswd_LDADD = $(LDADD) $(LIBPAM) ++expiry_LDADD = $(LDADD) $(LIBPAM) ++faillog_LDADD = $(LDADD) $(LIBPAM) ++gpasswd_LDADD = $(LDADD) $(LIBPAM) + groupadd_LDADD = $(LDADD) $(LIBPAM) + groupdel_LDADD = $(LDADD) $(LIBPAM) + groupmod_LDADD = $(LDADD) $(LIBPAM) ++groups_LDADD = $(LDADD) $(LIBPAM) ++grpck_LDADD = $(LDADD) $(LIBPAM) ++grpconv_LDADD = $(LDADD) $(LIBPAM) ++grpunconv_LDADD = $(LDADD) $(LIBPAM) ++id_LDADD = $(LDADD) $(LIBPAM) ++lastlog_LDADD = $(LDADD) $(LIBPAM) + login_LDADD = $(LDADD) $(LIBPAM) ++logoutd_LDADD = $(LDADD) $(LIBPAM) ++mkpasswd_LDADD = $(LDADD) $(LIBPAM) ++newgrp_LDADD = $(LDADD) $(LIBPAM) + newusers_LDADD = $(LDADD) $(LIBPAM) + passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) ++pwck_LDADD = $(LDADD) $(LIBPAM) ++pwconv_LDADD = $(LDADD) $(LIBPAM) ++pwunconv_LDADD = $(LDADD) $(LIBPAM) + su_SOURCES = su.c suauth.c + su_LDADD = $(LDADD) $(LIBPAM) ++sulogin_LDADD = $(LDADD) $(LIBPAM) + useradd_LDADD = $(LDADD) $(LIBPAM) + userdel_LDADD = $(LDADD) $(LIBPAM) + usermod_LDADD = $(LDADD) $(LIBPAM) ++vipw_LDADD = $(LDADD) $(LIBPAM) + all: all-am + + .SUFFIXES: diff --git a/shadow-4.1.4.2-cross_compile.patch b/shadow-4.1.4.2-cross_compile.patch new file mode 100644 index 0000000..ec5172c --- /dev/null +++ b/shadow-4.1.4.2-cross_compile.patch @@ -0,0 +1,12 @@ +diff -Nru shadow-4.1.4.2/configure shadow-4.1.4.2.orig//configure +--- shadow-4.1.4.2/configure 2009-07-24 03:15:56.000000000 +0200 ++++ shadow-4.1.4.2.orig//configure 2010-03-23 17:55:23.399050453 +0100 +@@ -18135,7 +18135,7 @@ + if test "$cross_compiling" = yes; then + { { $as_echo "$as_me:$LINENO: error: cannot check setpgrp when cross compiling" >&5 + $as_echo "$as_me: error: cannot check setpgrp when cross compiling" >&2;} +- { (exit 1); exit 1; }; } ++ } + else + cat >conftest.$ac_ext <<_ACEOF + /* confdefs.h. */ diff --git a/shadow-4.1.4.2-login_defs.patch b/shadow-4.1.4.2-login_defs.patch new file mode 100644 index 0000000..e49f447 --- /dev/null +++ b/shadow-4.1.4.2-login_defs.patch @@ -0,0 +1,140 @@ +diff -Nru shadow-4.1.4.2.orig/etc/login.defs shadow-4.1.4.2/etc/login.defs +--- shadow-4.1.4.2.orig/etc/login.defs 2009-07-23 22:43:14.000000000 +0200 ++++ shadow-4.1.4.2/etc/login.defs 2010-02-10 14:20:17.080888513 +0100 +@@ -14,7 +14,7 @@ + # + # Enable logging and display of /var/log/faillog login failure info. + # +-FAILLOG_ENAB yes ++#FAILLOG_ENAB yes + + # + # Enable display of unknown usernames when login failures are recorded. +@@ -29,7 +29,7 @@ + # + # Enable logging and display of /var/log/lastlog login time info. + # +-LASTLOG_ENAB yes ++#LASTLOG_ENAB yes + + # + # Enable checking and display of mailbox status upon login. +@@ -37,22 +37,22 @@ + # Disable if the shell startup files already check for mail + # ("mailx -e" or equivalent). + # +-MAIL_CHECK_ENAB yes ++#MAIL_CHECK_ENAB yes + + # + # Enable additional checks upon password changes. + # +-OBSCURE_CHECKS_ENAB yes ++#OBSCURE_CHECKS_ENAB yes + + # + # Enable checking of time restrictions specified in /etc/porttime. + # +-PORTTIME_CHECKS_ENAB yes ++#PORTTIME_CHECKS_ENAB yes + + # + # Enable setting of ulimit, umask, and niceness from passwd gecos field. + # +-QUOTAS_ENAB yes ++#QUOTAS_ENAB yes + + # + # Enable "syslog" logging of su activity - in addition to sulog file logging. +@@ -78,7 +78,7 @@ + # If defined, ":" delimited list of "message of the day" files to + # be displayed upon login. + # +-MOTD_FILE /etc/motd ++#MOTD_FILE /etc/motd + #MOTD_FILE /etc/motd:/usr/lib/news/news-motd + + # +@@ -96,14 +96,14 @@ + # If defined, login failures will be logged here in a utmp format. + # last, when invoked as lastb, will read /var/log/btmp, so... + # +-FTMP_FILE /var/log/btmp ++#FTMP_FILE /var/log/btmp + + # + # If defined, name of file whose presence which will inhibit non-root + # logins. The contents of this file should be a message indicating + # why logins are inhibited. + # +-NOLOGINS_FILE /etc/nologin ++#NOLOGINS_FILE /etc/nologin + + # + # If defined, the command name to display when running "su -". For +@@ -141,7 +141,7 @@ + # If defined, an HZ environment parameter spec. + # + # for Linux/x86 +-ENV_HZ HZ=100 ++#ENV_HZ HZ=100 + # For Linux/Alpha... + #ENV_HZ HZ=1024 + +@@ -201,7 +201,7 @@ + # + PASS_MAX_DAYS 99999 + PASS_MIN_DAYS 0 +-PASS_MIN_LEN 5 ++#PASS_MIN_LEN 5 + PASS_WARN_AGE 7 + + # +@@ -210,12 +210,12 @@ + # to uid 0 accounts. If the group doesn't exist or is empty, no one + # will be able to "su" to uid 0. + # +-SU_WHEEL_ONLY no ++#SU_WHEEL_ONLY no + + # + # If compiled with cracklib support, where are the dictionaries + # +-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict ++#CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict + + # + # Min/max values for automatic uid selection in useradd +@@ -248,12 +248,12 @@ + # + # Maximum number of attempts to change password if rejected (too easy) + # +-PASS_CHANGE_TRIES 5 ++#PASS_CHANGE_TRIES 5 + + # + # Warn about weak passwords (but still allow them) if you are root. + # +-PASS_ALWAYS_WARN yes ++#PASS_ALWAYS_WARN yes + + # + # Number of significant characters in the password for crypt(). +@@ -265,7 +265,7 @@ + # + # Require password before chfn/chsh can make any changes. + # +-CHFN_AUTH yes ++#CHFN_AUTH yes + + # + # Which fields may be changed by regular users using chfn - use +@@ -347,7 +347,7 @@ + # If this file exists and is readable, login environment will be + # read from it. Every line should be in the form name=value. + # +-ENVIRON_FILE /etc/environment ++#ENVIRON_FILE /etc/environment + + # + # If defined, this command is run when removing a user. diff --git a/shadow-pam-login b/shadow-pam-login new file mode 100644 index 0000000..2a5c808 --- /dev/null +++ b/shadow-pam-login @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_unix.so +auth include system-auth +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/shadow-pam-makefile.patch b/shadow-pam-makefile.patch new file mode 100644 index 0000000..ae1104e --- /dev/null +++ b/shadow-pam-makefile.patch @@ -0,0 +1,141 @@ +diff -ru shadow-4.0.3.orig/src/Makefile.in shadow-4.0.3/src/Makefile.in +--- shadow-4.0.3.orig/src/Makefile.in 2003-05-06 10:16:00.000000000 +0000 ++++ shadow-4.0.3/src/Makefile.in 2003-05-06 10:16:13.000000000 +0000 +@@ -203,25 +203,25 @@ + chsh_LDFLAGS = + dpasswd_SOURCES = dpasswd.c + dpasswd_OBJECTS = dpasswd.$(OBJEXT) +-dpasswd_LDADD = $(LDADD) ++dpasswd_LDADD = $(LDADD) $(LIBPAM) + dpasswd_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + dpasswd_LDFLAGS = + expiry_SOURCES = expiry.c + expiry_OBJECTS = expiry.$(OBJEXT) +-expiry_LDADD = $(LDADD) ++expiry_LDADD = $(LDADD) $(LIBPAM) + expiry_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + expiry_LDFLAGS = + faillog_SOURCES = faillog.c + faillog_OBJECTS = faillog.$(OBJEXT) +-faillog_LDADD = $(LDADD) ++faillog_LDADD = $(LDADD) $(LIBPAM) + faillog_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + faillog_LDFLAGS = + gpasswd_SOURCES = gpasswd.c + gpasswd_OBJECTS = gpasswd.$(OBJEXT) +-gpasswd_LDADD = $(LDADD) ++gpasswd_LDADD = $(LDADD) $(LIBPAM) + gpasswd_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + gpasswd_LDFLAGS = +@@ -242,37 +242,37 @@ + groupmod_LDFLAGS = + groups_SOURCES = groups.c + groups_OBJECTS = groups.$(OBJEXT) +-groups_LDADD = $(LDADD) ++groups_LDADD = $(LDADD) $(LIBPAM) + groups_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + groups_LDFLAGS = + grpck_SOURCES = grpck.c + grpck_OBJECTS = grpck.$(OBJEXT) +-grpck_LDADD = $(LDADD) ++grpck_LDADD = $(LDADD) $(LIBPAM) + grpck_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + grpck_LDFLAGS = + grpconv_SOURCES = grpconv.c + grpconv_OBJECTS = grpconv.$(OBJEXT) +-grpconv_LDADD = $(LDADD) ++grpconv_LDADD = $(LDADD) $(LIBPAM) + grpconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + grpconv_LDFLAGS = + grpunconv_SOURCES = grpunconv.c + grpunconv_OBJECTS = grpunconv.$(OBJEXT) +-grpunconv_LDADD = $(LDADD) ++grpunconv_LDADD = $(LDADD) $(LIBPAM) + grpunconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + grpunconv_LDFLAGS = + id_SOURCES = id.c + id_OBJECTS = id.$(OBJEXT) +-id_LDADD = $(LDADD) ++id_LDADD = $(LDADD) $(LIBPAM) + id_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + id_LDFLAGS = + lastlog_SOURCES = lastlog.c + lastlog_OBJECTS = lastlog.$(OBJEXT) +-lastlog_LDADD = $(LDADD) ++lastlog_LDADD = $(LDADD) $(LIBPAM) + lastlog_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + lastlog_LDFLAGS = +@@ -283,19 +283,19 @@ + login_LDFLAGS = + logoutd_SOURCES = logoutd.c + logoutd_OBJECTS = logoutd.$(OBJEXT) +-logoutd_LDADD = $(LDADD) ++logoutd_LDADD = $(LDADD) $(LIBPAM) + logoutd_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + logoutd_LDFLAGS = + mkpasswd_SOURCES = mkpasswd.c + mkpasswd_OBJECTS = mkpasswd.$(OBJEXT) +-mkpasswd_LDADD = $(LDADD) ++mkpasswd_LDADD = $(LDADD) $(LIBPAM) + mkpasswd_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + mkpasswd_LDFLAGS = + newgrp_SOURCES = newgrp.c + newgrp_OBJECTS = newgrp.$(OBJEXT) +-newgrp_LDADD = $(LDADD) ++newgrp_LDADD = $(LDADD) $(LIBPAM) + newgrp_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + newgrp_LDFLAGS = +@@ -311,19 +311,19 @@ + passwd_LDFLAGS = + pwck_SOURCES = pwck.c + pwck_OBJECTS = pwck.$(OBJEXT) +-pwck_LDADD = $(LDADD) ++pwck_LDADD = $(LDADD) $(LIBPAM) + pwck_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + pwck_LDFLAGS = + pwconv_SOURCES = pwconv.c + pwconv_OBJECTS = pwconv.$(OBJEXT) +-pwconv_LDADD = $(LDADD) ++pwconv_LDADD = $(LDADD) $(LIBPAM) + pwconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + pwconv_LDFLAGS = + pwunconv_SOURCES = pwunconv.c + pwunconv_OBJECTS = pwunconv.$(OBJEXT) +-pwunconv_LDADD = $(LDADD) ++pwunconv_LDADD = $(LDADD) $(LIBPAM) + pwunconv_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + pwunconv_LDFLAGS = +@@ -334,7 +334,7 @@ + su_LDFLAGS = + sulogin_SOURCES = sulogin.c + sulogin_OBJECTS = sulogin.$(OBJEXT) +-sulogin_LDADD = $(LDADD) ++sulogin_LDADD = $(LDADD) $(LIBPAM) + sulogin_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + sulogin_LDFLAGS = +@@ -355,7 +355,7 @@ + usermod_LDFLAGS = + vipw_SOURCES = vipw.c + vipw_OBJECTS = vipw.$(OBJEXT) +-vipw_LDADD = $(LDADD) ++vipw_LDADD = $(LDADD) $(LIBPAM) + vipw_DEPENDENCIES = $(top_builddir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la + vipw_LDFLAGS = diff --git a/shadow-pam-passwd b/shadow-pam-passwd new file mode 100644 index 0000000..89ac733 --- /dev/null +++ b/shadow-pam-passwd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include system-auth +account include system-auth +password include system-auth diff --git a/shadow-pam-shadow b/shadow-pam-shadow new file mode 100644 index 0000000..47ac148 --- /dev/null +++ b/shadow-pam-shadow @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_nologin.so +account include system-auth +password sufficient pam_permit.so +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/shadow-pam-su b/shadow-pam-su new file mode 100644 index 0000000..a107012 --- /dev/null +++ b/shadow-pam-su @@ -0,0 +1,9 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth include system-auth +auth required pam_nologin.so +account include system-auth +password include system-auth +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/shadow-pam-useradd b/shadow-pam-useradd new file mode 100644 index 0000000..5e50369 --- /dev/null +++ b/shadow-pam-useradd @@ -0,0 +1,8 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +auth required pam_nologin.so +account include system-auth +password required pam_permit.so +session include system-auth +session required pam_limits.so +#session optional pam_console.so diff --git a/shadow-useradd b/shadow-useradd new file mode 100644 index 0000000..ae81dbb --- /dev/null +++ b/shadow-useradd @@ -0,0 +1,7 @@ +# useradd defaults file +GROUP=100 +HOME=/home +INACTIVE=-1 +EXPIRE= +SHELL=/bin/bash +SKEL=/etc/skel diff --git a/shadow.spec b/shadow.spec new file mode 100644 index 0000000..7265090 --- /dev/null +++ b/shadow.spec @@ -0,0 +1,322 @@ +%define shadowgroupid 15 +Summary: Utilities for managing shadow password files and user/group accounts +Name: shadow +Version: 4.1.5.1 +Group: Applications/Security +Release: 1mamba +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://pkg-shadow.alioth.debian.org/ +Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 +Source1: shadow-useradd +Source2: shadow-pam-shadow +Source3: shadow-pam-useradd +Source4: shadow-pam-su +Source5: shadow-pam-passwd +Source6: shadow-pam-login +Patch0: %{name}-4.0.3.patch +Patch1: %{name}-pam-makefile.patch +Patch2: %{name}-4.0.7-fixpam.patch +Patch3: %{name}-4.1.4.2-login_defs.patch +Patch4: %{name}-4.1.4.2-cross_compile.patch +License: BSD +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: libcrack-devel +%if "%{stage1}" != "1" +BuildRequires: libselinux-devel +%endif +BuildRequires: pam-devel +## AUTOBUILDREQ-END +Requires: pam >= 0.77, shadow-common == %{version} +BuildRequires: skey-devel +BuildRoot: %{_tmppath}/%{name}-%{version}-root +Provides: shadowtool + +%description +The shadow package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. +- The pwconv command converts passwords to the shadow password format. +- The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). +- The pwck command checks the integrity of password and shadow files. +- The lastlog command prints out the last login times for all users. +- The useradd, userdel and usermod commands are used for managing user accounts. +- The groupadd, groupdel and groupmod commands are used for managing group accounts. + +%package common +Summary: Common tools used both by shadow tools and pwdutils +Group: Applications/Security + +%description common +The shadow-common package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. + +%prep +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +%setup -q +#%patch1 -p1 +#%patch2 -p1 +%patch3 -p1 +#%patch4 -p1 + +%build +%if "%{_host}" != "%{_build}" +cat > config.cache << EOF +ac_cv_func_setpgrp_void=yes +EOF +LDFLAGS="-ldl -lcrypt -lpam -lpam_misc -lselinux" ./configure \ + --cache-file=config.cache \ +%else +LDFLAGS="-ldl" ./configure \ +%endif + --with-libpam \ + --host=%{_host} \ + --build=%{_build} \ + --prefix=%{_prefix} \ + --mandir=%{_mandir} \ + --libdir=%{_libdir} \ + --sysconfdir=%{_sysconfdir} \ + --enable-shared \ + --with-libcrack \ + --with-skey + +LDFLAGS="-ldl" make %{_smp_mflags} LIBSELINUX="-lselinux -lsepol" + +%install +LIBRARY_PATH=LIBRARY_PATH:%{buildroot}%{_libdir} \ +LDFLAGS="-ldl" make install \ + DESTDIR=%{buildroot} \ + gnulocaledir=%{buildroot}%{_datadir}/locale + +mkdir -p %{buildroot}/etc/default +cp etc/{limits,login.access} %{buildroot}/etc +install -m 744 %{SOURCE1} %{buildroot}/etc/default/useradd + +install -m 0644 etc/login.defs %{buildroot}/etc/login.defs + +#mkdir %{buildroot}/lib +#mv %{buildroot}%{_libdir}/libshadow.so.0* \ +# %{buildroot}/lib +#ln -sf ../../lib/libshadow.so.0 %{buildroot}%{_libdir}/libshadow.so +##ln -sf ../../lib/libmisc.so.0 %{buildroot}%{_libdir}/libmisc.so + +mv %{buildroot}%{_mandir}/man5/passwd.5 \ + %{buildroot}%{_mandir}/man5/passwd-shadow.5 + +mkdir -p %{buildroot}%{_sysconfdir}/pam.d +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/shadow +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/chage +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/chpasswd +cp %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/newusers + +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/useradd +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/userdel +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/usermod +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/groupadd +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/groupdel +cp %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/groupmod + +# FIXME: /etc/pam.d/su is installed though moved to coreutils +# because an upgrade of shadow-common and coreutils would make +# it disappear (an RPM issue) +#cp %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/su +cp %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/passwd +cp %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/login + +#touch %{buildroot}%{_sysconfdir}/shadow + +# remove su +rm %{buildroot}/bin/su %{buildroot}%{_mandir}/man1/su.* + +%find_lang shadow + +for l in cs da de fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW; do + for m in man1/groups.1 man5/faillog.5 man8/lastlog.8 man8/newusers.8; do + [ -e %{buildroot}%{_mandir}/$l/$m ] && \ + echo "%lang(%l) %{_mandir}/$l/$m*" >> shadow.lang + done + for m in `ls %{buildroot}%{_mandir}/$l/*/*`; do + m1=`echo $m | sed "s|%{buildroot}||"` + grep $m1 shadow.lang || \ + echo "%lang(%l) /${m1}*" >> shadow-main.man + done +done +for m in man1/groups.1 man5/faillog.5 man8/lastlog.8 man8/newusers.8; do + [ -e %{buildroot}%{_mandir}/$m ] && \ + echo "%{_mandir}/$m*" >> shadow.lang +done +for m in `ls %{buildroot}%{_mandir}/*/*\.[1-9]`; do + m1=`echo $m | sed "s|%{buildroot}||"` + grep $m1 shadow.lang || \ + echo "/${m1}*" >> shadow-main.man +done + +%clean +[ "%{buildroot}" != / ] && rm -rf %{buildroot} + +%post common +/sbin/ldconfig +groupadd shadow -g %{shadowgroupid} 2>/dev/null || : +exit 0 + +%preun common +/sbin/ldconfig +exit 0 + +%posttrans common +if [ -e /etc/shadow.rpmsave ]; then + SAVEPWD=`grep "^root:" /etc/shadow.rpmsave | sed "s|root:\([^:]*\):.*|\1|"` + NEWPWD=`grep "^root:" /etc/shadow | sed "s|root:\([^:]*\):.*|\1|"` + if [ "$NEWPWD" == "" -o "$NEWPWD" == "!" -o "$NEWPWD" == "x" ]; then + if [ "$SAVEPWD" != "!" -a "$SAVEPWD" != "" -a "$SAVEPWD" != "x" ]; then + mv /etc/shadow.rpmsave /etc/shadow + chmod 0640 /etc/shadow + chgrp shadow /etc/shadow + else + echo "Unexpected error updating /etc/shadow file: root password was lost, recover needed!" + fi + fi +fi +exit 0 + +%files -f shadow-main.man +%defattr(-,root,root) +%{_sysconfdir}/login.access +%{_sysconfdir}/login.defs +%attr(644,root,root) %config /etc/pam.d/login +/bin/login +%{_bindir}/chage +%{_bindir}/chfn +%{_bindir}/chsh +%{_bindir}/expiry +%{_bindir}/gpasswd +%{_bindir}/newgrp +%{_bindir}/passwd +%{_bindir}/sg +%{_sbindir}/* +/sbin/nologin +%exclude %{_sbindir}/newusers +%{_sysconfdir}/default/useradd +%attr(644,root,root) %config /etc/pam.d/passwd +%attr(644,root,root) %config /etc/pam.d/shadow +%attr(644,root,root) %config /etc/pam.d/chfn +%attr(644,root,root) %config /etc/pam.d/chsh +%attr(644,root,root) %config /etc/pam.d/su +%attr(644,root,root) %config /etc/pam.d/useradd +%attr(644,root,root) %config /etc/pam.d/userdel +%attr(644,root,root) %config /etc/pam.d/usermod +%attr(644,root,root) %config /etc/pam.d/groupadd +%attr(644,root,root) %config /etc/pam.d/groupdel +%attr(644,root,root) %config /etc/pam.d/groupmod +%attr(644,root,root) %config /etc/pam.d/chage +%attr(644,root,root) %config /etc/pam.d/chpasswd +%{_mandir}/man1/login.1.gz + +%files common -f shadow.lang +%defattr(-,root,root) +#%attr(640,root,shadow) %config(noreplace) %{_sysconfdir}/shadow +%{_sysconfdir}/limits +%attr(644,root,root) %config /etc/pam.d/chgpasswd +%attr(644,root,root) %config /etc/pam.d/groupmems +%attr(644,root,root) %config /etc/pam.d/newusers +%dir %{_sysconfdir}/default +/bin/groups +%{_bindir}/faillog +%{_bindir}/lastlog +%{_sbindir}/newusers +%{_mandir}/man1/groups.1.gz +%{_mandir}/man5/faillog.5.gz +%{_mandir}/man8/lastlog.8.gz +%{_mandir}/man8/newusers.8.gz + +%changelog +* Sat Dec 08 2012 Automatic Build System 4.1.5.1-1mamba +- update to 4.1.5.1 + +* Fri Sep 14 2012 Silvan Calarco 4.1.4.3-3mamba +- also move login.1 man page from shadow-common to shadow + +* Sun Sep 09 2012 Silvan Calarco 4.1.4.3-2mamba +- move login from shadow-common to main (unused) package following utill-linux 2.22 + +* Sun Mar 06 2011 Automatic Build System 4.1.4.3-1mamba +- automatic update by autodist + +* Tue Sep 21 2010 Silvan Calarco 4.1.4.2-6mamba +- fixed /etc/shadow checks to prevent password loss on upgrade from old installations + +* Mon Jul 19 2010 Silvan Calarco 4.1.4.2-5mamba +- don't own /etc/shadow + +* Mon Jun 28 2010 Silvan Calarco 4.1.4.2-4mamba +- run pwconv on install to correctly create /etc/shadow + +* Wed Feb 10 2010 Silvan Calarco 4.1.4.2-3mamba +- patched default /etc/login.defs to remove not supported options due to pam enabled + +* Tue Feb 09 2010 Silvan Calarco 4.1.4.2-2mamba +- removed obsolete pwconv code in post script +- added S/Key support + +* Fri Feb 05 2010 Silvan Calarco 4.1.4.2-1mamba +- update to 4.1.4.2 + +* Mon May 04 2009 Silvan Calarco 4.0.7-10mamba +- reset /etc/shadow file permissions on update + +* Sat May 02 2009 Silvan Calarco 4.0.7-9mamba +- set shadow group with read permission for /etc/shadow + +* Mon Jun 25 2007 Silvan Calarco 4.0.7-8mamba +- pam files changed to support pam 0.99.7 + +* Wed May 18 2005 Silvan Calarco 4.0.7-6qilnx +- removed su which is replaced by coreutils's + +* Mon Mar 07 2005 Silvan Calarco 4.0.7-5qilnx +- fix login script to work with pam_unix2 + +* Wed Mar 02 2005 Silvan Calarco 4.0.7-4qilnx +- added missing pam files for some service who now use them instead of shadow +- added empty /etc/shadow file + +* Fri Feb 25 2005 Silvan Calarco 4.0.7-3qilnx +- fixed requirement for libmisc + +* Fri Feb 25 2005 Silvan Calarco 4.0.7-2qilnx +- package split into shadow and shadow-common, the latter for use with pwdutils + +* Fri Feb 25 2005 Silvan Calarco 4.0.7-1qilnx +- update to version 4.0.7 by autospec + +* Fri May 28 2004 Davide Madrisan 4.0.4.1-2qilnx +- added missing ldconfig to preun and postun scripts + +* Thu May 27 2004 Silvan Calarco 4.0.4.1-1qilnx +- new version build +- removed pam_console from services that used it + +* Thu May 09 2003 Silvan Calarco 4.0.3-8qilnx +- fixed login pam configuration module + +* Thu May 09 2003 Silvan Calarco 4.0.3-7qilnx +- added login pam configuration module +- fixed configuration files for shadow and useradd + +* Thu May 08 2003 Silvan Calarco 4.0.3-6qilnx +- added /etc/pam.d files: su, shadow, passwd, useradd + +* Tue May 06 2003 Alessandro Ramazzina 4.0.3-5qilnx +- added useradd file in /etc/default directory +- added patch for pam support + +* Sun Apr 27 2003 Silvan Calarco 4.0.3-4qilnx +- added post and preun pw conversion scripts + +* Tue Apr 22 2003 Silvan Calarco 4.0.3-2qilnx +- removed Prefix variable definition +- PAM support added + +* Tue Apr 08 2003 Luca Tinelli +- first Build +