--- shadow-4.1.5.1.orig/debian/NEWS +++ shadow-4.1.5.1/debian/NEWS @@ -0,0 +1,36 @@ +shadow (1:4.0.15-5) unstable; urgency=low + + * commands passed in argument to su must use su's -c option and must quote + the command if it contains a space, as in: + su - root -c "ls -l /" + The following commands won't work anymore: + su - root -c ls -l / + su - root "ls -l /" + su - root ls -l / + + -- Christian Perrier Sat, 8 Apr 2006 20:11:38 +0200 + +shadow (1:4.0.14-1) unstable; urgency=low + + * passwd does not support the -f, -s, and -g options anymore. You should use + the chfn, chsh and gpasswd utilities instead. + * login now distributes the nologin utility, which can be used as a shell + to politely refuse a login + + -- Christian Perrier Thu, 5 Jan 2006 08:47:44 +0100 + +shadow (1:4.0.12-1) unstable; urgency=low + + CLOSE_SESSIONS and other variables are not used anymore in + /etc/login/defs. + As shadow utilities which use this file now warn about unknown + entries there, administrators should remove such unknown entries. + The supplied login.defs file does not include them anymore. + + dpasswd is no more distributed by upstream. Login do not support + dialup password anymore. Re-introducing this functionality in + upstream is not trivial. + + + -- Christian Perrier Thu, 25 Aug 2005 08:38:47 +0200 + --- shadow-4.1.5.1.orig/debian/README.debian +++ shadow-4.1.5.1/debian/README.debian @@ -0,0 +1,62 @@ +Read this file first for a brief overview of the new versions of login +and passwd. + + +---Shadow passwords + +The command `shadowconfig on' will turn on shadow password support. +`shadowconfig off' will turn it back off. If you turn on shadow +password support, you'll gain the ability to set password ages and +expirations with chage(1). + +NOTE: If you use the nscd package, you may have problems with a +slight delay in updating the password information. You may notice +this during upgrades of certain packages that try to add a system +user and then access the users information immediately afterwards. +To avoid this, it is suggested that you stop the nscd daemon before +upgrades, then restart it again. + +---General configuration + +Most of the configuration for the shadow utilities is in +/etc/login.defs. See login.defs(5). The defaults are quite +reasonable. + +Also see the /etc/pam.d/* files for each program to configure the PAM +support. PAM documentation is available in several formats in the +libpam-doc package. + + +---MD5 Encryption + +This is enabled now using the /etc/pam.d/* files. Examples are given. + + +---Adding users and groups + +Though you may add users and groups with the SysV type commands, +useradd and groupadd, I recommend you add them with Debian adduser +version 3+. adduser gives you more configuration and conforms to the +Debian UID and GID allocation. + +Editing user and group parameters can be done with usermod and +groupmod. Removing users and groups can be done with userdel and +groupdel. + + +--- Group administration + +Local group allocation is much easier. With gpasswd(1) you can +designate users to administer groups. They can then securely add or +remove users from the group. + + +--- What to read next? + +Read the manpages, the other files in this directory, and the Shadow +Password HOWTO (included in the doc-linux package). A large portion +of these files deals with getting shadow installed. You can, of +course, ignore those parts. + +Also, the libpam-doc package will go a long way to allowing you to take +full advantage of the PAM authentication scheme. --- shadow-4.1.5.1.orig/debian/README.source +++ shadow-4.1.5.1/debian/README.source @@ -0,0 +1,17 @@ +This package uses quilt to patch the upstream source. + +You can find some info on how to generate the patched source, add a new +modification, and remove an existing modification on: + /usr/share/doc/quilt/README.source + +================================================================================ + +To package a new upstream release, you can use the Makefile: + svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile + +================================================================================ + +A testsuite is also available. Instruction on how to run this testsuite +are available on: + svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README + --- shadow-4.1.5.1.orig/debian/changelog +++ shadow-4.1.5.1/debian/changelog @@ -0,0 +1,4009 @@ +shadow (1:4.1.5.1-1.1ubuntu6) wily; urgency=medium + + * extrausers support for useradd and groupadd (LP: #1323732) + + -- Sergio Schvezov Thu, 25 Jun 2015 15:26:55 -0300 + +shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium + + * debian/rules: Re-enable audit support. (LP: #1414817) + * debian/control: add libaudit-dev to Build-Depends. + + -- Mathieu Trudel-Lapierre Tue, 02 Jun 2015 10:46:18 -0400 + +shadow (1:4.1.5.1-1.1ubuntu4) vivid; urgency=medium + + * debian/patches/1020_fix_user_busy_errors: + - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise + code that later opens it as RW fails obscurely. (LP: #1436937) + + -- William Grant Mon, 20 Apr 2015 18:41:47 +0100 + +shadow (1:4.1.5.1-1.1ubuntu3) vivid; urgency=medium + + * No change rebuild to get debug symbols for all architectures. + + -- Brian Murray Tue, 02 Dec 2014 11:39:38 -0800 + +shadow (1:4.1.5.1-1.1ubuntu2) utopic; urgency=medium + + * debian/patches/1010_extrausers.patch: + - Add support to passwd for libnss-extrausers by falling back to the + /var/lib/extrausers/ locations if it exists when updating + passwd or shadow. + + -- Michael Terry Fri, 18 Jul 2014 10:00:44 -0400 + +shadow (1:4.1.5.1-1.1ubuntu1) utopic; urgency=medium + + * Merge from Debian unstable. Remaining changes: + - debian/passwd.upstart: Add an upstrat job to clear locks on + [shadow-]passwd/group. (LP: #523896). + - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using + in LXC with Precise. + - debian/login.defs: + + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG + handling does not only apply to "former (pre-PAM) uses". + + Update documentation of UMASK: Explain that USERGROUPS_ENAB + will modify this default for UPGs. (Closes: #583971) + - debian/{source_shadow.py,rules}: Add apport hook + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + - Install upstart job by-hand, instead of using dh_installinit to avoid + dependency on upstart-job. + - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running + /etc/update-motd.d/* scripts twice (LP: #1169558). + - debian/patches/496_su_kill_process_group: Kill the child process group, + rather than just the immediate child; this is needed now that su no + longer starts a controlling terminal when not running an interactive + shell (closes: #713979). + - Add uidmap package based on upstream patches that introduce + newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional + updates on those to widen the default allocation to 65536 uids and gids + and only assign ranges to non-system users. + + -- Stéphane Graber Fri, 02 May 2014 15:17:15 -0400 + +shadow (1:4.1.5.1-1.1) unstable; urgency=medium + + * Non-maintainer upload. + + [ Eric Dorland ] + * Switch to automake1.11. (Closes: #724434) + + [ Samuel Thibault ] + * Enable the login package on hurd-any, but without /bin/login, still provided + by the hurd package. Closes: #737805. + + -- Samuel Thibault Sun, 16 Mar 2014 20:58:24 +0100 + +shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium + + * Set our subuid and subgid range to 65536 uids by default. + * Patch newusers to not add subuids and subgids to system users. + * Patch useradd to not add subuids and subgids to system users and to + regular users who don't fit between uid_min and uid_max. + (This is needed due to adduser not passing --system...) + + -- Stéphane Graber Sun, 16 Feb 2014 19:33:48 -0500 + +shadow (1:4.1.5.1-1ubuntu8) trusty; urgency=medium + + * Fix postinst to create subuid and subgid when missing as those won't + get created by usermod or any of the other tools. + + -- Stéphane Graber Fri, 17 Jan 2014 16:15:13 -0500 + +shadow (1:4.1.5.1-1ubuntu7) trusty; urgency=medium + + * Don't ship subuid/subgid as conffiles as that'll just cause problems + on upgrades. Instead simply touch them if they're not already present. + + -- Stéphane Graber Sun, 12 Jan 2014 12:59:46 -0500 + +shadow (1:4.1.5.1-1ubuntu6) saucy; urgency=low + + * debian/patches/496_su_kill_process_group: Kill the child process group, + rather than just the immediate child; this is needed now that su no + longer starts a controlling terminal when not running an interactive + shell (closes: #713979). + + -- Colin Watson Fri, 26 Jul 2013 16:55:52 +0100 + +shadow (1:4.1.5.1-1ubuntu5) saucy; urgency=low + + [ Serge Hallyn ] + * debian/patches/userns: patches from Eric Biederman to enable use of + subuids, plus some bugfix patches on top of them. (LP: #1192864) + * passwd.install: add new manpages + * debian/control, debian/uidmap.install: create new uidmap package + containing the new setuid-root binaries newuidmap and newgidmap + * debian/subuid, debian/rules: install a default /etc/subuid and /etc/subgid + * debian/patches/userns/16_add-argument-sanity-checking.patch: address + three sanity checking concerns brought up by sarnold at + http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2013-June/ \ + 009752.html. + + -- Dmitrijs Ledkovs Fri, 28 Jun 2013 11:31:51 +0100 + +shadow (1:4.1.5.1-1ubuntu4) raring; urgency=low + + * Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running + /etc/update-motd.d/* scripts twice (LP: #1169558). + + -- Colin Watson Thu, 18 Apr 2013 01:01:45 +0100 + +shadow (1:4.1.5.1-1ubuntu3) raring; urgency=low + + * Install upstart job by-hand, instead of using dh_installinit to avoid + dependency on upstart-job. + + -- Dmitrijs Ledkovs Mon, 18 Mar 2013 03:23:31 +0000 + +shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low + + * Revert build-dependency from gettext:any to gettext, now that gettext is + Multi-Arch: foreign. + + -- Colin Watson Thu, 29 Nov 2012 15:27:11 +0000 + +shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low + + * The "Yorkshire Blue" release. + * Merge from Debian unstable. Remaining changes: + - debian/passwd.upstart: Add an upstrat job to clear locks on + [shadow-]passwd/group. (LP: #523896). + - Build-depend on gettext:any for cross-building support. + - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using + in LXC with Precise. + - debian/login.defs: + + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG + handling does not only apply to "former (pre-PAM) uses". + + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify + this default for UPGs. (Closes: #583971) + - debian/{source_shadow.py,rules}: Add apport hook + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + + * Dropped changes, merged in Debian: + - Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones; + Debian #544184; fixes console on Vexpress boards (e.g. in QEMU). + - use SHA512 by default for password crypt routine. + - debian/rules: fix FTBFS from newer libtools + - Mark passwd Multi-Arch: foreign. + + -- Dmitrijs Ledkovs Tue, 23 Oct 2012 09:59:19 +0100 + +shadow (1:4.1.5.1-1) unstable; urgency=low + + * The "Gruyère" release. + + [ Nicolas FRANCOIS (Nekral) ] + * New upstream release: + - login: log into utmp(x) but not into wtmp (this is done by pam_lastlog). + Log to utmp(x) was broken by the fix for #605329. Closes: 659957 + - userdel: Fix segfault when userdel removes the user's group. + Closes: #660406 + - manpages: .so links point to paths relative to the top-level manual + hierarchy. Closes: #661025 + - useradd(8): Return code 13 no more documented. Closes: #661802 + * debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed. + The -p option was not documented and was meant to fix consequences of a + bug now fixed more than 10 years ago. + * debian/shadowconfig.sh: Display issues, but dot not prompt interactively + to fix passwd/group/shadow/gshadow issues. Closes: #638263 + * debian/control: Bump Standards-Version to 3.9.3 (no changes needed). + * debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to + get hardened version of shadow-utils. Restore previous requirement on + dpkg-dev to 1.13.5. + + [ Christian Perrier ] + * Complete Polish translation of logoutd(8). Closes: #668880 + * German translation of manpages completed. Closes: #673234 + + [ Roger Leigh ] + * Separation of static and dynamic motd components in login PAM module + Closes: #669698 + + -- Nicolas FRANCOIS (Nekral) Fri, 25 May 2012 15:42:01 +0200 + +shadow (1:4.1.5-1) unstable; urgency=low + + * The "Charolais" release. + + [ Nicolas FRANCOIS (Nekral) ] + * New upstream release: + - su: Fix possible tty hijacking by dropping the controlling terminal when + executing a command (CVE-2005-4890). Closes: #628843 + - userdel: Check the existence of the user's mail spool before trying to + remove it. If it does not exist, a warning is issued, but no failure. + Closes: #617295 + - userdel: Do not remove a group with the same name as the user + (usergroup) if this group isn't the user's primary group. + Closes: #584868 + - su: Close the PAM session as root (fix issues with pam_mount and + pam_systemd). Closes: #580434 + - Fix several typos in manpages. Thanks to Simon Brandmair. + Closes: #628776 + - userdel error message has been clarified when the user is still + executing processes (it used to complain that the user is logged in). + Closes: #603315 + - passwd(1) references chpasswd(8). Closes: #609117 + - Spaces have been added between options and arguments in the Russian + manpages. Closes: #606159 + - Fix handling of numerical dates in usermod -e. Closes: #621810 + - usermod: When the shadow file exists but there are no shadow entries, an + entry is created if the password is changed and passwd requires a shadow + entry, or if aging features are used (-e or -f). Closes: 632461 + - Added diagnosis for lock failures. Closes: #616167 + - grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765 + - login does not log into utmp(x) and wtmp. This is already done by + pam_lastlog. Closes: #605329 + - groupmod: document that /etc/passwd can be modified by groupmod -g. + Closes: #647308 + - Updated patches + + debian/patches/008_login_log_failure_in_FTMP + + debian/patches/401_cppw_src.dpatch + + debian/patches/402_cppw_selinux + + debian/patches/428_grpck_add_prune_option + + debian/patches/429_login_FAILLOG_ENAB + + debian/patches/463_login_delay_obeys_to_PAM + + debian/patches/501_commonio_group_shadow + + debian/patches/505_useradd_recommend_adduser + + debian/patches/506_relaxed_usernames + + debian/patches/508_nologin_in_usr_sbin + + debian/patches/523_su_arguments_are_concatenated + + debian/patches/523_su_arguments_are_no_more_concatenated_by_default + + debian/patches/542_useradd-O_option + + debian/patches/900_testsuite_groupmems + - debian/patches/008_su_get_PAM_username: Removed, feature supported + upstream. + - debian/patches/300_CVE-2011-0721: Removed, applied upstream. + - Upstream translation updates from Debian BTS: + + Brazilian Portuguese. Closes: #622834 + + Catalan. Closes: #627526, #657763 + + Danish. Closes: #621330, #657514 + + German. Closes: #622908, #656503 + + French. Closes: #623608, #657621 + + Japanese. Closes: #620978 + + Kazakh. Closes: #620930 + + Portuguese. Closes: #623722, #656686 + + Russian. Closes: #622106, #655194 + + Spanish (Closes: #630618) + + Swedish. Closes: #621126 + + Simplified Chinese. Closes: #655858 + - Upstream manpages translation updates from Debian BTS: + + French. Closes: #630250, #657622 + + German. Closes: #628777 + + Simplified Chinese. Closes: #602264, #655858 + + Danish added. Closes: #657516 + + Russian. Closes: #657710 + * debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321 + * debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661 + * debian/securetty.linux: Add serial Console for MIPS Swarm. + (http://lists.debian.org/debian-release/2011/02/msg00320.html) + * debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469 + * debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184 + * debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has + been closed. It is no more needed to patch the generated manpages. This + also fix failures to build twice is a row. Closes: #636047 + * debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename + create_backup_file to create_copy. The lock functions do not set errno. + Do not report the error string on cppwexit. + * debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux: + Synchronize with coding style. + * debian/patches/401_cppw_src.dpatch: Detect as well too many and too + few arguments. + * debian/patches/506_relaxed_usernames: Really check if the user/group + name starts with a dash. Also forbid names starting with '+' or '~'. + Document the naming policy in useradd.8 / groupadd.8. + * debian/patches/506_relaxed_usernames: Also forbid names containing a + comma. + * debian/patches/901_testsuite_gcov: Do not revert the locale when testing + with gcov to avoid coverage false negatives. This does not impact the + debian binary package, only the test package. + * debian/control: Add Build-Depends on libsemanage1-dev [linux-any] + * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all + hardening flags set. Closes: #657010 + * debian/control: depends on dpkg-dev (>= 1.16.1~) for including + /usr/share/dpkg/buildflags.mk + * debian/control: Standards-Version: bumped to 3.9.2. No changes. + * debian/login.defs: Set the default encryption method to SHA512. + Closes: #657717 + + [ Christian Perrier ] + * Use "linux-any" instead of a negated list of architectures in + Build-Depends. Closes: #634465 + + -- Nicolas FRANCOIS (Nekral) Sun, 12 Feb 2012 22:27:03 +0100 + +shadow (1:4.1.4.2+svn3283-3ubuntu7) quantal; urgency=low + + * debian/passwd.upstart: Add an upstrat job to clear locks on + [shadow-]passwd/group. (LP: #523896). + + -- Dmitrijs Ledkovs Fri, 31 Aug 2012 13:00:33 +0100 + +shadow (1:4.1.4.2+svn3283-3ubuntu6) quantal; urgency=low + + * debian/source_shadow.py: Fix compatibility with python3. Thanks Edward + Donovan! (LP: #1013171) + + -- Martin Pitt Mon, 18 Jun 2012 15:09:54 +0200 + +shadow (1:4.1.4.2+svn3283-3ubuntu5) precise; urgency=low + + * Build-depend on gettext:any for cross-building support. + + -- Colin Watson Mon, 09 Apr 2012 00:28:03 +0100 + +shadow (1:4.1.4.2+svn3283-3ubuntu4) precise; urgency=low + + * Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using + in LXC with Precise. + + -- Stéphane Graber Fri, 10 Feb 2012 15:34:05 -0500 + +shadow (1:4.1.4.2+svn3283-3ubuntu3) precise; urgency=low + + * Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones; + Debian #544184; fixes console on Vexpress boards (e.g. in QEMU). + + -- Loïc Minier Wed, 30 Nov 2011 22:47:47 +0100 + +shadow (1:4.1.4.2+svn3283-3ubuntu2) oneiric; urgency=low + + * debian/login.defs: + - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG + handling does not only apply to "former (pre-PAM) uses". + - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify + this default for UPGs. (Closes: #583971) + + -- Martin Pitt Fri, 24 Jun 2011 11:07:34 +0200 + +shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low + + * The "string cheese" release. + * Merge from Debian unstable. Remaining changes: + - Ubuntu specific: + + debian/login.defs: use SHA512 by default for password crypt routine. + - debian/{source_shadow.py,rules}: Add apport hook + - debian/rules: fix FTBFS from newer libtools + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + * Dropped changes, merged in Debian: + - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates. + - CVE-2011-0721 + * Mark passwd Multi-Arch: foreign, so packages that aren't of the same + arch can depend on it. + + -- Steve Langasek Sun, 20 Feb 2011 15:59:15 -0800 + +shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high + + * The "Trappe d'Echourgnac" release. + * Fix typo in /etc/pam.d/login comments. Thanks to Ferenc Wagner. + Closes: #598717 + * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation + leading to possible user or group creation in NIS environments. + + -- Nicolas FRANCOIS (Nekral) Mon, 13 Feb 2011 23:20:05 +0100 + +shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low + + * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd. + - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates. + - CVE-2011-0721 + + -- Kees Cook Tue, 15 Feb 2011 13:57:01 -0800 + +shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low + + * debian/patches/495_stdout-encrypted-password: adjust patch for changes + in src/chpasswd.c to fix FTBFS + + -- Oliver Grawert Tue, 04 Jan 2011 15:48:49 +0100 + +shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - Ubuntu specific: + + debian/login.defs: use SHA512 by default for password crypt routine. + - debian/{source_shadow.py,rules}: Add apport hook + - debian/rules: fix FTBFS from newer libtools + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM. + + -- Oliver Grawert Wed, 24 Nov 2010 13:42:42 +0100 + +shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low + + * The "Bleu du Vercors-Sassenage" release. + * Fix backup command line in cron.daily script. Closes: #596283 + + -- Nicolas FRANCOIS (Nekral) Sat, 25 Sep 2010 23:38:39 +0200 + +shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low + + * The "Bleu de Gex" release. + * New upstream unreleased version: + - Fix formatting of the login.defs.5 manpage. Closes: #542804 + - Updated Czech translation. Closes: #548407 + - Updated Vietnamese translation. Closes: #548065 + - Remove patches applied upstream: + + debian/patches/008_su_no_sanitize_env + + debian/patches/483_su_fakelogin_wrong_arg0 + - Updated patches: + + debian/patches/523_su_arguments_are_no_more_concatenated_by_default + + debian/patches/542_useradd-O_option + - Added support for dates already specified as a number of days since + Epoch in useradd, usermod and chage. Closes: #562221 + - This also allows, in the chage interactive mode, to specify -1 as the + expiration date to disable it. Closes: #573018 + - Fixed parsing of gshadow. This fix password support in newgrp. + Closes: #569899 + - pwck and grpck stop sorting at the first line which begins with a '+'. + This will avoid messing up with NIS entries. Closes: #567836 + - Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231 + - mail checking is no more mentioned in login(1) since it is done by PAM. + Closes: #470059 + - The -e (and -c and -m) option was restored in chpasswd (which still uses + PAM by default). Closes: #539354 + - Kazakh translation updated. Closes: #586994 + - Fixed comma splice in chsh(1). Closes: #582166 + * debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change + from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523 + * debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports + (e.g. emulated by QEMU). Closes: #544184 + * debian/control: Removed Martin Quinson from the Uploaders, on his request. + * debian/login.defs: Improve documentation of USERGROUPS_ENAB. + Closes: #572687 + * debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633 + * debian/login.pam: return back to mostly "requisite" for the pam_securetty + PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from + entering a password, and will also avoid user enumeration attacks. + Mis-typed root login are not protected, only root can be blamed for + mis-typing and entering a password on an insecure line. Users willing to + protect against mis-typed root login can use "requisite", but will be + vulnerable to user enumeration attacks on insecure lines, and should use + pam 1.1.0-4 at least. Closes: #574082, #531341 + * debian/passwd.cron.daily: Handle the backups of the user and group + databases so that it can be removed from the standard daily cron job. + Closes: #554170 + * debian/login.defs: Updated description of UMASK (used by pam_umask). + * debian/securetty.linux: Reorganize and synchronize with + Documentation/devices.txt. This added a lot of TTYs, including the + ttyPZ0..3. Closes: #576203 + * debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug + 507673, causing missing apostrophes in the manpages generated by + docbook-xsl (see debian bug 507673). + * debian/control: Standards-Version: bumped to 3.8.4. No changes. + * debian/passwd.lintian-overrides: Remove old entries relevant for + passwd.config. + * debian/control: Do not repeat the Section and Priority fields for the + binary packages. + * debian/rules: Disable new features: --without-acl --without-attr + --without-tcb + + -- Nicolas FRANCOIS (Nekral) Sun, 29 Aug 2010 21:14:12 +0200 + +shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low + + * add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with + TI's DMA-offloaded driver instead of the default 8250 one the serial tty's + are called like that (LP: #512845). + + -- Oliver Grawert Tue, 31 Aug 2010 14:45:17 +0200 + +shadow (1:4.1.4.2-1ubuntu2) lucid; urgency=low + + * debian/{source_shadow.py,rules}: Add apport hook + * debian/rules: fix FTBFS from newer libtools + + -- Marc Deslauriers Tue, 26 Jan 2010 08:54:59 -0500 + +shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low + + * Merged with debian unstable. Remaning changes (LP: #477299): + - Ubuntu specific: + + debian/login.defs: use SHA512 by default for password crypt routine. + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM. + + -- Nicolas Valcárcel Scerpella (Canonical) Sat, 07 Nov 2009 04:55:18 -0500 + +shadow (1:4.1.4.2-1) unstable; urgency=low + + * The "Tome des Bauges" release. + * New upstream release: + - Updated Basque translation. Closes: #535553 + - Fixed some translatable string. Closes: #525726 + - Fixed documentation of the short option for --mindays in passwd(1). + Closes: #531983 + - Added support for shells being shell scripts without a shebang. + Closes: #479406 + * debian/securetty.linux: Added Embedded Renesas SuperH ports. + Closes: #535927 + * debian/securetty.linux: Added ttyS2 to ttyS5. Some extension card provide + more serial ports, but that should be sufficient until there is a support + for regular expressions. Closes: #534244 + * debian/patches/506_relaxed_usernames: Fixed typo. groupadd(8) should + document the restriction on groupnames, not usernames. + * debian/login.pam: pam_securetty included as a required module instead of + requisite to avoid leak of user name information. Closes: #531341 + * debian/shadowconfig.sh: Do not run shadowoff() and shadowon() in subshell. + This also remove a dependency on bash (even though /bin/sh would have been + sufficient). Thanks to Luk for spotting this. + * debian/login.dirs, debian/passwd.dirs: Removed usr/share/linda/overrides. + * debian/control: Standards-Version: bumped to 3.8.2. No changes. + + -- Nicolas FRANCOIS (Nekral) Fri, 24 Jul 2009 05:03:23 +0200 + +shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low + + * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2 + as serial port. + + -- Loïc Minier Fri, 31 Jul 2009 15:34:56 +0200 + +shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low + + * Resynchronise with Debian. Remaining changes: + - Ubuntu specific: + + debian/login.defs: use SHA512 by default for password crypt routine. + - debian/patches/495_stdout-encrypted-password: chpasswd can report + password hashes on stdout (Debian bug 505640). + * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM. + It's looking a bit ugly now ... + + -- Colin Watson Wed, 03 Jun 2009 11:16:51 +0100 + +shadow (1:4.1.4.1-1) unstable; urgency=low + + * The "Chevrotin" release. + * New upstream release: + - Fixed typo in the French vipw usage. Closes: #528486 + - Fixed failure to delete an user (wrongly detected as still logged in). + On Linux, userdel checks if the user has some running processes. + Otherwise, it still check with utmp if the user is logged in and check + if the process indicated by utmp is still running to avoid + mis-detection of logged-in users. Closes: #528060 + - newgrp and sg return the exit status of their child. Closes: #529897 + - Updated patches: + + debian/patches/506_relaxed_usernames + * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no + more used by chpasswd and newusers. + * debian/patches/*: Updated patches to the new quilt and shadow versions. + * debian/patches/506_relaxed_usernames: usernames with a slash will not only + break one option. Move to the discussion on the usernames. + + -- Nicolas FRANCOIS (Nekral) Fri, 22 May 2009 16:29:58 +0200 + +shadow (1:4.1.4-3) unstable; urgency=low + + * The "Banonet" release. + * debian/login.pam: Really ignore pam_selinux.so failures when the module do + not exist. Closes: #528673 + + -- Nicolas FRANCOIS (Nekral) Sat, 16 May 2009 12:11:15 +0200 + +shadow (1:4.1.4-2) unstable; urgency=low + + * The "Banon" release. + * debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides: + Removed linda-overrides files. + * debian/rules: Install the lintian overrides with dh_lintian. + * debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian. + * debian/compat: Raised to 6 + * debian/login.postinst: Install /var/log/faillog during initial installs + only. This permits admins to disable failed logins recording. + Closes: #488420 + * debian/login.pam: Ignore pam_selinux.so failures when the module do not + exist. A required pam_selinux.so makes login fail when the module does not + exist (e.g. on architecture without SE Linux support). Closes: #528673 + + -- Nicolas FRANCOIS (Nekral) Thu, 14 May 2009 22:36:34 +0200 + +shadow (1:4.1.4-1) unstable; urgency=low + + * The "Chambérat" release. + * New upstream release: + - Updated Czech translation. Closes: #525658 + - Updated French translation. + - Updated German translation. Closes: #527131 + - Updated Japanese translation. + - Updated Korean translation. Closes: #524719 + - Updated Portuguese translation. Closes: #525531 + - Updated Russian translation. Closes: #527636 + - passwd: Report password properties changes if the password is not + actually changed. Closes: #525967 + - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873 + - Remove patches applied upstream: + + debian/patches/403_fix_PATH-MAX_hurd + - Updated patches: + + debian/patches/008_login_log_failure_in_FTMP + + debian/patches/401_cppw_src.dpatch + + debian/patches/429_login_FAILLOG_ENAB + + debian/patches/463_login_delay_obeys_to_PAM + - pwck and grpck warn when the shadowed and non-shadowed files contain + an entry for the same user or group and the non shadowed file password + field is not 'x'. Closes: #501869 + Other topics raised in this bug were fixed previously. + * debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095 + * debian/securetty.linux: Added some local X displays. See LP #104957. But + only a limited set of displays were added. + * debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam: + Install the newusers and chpasswd PAM service configuration files. + newusers and chpasswd now use PAM to update the passwords. + Closes: #525153 + * debian/login.pam: Updated support for SELinux. Closes: #527106 + * debian/control: Standards-Version bumped to 3.8.1. No changes. + * debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead + of >= 0.4.3-1) + * debian/control: Added ${misc:Depends} to the passwd's Depends and login's + Pre-Depends. + + -- Nicolas FRANCOIS (Nekral) Mon, 11 May 2009 00:25:11 +0200 + +shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low + + * Merge from debian unstable, remaining changes: + - Ubuntu specific: + + debian/login.defs: use SHA512 by default for password crypt routine. + - debian/patches/stdout-encrypted-password.patch: chpasswd can report + password hashes on stdout (debian bug 505640). + - debian/login.pam: Enable SELinux support (debian bug 527106). + - debian/securetty.linux: support Freescale MX-series (debian bug 527095). + * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873). + * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed + upstream. + + -- Kees Cook Tue, 05 May 2009 09:45:21 -0700 + +shadow (1:4.1.3.1-1) unstable; urgency=low + + * The "Le Puant Macéré" release. + Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should + count for two. + * New upstream release: + - Fixed wrong parsing of octal permissions. This impacted login (permission + of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only. + Closes: #524139, #524258 + - removed debian/patches/200_bin_nb: Applied upstream. + - removed debian/patches/302_vim_selinux_support: Applied upstream. + - Fixed login segfault when called without a username. Closes: #524193 + + -- Nicolas FRANCOIS (Nekral) Wed, 15 Apr 2009 23:59:06 +0200 + +shadow (1:4.1.3-1) unstable; urgency=low + + * The "" release. + * New upstream release: + - Fix possible login DOS. Closes: #505071 + - Fix gpasswd and username with 32 characters. Closes: #508785 + - Fix typo in nologin(8). Closes: #513252 + - Remove old features from passwd(1). Closes: #499578 + - login: Close passwd while waiting for exit. Closes: #474318 + - login: fix the count of login failures. Closes: #498788 + - Remove patches applied upstream (4.1.2): + + debian/patches/434_login_stop_checking_args_after-- + + debian/patches/491_configure.in_friendly_selinux_detection + + debian/patches/487_passwd_chauthtok_failed_message + + debian/patches/406_vipw_resume_properly + + debian/patches/414_remove-unwise-advices + + debian/patches/300_SHA_crypt_method + + debian/patches/301_manpages_missing_options + + debian/patches/415_login_put-echoctl-back + + debian/patches/431_su_uid_0_not_root + - Remove patches applied upstream (4.1.3): + + debian/patches/200_Czech_binary_translation + + debian/patches/302_remove_non_translated_polish_manpages + + debian/patches/494_passwd_lock-no_account_lock + + debian/patches/200_Czech_binary_translation + + debian/patches/494_passwd_lock-no_account_lock + - Updated patches: + + debian/patches/431_su_uid_0_not_root + + debian/patches/463_login_delay_obeys_to_PAM + + debian/patches/008_su_get_PAM_username + + debian/patches/302_vim_selinux_support + + debian/patches/008_login_log_failure_in_FTMP + + debian/patches/429_login_FAILLOG_ENAB + + debian/patches/428_grpck_add_prune_option + + debian/patches/401_cppw_src.dpatch + + debian/patches/506_relaxed_usernames + + debian/patches/463_login_delay_obeys_to_PAM + + debian/patches/542_useradd-O_option + - Translations + + New Kazakh translation. Closes: #517809 + + Updated Slovak translation. Closes: #523621 + * debian/patches/454_userdel_no_MAIL_FILE: Patch removed. If MAIL_FILE is + defined, the mailbox is not in MAIL_SPOOL_DIR. + * debian/patches/506_relaxed_usernames: Use an extra paragraph for the note + on username with a '/'. + * debian/patches/504_undef_USE_PAM.nolibpam, + debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed. + Replaced by the --disable-account-tools-setuid configure option. + * debian/control: changed the "Replaces" on manpages-zh to a versioned + one on 1.5.1-1 + * debian/control: drop all Replaces on manpages-* when the version is + prior to Etch + * Versioned Replaces on manpages-tr (<<1..5) as conflicting manpages have + been removed in that package + * debian/patches/402_cppw_selinux: Add SE Linux support for cppw / cpgr. + * debian/patches/900_testsuite_groupmems, debian/patches/901_testsuite_gcov: + Added patches, only intended to be used in the testsuite. + * debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac + machines. Closes: #511739 + * debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and + 505271, this additional debug information is no more needed. + * debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the + --with-group-name-max-length=32 configure option. + * debian/patches/592_manpages_typos: No more needed. + * debian/patches/401_cppw_src.dpatch: Call fsync before closing the backup + file descriptor. This ensures that the backup file will be available on + the storage medium. + * debian/securetty.linux: Removed devfs devices. Usage of devfs enabled + kernel in Lenny was not supported. Closes: #511961 + * debian/login.defs: Added /usr/local/games/ to ENV_PATH (for regular + users). Closes: #487379 + * debian/patches/200_bin_nb: Updated Norwegian Bokmål translation. + Closes: #523798 + * debian/login.defs: Update GID_MIN to 1000. This is more consistent with + UID_MIN, SYS_GID_MAX and the usage of the same ID for UID and GIDs. This + should also be more consistent with the assignment of system group IDs + starting from GID_MAX and going down. + + -- Nicolas FRANCOIS (Nekral) Tue, 14 Apr 2009 23:33:22 +0200 + +shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low + + * debian/login.preinst: fix typo in grep (LP: #354887). + + -- Kees Cook Fri, 03 Apr 2009 22:12:07 -0700 + +shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low + + * debian/login.preinst: add special-case handling to restore the + original white-space in /etc/login.defs that is changed by + system-tools-backends (LP: #316756). + + -- Kees Cook Fri, 03 Apr 2009 14:33:43 -0700 + +shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low + + * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504) + - If the system clock is set to Jan 01, 1970, and a new user is created + the last changed field gets set to 0, which tells login that the + password is expired and must be changed. During installation, + this can cause autologin to fail. Having the clock set to 01/01/1970 + on a fresh install is common on the ARM architecture, so this is a high + priority bug since its likely to affect most ARM users on first install + + -- Michael Casadevall Thu, 02 Apr 2009 14:05:31 -0400 + +shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low + + [ Bryan McLellan ] + * Don't do the vm-builder root password check on fresh installations + (LP: #340841). + + -- Colin Watson Tue, 17 Mar 2009 13:32:55 +0000 + +shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low + + * debian/securetty.linux (LP: #316841) + - Updated securetty support for Freescale MX-series boards + + -- Michael Casadevall Tue, 13 Jan 2009 12:56:38 -0500 + +shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - Ubuntu specific: + + debian/login.pam: Enable SELinux support in login.pam. + + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS. + + debian/login.defs: use SHA512 by default for password crypt routine. + + debian/passwd.postinst: disable the root password for virtual + machines created with vm-builder on Ubuntu 8.10. + - debian/patches/stdout-encrypted-password.patch: allow chpasswd to + report encrypted passwords to stdout for tools needing encrypted + passwords (debian bug 505640). + + -- Kees Cook Mon, 08 Dec 2008 00:44:46 -0800 + +shadow (1:4.1.1-6) unstable; urgency=medium + + * The "Rollot" release. + * debian/patches/303_login_symlink_attack: Fix a race condition that could + lead to gaining ownership or changing mode of arbitrary files. + Closes: #505271 + * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is + referenced in the manpage, not LOGIN. Closes: #501830 + * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp + files. Closes: #501353 + + -- Nicolas FRANCOIS (Nekral) Fri, 14 Nov 2008 21:52:42 +0100 + +shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low + + * disable the root password for virtual machines created with vm-builder + on Ubuntu 8.10. (LP: #296841) + + -- Jamie Strandboge Thu, 13 Nov 2008 20:32:42 -0600 + +shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low + + * debian/login.defs: use SHA512 by default for password crypt routine + (LP: #51551, currently Ubuntu specific). + * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report + encrypted passwords to stdout for tools needing encrypted passwords + (debian bug 505640). + * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS. + + -- Kees Cook Thu, 13 Nov 2008 16:43:48 -0800 + +shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/login.pam: Enable SELinux support in login.pam. + + -- Scott James Remnant Wed, 05 Nov 2008 07:26:43 +0000 + +shadow (1:4.1.1-5) unstable; urgency=low + + * The "Bergues" release. + * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of + unknown user. Closes: #443322, #495831 + + -- Nicolas FRANCOIS (Nekral) Sun, 14 Sep 2008 19:13:34 +0200 + +shadow (1:4.1.1-4) unstable; urgency=low + + * The "Rocamadour" release. + * debian/patches/302_remove_non_translated_polish_manpages, + debian/patches/series: Remove the (untranslated) su.1 and login.1 polish + translation. Closes: #491460 + * debian/patches/506_relaxed_usernames: Document that the naming policy is + also used for the group names policy. Differentiate the Debian + constraints in a separate paragraph. Added documentation of the username + length restriction. Closes: #493230 + * debian/patches/507_32char_grnames.dpatch: Update the documentation of the + group length restriction. Closes: #493230 + * debian/login.pam: Replace the "multiple" option of pam_selinux by + "select_context". This requires PAM 1.0.1, but is commented. + Closes: #493181 + * debian/patches/494_passwd_lock-no_account_lock: Fix typo (missing + parenthesis). Thanks to Moray Allan. + + -- Nicolas FRANCOIS (Nekral) Fri, 15 Aug 2008 12:36:15 -0300 + +shadow (1:4.1.1-3) unstable; urgency=low + + * The "Morbier" release. + * debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr. + Thanks to Russell Coker. Closes: #491907 + * debian/patches/494_passwd_lock-no_account_lock: Restore the previous + behavior of passwd -l (which changed in #389183): only lock the user's + password, not the user's account. Also explicitly document the + differences. This restores a behavior common with the previous versions of + passwd and with other implementations. Closes: #492307 + * debian/patches/494_passwd_lock-no_account_lock: Add a reference to + usermod(8) in passwd(1). Closes: #412234 + * debian/login.pam: Enforce a fail delay to avoid login brute-force. + Closes: #443322 + * debian/login.pam: Indicate why the pam_securetty module is used as a + requisite module and mentions the possible drawbacks. Closes: #482352 + * debian/login.defs: Do not mention the libpam-umask package (the module is + now provided by libpam-modules). Closes: #492410 + * debian/patches/200_Czech_binary_translation: Updated Czech translation. + Thanks to Miroslav Kure. Closes: #482823 + * debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1). + Closes: #488515 + + -- Nicolas FRANCOIS (Nekral) Sat, 26 Jul 2008 10:12:46 +0200 + +shadow (1:4.1.1-2) unstable; urgency=low + + * The "Brie de Meaux" and "Brie de Melun" double cheese release. + * Backported patches from upstream + - debian/patches/300_SHA_crypt_method: + This fixes bugs in the SHA encryption method that force the salt to have + 8 bytes (instead of a random length between 8 and 16 bytes), and force + the number of SHA rounds to be equal to the lowest limit (at least 1000 + SHA rounds). + - debian/patches/301_manpages_missing_options: + This add the missing documentation of options in useradd, groupadd, and + newusers. + * Tag patches already applied upstream + - debian/patches/487_passwd_chauthtok_failed_message + - debian/patches/406_vipw_resume_properly + - debian/patches/008_su_get_PAM_username + - debian/patches/491_configure.in_friendly_selinux_detection + - debian/patches/434_login_stop_checking_args_after-- + - debian/patches/414_remove-unwise-advices + * Added description of new variables in /etc/login.defs: + - SYS_UID_MIN, SYS_UID_MAX, SYS_GID_MIN, SYS_GID_MAX + - ENCRYPT_METHOD + - SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS + * New Debian Policy: + - debian/control: Bump Standards-Version to 3.8.0 (no changes needed). + - debian/README.source: Document how to patch the upstream source, how to + use quilt, how to package a new upstream and how to use the testsuite. + * debian/patches/505_useradd_recommend_adduser: Fix typo: userdel is used to + remove an user, not to add one. Closes: #475795 + + -- Nicolas FRANCOIS (Nekral) Fri, 13 Jun 2008 01:27:16 +0200 + +shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low + + * Merge from debian unstable, remaining changes: + - debian/login.pam: Enable SELinux support in login.pam. + + -- Kees Cook Mon, 09 Jun 2008 10:08:38 -0700 + +shadow (1:4.1.1-1) unstable; urgency=low + + * New upstream release. This closes the following bugs: + - Fix errors when gpasswd is called without a gshadow file. + Closes: #467236, #467488 + - Fix newgrp segfault when the primary group is not listed in /etc/groups. + Closes: #461670 + - Fix infinite loop in usermod when two groups have the same name. + Closes: #470745 + - Make SE Linux tests more strict, when the real UID is 0 SE Linux checks + will be performed. Closes: #472575 + - Option --password added to groupadd / groupmod (like useradd / usermod). + Closes: #445484 + - Remove patches applied upstream: + + debian/patches/451_login_PATH + + debian/patches/462_warn_to_edit_shadow + + debian/patches/467_useradd_-r_LSB + + debian/patches/466_fflush-prompt + + debian/patches/480_getopt_args_reorder + + debian/patches/496_login_init_session + + debian/patches/408_passwd_check_arguments + + debian/patches/412_lastlog_-u_numerical_range + + debian/patches/407_adduser_disable_PUG_with-n + - Updated patches: + + debian/patches/504_undef_USE_PAM.nolibpam + $(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la. + Avoid link to unneeded libraries (spotted by dpkg-shlibdeps). + + debian/patches/501_commonio_group_shadow + + debian/patches/429_login_FAILLOG_ENAB + + debian/patches/542_useradd-O_option + + debian/patches/401_cppw_src.dpatch + + debian/patches/428_grpck_add_prune_option + - Updated translations: + + Basque. Closes: #473555 + + German. Closes: #473646 + + Italian. Closes: #472951 + + Korean. Closes: #471935 + + Portuguese. Closes: #472244 + + Russian. Closes: #472506 + + Slovak. Closes: #471802 + + Turkish. Closes: #473279 + * debian/watch: Add a watch file for shadow. + * debian/rules, debian/recode_manpages.sh: Do not recode the manpages. + Keep them in UTF-8. + * debian/rules, debian/control: login (>= 970502-1) was already provided + by login in Hamm. libpam-modules (>= 0.72-5) was already provided by + libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided + by libpam-runtime in Sarge (now oldstable). Simplify the dependencies. + * debian/control: Move the dependency on libpam-modules from Depends to + Pre-Depends. The login package is Essential, and without libpam-modules, + login or su are not functional. Thanks to Steve Langasek for pointing this + out. + * debian/control: There's no need for a dependency on login (now that it is + unversionned; see above) in the passwd package. + * debian/control: The passwd's Replaces on manpages-de can be versionned + again. The su(1) manpage was removed from manpages-de. + * debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200 + serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5). + Closes: #461374 + * debian/control: Change XS-X-Vcs-Svn to Vcs-Svn. Update the link to the + new repository layout. Add a Vcs-Browser field. + * debian/control: Added Homepage field. + * debian/passwd.postrm: Removed (was empty). + + -- Nicolas FRANCOIS (Nekral) Thu, 03 Apr 2008 01:31:10 +0200 + +shadow (1:4.1.0-2) unstable; urgency=low + + * The "Bleu des Causses" release + * Unversion the conflict with manpages-de for login, as it also provides + a German manpage for su(1). Closes: #460508 + + -- Christian Perrier Sun, 13 Jan 2008 18:52:46 +0100 + +shadow (1:4.1.0-1) unstable; urgency=low + + [ Nicolas FRANCOIS (Nekral) ] + * The "Bleu d'Auvergne" release + * New upstream release. This closes the following bugs: + - usermod: Make usermod options independent of the argument order. + Closes: #451518 + - login: Improve logging of login when the user's passwd entry could not + be retrieved. Closes: #451521 + - Updated Russian translations. Thanks to Yuri Kozlov . + Closes: #452291, #452296 + - Section of newgrp fixed in the gshadow manpage. Closes: #454485 + - Remove patches applied upstream: + + 468_duplicate_passwd_struct_before_usage + + 495_salt_stack_smash + + 397_non_numerical_identifier + + 405_su_no_pam_end_before_exec + + 493_pwck_no_SHADOWPWD + + 497_newgrp_primary_group + + 409_man_generate_from_PO + + 410_newgrp_man_mention_sg + + 411_chpasswd_document_no_pam + + 494_passwd_lock + + 417_passwd_warndays + - Updated patches: + + debian/patches/504_undef_USE_PAM.dpatch + MD5_CRYPT_ENAB is back in login.defs to define the default crypt + algorithm. It is tagged as deprecated and ENCRYPT_METHOD is + recommended instead. New algorithms are also available. + Closes: #447747 + * Debian packaging fixes: + - debian/rules: compile with -W -Wall + - debian/rules: large files are now supported by configure. Remove + -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 from + CFLAGS. + - 479_chowntty_debug was debian specific. Renamed to 579_chowntty_debug + - Remove (not applied patch) 419_time_structures.dpatch. All its chunks + are already applied upstream (with some differences), except one chunk + which comes from 008_login_log_failure_in_FTMP. Fix + 008_login_log_failure_in_FTMP. This should fix some bugs causing invalid + faillog entries on 64 bit architectures with 32 bit compatibility. + - debian/securetty.linux: Add ttyS1. Better comments for the ttyS and xen + consoles. Add a note for the devfs consoles. They are no more needed for + most users. Closes: #454584 + + [ Christian Perrier ] + * debian/control + - Updated to Standards: 3.7.3.0 (checked, no change needed) + + -- Christian Perrier Sat, 12 Jan 2008 20:40:02 +0100 + +shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low + + * Add 498_make_useradd_faster_with_ldap: make useradd faster when + nsswitch uses LDAP or some other remote names database (LP: #120015), + thanks to Vince Busam. + + -- Matt T. Proud Fri, 08 Feb 2008 18:30:51 -0800 + +shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low + + * debian/login.pam: Enable SELinux support in login.pam (LP: #191326). + + -- Caleb Case Fri, 08 Feb 2008 02:20:06 -0500 + +shadow (1:4.0.18.2-1) unstable; urgency=low + + * The "Vacherin" release. + * New upstream version. This closes the following bugs: + - gpasswd manpage improvements. Closes: #445480 + - support for the resource limits "max nice value", and "max real time + priority" was added upstream. Note that it does not impact Debian + because shadow is compiled with PAM support on Debian. Closes: #442334 + - Finnish translation. Closes: #448233 + - Remove patches applied upstream: + + 438_su_GNU_origin + + 433_shadow.5-typo_312430 + + 402-clarify_usermod_usage + + 498_man_nonpam_undefined + + 301_passwd-typo-383216 + + 101_ja + + 102_de-fix-sorry + + 404_man-fr + + 103_man-de + + 104_man-sv + + 302_su_man_mention_sg + + 303_wording_fixes_in_su_man + + 201_fix_man_su_fr + + 202_it_man_uses_gettext + + 413_no-sorry-in-passwd + + 416_man-fr_newgrp + - The upstream tarball is now built with gettext 0.16. Remove + + 499_gettext-0.15 + - Significant changes to patches + + 397_non_numerical_identifier + usermod.c was already patched upstream; useradd.c was not. + + 467_useradd_-r_LSB + Simplifications. There should be no changes. + + 409_man_generate_from_PO + The Italian PO was added upstream. Patch the Italian Makefile. + * Upstream bugs not fixed in upstream's CVS: + - debian/securetty.linux: Added xvc0 and hvc0 consoles to the Linux's + consoles where root login is allowed. (triggered by #423389) + - debian/patches/417_passwd_warndays: Correct the long option name for + "-w" from "warning" to "warndays". Closes: #445481 + * Upstream translation updates: + - debian/patches/105_zh_CN: Update Simplified Chinese translation + Closes: #431287 + - debian/patches/416_man-fr_newgrp: Fix a typo in the French newgrp man + page. Thanks to Nicolas Aupetit. Closes: #439090 + * Debian packaging fixes: + - Fix typos in useradd default file. Thanks to Justin Pryzby. + - Fix typos in cppw.8. Thanks to Justin Pryzby. Closes: #447757 + + -- Christian Perrier Tue, 30 Oct 2007 06:11:40 +0100 + +shadow (1:4.0.18.1-11) unstable; urgency=low + + * The "Baguette laonnaise" release + * Reactivate ECHOCTL in login after it disappeared in 4.0.8. Closes: #429758 + * Disable audit support. This fixes a failure to build from source. + Reported by Sesse + + -- Christian Perrier Fri, 22 Jun 2007 19:33:01 +0200 + +shadow (1:4.0.18.1-10) unstable; urgency=low + + * The "Trappe d'Échourgnac" release + * Upstream bugs fixed in upstream's CVS: + - 302_su_man_mention_sg: mention sg(1) in su man page. Closes: #396690 + - 303_wording_fixes_in_su_man: minor wording fixes in su(1) + * Upstream bugs not fixed in upstream's CVS: + - 410_newgrp_man_mention_sg: mention sg(1) in newgrp man page + - 201_fix_man_su_fr: fix translation error in french translation for su(1) + - 202_it_man_uses_gettext: switch italian manpages to gettext. This will + fix missing paragraphs in translated manpages. Closes: #425689 + - 411_chpasswd_document_no_pam: Document that chgpasswd do not use PAM to + update the passwords. Thus functionnalities provided by PAM modules are + not present in chgpasswd (e.g. writting the old password in + /etc/security/opasswd). Closes: #396726 + - 412_lastlog_-u_numerical_range: allow numerical UID and range of IDs in + argument to lastog -u. Closes: #259494 + - 413_no-sorry-in-passwd: No longer print 'Sorry' when something + fails in passwd, su and newgrp. Closes: #384164 + - 414_remove-unwise-advices: Remove not so wise advices about choosing + passwords. Closes: #386818 + - 494_passwd_lock: set the account expiry field when using + "passwd -l/-u". Closes: #389183 + * Debian packaging fixes: + - 506_relaxed_usernames: do not allow spaces in usernames. This was at + least broken with username starting with a space or tabulation (the user + can be added but not removed). Closes: #400683 + + -- Christian Perrier Sun, 17 Jun 2007 07:38:14 +0200 + +shadow (1:4.0.18.1-9) unstable; urgency=low + + * The "Etorki" release + * Fix debian/copyright and mention that the upstream site + is "temporarily?) no longer available. Closes: #423956 + Add the various copyrights from Marek, Andrzej and Tomasz + (deduced from the ChangeLog entries as upstream doesn't have an + explicit copyright file) + * Debian packaging fixes: + The 3 following entries fix the FTBFS when built twice in a row. + Closes: #424257 + - 498_man_nonpam_undefined: Do not patch the generated man/it/Makefile.in. + - 409_man_generate_from_PO: Generate the translated man pages at build + time. + - 200_regenerate_manpages: No more needed. + + + -- Christian Perrier Tue, 15 May 2007 23:40:13 +0200 + +shadow (1:4.0.18.1-8) unstable; urgency=low + + * The "Feuille de Dreux" release + * New upstream version + * Debian packaging fixes: + - 505_useradd_recommend_adduser: Recommend using adduser and deluser for + regular operations. Closes: #406046 + - Versioned Build-Depends on gnome-doc-utils as we use the "-l" + switch of xml2po. Closes: #390110 + - Remove conflicts for packages that are only in Debian releases prior + to sarge: + - passwd: shadow-passwd, pam-apps, suidregister (<< 0.50), debconf (<< 0.5) + - login: shadow-login, pam-apps, secure-su, suidregister (<< 0.50) + - Remove all debconf configuration. This is now done in D-I and is + no longer useful on regular systems. Closes: #386529 + - Remove Replaces for packages that are only in Debian releases prior + - passwd: manpages (<=1.15-2), manpages-pl (<= 20020406-1) + - login: shadow-login, shadow-passwd, shellutils (<< 2.0-2), manpages-pl (<= 20020406-1) + - Remove unneeded Build-Depends: bzip2, file, texinfo, libpam-runtime + - /etc/default/useradd: Mentions the creation of primary user groups is + neither -n nor -g are specified. See also 407_adduser_disable_PUG_with-n + - no longer include /usr/bin/X11 in defaults PATH variable. Closes: #395890 + - set debhelper compatibility to 5 through debian/compat + - ignore a false positive lintian warning about + possible-missing-colon-in-closes in line 668 of the changelog + * Upstream bugs not yet fixed in upstream releases or CVS: + - 493_pwck_no_SHADOWPWD: SHADOWPWD no more exist. + pwck do not detect missing users in /etc/shadow. + - 466_fflush-prompt: Fix compilation error. + One call to yes_or_no was forgotten because it was in + commented code (which is now enabled). + - 406_vipw_resume_properly: Resume correctly after ^Z + Thanks to Dean Gaudet for the patch and report. Closes: #414542 + - 497_newgrp_primary_group: Do not request a password when a user uses + newgrp to switch to her primary group. Closes: #396691 + - 407_adduser_disable_PUG_with-n: Add option -n to useradd to disable the + creation of primary user groups. Closes: #416835 + - 408_passwd_check_arguments: Check the passwd arguments and fail with the + usage message if there are more than one non option arguments (i.e. + usernames). Closes: #410268 + * Upstream bugs fixed in upstream releases or CVS: + - 497_non_numerical_identifier moved as 397_non_numerical_identifier + because upstream applied it + + -- Christian Perrier Mon, 07 May 2007 14:53:13 +0200 + +shadow (1:4.0.18.1-7) unstable; urgency=low + + * The "Pélardon" release + * Debian packaging fixes: + - debian/recode_manpages.sh: Recode the Swedish manpages to ISO-8859-1. + Closes: #403210 + - 200_regenerate_manpages: Manually generate the man pages. This fixes the + formatting of some pages (e.g. passwd.5); permits to propagate the Debian + changes to the translated manpages; and to benefit from the fixes in the + Swedish manpages (see 104_man-sv). + * Upstream bugs fixed upstream: + - 104_man-sv: Fix Swedish manpages's PO encoding (some characters were + converted twice to UTF-8). + * Upstream bugs or fixes not yet fixed in upstream releases or CVS: + - 405_su_no_pam_end_before_exec: Avoid terminating the PAM library in the + forked child. This is done later in the parent after closing the PAM + session. With pam_krb5, this allow users to reuse the cached credential + in the forked shell. Closes: #412061 + + -- Christian Perrier Tue, 27 Feb 2007 06:51:44 +0100 + +shadow (1:4.0.18.1-6) unstable; urgency=low + + * The "Vieux Lille" release + * Upstream translation updates: + - debian/patches/404_man-fr: Fix the French translation of + passwd.1. Closes: #395537 + * Upstream bugs or fixes not yet fixed in upstream releases or CVS: + - 403_fix_PATH-MAX_hurd: fixed glibc error on Hurd by not freeing f + unconditionnally. Thanks to Michael banck for the patch fix + Closes: #402002 + * Upstream bugs fixed upstream: + - 103_man-de: early German translation of manpages. Updates + passwd manpage. Closes: #378899 + + -- Christian Perrier Thu, 7 Dec 2006 19:10:50 +0100 + +shadow (1:4.0.18.1-5) unstable; urgency=high + + * The "Chaource" release + * Debconf translation updates. + - Wolof. + * Debian packaging fixes: + - 401_cppw_src.dpatch: + Fix cppw, which copied to /etc/passwd even with the -s switch. + Closes: #394182 + + -- Christian Perrier Sat, 21 Oct 2006 23:33:20 +0200 + +shadow (1:4.0.18.1-4) unstable; urgency=low + + * The "Brocciu" release + * Debconf translation updates. Closes: #392193 + - Brazilian Portuguese. + - Finnish. + - Hindi. + - Hungarian. + - Indonesian. + - Norwegian Bokmål. + - Slovak. + - Turkish. + - Vietnamese. + + -- Christian Perrier Tue, 17 Oct 2006 22:52:54 +0200 + +shadow (1:4.0.18.1-3) unstable; urgency=low + + * The "Gris de Lille" release + * Debian packaging fixes: + - debian/control: Use XS-X-Vcs-Svn: field + - debian/login.pam: add (commented) SELinux enabling entry + to prepare the system for SELinux. Closes: #387480 + * Upstream translation updates: + - debian/patches/102_de-fix-sorry: Fix the translation of "Sorry" in + German. Closes: #383045 + * Debconf translation updates: + - Spanish. Closes: #383812 + - Hebrew. Closes: #387635 + + -- Christian Perrier Sun, 17 Sep 2006 08:54:22 +0200 + +shadow (1:4.0.18.1-2) unstable; urgency=low + + * The "Picodon" release + * Upstream translation updates: + - debian/patches/101_ja: Japanese. Closes: #381873 + * Debconf translation updates: + - Spanish. Closes: #383812 + * Upstream bugs fixed in upstream releases or CVS: + - debian/patches/301_passwd-typo-383216: fix a typo in passwd.1 + Closes: #383216 + * Upstream bugs not yet fixed in upstream releases or CVS: + - build with new gettext 0.15. This requires building with automake 1.9 + and a change in po/Makefile.in.in: 499_gettext-0.15. Closes: #384631 + + -- Christian Perrier Fri, 25 Aug 2006 19:12:25 +0200 + +shadow (1:4.0.18.1-1) unstable; urgency=low + + * The "Laguiole" release + * New upstream version. + * Upstream bugs not yet fixed in upstream releases or CVS: + - 497_non_numerical_identifier: In useradd and usermod, only numerical + group identifiers were supported. + Closes: #381394, #381399, #381404, #381408, #381448 + - 498_man_nonpam_undefined: Fix a build failure. + * Debian specific fixes: + - 496_login_init_session: only start a new session if we are init. + + -- Nicolas FRANCOIS (Nekral) Fri, 4 Aug 2006 18:50:53 +0200 + +shadow (1:4.0.18-1) unstable; urgency=low + + * The "Selles sur Cher" release + * New upstream version. This closes the following bugs: + - Fix the usermod's -a option. It should not take an + argument, -a it uses the -G argument. Closes: #380645 + - Galician translation. Closes: #378793 + - Basque translation. Closes: #378794 + - Russian translation. Closes: #378911 + * Debian packaging fixes: + - login.defs: do not mention GETPASS_ASTERISKS since it is no more used. + Thanks to Mike Frysinger for noticing it. + - 506_relaxed_usernames: Fix the regular expression of the accepted user + name in the useradd man page. Closes: #377844 + - Add Nicolas FRANCOIS to the Uploaders. + - Remove the NEWS entry for version 1:4.0.17-1. It was meant to warn + testing's users and is not meant for Etch users. + - manpages-it 0.3.4-3 do not collides with passwd anymore. Update the + Replaces field accordingly. + * Debconf translation updates: + - Japanese translation updated. Closes: #379954 + + -- Christian Perrier Sun, 16 Jul 2006 11:41:24 +0200 + +shadow (1:4.0.17-2) unstable; urgency=low + + * The "La Marseillaise 2006" release + * Upstream bugs not yet fixed in upstream releases or CVS: + - 495_salt_stack_smash: chpasswd/chgpasswd does not break if compiled + with SSP. Closes: #377825 + - 496_login_init_session: Make login initialize a session so that + ^C and ^Z work when used while booting with "init=/bin/login" + Closes: #374547 + + -- Christian Perrier Fri, 14 Jul 2006 13:05:53 +0200 + +shadow (1:4.0.17-1) unstable; urgency=low + + * The "Sainte-maure de Touraine" release + * New upstream version. This closes the following bugs: + - Russian translation. Closes: #374998 + - Khmer translation. Closes: #375065 + - Nepali translation. Closes: #375485 + - Korean translation. Closes: #375243 + - Vietnamese. Closes: #375086 + * Debian specific fixes: + - 503_shadowconfig.8: fix a typo in the French manpage (README.debian + instead of README.Debian). Thanks to Mohammed Adnène Trojette. + - 508_nologin_in_usr_sbin: keep nologin in /usr/sbin. + * Debian packaging fixes: + - passwd.postinst: Modified call to shadowconfig as "install" is not + a documented argument to postinst. Thanks to Justin Pryzby for + spotting that one and proposing a fix. Closes: #374457 + - passwd.templates: use "for internal use" as template for untranslatable + templates which will save some lintian warnings with future + versions of lintian + * Debconf translation updates: + - Lituanian translation updated. Closes: #374313 + - Dutch translation updated. Closes: #377003 + * Upstream bugs fixed upstream: + - debian/patches/301_useradd-375040: create the mail spool files during + user creation when CREATE_MAIL_SPOOL=yes. Closes: #375040 + Thanks to Stephen Gran for helping out with the correct patch. + + -- Christian Perrier Wed, 12 Jul 2006 22:55:13 +0200 + +shadow (1:4.0.16-2) unstable; urgency=low + + * The "Valençay" release + * Upstream bugs or fixes not yet fixed in upstream releases or CVS: + - 403_fix_PATH-MAX_hurd: fix FTBFS on Hurd. Thanks to Michael Banck + for the fix. Closes: #372155 + + -- Christian Perrier Sat, 10 Jun 2006 15:31:12 +0200 + +shadow (1:4.0.16-1) unstable; urgency=low + + * The "Cabécou" release + * New upstream release + * Added build dependency on gnome-doc-utils so that xml2po is available + for building + * Debian specific fixes: + - 504_undef_USE_PAM.dpatch: do not use PAM for chgpasswd + Closes: #369439 + - debian/rules, debian/passwd.install: cleanup + The limits.5 man page is no more installed by upstream. (It wasn't + neither on Debian). + - no more distribute the login.access.5 and porttime.5 man pages. + (not used when login uses PAM) + - 592_manpages_typos: add another fix for the XML man pages (useradd.8) + It is needed by the current version of docbook-xsl in Debian (1.68). + Closes: #369806 + * Debian packaging fixes: + - ignore some lintian warnings about templates writing style for + untranslatable templates + * Read /etc/default/locale in su PAM config file + Closes: #369391 + + -- Christian Perrier Wed, 7 Jun 2006 20:23:36 +0200 + +shadow (1:4.0.15-10) unstable; urgency=high + + * The "Emmental" release + * Upstream bugs or fixes fixed in upstream releases or CVS: + - Fix for CERT VU#312962 + + check the return value of fchown before fchmod when the mailbox is + created by useradd + + The patch also uses login.defs::MAIL_DIR instead of /var/mail. + * Reading /etc/default/locale is back in login PAM config file + after brainstorming with Steve. Closes: #368102 + * Debian specific fixes + - Patches cleanup: + + remove 004_configure.in.dpatch (not used since a long time). + + rename 404_undef_USE_PAM.nolibpam and 404_undef_USE_PAM.dpatch to + 504_xxx as they are debian specific. + + rename 407_32char_grnames.dpatch to 507_xxx for the same reason. + + rename 432_login_cancel_timout_after_authentication to 332_xxx, + because it is already applied upstream. + + Likewise for 461_keep_sticky_bit_for_dirs, 486_chgpasswd.8 and + 492_correct_exit_status_for_run_commands + + -- Christian Perrier Thu, 18 May 2006 01:44:56 -0500 + +shadow (1:4.0.15-9) unstable; urgency=low + + * The "Coulommiers" release + * Debian specific fixes + - 506_relaxed_usernames: better wording of the explanations about + the constraints on usernames in Debian. Closes: #364909 + + -- Christian Perrier Wed, 17 May 2006 21:23:36 -0500 + +shadow (1:4.0.15-8) unstable; urgency=low + + * The "Tomme de Savoie" release + * Upstream bugs or fixes not yet fixed in upstream releases or CVS: + - 487_passwd_chauthtok_failed_message: Add an informative message + When password couldn't be changed in passwd when chauthok fails + Closes: #352137 + * Debian packaging fixes: + - stop reading /etc/default/locale in addition to /etc/environment + in the PAM configuration file for login and su + + -- Christian Perrier Tue, 16 May 2006 20:09:17 -0500 + +shadow (1:4.0.15-7) unstable; urgency=low + + * The "Abondance" release + * Fix UNRELEASED in the NEWS.Debian file. Closes: #364752 + * debian/control + - Updated to Standards: 3.7.2.0 (checked, no change needed: we were + already compliant) + * Debconf translation updates: + - Dutch translation updated. Closes: #363690 + * Debian specific fixes: + - 406_good_name: Better description of what usernames are recommanded or + allowed in useradd(8). Thanks to Reuben Thomas. Closes: #364909 + * Upstream bugs or fixes fixed in upstream releases or CVS: + - 303_usermod_-a_in_man. Document -a in usermod man page. Closes: #365091 + - 402-clarify_usermod_usage. Move -a close to -G. Closes: #363033 + - Programs translation updates or fixes: + - 351_nl-359913: Fix typo in Dutch translation. Closes: #359913 + - 352_id-361186: Complete Indonesian translation. Closes: #361186, #361187 + - 353_hu-362749: New Hungarian translation. Closes: #362749 + + -- Christian Perrier Thu, 4 May 2006 20:53:35 +0200 + +shadow (1:4.0.15-6) unstable; urgency=high + + * The "Beaufort" release + * Debian packaging fixes: + - Change the Conflicts on backupninja from (<= 0.9.3-4) to (<< 0.9.3-5). + - Set a version Conflicts with gnunet. + + -- Christian Perrier Mon, 17 Apr 2006 15:18:05 +0200 + +shadow (1:4.0.15-5) unstable; urgency=high + + * The "Ossau-Iraty" release + * Debian packaging fixes: + - Add a NEWS entry for the new su behavior introduced in 1:4.0.15-2 + - explicitely set DEB_HOST_ARCH_OS to avoid FTBFS on autobuilder now + that sudo doesn't pass environment variables explicitely + + -- Christian Perrier Sat, 15 Apr 2006 10:05:05 +0200 + +shadow (1:4.0.15-4) unstable; urgency=high + + * The "Fourme d'Ambert" release + * Debian packaging fixes: + - set a versioned Conflict with python-4suite. + + -- Christian Perrier Sat, 8 Apr 2006 20:11:38 +0200 + +shadow (1:4.0.15-3) unstable; urgency=high + + * The "Neufchâtel" release + * Debian packaging fixes: + - set a versioned Conflict with amaviwsd-new. Closes: #360856, #360567 + + -- Christian Perrier Wed, 5 Apr 2006 08:50:21 +0200 + +shadow (1:4.0.15-2) unstable; urgency=low + + * The "Pavé d'Auge" release + * Debian packaging fixes: + - Only replace manpages-es << 1.55-4. Thanks to Rubén + - Include chgpasswd in shipped files. Really Closes: #355070 + - parse /etc/default/locale for locale environment variables in login and + su default PAM configuration files. Thanks to Denis Barbier for the + patch. Closes: #359163 + - su: Do not concatenate the additional arguments, and support an + environment variable to revert to the old Debian's su behavior. + Closes: #276419 + To avoid breaking packages using the old-style way to pass + arguments, set Conflicts with "gnunet, amavisd-new, python-4suite, + backupninja (<= 0.9.3-4), echolot (<< 2.1.8-4)" + - 467_useradd_-r_LSB. Do not forgot to change the owner of the new home + directory. Closes: #360179 + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 486_chgpasswd.8: add a manpage for chgpasswd. + * Upstream bugs or fixes fixed in upstream releases or CVS: + - 492_correct_exit_status_for_run_commands: correct the exit status of su + when the invoked command fails. Closes: #360276 + + -- Christian Perrier Sun, 2 Apr 2006 12:45:49 +0200 + +shadow (1:4.0.15-1) unstable; urgency=low + + * The "Livarot" release + * Ack the previous changes uploaded to experimental except for #276419 + * New upstream release + - chpasswd.8: Rewrite the CAVEATS section. Closes: #355010 + - Updated translation for: + * Indonesian Closes: #345514, #347198 + * Swedish Closes: #346017, #346449, #352276 + * Slovak Closes: #346376, #349898, #352028 + * Romanian Closes: #347755, #352712 + * Galician Closes: #347943, #352444, #355587 + * Italian Closes: #348339, #352345 + * Greek Closes: #348713 + * Russian Closes: #349193 + * Basque Closes: #349496 + * Catalan Closes: #353898 + * Vietnamese Closes: #352310 + * Italian Closes: #356610 + - lastlog: Warn if non-option argument are provided. Closes: #349560 + - chgpasswd: new utility. Closes: #355070 + * Debian packaging fixes: + - Only replace manpages-ko << 20050219-2. Thanks to the Debian QA Group. + - Only replace manpages-fi << 0.2-4. Thanks to the Debian QA Group. + - Only replace manpages-de << 0.4-10. Thanks to Daniel Kobras + - Only replace manpages-es-extra << 0.8a-15. Thanks to Javier + Fernandez-Sanguino Peña. + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 467_useradd_-r_LSB: add a "-r" option for adding system users + for LSB compatibility. Closes: #333706 + This patch, announced in 4.0.14-7 was indeed not applied. + * Debconf translation updates: + - Punjabi translation renamed to pa.po after debian-i18n decision + + -- Christian Perrier Tue, 21 Mar 2006 12:37:01 +0100 + +shadow (1:4.0.14-9) unstable; urgency=high + + * passwd.postinst: On upgrades from any prior version, chmod 600 various + base-config and d-i log files that might contain sensative information, + including in some cases, passwords. Closes: #356939 + + -- Christian Perrier Wed, 15 Mar 2006 08:03:43 +0100 + +shadow (1:4.0.14-8) experimental; urgency=low + + * The "Salers" release + * Debconf translation updates: + - Dutch updated. Closes: #354593 + * Debian packaging fixes: + - move the @include statements at the end of pam configuration files. + This is of no important with the Debian default common-* files + but would lead to unexpected results if the local admin adds + "sufficient" lines in these common-* files + - make sure debian/recode_manpages.sh fails if a page can't be recoded. + - more bulletproof string checks in passwd.config (related to: #355268). + - Do not use type-handling for the dependency on libselinux1-dev. + Use an explicit list of arches. Thanks to Guillem Jover. + - su: Do not concatenate the additional arguments, and support an + environment variable to revert to the old Debian's su behavior. + Closes: #276419 + * Upstream bugs fixed in upstream CVS: + - make passwd.1 synopsis consistent with other man pages + Closes: #352136 + + -- Christian Perrier Mon, 6 Mar 2006 06:54:42 +0100 + +shadow (1:4.0.14-7) unstable; urgency=low + + * The "Carré d'Aurillac" release (let's stay in Cantal) + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 467_useradd_-r_LSB: add a "-r" option for adding system users + for LSB compatibility. Closes: #333706 + - 493_selinux_no_proc: + Only check selinux_check_passwd_access on SELinux enabled system. + This fix issues in passwd, chage, chfn and chsh when /proc is not + mounted. Closes: #352494 + * Debian packaging fixes: + - Stop replacing manpages-it (login only, newusers is still conflicting on + passwd) and manpages-hu as new releases removed the conflicting manpages + - passwd.config: + Better POSIX compliance and avoid failure if root password is set to '!' + Thanks to Vagrant Cascadian for reporting and providing the patch + Closes: #353813 + + -- Christian Perrier Wed, 22 Feb 2006 06:58:47 +0100 + +shadow (1:4.0.14-6) unstable; urgency=low + + * The "Cantal" ("Vieux" flavour) release + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 491_configure.in_friendly_selinux_detection: + Detect that selinux is not present without failing. + - 492_manpages_typos: + Fix a typo in the passwd manpage "TheUNIX". Closes: #352135 + + -- Christian Perrier Fri, 10 Feb 2006 16:50:59 +0100 + +shadow (1:4.0.14-5) unstable; urgency=low + + * The "Roquefort" release + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 489_useradd_allow_non_uniq_uid: + Allow non-unique UID when -o is specified. Closes: #351281 + - 490_useradd_always_unlock_group_databases: + Always remove the lock on the group and gshadow databases. + CLoses: #348250 + - 463_login_delay_obeys_to_PAM: + Do not hardcode pam_fail_delay and let pam_unix do its job to + set a delay...or not + CLoses: #87648 + * Debian packaging fixes: + - Build with SE Linux support for Linux architectures + (and do not link the tools without SELinux support with the selinux + library: 490_link_selinux_only_when_needed) + Closes: #351631 + + -- Christian Perrier Thu, 9 Feb 2006 19:04:58 +0100 + +shadow (1:4.0.14-4) unstable; urgency=low + + * The "Cancoillotte" release + * Debian specific fixes: + - recode_manpages.sh was not called after the switch to CDBS. + The man pages were all distributed in UTF-8 + - Encode the (Debian) shadowconfig manpages in UTF-8 so that + recode_manpages.sh can be used on all manpages + - do not build login on The Hurd + Closes: #349356 + - debian/rules: + additional cleanups + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 485_shell-env-exitcodes: + - explicitly pass environment to shell() as 3rd argument + - return errno from shell() + - introduce E_CMD_NOTFOUND/E_CMD_NOEXEC exitcodes + * Debconf translation updates: + - Danish updated. Closes: #348571 + + -- Christian Perrier Sun, 15 Jan 2006 16:27:15 +0100 + +shadow (1:4.0.14-3) unstable; urgency=low + + * The "Pont-L'Évêque" release + * Upstream bugs or fixes not already fixed in upstream releases or CVS: + - 479_chowntty_debug: + - produce more helpful syslog message[s] when is_my_tty() fails + (see bug #332198). + - 462_warn_to_edit_shadow: + - warn users to edit the shadow file when using vipw or vigr + Closes: #62821 + - 480_getopt_args_reorder: + - Allow SU options to be passed after - or the username + - 481_userdel_remove_remove_group: + - User's group was removed twice, which caused warnings + - 461_keep_sticky_bit_for_dirs: + - keep the sticky bit in the directory copied by useradd in the + skeleton or by usermod. + Closes: #296729 + - 482_libmisc_copydir_check_return_values: + - check the return value of system calls in copy_tree + - 483_su_fakelogin_wrong_arg0: + - shell's name must be -su when su is faking a login shell. + Closes: #347747 + - 484_su-p_preserve_PATH: + - -p did not preserve the PATH environment variable when su started a + shell (no -c). + Closes: #347935 + * Debian specific fixes: + - debian/rules: + - switch to cdbs for package build + + -- Christian Perrier Sun, 15 Jan 2006 15:03:56 +0100 + +shadow (1:4.0.14-2) unstable; urgency=low + + * The "Vieux brie" release + * Missing dependency on docbook-xml and libxml2-utils + Closes: #346395 + + -- Christian Perrier Sat, 7 Jan 2006 19:08:36 +0100 + +shadow (1:4.0.14-1) unstable; urgency=low + + * The "Crottin de Chavignol" release + * New upstream release. This release fixes the following issues: + - French useradd no longer documents nonexisting -n option + Closes: #340578 + - Russian translation update. Closes: #340826 + - Fix German translation. Closes: #338373 + - Swedish translation update. Closes: #334264 + - Ukrainian translation update. Closes: #335381 + - Tagalog translation update. Closes: #336649 + - French translation update. Closes: #338410 + - Simplified Chinese translation update. Closes: #339554 + - Russian man pages translation update. Closes: #340828 + * Upstream bugs not already fixed in upstream releases or CVS: + - 468_duplicate_passwd_struct_before_usage + Duplicate the passwd structures retrieved by getpwnam before calling + PAM. Closes: #341230 + * Debian specific fixes: + - 502_fix_generated_man_pages + remove the occurences of ’ which is not supported by the current version + of docbook-xsl in Debian. Closes: #341489 + * Debconf translation updates: + - Basque updated. Closes: #342102 + - Catalan updated. Closes: #344964 + * Debian packaging fixes: + - debian/rules, debian/login.files, debian/passwd.files: + Use dh_install instead of old dh_movefiles for moving files from + debian/tmp and rename {login, passwd}.files to {login,passwd}.install + Closes: #343534 + - debian/rules: + debian/rules: stop building login for Hurd, which breaks bootstrap + Thanks to Michael Banck for the patch. Closes: #343473 + - debian/passwd.config: + call programs using [a-z] under a C locale. Thanks Denis Barbier + for the patch. Closes: #343595 + - debian/rules, debian/shells, debian/passwd.postinst: + Remove the /usr/share/passwd/shells files and the postinst code that + installed it as /etc/shells. This is now done by debianutils. + Closes: #342858 + - Also remove README.shells, which should be distributed by debianutils. + - debian/passwd.postrm: + Do not remove /etc/shells on purge. Closes: #345659 + - Fix the version of an old entry in NEWS.Debian + - Do not distribute the pam.d files for commands with disabled PAM support + (chage, chpasswd, groupadd, groupdel, groupmod, useradd, userdel, + usermod) + + -- Christian Perrier Fri, 6 Jan 2006 07:42:52 +0100 + +shadow (1:4.0.13-7) unstable; urgency=low + + * The "Chabichou" release + * Debian packaging fixes: + - debian/rules, debian/login.links, debian/passwd.links: + Use dh_link for setting up symlinks + - get rid of initial-passwd-udeb as D-I will now use its + own udeb (user-setup-udeb) + * Debconf translation updates: + - Portuguese updated. Closes: #338767 + - Korean updated. Closes: #339011 + - Ukrainian updated. Closes: #338878 + - Galician updated. Closes: #338908 + - German updated. Closes: #339660 + - Romanian updated. Closes: #340097 + * Upstream fixes which will reach next upstream version + - 460_vipw-quiet: vipw logs "unchanged" message to stdout + and offers a quiet mode. Closes: #190252 + + -- Christian Perrier Sun, 20 Nov 2005 16:04:54 +0100 + +shadow (1:4.0.13-6) unstable; urgency=low + + * The "Saint-Nectaire" release + * Debian packaging fixes: + - passwd.config: + Add "seen false" for passwd/root-password and + passwd/root-password-again when entered root passwords mismatch or are + empty. Thanks to Tollef Fog Heen for noticing. + * Debconf translation updates: + - Simplified Chinese updated. Closes: #338075 + + -- Christian Perrier Thu, 10 Nov 2005 17:07:14 +0100 + +shadow (1:4.0.13-5) unstable; urgency=low + + * The "Fourme de Montbrison" release + * Debian packaging fixes: + - passwd.config: + Add a variable quoting which probably prevented users to + preseed a locked password for root and fix a logic error in the script + Working user password crypted preseeding (it probably failed earlier) + * Debconf translation updates: + - Russian updated. Closes: #337370 + + -- Christian Perrier Tue, 1 Nov 2005 18:10:30 +0100 + +shadow (1:4.0.13-4) unstable; urgency=low + + * The "Comté" release (let's make Nicolas happy) + * Debian packaging fixes: + - initial-passwd-udeb: + Grab last version of Ubuntu code to get rid of the mktemp error + This virtually closes bug 336321 but we keep it opened to be sure + that noone imagines pushing this version to testing. + * Upstream fixes which will reach next upstream version + - 467_usermod_longopts: add long options support to usermod. + Closes: #260149 + - 366_fflush-prompt: fflush prompts to allow scripting. Closes: #333138 + + -- Christian Perrier Tue, 1 Nov 2005 13:04:09 +0100 + +shadow (1:4.0.13-3) unstable; urgency=high + + * The "Trou du Cru" release (actually, the one deserving this name is me) + * Urgency set to high to avoid breaking D-I for too long + * Debian packaging fixes: + - debian/control: + - Make initial-passwd-udeb priority extra to avoid breaking all D-I + images + + -- Christian Perrier Sun, 30 Oct 2005 06:52:26 +0100 + +shadow (1:4.0.13-2) unstable; urgency=low + + * The "Pouligny St-Pierre" release + * Debian packaging fixes: + - debian/control: + - manpages-ja: versioned Replaces as the man pages have now been + removed + - manpages-ko: versioned Replaces as the man pages have now been + removed + - debian/login.defs: + - fix a typo. + - early release of a (currently not used) udeb to allow user creation + and password setting to be done in D-I first stage + Patch taken from Ubuntu. Thanks to Colin Watson for providing it. + - debian/copyright: + - for RMS clones sake, stop breaking Thy Holy GNU Copyright + Closes: #334870 + * Patches to upstream man pages, not yet applied upstream: + - debian/patches/457_document_useradd_groupadd_nis: + Document that low level utilities will certainly never + implement strange behaviour such as adding local users or groups with + logins existing in external databases + Closes: #282184 + - debian/patches/458_manpages_typos + Fix some typos in faillog.5, chage.1, chpasswd.8 + Thanks to A Costa + Closes: #333995, #333994, #333993 + - debian/patches/459_better_document_useradd_-d + Better document, in useradd.8, that the home_dir specified + with -d is not created if it does not exist + Closes: #154996 + * Debconf translation updates: + - Norwegian Bokmal updated. Closes: #316732 + - Russian updated. Closes: #334250 + - Tagalog updated. Closes: #335158 + - Swedish updated. Closes: #335319 + - Italian updated. Closes: #335856 + + -- Christian Perrier Tue, 25 Oct 2005 11:46:31 +0200 + +shadow (1:4.0.13-1) unstable; urgency=low + + * The "Maroilles" release + * New upstream version: + Debian bugs fixed by the new upstream version: + - faillog: Do not oversimplify the date of the last unsuccessful login + Closes: #89902 + - login.1: also mention securetty(5). Closes: #325773 + - chfn.1, chsh.1, groupadd.8, newusers.8, pwconv.8 + useradd.8, userdel.8, usermod.8: + Improved crossreferences with other manpages + Closes: #300892 + - newgrp.1: + Improved documentation of how group passwords work + Closes: #325558 + - passwd.c: + The usage line is no more too terse + Closes: #146779 + * Patches to upstream man pages, not yet applied upstream: + - debian/patches/452_doc_password_check_order: + Document the order for checking the password strength + Closes: #115380 + * Debian packaging fixes: + - debian/login.su.pam: + - pam_wheel example moved after pam_rootok in config. + Also documents that with 'pam_wheel.so group=foo', root may need to + be in the foo group. Closes: #330630, #330855 + - pam_env turned to be used as a session module which it is designed + to be. Thanks to Steinar H. Gunderson who pointed this out and + Steve Langasek and Andrew Suffield who suggested the right solution. + - debian/control: + - manpages-es-extra: versioned Replaces as the man pages have now been + removed + - manpages-de: versioned Replaces as the man pages have now been + removed + - manpages-hu: versioned Replaces as the man pages have now been + removed + - debian/rules: + - pack upstream's NEWS file into login and passwd. Closes: #331487 + - pack login.defs and its manpages into "passwd" instead of "login" + package for the Hurd platform. Closes: #249372 + - copy upstream's changelog. Closes: #331487 + - debian/passwd.config, debian/passwd.templates: + - allow preseeding the root (and user) password with a MD5 hash + Closes: #275343, #304352 + Thanks to Colin Watson for the Ubuntu patch + - the above also allows preseeding a disabled password for root + Closes: #304343 + - add passwd/user-uid template, which can be preseeded to force the + initial user to have a certain uid. + Thanks to Colin Watson for the Ubuntu patch + - allow hyphens in username + Thanks to Colin Watson for the Ubuntu patch (Ubuntu #15721) + - debian/login.defs: + - document the obsoleted by PAM ENV_HZ variable. Closes: #265613 + - better document the real use of USERGROUPS_ENAB. Closes: #282822 + - debian/add-shell, debian/remove-shell, debian/add-shell.8, + debian/remove-shell.8: + - utilities moved to debianutils. Add a versioned "Depends" line on + debianutils so that passwd cannot be upgraded when the new + debianutils version including these utilities isn't available + Closes: #208514, #268656, #269573, #293171 + * Debconf translation updates: + - Swedish updated. Closes: #332711 + + -- Christian Perrier Mon, 10 Oct 2005 23:15:47 +0200 + +shadow (1:4.0.12-6) unstable; urgency=low + + * The "Reblochon" release + * Debian packaging fixes: + - debian/control: + More accurate Replaces lines for manpages-* packages which have + been fixed: + - manpages-ru + - manpages-fr + - manpages-fi (removed because distributes translations we don't have) + - manpages-pt (removed because distributes translations we don't have) + - manpages-tr (removed because distributes translations we don't have) + - manpages-zh for login + (removed because distributes translations we don't have) + - debian/login.pam, debian/login.su.pam: + - use "readenv=1" with pam_env so that /etc/environment settings are + used. Thanks to Konrad Jelen for pointing it + - use "pam_mail" for login and su to display the user's new mail status + (for login only) and set the MAIL environment variable + Add a comment about the need to *also* define MAIL_DIR and possibly + MAIL_FILE in /etc/login.defs so that userdel behaves properly + Closes: #330420 + - Really add /etc/pam.d/passwd. Closes: #330870 + - Enable pam_group by default in login. Closes: #124293 + - debian/login.defs: + Better document the real and future use of MAIL_DIR and MAIL_FILE + * Upstream bugs not already fixed in upstream releases or CVS: + - 451_login_PATH: set PATH according to ENV_SUPATH and ENV_PATH for login + Closes: #330803 + + -- Christian Perrier Wed, 28 Sep 2005 19:59:31 +0200 + +shadow (1:4.0.12-5) unstable; urgency=low + + * Really add /etc/pam.d/su. Closes: #330291 + + -- Christian Perrier Wed, 28 Sep 2005 19:59:31 +0200 + +shadow (1:4.0.12-4) unstable; urgency=low + + * The "Epoisses" release + * Debian packaging fixes: + - debian/control: + Add a few more Replaces for broken manpages-xx packages + which provide random man pages for software they don't + provide. Closes: #330526, #330338 + * Use dh_installpam correctly so that /etc/pam.d/su really exists + Closes: #330291 + * Change section to admin because of the restructuration of the "base" + section by the ftpmasters + + -- Christian Perrier Tue, 27 Sep 2005 07:20:44 +0200 + +shadow (1:4.0.12-3) unstable; urgency=low + + * The "Langres" release + * Debian packaging fixes: + - debian/control: + login now replaces manpages-de because of conflicting login.1 + manpage. Closes: #330247 + + -- Christian Perrier Tue, 27 Sep 2005 07:20:44 +0200 + +shadow (1:4.0.12-2) unstable; urgency=low + + * The "Boulette d'Avesnes" release + * Debian packaging fixes: + - debian/useradd.default: + File added and installed as /etc/default/useradd to provide + "safe" defaults to useradd and, for instance, have it create users + with a shell. Closes: #293492 + + -- Christian Perrier Thu, 22 Sep 2005 07:34:29 +0200 + +shadow (1:4.0.12-1) experimental; urgency=low + + * The "Munster" release + * New upstream release + * Bugs fixed by the move to upstream release: + - Portuguese translation update. Closes: #323069 + * Debian packaging fixes: + - Fix a bug number in the previous changelog entry (s/155297/155279/). + - Patches for man pages reduced to only patch XML files: + 441, 440, 333, 421, 424, 442, 444 + - Reduce 005 patch to only patch useradd.8.xml (other changes + have been fixed upstream and we assume that the man pages are + generated from the XML files). + Move the patch for the su man page (wich explain the 437_* patches) + to 437_su_add_GNU_options_7 + - Disable patches now applied upstream: + 002, 336, 363, 443_man_it_Makefile.am, 364 + - login.defs: + Entries moved to obsolete sections: + CLOSE_SESSIONS, LOGIN_STRING, NO_PASSWORD_CONSOLE, QMAIL_DIR + ULIMIT + - NEWS.Debian: added + - Ship a (currently useless) PAM configuration file for chage, useradd, + usermod, userdel, groupadd, groupmod, groupdel, including + pam_rootok.so alone + - use dh_installpam to install PAM configuration files + - start the cleanup of the unused patches list + - debian/passwd.config: + No more endless loops when the user passwords mismatch + Closes: #325910 + * Upstream bugs not already fixed in upstream releases or CVS: + - 443_chage_exit_values: now exit with errorlevel=15 when no + shadow password exists (was previously 3 but upstream now uses it) + - 447_missing_login.defs_variables: verify the list of login.defs + variables used and update the getdef.c and login.def files accordingly. + * Debconf translation updates: + - German updated. Closes: #321761 + - Romanian updated. Closes: #323575 + - Dutch updated. Closes: #323756 + * Upstream bugs already fixed in upstream releases or CVS: + - 448_enable_man: man pages are generated from the XML files. + + -- Christian Perrier Thu, 25 Aug 2005 08:38:53 +0200 + +shadow (1:4.0.11.1-1) experimental; urgency=low + + * New upstream release. + * Bugs fixed by the move to upstream release: + - Stop documenting about passing env variables at login prompt + Closes: #95213 + - Correct reference to vi(1) man page in vipw(1) + Closes: #260636 + * Debian packaging fixes: + - Enable the use of pam_env for su. Needed a fix which appeared + in upstream 4.0.6 + Closes: #155279, #202840, #287108 + * Debconf translation updates: + - Macedonian updated. Closes: #320229 + + -- Christian Perrier Tue, 26 Jul 2005 09:17:40 +0200 + +shadow (1:4.0.3-39) unstable; urgency=low + + * Debian packaging fixes: + - moved `shadowconfig on` from .preinst to .postinst + Closes: #319138 + - debian/passwd.linda-overrides, debian/login.linda-overrides, debian/rules: + Add file permissions overrides for linda similar to those we have for lintian + - debian/login.lintian-overrides: + No more file permission overrides for login + - debian/passwd.config: + let error messages from shadowconfig (and therefore underlying + pwck/grpck tools which use stdout for this purpose) to reach stdout + instead of getting into /dev/null. This helps error diagnostics and + supposedly Closes: #319136 + * Programs translation updates: + - French completed. + * Man pages translation updates: + - 207_id-manpages: correct Indonesian manpages so that they do not + fail lexgrog tests by linda + - 206_ko-manpages: correct Korean manpages so that they do not + fail lexgrog tests by linda + * Debconf translation updates: + - Arabic updated from Arabeyes repository + + -- Christian Perrier Fri, 22 Jul 2005 18:42:24 +0200 + +shadow (1:4.0.3-38) unstable; urgency=low + + * The "La Marseillaise" release + * Debian packaging fixes: + - changed debian/rules to generate non-versioned "Depends: login" + entry for hurd's "passwd" package. This allows to use native + Hurd's login/su, because "hurd" package seems to provide "login". + See: #249372 (I don't claim the bug to be dealt with though -- + it's still not clear whether the newly built "login" package for + Hurd is functional). + - Enable shadow by default on firsttime installation even when the package + is not reconfigured (ie also when not called from base-config). + Thanks to Bastian Blank for the patch and comments + Closes: #316219 + - Build shadow with debugging. Closes: #204644 + * Programs translation updates: + - Hebrew translation disabled. Closes: #317805 + - Portuguese updated. Closes: #318190 + - Vietnamese updated. Closes: #318257 + * Debconf translation updates: + - Estonian updated. Closes: #317719 + - Hebrew updated + * Upstream bugs already fixed in upstream releases or CVS: + - Modified 356_su-stop_cont-proxy to block TSTP, TTIN, TTOU, QUIT + and HUP -- to do the same as in newgrp.c + Closes: #317747 + + -- Christian Perrier Thu, 14 Jul 2005 10:14:23 +0200 + +shadow (1:4.0.3-37) unstable; urgency=low + + * The "Camembert" release + * Upstream bugs not fixed in upstream releases or CVS: + - 442_useradd.8-O + Document useradd's "-O" option + Closes: #304934 + * Debconf translation updates: + - Indonesian updated (sent by translator to Christian Perrier) + - Bulgarian updated. Closes: #317327 + - Vietnamese added (sent by translator to Christian Perrier) + - Wolof added (sent by translator to Christian Perrier) + Closes: #317532 + * Man pages translation updates: + - Really remove the too outdated Korean translation of newgrp.1 + which doesn't even mention sg + * Programs translation updates: + - debian/patches/117_id: + - Indonesian translation update (sent by translator to Christian Perrier) + * Debian packaging fixes: + - login.defs + Fix a typo (s/dmesg/mesg/), thanks to Maximilian Attens + Closes: #317236 + - Fix FTBFS for GNU/Hurd and GNU/kFreeBSD + - securetty.kfreebsd-gnu renamed to securetty.kfreebsd + - securetty.netbsd-gnu renamed to securetty.netbsd + - securetty.gnu renamed to securetty.hurd + Closes: #317304 + * Upstream bugs not fixed in upstream releases or CVS: + - 443_chage_exit_values + chage: change the exit value to 3 when chage fails because the system is + not shadow enabled. + Closes: #317012 + - 426_grpck_group-gshadow_members_consistency + grpck/pwck: fix segmentation faults + Closes: #317366 + - 423_su_arguments_are_concatenated, 423_su_pass_args_without_concatenation + revert the patch done for #276419, because it breaks pbuilder and other + packages. Also document the Debian su behavior. + su behave differently from FreeBSD or SUN; this issue will have to be + handled latter (re-open #276419). + Closes: #317264 + + -- Christian Perrier Wed, 6 Jul 2005 03:13:37 +0300 + +shadow (1:4.0.3-36) unstable; urgency=low + + * Debian specific programs fixes: + - Re-enable logging and displaying failures on login when login is + compiled with PAM and when FAILLOG_ENAB is set to yes. And create the + faillog file if it does not exist on postinst (as on Woody). + Closes: #192849 + - do not localize login's syslog messages. + * Debian packaging fixes: + - Fix FTBFS with new dpkg 1.13 and use a correct dpkg-architecture + invocation. Closes: #314407 + - Add a comment about potential sensitive information exposure + when LOG_UNKFAIL_ENAB is set in login.defs + Closes: #298773 + - Remove limits.5 and limits.conf.5 man pages which do not + reflect the way we deal with limits in Debian + Closes: #288106, #244754 + - debian/login.defs: + - Make SU_PATH and PATH consistent with the values used in /etc/profile + Closes: #286616 + - Comment the UMASK setting which is more confusing than useful + as it only affects console logins. Better use pam_umask instead + Closes: #314539, #248150 + - Add a comment about "appropriate" values for umask + Closes: #269583 + - Correct the assertion about the variable defined by QMAIL_DIR + which is MAILDIR, not MAIL + Closes: #109279 + - Move the PASS_MAX_LEN variable at the end of login.defs as this + is obsoleted when using PAM + Closes: #87301 + - debian/passwd.config: + - Re-enable the password confirmation question at critical priority + Closes: #304350 + - Do no prompt again for the login name when the two passwords don't + match while creating a new user + Closes: #245332 + - debian/add-shell.sh, debian/remove-shell.sh, debian/shadowconfig.sh, + debian/passwd.config, debian/passwd.postinst: + - checked for bashisms, replaced "#!/bin/bash" with "#!/bin/sh", + Closes: #315767 + - replaced "test XXX -a YYY" XSI:isms with "test XXX && test YYY", + for rationale see: + http://www.opengroup.org/onlinepubs/009695399/utilities/test.html + - replaced all unneeded "egrep"s with basic "grep"s + Closes: #256732 + - debian/rules: + Remove the setuid bit on login + Closes: #298060 + - debian/passwd.templates: + Templates rewrite to shorten them down a little and make them DTSG + compliant. Give more details about what the user's full name is used + for. + Closes: #287410 + - Updated to Standards: 3.6.2 (checked) + * Debconf translation updates: + - Estonian added. Closes: #312471 + - Basque updated. Closes: #314303 + - Malagasy updated. Closes: #290842 + - Punjabi updated. Closes: #315372 + - Danish updated. Closes: #315378 + - Polish updated. Closes: #315391 + - Japanese updated. Closes: #315407 + - Brazilian Portuguese updated. Closes: #315426 + - Czech updated. Closes: #315429 + - Spanish updated. Closes: #315434 + - Lithuanian updated. Closes: #315483 + - Galician updated. Closes: #315362 + - Portuguese updated. Closes: #315375 + - Simplified Chinese updated. Closes: #315567 + - French updated + - Ukrainian updated. Closes: #315727 + - Welsh updated. Closes: #315809 + - Slovak updated. Closes: #315812 + - Romanian updated. Closes: #315783 + - Finnish updated. Closes: #315972 + - Catalan updated. Closes: #316026 + * Man pages translation updates: + - Remove the too outdated Korean translation of newgrp.1 + which doesn't even mention sg + Closes: #261490 + * Man pages correction for Debian specific issues: + - 402_usermod.8-system-users-range-286258: + Document the system user range from 0 to 999 in Debian + Closes: #286258 + * Upstream bugs not fixed in upstream releases or CVS: + - 423_su_pass_args_without_concatenation + Thanks to Helmut Waitzmann. + Closes: #276419 + * pass the argument to the shell or command without concatenation + before the call to exec. + * If no command is provided, the arguments after the username are for + the shell, no -c has to be appended. + - 008_su_ignore_SIGINT + * Also ignore SIGQUIT in su to avoid defeating the delay. + The gain in security is very minor. + Closes: #288827 + - 424_pwck.8_quiet_option + pwck(8): document the -q option. Closes: #309408 + - 425_lastlog_8_sparse + lastlog(8): Document that lastlog is a sparse file, and don't need to be + rotated. Closes: #219321 + - 426_grpck_group-gshadow_members_consistency + * (grpck) warn for inconsistencies between members in /etc/group and gshadow + Closes: #75181 + * (pwck and grpck) warn and propose a fix for entries present in the + regular /etc/group or /etc/passwd files and not in shadow/gshadow. + - 427_chage_expiry_0 + Fix chage display in the case of null expiry fields (do not display + Never, but 01 Jan 1970) + Closes: #78961 + * Upstream bugs already fixed in upstream releases or CVS: + - Corrected typos in chfn.1. Closes: #312428 + - Corrected typos in gshadow.5. Closes: #312429 + - Corrected typos in shadow.5. Closes: #312430 + - Corrected typos in grpck.8. Closes: #312431 + - Added patch (356th) for su to propagate SIGSTOP up and SIGCONT down. + Added similar patch (357th) for newgrp. Both changes only affect + operation with CLOSE_SESSION set to yes (in /etc/login.defs). + Closes: #314727 + * Translation updates: + - debian/patches/010_more-i18ned-messages + - More messages are translatable. We will deal with the translation + updates after syncing with upstream. + Closes: #266281 + - debian/patches/114_eu: + - Basque translation update. Closes: #314423 + - debian/patches/132_vi.dpatch: + - Vietnamese translation update. Closes: #315840 + + -- Christian Perrier Mon, 20 Jun 2005 23:37:56 +0300 + +shadow (1:4.0.3-35) unstable; urgency=low + + * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check patch + which fixed the "Adjusted password check to fix authentication bypass" + security issue (CAN-2004-1001) + * Debian packaging fixes: + - Add --host to config_options on cross build. Patch from NIIBE Yutaka. + Closes: #283729 + - Enable login for GNU/Hurd in rules. First patch from Robert Millan. + Closes: #249372 + - Cleanup passwd debconf stuff as md5 passwords are assumed since + 1:4.0.3-19 and the resolution of #223664. + - Document the TTYPERM variable set to 0600 in the default login.defs file + Closes: #59439 + - Make login and su use limits.so PAM module by default + (change made in sarge branch also) + Closes: #300720 + - debian/rules: Add removal of config.log in the clean target + - debian/control: + - Add Martin to Uploaders + - Remove Sam Hartman from Uploaders. The team is now setup and this + does not really have a real meaning now. You're still welcome for + NMU's, Sam, and thanks for the good work. + - Switching from dpatch to quilt. + * Debconf translation updates: + - Portuguese spellchecked by Miguel Figueiredo + - Punjabi (Gumurkhi) added, by Amanpreet Singh Alam. Closes: #309800 + * Man pages translation updates: + - German completed by reference to original man page + Closes: #311554 + * Debian specific programs fixes: + - NONE + * Upstream bugs not fixed in upstream releases or CVS: + - 421_login.1_pishing: + Document how to initiate a trusted path under Linux + Closes: #305600 + - set CLOSE_SESSIONS to yes in login.defs, and document why. + Closes: #163635 + * Upstream bugs already fixed in upstream releases or CVS: + - 324_configure.in-no-debian-dir: + Separated from 004_configure.in : this change will not be needed when + syncing with upstream + - 325_gshadow_5_manpage: + Add a gshadow.5 man page, and clarifications in the newgrp and gpasswd + man pages. + Closes: #113191, #166173, #169046, #251926 + - 326_su.1_pwconv.8-typos: + Correct typos in su.1 and pwconv.8 man pages. + Closes: #309666 + * Translation updates: + - 004_configure.in, 100_LINGUAS + Add Vietnamese to LINGUAS. Patch for LINGUAS in configure.in moved + from 004_configure.in to the new 100_LINGUAS patch + - 101_cs: Czech updated by Miroslav Kure + Closes: #308658 + - 102_de: German updated by Dennis Stampfer + - 104_fr: French updated by Jean-Luc Coulon + Closes: #308909 + - 111_ca: Catalan completed by Guillem Jover + Closes: #309212 + - 108_sv: Swedish completed with the help of Magnus Holmgren + Encoding issues fixed + Closes: #309380 + - 109_uk: Ukrainian completed by Eugeniy Meshcheryakov + Closes: #308647 + - 120_nl: Dutch updated by Bart Cornelis + Closes: #308662 + - 124_ru: Russian updated by Yuri Kozlov + Closes: #308839 + - 129_ru: Romanian updated by Sorin Bataruc + Closes: #308921 + - 130_zh_TW: Tradition Chinese updated by Tetralet + Closes: #311588 + - 131_tl: Tagalog updated by Eric Pareja + Closes: #310386 + - 132_vi: Correct file used for Vietnamese tanslation + Closes: #306614, #307251, #307262, #308479 + + -- Christian Perrier Fri, 3 Jun 2005 07:32:07 +0200 + +shadow (1:4.0.3-34) unstable; urgency=low + + * Debian packaging fixes: + - NONE + * Debian specific programs fixes: + - NONE + * Upstream bugs not fixed in upstream releases or CVS: + - 406_good_name: + - relaxed user/group names checking is now fixed and accepts + _only_ names matching '^[^-:\n][^:\n]*$' + Closes: #264879, #308478 + * Upstream bugs already fixed in upstream releases or CVS: + - 311_high-uids.dpatch: + - Add large file support to lastlog and faillog. Closes: #280212 + * Translation updates: + - 132_vi: + Vietnamese programs translation added (from upstream CVS) + Closes: #308479 + - 118_it: + Italian programs translation updated + Closes: #308327 + + -- Christian Perrier Tue, 10 May 2005 18:24:12 +0200 + +shadow (1:4.0.3-33) unstable; urgency=low + + * The "Don't believe lintian blindly" release + * Urgency left to low because RC bug fixed but we leave priority + to sarge-targeted work + * Debian packaging fixes: + - Remove CVS id tag from the supplied login.defs file + Closes: #308019 + - revert dependency on debconf which would make it required + Closes: #308145 + - Add the missing add-shell, remove-shell, cppw and cpgr + (Debian specific) man pages + Closes: #162241 + - make lintian ignore warnings about missing debconf dependency + in passwd.lintian-overrides + * Debian specific programs fixes: + - NONE + * Upstream bugs not already fixed in upstream releases or CVS: + - NONE + * Upstream bugs already fixed in upstream releases or CVS: + - 313_pam_access_with_preauth: + - allow PAM account authorization when preauthenticated + Closes: #193869 + - 314_passwd.1_formatting: + - minor formatting fixes of passwd(1) man page + Closes: #304447 + - 315_chage.1_document_expiration_removal: + - document expiration removal in chage(1) + Closes: #304542 + - 316_vipw-race-242407: + - make vipw to remove /etc/{passwd|shadow|group|gshadow}.edit + and only then unlock + Closes: #242407 + - 317_lastlog_usage_249611: + - Fix the lastlog usage and all the translations accordingly + (--user instead of --login). + Closes: #249611 + - 323_passwd.1-typo: + - correct a typo in passwd(1) man page. Closes: #302740 + + -- Christian Perrier Sun, 8 May 2005 14:32:20 +0200 + +shadow (1:4.0.3-32) unstable; urgency=low + + * Switch to dpatch for upstream patches + This should bring more clarity to modifications + we make to upstream sources and help integrating + new upstream releases + Old patches have been moved quite roughly to + debian/patches + * Modified debian/rules for "Calling GNU configure properly", see + /usr/share/doc/autotools-dev/README.Debian.gz + * Debian packaging fixes: + - Lintian fixes: + - Description synopsis initial capital letters removed + - passwd now depends on debconf (>=0.5.00) as it uses the seen flag + - add login.lintian-overrides and passwd.lintian-overrides + files to mention setuid and setgid files and avoid lintian warning + about them + - debian/pam.d/login: + - Remove the confusing comment about "nullok". Closes: #207816 + - debian/rules: + - Add call for dh_installdirs + - debian/passwd.dirs: + - Added + - debian/login.dirs: + - Added + * Debian specific programs fixes: + - fixed /usr/sbin/remove-shell bug with handling of non-existing/empty + /etc/shells file. Closes: #271565 + * GNU config automated update: config.sub (20010907 to 20050422), + config.guess (20010904 to 20050422) + + -- Christian Perrier Tue, 3 May 2005 11:53:12 +0200 + +shadow (1:4.0.3-31sarge3) unstable; urgency=low + + * The "please buy me a brain" release + * *Really* shorten down the Dutch debconf translation for the root password + input so that it fits in one screen. Closes: #277750 + * man/usermod.8: *Really* document -o option in usermod + Closes: #302388 + * man/fr/po4a/fr: Removed. This directory only clutters up the diff + and is not used during the build process + * man/de/passwd.1: Updated. Closes: #304757 + * man/de/chsh.1: Updated. + * man/it/*: All files updated. Closes: #305095 + * Translation updates: + - Portuguese (from the translation file sent for 4.0.8 upstream) + Closes: #305257 + + -- Christian Perrier Tue, 19 Apr 2005 19:31:43 +0200 + +shadow (1:4.0.3-31sarge2) unstable; urgency=low + + * Shorten down the Dutch debconf translation for the root password + input so that it fits in one screen. Closes: #277750 + * man/usermod.8: Document -o option in usermod + Closes: #302388 + + -- Christian Perrier Mon, 4 Apr 2005 20:28:47 +0200 + +shadow (1:4.0.3-31sarge1) unstable; urgency=high + + * Urgency set to high because of RC bug fixed. Reuploaded + because I messed up with the changelog first. Use this occasion + to start a sarge series just in case. Changes below were made + in the former version already. + * Avoid package file conflicts for woody->sarge upgrade: + - Add manpages-it and manpages-ko to Replaces: for login + - Remove manpages-de from Replaces: for login (useless) + - Improve readability of the Replaces line for passwd + Closes: #299549 + + -- Christian Perrier Tue, 15 Mar 2005 13:55:34 +0100 + +shadow (1:4.0.3-31) unstable; urgency=low + + * New maintainer + + -- Christian Perrier Fri, 11 Mar 2005 19:28:38 +0100 + +shadow (1:4.0.3-30.10) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + * Programs translations: + - Greek updated. Closes: #293911 + - French updated. Closes: #294330 + * Debconf translations: + - Galician updated. Closes: #295543 + + -- Christian Perrier Mon, 7 Feb 2005 08:18:56 +0100 + +shadow (1:4.0.3-30.9) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + * Programs translations: + - German updated. Closes: #291703 + - Tagalog added. Closes: #292353 + - Korean updated. + + -- Christian Perrier Sun, 23 Jan 2005 09:30:49 +0100 + +shadow (1:4.0.3-30.8) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + * Debconf translations: + - Tagalog added. Closes: #289837 + * Programs translations: + - Traditional Chinese added. Closes: #288879 + + -- Christian Perrier Tue, 11 Jan 2005 11:39:18 +0100 + +shadow (1:4.0.3-30.7) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + * Resolv conflict with manpage-spl in login + as well as passwd. Thanks to Robert Luberda for + the notice + + -- Christian Perrier Thu, 23 Dec 2004 22:23:11 +0100 + +shadow (1:4.0.3-30.6) unstable; urgency=low + + * Revert back to Ian Gulliver genuine patch + to chpasswd. Update man page accordingly. + Closes: #283961 + (again) + * Programs translations + - German updated. Closes: #286522 + * Debconf translations + - German updated. Closes: #286522 + + -- Christian Perrier Mon, 20 Dec 2004 23:51:39 +0100 + +shadow (1:4.0.3-30.5) unstable; urgency=high + + * Non-maintainer upload targeted at sarge. + Fix release critical bug + * Resolve conflict with woody's manpages-pl package + which prevent woody->sarge upgrade if + manpages-pl was installed + Closes: #284239 + * Programs translations + - Romanian added. Closes: #284338 + * Add MD5 support to chpasswd + Thanks to Ian Gulliver for the patch + Closes: #283961 + * Correct typos in man pages + Thanks to Nicolas François for the patch + Closes: #141322 + * Replace "C/" with "../../" in man/fr/shadow.conf + for best integration in the package build process + + -- Christian Perrier Thu, 16 Dec 2004 21:48:56 +0100 + +shadow (1:4.0.3-30.4) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + Localisation and d-i related updates only + * Programs translations + - Albanian (very partial) added. + * Debconf translations + - Hindi added. Closes: #282443 + - Malagasy added. Closes: #282580 + - Albanian added. Closes: #282160 + + -- Christian Perrier Thu, 25 Nov 2004 07:21:53 +0100 + +shadow (1:4.0.3-30.3) unstable; urgency=high + + * Non-maintainer upload: security fix using the woody patch + by the Security Team + * Adjusted password check to fix authentication bypass + [debian/patches/036_CAN-2004-1001_passwd_check] + * Debconf translations + - Brazilian Portuguese updated. Closes: #278051 + - Norwegian Bokmal fixed. Closes: #277563 + * Programs translations + - Indonesian updated. Closes: #277751, #277741 + + -- Christian Perrier Tue, 2 Nov 2004 22:28:26 +0100 + +shadow (1:4.0.3-30.2) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. + Localisation and d-i related updates only + * Debconf translations + - Macedonian added. Closes: #275781 + - Slovakian updated. Closes: #273585 + - Slovenian added. + * Man pages translations + - German for vipw.8/vigr.8. Closes: #260645 + * Fix preseeding for d-i : do not mark debconf templates as seen + Also remove the hack for Joey Hess login name..:) + Closes: #271407 + * Ask for the user full name at critical priority so that + it is never empty. Closes: #257700 + + -- Christian Perrier Sun, 10 Oct 2004 19:02:50 +0200 + +shadow (1:4.0.3-30.1) unstable; urgency=low + + * Non-maintainer upload targeted at sarge. Localisation updates only + * Debconf translations + - Arabic added. Closes: #261022 + - Swedish updated. Closes: #261553 + - Bulgarian added. Closes: #262928 + - Brazilian Portuguese updated. Closes: #263957 + - Simplified Chinese updated. Closes: #268646 + - Traditional Chinese updated. Closes: #268151 + - German updated. Closes: #268051 + - Basque synced with templates.pot + * Programs translations + - Swedish updated. Closes: #261553 + - Russian updated. Closes: #268412 + - Norwegian Bokmal updated. Closes: #269907 + - Norwegian Nynorsk updated. Closes: #269907 + - Hebrew updated. Closes: #269967 + - Danish updated. Closes: #270083 + - Catalan updated. Closes: #254956 + * Man pages translations + - French translation completely rewritten and reviewed + Closes: #270168 + - Add expiry.1 and limits.conf.5 to the list of installed man + pages (add two lines to passwd.files and one to rules) + From #270168 also. + + -- Christian Perrier Tue, 7 Sep 2004 20:20:21 +0200 + +shadow (1:4.0.3-30) unstable; urgency=high + * Attempt to fix FTBFS and dependency problems on hurd. Closes: #235641 + * don't run dh_undocumented anymore as it has become angstful. + + * Thanks to Christian Perrier: + * Debconf translations + - Brazilian updated. Closes: #261387 + - Croatian added. Closes: #261418 + - Minor corrections fo ja.po and pl.po headers + * Programs translations + - Dutch updated. Closes: #260361 + - Hebrew added. Closes: #260722 + * Urgency set to high because of RC bug fixed: + * Correct check for root password being already set in passwd.config + Closes: #260799 + + * Acknowledge 29.1 NMU: + Closes: #256664, #257949, #258241, #258563, #258566, #258957, + #190567, #259389, #260223, #257949, #259663, #259827 + + -- Karl Ramm Tue, 27 Jul 2004 09:38:32 -0400 + +shadow (1:4.0.3-29.1) unstable; urgency=low + + * NMU with maintainer consent + * Programs translations + - Greek updated. Closes: #256664 + - Finnish updated. Closes: #257949 + - Spanish updated. Closes: #258241 + - Polish updated. Closes: #258563 + - Indonesian added (configure.in changed accordingly). Closes: #258566 + - French updated. Closes: #258957, #190567 + - Slovak updated. Closes: #259389 + - Portuguese updated. Closes: #260223 + * Debconf translations + - Finnish updated. Closes: #257949 + * Typo correction in su.1 man page. Closes: #259663 + * Removed malloc definition in libmisc/xmalloc.c + Closes: #259827 + * Lintian-driven corrections + - Corrected section number in several man pages: + - grpck.8 + - pwck.8 + - ja/grpck.8 + - pl/grpck.8 + - pl/pwck.8 + - Replace the full GPL text in copyright by a pointer + - Bumped Standards to 3.6.1.1 (changes checked) + + -- Christian Perrier Mon, 19 Jul 2004 17:52:24 +0200 + +shadow (1:4.0.3-29) unstable; urgency=low + * Be up front on the origin of our su. Closes: #244297 + * The following thanks to Christian Perrier: + * Debconf translations + - Hungarian added. Closes: #256493 + - Greek updated. Closes: #251990 + - Brazilian portuguese updated. Closes: #256771 + * po/POTFILES.in + - corrected file. No more mentions unexisting files + Closes: #253792 + this change was already in 28.5 but was forgotten in the + changelog + * Acknowledge NMUs: + closes: #244604, #244734, #246302, #246376, #246848, #246859, + #247084, #247698, #247770, #248386, #248391, #248392, + #248392, #248516, #248516, #248648, #248938, #248957, + #249141, #249257, #249682, #250169, #250339, #250496, + #251140, #251141, #251317, #251495, #251716, #251990, + #252087, #252499, #253165, #253186, #253570, #254503, + #254760 + + -- Karl Ramm Sat, 3 Jul 2004 00:24:55 -0400 + +shadow (1:4.0.3-28.5) unstable; urgency=low + + * debian/*.files + - care about adding ALL existing translations. Removed hard-coded + file names. Closes: #248516 + Thanks to Ruben Porras for noticing + This involves changes to debian/*.files with the use of + regexp in these files + * libmisc/failure.c + - Make use of plural forms. Closes: #251317 + * Programs translations + - Norwegian Bokmal and Norwegian Nynorsk translations. Closes: #252499 + - Dutch updated. Closes: #253165 + - Brazilian Portuguese updated + - Turkish updated + - Korean updated + - Czech updated + - Japanese updated + - German updated + - Catalan added. Closes: #254760 + - Italian updated + * Debconf translations + - Finnish added. Closes: #253570 + - Danish updated + - Hebrew added. Closes: #253186 + - Traditional Chinese added. Closes: #254503 + - French updated for clarification and shorten the root password screen + + -- Christian Perrier Tue, 22 Jun 2004 09:44:45 +0200 + +shadow (1:4.0.3-28.4) unstable; urgency=low + + * NMU for l10n stuff again + * Programs translations + - All languages "activated" in configure.in. Closes: #248516 + - Russian. Closes: #250496 + - Bosnian added. Closes: #251141 + - Finnish update. Closes: #251495 + - Italian update. Closes: #252087 + * Debconf translations + - Norwegian Bokmal update. Closes: #250339 + - Bosnian added. Closes: #251140 + - Catalan updated. Closes: #251716 + - Greek update. Closes: #251990 + - Welsh added (directly sent by Dafydd Harries + * Christian Perrier + - debian/passwd.config : a few rewards to a few people. Just check + the code + + -- Christian Perrier Tue, 1 Jun 2004 09:11:01 -0300 + +shadow (1:4.0.3-28.3) unstable; urgency=high + + * NMU for correcting my mistake + * Remove an extra "fi" in passwd.config. Closes: #250169 + * Debconf translation updates: + - Norwegian Nynorsk. Closes: #249682 + + -- Christian Perrier Fri, 21 May 2004 06:50:13 +0200 + +shadow (1:4.0.3-28.2) unstable; urgency=high + + * NMU for Debian Installer rc1 release schedule + * Removed duplicate sentence in templates. Closes: #244734, #244604 + * Move the "root password empty" check before the root password + confirmation. Closes: #247770 + * Debconf translation updates: + - Danish. Closes: #246859 + - Spanish. Closes: #246302 + - Russian. Closes: #248392 + - Simplified Chinese. Closes: #248938 + - Lithuanian. Closes: #249141 + - Italian. Closes: #249257 + - Dutch sent directly by Bart Cornelis + - Korean sent directly by Changwoo Ryu + - Galician sent directly by Héctor Fernández + - Romanian sent directly by Eddy Petrisor + * Programs translation updates: + - Korean. Closes: #242055 + - Japanese. Closes: #242586 + - Polish. Closes: #246376 + - Slovak. Closes: #247084 + - Basque. Closes: #248386 + - German. Closes: #248391 + - Russian. Closes: #248392 + - Spanish. Closes: #248516 + - Czech. Closes: #248648 + - Simplified Chinese. Closes: #248957 + - Indonesian. Closes: #242813 + - Italian sent directly by Giuseppe Sacco + * Translated man pages + - Typo correction in Brazilian Portuguese for gpasswd. Closes: #247698 + + -- Christian Perrier Tue, 18 May 2004 12:09:34 +0200 + +shadow (1:4.0.3-28.1) unstable; urgency=high + + * NMU for special purposes below + * Urgency set to high for helping out Brazilian DD's building CD's + for FISL conference + * Translation updates: + - Debconf: + - Brazilian Portuguese. Closes: #246848 + - Spanish. Was unfortunately based on older templates hence + this does not close 246302 + - Basque: Closes: #243545 + - German: Closes: #242116 + + -- Christian Perrier Mon, 10 May 2004 23:23:25 +0200 + +shadow (1:4.0.3-28) unstable; urgency=low + + * Fix login and passwd in preinst to avoid promts on woody upgrade, + Closes: #243099 + * Fix login and passwd configuration file to support common-passwd + * Apply NMU patch from Christian Perrier, Closes: #241438 + + -- Sam Hartman Thu, 29 Apr 2004 16:31:25 -0400 + +shadow (1:4.0.3-27) unstable; urgency=low + + * update "da" debconf translation, closes: #241262 + * new "pt_BR" program translation, closes: #241366 + + -- Karl Ramm Thu, 1 Apr 2004 00:19:44 -0500 + +shadow (1:4.0.3-26.1) unstable; urgency=low + + * NMU for Debian Installe rneeds + * Translation updates: + - Debconf: + - French. Closes: #241438 + - Ukrainian. Closes: #241514 + - Swedish: #241558 + - Japanese. Closes: #241802 + - Danish. Closes: #241262 + - Portuguese. Closes: #241675 + - Polish. Closes: #243185, #242996 + - Czech. Closes: #241877 + - Korean. Closes: #241928 + - Greek. Closes: #242396 + - Turkish. Closes: #243103 + - Slovak. Closes: #245671 + + -- Christian Perrier Wed, 28 Apr 2004 11:47:34 +0200 + +shadow (1:4.0.3-26) unstable; urgency=low + + * Have passwd.config fall back gracefully to useradd if adduser is + unavailable. closes: #240894 + + -- Karl Ramm Wed, 31 Mar 2004 00:26:17 -0500 + +shadow (1:4.0.3-25) unstable; urgency=low + + * Update "da" program translation, thanks to Claus Hindsgaul. + * Update "sv" translation, closes: #239198 + * lower debconf priority of shadow password question to 'low' + + -- Karl Ramm Tue, 30 Mar 2004 19:39:59 -0500 + +shadow (1:4.0.3-24) unstable; urgency=low + + * add new program translations to the file manifest. *sigh* + closes: #241016 + * add "tr" debconf translation. closes: #239148 + * Rearrange username creation dialog text to make sense in + new order. closes: #240607 + * Edit the debconf templates for content. + * Remove the program .gmo files in the clean step. closes: #200054 + + -- Karl Ramm Tue, 30 Mar 2004 11:37:22 -0500 + +shadow (1:4.0.3-23) unstable; urgency=low + + * increase maximum group name size to 32 for no particularly good reason + closes: #240456 + * fix su man page to reflect code. closes: #239805 + * fix username defaulting in passwd.config. closes: #238781 + * update "it" debconf translation. closes: #237504 + * update "ru" debconf translation. closes: #238211 + * update "de" debconf translation. closes: #238779 + * update "el" debconf translation. closes: #240473 + * add "nn" debconf translation. closes: #238590 + * add "da" program translation. closes: #238005 + * add "nl" program translation. closes: #238488 + * add "pt" program translation. closes: #238796 + * add "pt" debconf translation. closes: #239641 + * remove spurious const, closes: #240677 + + -- Karl Ramm Sun, 28 Mar 2004 19:46:34 -0500 + +shadow (1:4.0.3-22) unstable; urgency=low + + * Don't assume that lastlog.ll_time or utmp.ut_time or utmpx.ut_tv are made + up of time_ts and timevals, because they aren't on x86-64. Dismaying + but true. + + -- Karl Ramm Sun, 14 Mar 2004 16:53:21 -0500 + +shadow (1:4.0.3-21) unstable; urgency=low + + * Try and get the right French translation update in the right place, + Karl, you can do it even if you do only speak English. Closes: #236993 + + -- Karl Ramm Wed, 10 Mar 2004 15:31:35 -0500 + +shadow (1:4.0.3-20) unstable; urgency=low + + * Added Norwegian Bokmal debconf translation, closes: #206349 + * tell shadow build system about new message translations + + -- Karl Ramm Thu, 4 Mar 2004 11:04:44 -0500 + +shadow (1:4.0.3-19) unstable; urgency=low + + * When creating a user account in psaswd.config, ask for full name + first, and make up a default username. Closes: #235386 + * "No really, assume md5 passwords". Closes: #223664 + + -- Karl Ramm Thu, 4 Mar 2004 00:42:08 -0500 + +shadow (1:4.0.3-18) unstable; urgency=low + + * Removed po/cs.po and added new debian/po/cs.po + Updated Czech translation, closes: #229125 + * Updated Japanese debconf translation, closes: #227237 + * Updated Danish debconf translation, closes: #227619 + * Updated Dutch debconf translation, closes: #227883 + * Updated Brazilian Portuguese debconf translation, closes: #228080 + * Added Simplified Chinese debconf translation + Added Simplified Chinese programs translation + Closes: #229334 + * Added Greek debconf translation + Added Greek programs translation + Closes: #229504, #229528 + * Added Finnish programs translation, closes: #230369 + charset changed from UTF-8 to ISO-8859-1 as the bug patch was wrong + * Updated German debconf translation, closes: #232710 + * Updated Russian debconf translation, closes: #235541 + * Added Ukrainian debconf translation, closes: #233560 + * Added Lithuanian debconf translation, closes: #235698 + * thanks to Christian Perrier + + -- Karl Ramm Wed, 3 Mar 2004 22:56:31 -0500 + +shadow (1:4.0.3-17) unstable; urgency=low + + * Fix braino in version number of example dependency in README.shells. + Apologies to anyone foolhardy enough to believe my documentation. + * Add Swedish debconf translation, closes: #225059 + * New French debconf translation, closes: #225914 + * Add Catalan debconf translation, closes: #227029 + * add securetty files for the hurd, freebsd, and netbsd, closes: #200739 + + -- Karl Ramm Sun, 11 Jan 2004 17:37:54 -0500 + +shadow (1:4.0.3-16) unstable; urgency=low + + * run dh_installdeb *after* dh_installdebconf, + remove . from short description of passwd, + add versioned conflict with debconf older than 0.5 + closes: #224133 + * replace manpages-it due to man page conflict + closes: #224474 + * fix the *other* su syslogs. + closes: #224508 + * fix filename in control file, closes: #224579 + * fix permissions on chage and expiry, closes: #224717 + * run debconf-updatepo + * remove debian/compat as redundant + + -- Karl Ramm Mon, 22 Dec 2003 19:53:30 -0500 + +shadow (1:4.0.3-15) unstable; urgency=low + + * remove bogus dependency on base-config 2.00, + closes: #222772, #223726 + * New Czech translation thanks to Miroslav Kure. + + -- Karl Ramm Fri, 12 Dec 2003 18:40:25 -0500 + +shadow (1:4.0.3-14) unstable; urgency=low + + * exit 30 when backing all the way out in passwd.conf, and + depend on base-config 2.00, closes: #222772 + * adjust debconf templates for debian-installer work, + closes: #222832 + + -- Karl Ramm Thu, 11 Dec 2003 01:53:37 -0500 + +shadow (1:4.0.3-13) unstable; urgency=low + + * Fix typo passwd.config. Closes: #223079, #222714 + * Let's try out this oldfangled anonymous ftp upload queue. + + -- Karl Ramm Mon, 8 Dec 2003 17:59:31 -0500 + +shadow (1:4.0.3-12) unstable; urgency=low + + * Explicitly use automake-1.7 and aclocal-1.7. closes: #216594 + * Update Danish debconf translation. closes: #216542 + * Update French debconf translation. closes: #206352 + * Update Dutch debconf translation. closes: #212995 + * Remove redundant dependency on grep. closes: #216535 + * Fix chfn documentation bug. closes: #213931 + * Fix su syslogs to be less ambiguous. (old:new instead of old-new + because '-' can appear in usernames.) Not clearer, mind you, but less + ambiguous. closes: #213592 + * Rename limits(5) to limits.conf(5) and edit to reflect reality. + closes: #212935 + * Move the change_uid call in login back to where it was before -11, and + relocate the fork for pam_close_session above it. closes: #211884 + + -- Karl Ramm Sat, 25 Oct 2003 15:26:20 -0400 + +shadow (1:4.0.3-11) unstable; urgency=low + + * update Japanese debconf translation. closes: #210382 + * update Brazilian Portugese debconf translation. closes: #208122 + * run pam cleanup code as root. closes: #195048 + + -- Karl Ramm Sat, 13 Sep 2003 17:49:29 -0400 + +shadow (1:4.0.3-10) unstable; urgency=low + + * postinst sources confmodule. closes: #88843 + * Implement the pam configuration New World Order. Wow, that was quick. :-) + * Implement a scheme for allowing other packages to modify /etc/shells. + + -- Karl Ramm Fri, 22 Aug 2003 20:58:42 -0400 + +shadow (1:4.0.3-9) unstable; urgency=low + + * fix mysterious creeping bug in po/Makefile.in.in, closes: #200052 + * dutch debconf translation, closes: #204578 + * switch to po-debconf, closes: #183998, #200130 + * use automake1.7, closes: #205991 + * update german debconf translation, closes: #94138 + * I can't come up with a good justification as to why characters other + than ':'s and '\0's should be disallowed in group and usernames (other + than '-' as the leading character). Thus, the maintenance tools don't + anymore. closes: #79682, #166798, #171179 + * Fix typo in /etc/pam.d/su. closes: #196804 + * danish debconf translation, closes: #118245 + * russian debconf translation, closes: #198729 + * And last, but not least, what's undoubtedly going to be the most + popular change: md5 passwords are turned on by default, and there is + no prompt to change them. Yes, this is reduced functionality. No, it + can't go back in the way it was; the old code not only modified + conffiles, it modified *other*packages* conffiles and was a massive + policy violation. I expect this change will motivate the people who + have said that they will come up with a proper solution to do so. + closes: #186016, #110228, #171808 + + -- Karl Ramm Wed, 20 Aug 2003 02:06:50 -0400 + +shadow (1:4.0.3-8) unstable; urgency=low + + * Fix missing ':' in getopt call. closes: #184301 + * Don't install mkpasswd, we don't use it. closes: #185919, #187906 + * replaces: manpages-ko. closes: #184810 + * Fix the message in #190567 (not closing until it's been accepted upstream) + * Fix brainos in login.1. closes: #184731 + * Fixup permissions for chage. closes: #184138 + * Force the umask to 022 in passwd.config. closes: #182506 + * Add Sam Hartman as an uploader. + * Update standards-version. + * Add versioned build-depend on debhelper. + + -- Karl Ramm Sat, 26 Apr 2003 15:34:16 -0400 + +shadow (1:4.0.3-7) unstable; urgency=low + + * When relocating a user's home directory, don't fail and remove the new + home directory if we can't remove the old home directory for some + reason; the results can be spectularly poort if, for instance, only + the rmdir() fails. closes: #166369 + * run dh_installdebconf so base-config will work. *sigh*. closes: #166788 + + -- Karl Ramm Sun, 24 Nov 2002 21:40:30 -0500 + +shadow (1:4.0.3-6) unstable; urgency=low + + * remove automake dependency and leave only automake1.5, since it seems + to confuse the alpha and mipsel autobuilders for some reason. + + -- Karl Ramm Sun, 13 Oct 2002 21:45:15 -0400 + +shadow (1:4.0.3-5) unstable; urgency=low + + * build-depend on libtool and automake. oops. closes: #164545 + + -- Karl Ramm Sun, 13 Oct 2002 01:44:47 -0400 + +shadow (1:4.0.3-4) unstable; urgency=low + + * I am unable to begin to express the bitterness that I'm now experiencing. + * replaces manpages-de <= 0.4-4, closes: #162097, #162173 + * replaces manpages-fr, closes: #162150 + * replaces manpages-hu, closes: #162126 + * replaces manpages-ja, closes: #163511, #162095 + * fix sg symlink, closes: #162339, #163652 + * newgrp should be aware that getlogin() and ttyname() are not + guaranteed to return anything and NOT blindly assume that they + successfully returned a pointer to a string. I mean, really, people, + that sort of thing hasn't been reliable since 4.2BSD on a VAX. I'll + bet most of the working on the upstream weren't even born yet when + this sort of thing was commonplace (it was NEVER acceptable). + closes: #162303 + * pull the manpage for the spiffy su forward. closes: #162275 + * depend on automake1.5, and rerun the autogrunge. This should + *hopefully* make it build more consistently. + * this concludes the biweekly treading of water. + + -- Karl Ramm Sat, 12 Oct 2002 14:56:16 -0400 + +shadow (1:4.0.3-3) unstable; urgency=low + + * the "fix the brain damage" release + * fix pam brain-damage in ch{age,passwd}, {group,user}{add,del,mod}, newusers + closes: #162181, #162199, #162228 + * fix vipw symlink brain-damage: closes: #162218 + * fix package description brain damage, closes: #139563 + * install cp{pw,gr} brain damge + + -- Karl Ramm Wed, 25 Sep 2002 01:21:35 -0400 + +shadow (1:4.0.3-2) unstable; urgency=low + + * fix "su -". closes: #162089 + * document exit codes of groupdel and userdel (again, for userdel) + closes: #161861 + * clean up logoutd cleanup + + -- Karl Ramm Mon, 23 Sep 2002 19:44:40 -0400 + +shadow (1:4.0.3-1) unstable; urgency=low + + * new upstream version! closes: #149444, #150237, #145415 + * completely new packaging! + * all new bugs! + * old bugs as well! + * remove /etc/init.d/logoutd, like the old postrm should've, closes: #160682 + * fix passwd manpage, closes: #160477, #122797 + * fix lastlog manpage, closes: #159886 + * add as many virtual console devices as I seem to have to securetty, + closes: #156472 + * add ttyS0 and tts/0 to securetty. closes: #130138 + * su should not segfault if nobody has uid 0. closes: #139967 + * install and use translations. closes: #118238 + * upstream uses new automake. closes: #114935 + * add russian template file for password. closes: #130358 + * handle template installation correctly. closes: #156674 + * don't place a maximum restriction on the length of passwords. + closes: #159487 + * fix description. closes: #145459 + * update config.{guess,sub} + + -- Karl Ramm Wed, 18 Sep 2002 10:14:08 -0400 + +shadow (20000902-12) unstable; urgency=high + + * "oops" + * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 + + -- Karl Ramm Sun, 7 Apr 2002 11:54:48 -0400 + +shadow (20000902-11) unstable; urgency=low + + * Fix some nits: + * remove changelog~ file. oops. closes: #139711 + * fix typo in control. closes: #139564 + * Hmmm. People open more bugs when I upload new versions of things. + Maybe they just notice them more then, or maybe it's just Murphy. + + -- K. Ramm Tue, 26 Mar 2002 12:14:33 -0500 + +shadow (20000902-10) unstable; urgency=low + + * We hates the automake. We hates it forever. closes: #139293 + * stupid ommision: logoutd still in postinst. closes: #139422 + * make login.defs a bit clearer. closes: #138809 + + -- Karl Ramm Fri, 22 Mar 2002 12:09:07 -0500 + +shadow (20000902-9) unstable; urgency=medium + + * Get rid of logoutd, it doesn't work, didn't work in potato, and now + it's causing people to open RC bugs. closes: #138259, #66153, #121940 + I'm told the timeoutd package does a better job anyway. + * add /bin/tcsh to /etc/shells, closes: #118103, #122112 + * add /bin/ksh to /etc/shells, closes: #123556 + * remove text about password aging from passwd(5), closes: #137493 + * spanish debconf template for passwd, closes: #136463 + * document the fact that you can not have a valid password in + /etc/shadow. closes: #131690 + * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 + * fix locations of utmp and wtmp in login(1), closes: #119656 + * The package description for passwd refers to README.Debian.gz + but only README.debian.gz actually exists. Most packages use + README.Debian.gz, but the control file is the only place that gets it + wrong for this package. When in doubt, fix the documentation. :-) + closes: #116955 + + -- Karl Ramm Thu, 14 Mar 2002 17:05:56 -0500 + +shadow (20000902-8) unstable; urgency=low + + * check in passwd.expire.cron for already-expired passwords; closes: #102319 + * note in chage.1 and shadowconfig.8 that password aging information + only works when shadow passwords are enabled. closes: #103702 + * enable changing the name in chfn by default. closes: #107819 + * fail to mangle files in lib/commonio.c, thanks to matt@linuxbox.nu + * add /dev/console to the secure ttys list. because. closes: #113949 + * find the FHS mail spool first in configure. closes: #114951 + (thanks to mjb@debian.org) + * above sadly causes automake to go bonkers, and I don't want to + reassemble the build system before woody is released. Keep automake + from going off on its own. + * terminate argument validation in login when it hits a '--'. + closes: #66368 + + -- Karl Ramm Mon, 22 Oct 2001 11:17:35 -0400 + +shadow (20000902-7) unstable; urgency=low + + * the "I'm sorry, I should've done this earlier" release + * Cancel login timeout after authentication so that patient people + timing out on network directory services can log in with local + accounts. Closes: #107148 + * Add Brazillian Portugese debconf template translation for passwd. + Closes: #105292, #93223 + * Pull /usr/share/doc/$package/README.shadow-paper.gz. Closes: #98058 + * Use getent instead of group to verify existence of shadow group + [works better for distributed group files]. Closes: #99902 + [Note that this sort of problem is rampant in these postinst and + config scripts, but that's not getting fixed in woody.] + * Amend reference to /usr/doc in shadowconfig.8. Closes: #102804 + * su should set $USER. Closes: #102995 + * userdel now deletes user groups from /etc/gshdow as well as + /etc/group. Closes: #99442 + * grpck now has an (otherwise undocumented) -p option, so that + shadowconfig can clean up the results of the above, so the config + script will fail randomly less often. Closes: #103385 + + -- Karl Ramm Wed, 22 Aug 2001 12:09:27 -0400 + +shadow (20000902-6.1) unstable; urgency=low + + * Non-maintainer upload. + * Upgrade to latest config.sub and config.guess. Closes: #88547 + + -- Gerhard Tonn Fri, 1 Jun 2001 20:38:43 +0200 + +shadow (20000902-6) unstable; urgency=medium + + * actually set root's password when appropriate + patch thanks to joeyh, closes #98402 + * fix error in expiry man page. Such damage. closes: #99291 + * fix group of setgid program chage and expiry, closes: #98122 + + -- Karl Ramm Thu, 31 May 2001 07:38:59 -0400 + +shadow (20000902-5) unstable; urgency=low + + * add build dependency on file, to keep libtool happy. closes: #97498 + + -- Karl Ramm Wed, 16 May 2001 06:57:23 -0400 + +shadow (20000902-4) unstable; urgency=low + + * Change maintainers, closes: #92355 + + -- Karl Ramm Sun, 13 May 2001 03:28:07 -0400 + +shadow (20000902-3.1) unstable; urgency=low + + * Non-maintainer upload + * Recompile to fix ARM lossage + + -- Philip Blundell Sun, 11 Mar 2001 07:47:27 -0500 + +shadow (20000902-3) unstable; urgency=low + + * Update config.sub and config.guess so ia64 compiled, closes: #81897 + * libmisc/sub.c: skip '*' in shell name when doing subsystem, closes: + #82893 + * src/su.c: don't assume uid 0 == "root", use getpwuid to fetch it, + closes: #81924 + * This was fixed in a previous version, closes: #77057 + * Update passwd long desc, closes: #88299 + * Conflict with suidmanager << 0.5, and remove suid{,un}register calls, + closes: #87157 + * Update policy to 3.5.0.0 + * Added debconf support for passwd from base-config + + -- Ben Collins Sat, 3 Mar 2001 07:26:57 -0500 + +shadow (20000902-2) unstable frozen; urgency=low + + * control.hurd->control.gnu: closes: #77940 + * Cannot reproduce, closes: #79447 + * User never sent a patch, plus I think removing the passwd/account when + doing passwd -l is a bad idea. Makes it so you cannot unlock the + account. closes: #77824 + * Don't allow shadowconfig to change perms of other binaries, close: #77057 + * IMO, this is not a bug. It's part of a feature, and can be disabled by + turning off USER_GROUPS. closes: #76806 + * /bin/login is suid root for several good reasons. For one, it allows + daemons that use it to run as non-root. This is a good thing since it + means only one program is running as root, and not several. closes: #17911 + * sulog is fairly easy to grep or parse so I don't see how the + similarity of the log entries for failed and successful is a problem. + '-' for failed, '+' for success. closes: #63801 + * logoutd.8: s,/etc/utmp,/var/run/utmp, closes: #80494 + * Fix case where pam_auth returns a NULL username, closes: #76817, #75510 + * Hmm, Linux is a sysv derivative, so the comment is perfectly + legitimate, closes: #76898 + * MAX_PASSWORD is used by useradd, and CHFN_AUTH is actually used by + * chfn to decide if the current user needs to auth in order to change + their info, closes: #71114 + * login.1: Fix \' closes: #75435 + * login -f works for me assuming you call it as root. I tested this with + plain pam_unix.so, and also with pam_unix.so stacked with pam_ldap.so. + So if it doesn't work with telnet-heimdal, then that program is not + doing something right. closes: #78186 + * login.pam.d: made pam_nologin.so requisite. closes: #80111 + * su to root seems pretty quick to me, closes: #64756 + * xmalloc.c: remove decleration of malloc, which was causing system + * header conflicts. closes: #80398 + + -- Ben Collins Sun, 31 Dec 2000 14:33:47 -0500 + +shadow (20000902-1) unstable frozen; urgency=low + + * New upstream release, lots of Debian patches merged, closes: #72735 + * man/passwd.1: removed reference to passwd(3), closes: #72704 + * man/chsh.1,man/chfn.1: document login.defs affects on these programs, + closes: #68029 + * not a bug, expected behavior, closes: #74137 + * IMO, this is a bug in the user's setup, closes: #65600 + * securetty: add devfs console devices, closes: #71946 + * libmisc/sulog.c: removed arbitrary limit on number of chars printed of + the tty name (truncated to 6 chars, which is silly), closes: #65404 + * tested this, and it works fine for me so long as pam_unix.so is called + with the nullok option (which it isn't by default because of security + concerns), closes: #75063 + * appears to be fixed by PAM, closes: #70627 + * src/useradd.c: user mkstemp instead of mktemp, per libc6 linktime + warning + * src/su.c: fixup arg handling passed to shell, closes: #75326 + + -- Ben Collins Mon, 23 Oct 2000 13:22:29 -0400 + +shadow (19990827-21) unstable frozen; urgency=low + + * Added build deps + * Use pre-generated files for hurd/linux control file. The old method of + using cpp would have broken with the new gcc. + + -- Ben Collins Wed, 26 Jul 2000 21:04:03 -0400 + +shadow (19990827-20) unstable frozen; urgency=low + + * Release Manager + None of these are marked as RC in the BTS, however, they do make the + package unsuitable for release. Since this is an essential package (IOW, + installed on every Debian system), I hope you can see how important it + is to make sure this package is perfect. None of the changes are + functional (except the fix in logoutd's init script, which was a 20 char + change), so please consider this for the next test cycle. + * Fix logoutd init script from spurious output when /etc/porttime is not + there, closes: #63962, #64067 + * su: Fix typo in usage output, closes: #60226 + * passwd: Fixed typo and missing newline in output for successful password + change, closes: #64106, #63703 + * passwd.1: Add documentation on the -f, -e, -s and -d command line + options, closes: #64339, #64410 + * login: Verified that utmp/wtmp works when called by telnet with -h + option, closes: #56854 + + -- Ben Collins Tue, 23 May 2000 14:40:01 -0400 + +shadow (19990827-19) unstable frozen; urgency=low + + * debian/local/shells: added esh, closes: #59934 + * logoutd: modify to work with pam_time.so's time.conf file, modify + manpage to reflect this, closes: #61300 + * userdel.8: added note about group removal, closes: #56723 + * base-config handles md5 setup, closes: #60125 + * cppw: make sure it gets installed, closes: #62960 + * passwd: correct error message for "not you", closes: #61313 + * sulog.c: fixed extern for char (char foo[] -> char *foo), closes: #61643 + * userdel.8: documented userdel's exit values, closes: #54775 + * passwd: error messages are two fold, the second is actually from + pam_strerror(), closes: #61937 + * passwd: print "success" on successful password change, closes: #58676 + + -- Ben Collins Sat, 29 Apr 2000 10:26:56 -0400 + +shadow (19990827-18) unstable frozen; urgency=low + + * Crap, all the bug fixes from -17 need to go to frozen too + + -- Ben Collins Tue, 29 Feb 2000 14:57:14 -0500 + +shadow (19990827-17) unstable; urgency=low + + * Fixed typo in login.defs, closes: #54877 + * logoutd.init.d: Check for /etc/security/time.conf, closes: #54900 + * login.defs: Added note about the MAIL env option, closes: #54768 + * login.pam.d,passwd.pam.d: Use new options in pam_unix.so to enable + obsure password checks. This mimics the old behavior in pre-PAM + shadow, closes: #58203 + * Use patch from Topi Miettinen to add pam session + ability to su, closes: #57526, #55873, #57532 + * Made login's -f option also able to use the username after -- if none + was passed as it's optarg, closes: #53702 + + -- Ben Collins Mon, 28 Feb 2000 12:37:22 -0500 + +shadow (19990827-16) unstable; urgency=low + + * got rid of g+s directories in the source tarball, closes: #54585 + * make su mode 4755 in the package. This way there is no chance of a + failed dpkg install causing it to be left without suid root perms + before suidmanager or chmod is called in the postinst. + * src/login.c: added faillog support to the pam_authenticate loop. This + loop is now completely rewritten, and should produce better results on + failures, closes: #53164 + + -- Ben Collins Sun, 9 Jan 2000 23:35:08 -0500 + +shadow (19990827-15) unstable; urgency=low + + * src/su.c: moved signal() call to re-establish SIGINT to right place, + closes: #54496 + * src/login.c: if hostname is blank (not a remote login via rlogin or + telnet), then use the tty to log failures in syslog, closes: #53966 + * passwd: Locking a password by appending '!' appears to be pretty + standard, so ssh needs to check for it. + * passwd and login come with a README.pam that discusses the differences + between the PAM and old non-PAM versions. It also talks about where to + look for details. Also now that I have added the extra examples to the + pam.d files, I hope this satisfies...closes: #52917 + * A new package, base-config, which will be used by boot floppies is + going to have an option to configure MD5 usage for passwords. Since + this is the best place for it, and I don't really have any control + over it, I am .... closes: #47620 + * libmisc/chowntty.c: applied patch for read-only root, closes: #52069 + + -- Ben Collins Sat, 8 Jan 2000 22:11:29 -0500 + +shadow (19990827-14) unstable; urgency=low + + * debian/local/shells: added /bin/zsh, closes: #53883 + + -- Ben Collins Sun, 2 Jan 2000 13:51:42 -0500 + +shadow (19990827-13) unstable; urgency=low + + * su.c: ignore SIGINT while authenticating, closes: #52372 + * su.pam.d: added 2 new examples of how to allow su for wheel users + without prompting for a password, and also how to deny users of a + specific group. + + -- Ben Collins Sat, 1 Jan 2000 22:29:46 -0500 + +shadow (19990827-12) unstable; urgency=low + + * Recompiled against latest libpam and up'd the module deps, + closes: #52171 + * login.pam.d: added "noenv" option so we don't clobber login's setting, + closes: #51441 + + -- Ben Collins Tue, 14 Dec 1999 22:41:40 -0500 + +shadow (19990827-11) unstable; urgency=low + + * debian/passwd.in: add a preinst (matches login's) to fix the latest + build change (only affected hurd since it doesn't use login). + * debian/scripts/passwd.mk: use passwd.preinst instead of login.preinst + to complete the fix above. + + -- Ben Collins Mon, 6 Dec 1999 18:25:07 -0500 + +shadow (19990827-10) unstable; urgency=low + + * src/login.c: only set pam_fail_delay if > 0. Also make the default 0 + so not defining it has the same affect as disabling it, closes: #51178 + * src/userdel.c: make sure we remove the shadow group entries when + removing the users own group, closes: #50005, #50138 + + -- Ben Collins Fri, 26 Nov 1999 22:37:44 -0500 + +shadow (19990827-9) unstable; urgency=low + + * src/su.c: Fixed getopt parsing, and added a usage output + * man/su.1: minor typos + + -- Ben Collins Mon, 8 Nov 1999 22:13:05 -0500 + +shadow (19990827-8) unstable; urgency=low + + * src/login.c: fixed loggin of username on succesful login (was using + the normal username, when it should have used pam_user), + closes: #47819 + * src/login.c: check for hushed login and pass PAM_SILENT if true, + closes: #48002 + * src/useradd.c: set def_shell to /bin/bash, closes: #48304 + * doc/README.debian: add note about how to avoid issues with nscd's + lag in aging the cache, closes: #48629 + * src/cppw.c: new program to assist copying a passwd/group file without + corruption, closes: #42141 + + -- Ben Collins Tue, 2 Nov 1999 21:46:28 -0500 + +shadow (19990827-7) unstable; urgency=low + + * {passwd,login}.pam.d: added blurb about how to use the pam_cracklib + module, and also changed it to use pam_unix and not pam_pwdb (gah! + how did that happen?), closes: #46983 + * README.debian: changes to reflect new PAM usage aswell as removing + references to obsolete config files, closes: #46595 + * passwd.expire.cron: example script that informs users by email when + their accounts are about to expire, closes: #41393 + * lastlogin.c: added -h option and usage aswell as long option support, + closes: #45804 + * shadow now only has 3 wishlist bugs and nothing else + + -- Ben Collins Sat, 9 Oct 1999 11:54:16 -0400 + +shadow (19990827-6) unstable; urgency=low + + * debian/shells: new file, needed to include /bin/sash, closes: #45826 + * useradd.8,groupadd.8: added note about the prefered use of adduser + and addgroup when conforming to Debian policy (taken from notes in + adduser's man pages), closes: #22821 + * dialups.5: new man page that documents /etc/{dialups,d_passwd}, + closes: #42212 + * src/su.c: added -m, -p and -s command line options to match GNU options, + also documented in su(1), closes: #45394, #46424 + * login.defs.5: clarified usage of TTYTYPE_FILE, closes: #23194 + * login.pam.d: added pam_issue.so which replaces the old ISSUE_FILE from + login.defs, this also allows it to grok escapes in the issue file, + also increases the MODDEPS to (>= 0.69-10). By default this module is + not enabled, closes: #21044 + * login.defs.pam.linux: added ISSUE_FILE to list of deprecated options + + -- Ben Collins Mon, 4 Oct 1999 19:56:22 -0400 + +shadow (19990827-5) unstable; urgency=low + + * {login,su}.1: added description of a subsystem login, closes: #31987 + * src/chowndir.c: fixed recursive chown's on usermod, also changed it + to use lchown and lstat since we actually want that, closes: #46405 + * su.1: removed reference to suauth aswell as added "-c" to the SYNOPSIS, + closes: #45685 + * login.1: added options to the SYNOPSIS and documented OPTIONS, + closes: #28763 + * login.defs.5: documented the ENVIRON_FILE options (even though it's + not really used in the PAM version), close: #28786 + * 010_src_gpasswd.c: new patch, fixes changing group passwords when not + using shadow groups, closes: #25919 + * {chfn,chsh,login}.pam.d: added nullok to pam_unix.so auth line to + allow for passwordless accounts, closes: #46510 + * login.pam.d: add "standard" to the pam_mail option so we get old + style "You have..." login messages. + + -- Ben Collins Sun, 3 Oct 1999 13:41:53 -0400 + +shadow (19990827-4) unstable; urgency=low + + * Alright, we are really getting some usage from this now, and seeing + some odd ball setups, so it means more work for me, but more stable + and feature filled software for you :) + * debian/{login,su}.pam.d: Fixed spelling errors, closes: #45234, #45235 + * debian/login.pam.d: Added commented pam_access.so reference and + description, closes: #45241 + * src/login.c: moved usage of setup_uid_gid() when PAM is enabled or + pam_groups.so's groups get clobbered + * src/newgrp.c: don't call sanitize_env() and also make sure we don't + check passwords when the user is trying to get back to their default + group, closes: #22244 + * Closed some other bugs that were either not really bugs, or they weren't + reproducable. + * debian/login.pam.d: moved around the pam_motd and pam_mail modules to + order them the same as old login would have done + + -- Ben Collins Sun, 19 Sep 1999 19:42:13 -0400 + +shadow (19990827-3) unstable; urgency=low + + * This is a "Sit down and really fix some bugs" update. I'm going through + the ones that really need some work. + * src/vipw.c: use the system() call to invoke the editor so that it accepts + command line args in the EDITOR and VISUAL environment vars, closes: #31029 + * src/userdel.c: added code to remove user groups (of the same name) if there + were no members left and USERGROUPS_ENAB is set to yes, closes: #35046 + * login.defs: documented above change + * {login,passwd}.postinst: fixed some bashisms, closes: #45159 + * login.defs.pam.linux: documented the FAKE_SHELL option, closes: 31987 + * su.1,login.1: documented the subsystem root ability in login and su, closes: + * doc directory for both packages now includes the README.shadow-paper file + closes: #15391 + + -- Ben Collins Sun, 19 Sep 1999 15:49:11 -0400 + +shadow (19990827-2) unstable; urgency=low + + * debian/rules: use "$(CC) -E" instead of "cpp" to make it easier to + cross compile for Hurd (requested by Marcus Brinkman). + * debian/login.pam.d: forgot to remove that comment about login not + being PAMified, it is and works fine. + * src/login.c: Added login.defs option to turn on and off the persistent + login, also give note on when it isn't and is needed in login.defs. + * lib/getdef.c: Added CLOSE_SESSIONS for above code. + * man/login.defs.5: document the new CLOSE_SESSION option for login + * logoutd: disabled until I can fix it to grok /etc/security/time.conf + + -- Ben Collins Mon, 13 Sep 1999 18:57:47 -0400 + +shadow (19990827-1) unstable; urgency=low + + * New Maintainer, with Guy's consent. + closes: #22296, #22331 (closed some NMU bug reports) + * New upstream release, closes: #15879, #24712, #25739, #28785, #32991 + closes: #38672, #39933, #41060, #42480, #22534, #12690, #36150, #26412 + closes: #40398, #43750 + * Ok, now for some dusting and house cleaning (aka The Bug Killfile + Begins Here): + %%- login package + - Not a bug in login anymore, closes: #28098 + - No longer pertinent, and is not controlled by the login program, + closes: #23155 + - This does not appear to be a bug anymore, closes: #32424 + - This is not a login problem. Xterm itself prints the LOGIN message + and it does _not_ read login.access, closes: #16958 + - Seems to be fixed, closes: #28098 + - Huge list of "Fixed" bugs, that I want to close. I really need to + start with a clean slate in order to get some of this cleaned up, + closes: #3439, #11443, #13485, #13815, #15176, #15998, #16187, #17529 + closes: #17532, #17532, #18133, #18225, #20052, #20876, #21280, #21357 + closes: #21687, #21695, #21746, #21767, #22716, #24710 + - lastlog(8): Clarified differences in the usage of "login-name" and + UID, closes: #26727 + %%- passwd package + - newuser: appears to be working correctly and placing x, not !, + closes: #19620 + - userdel(8): added note about user's mail spool also being deleted, + closes: #20790 + - Can't reproduce this one, closes: #21639 + - -e expire_date + The date on which the user account will be dis- + abled. The date is specified in the format + MM/DD/YY. + Bug filer was trying to use an integer instead of the documented + format, closes: #22533 + - chfn's command line options seem to work for root and non-root, + closes: #25396 + - seems to have been fixed by the latest upstream, #25670 + - Removed references to shadow(3), closes: #32859 + - passwd only saves first 8 chars...duh :) closes: #33368 + - userdel can only do so much, the admin should know to check some + things on their own, closes: #35418 + - Lot's of Y2K issues fixed in this release, closes: #37232 + - useradd requires the -m option to make it create a home directory + if one does not exist, closes: #39581 + - useradd's -p option requires the password to already be encrypted + as documented in useradd(8), closes: #39870, #39874 + - More "Fixed" bugs in passwd, closes: #13753, #16893, #17894, #18132 + closes: #18628, #12691 + %%- su (no longer a package, but has bugs just the same, will be + forwarded to the login package soon) + - Sorry, but su (all su's) invoke the shell with -c "cmd". This is + documented, not a bug, it's a standard interface that su expects, + go fix sash's bug for not supporting it, closes: #14551 + - Acknoledged NMU: closes: #20058 + - More "Fixed" bugs getting closed...CLOSED AT LAST, closes: #17593 + closes: #20057, #12689 + * Switched to a new build setup (dbs) + * Split makes into seperate files to make it a little cleaner + * FHS compliance changes (usr/{doc,man} to usr/share/{doc,man}) + * debian/tar.c: removed + * su: su is now going to be provided by shadow's login package and + removed from shellutils (the shellutils maintainer agreed to this) + in preperation for future PAM support. Added conflicts with older + version of shellutils that does provide the su binary. + * debian/control.in: removed the secure-su package since login now + contains su and all of it's components + * debian/control.in: modified the package descriptions to be a little + more explicative of what they do. + * Upgraded standards version to 3.0.1.1 + * Setup suidmanager support for all +s apps, closes: #15705, #15704, #15699 + * Enabled PAM. Support now for su, passwd, chfn, chsh. I am working on the + support in login. + * expiry: Changed to be installed as sgid shadow instead of suid root + since it doesn't need root priviledges. Also added man page expiry(1) based + on the comments found in expiry.c. + * Removed bashism's in control scripts. Now lintian clean (smells fresh too) + * chage.c: Keep chage from locking when not running as root, since it just + needs to read the shadow and password files. This let's it run sgid shadow + instead of suid root. When run as root, it can lock files for editing. + * login.c: Pam support Works For Me(tm)! + * login.c: Fixed PAM's auth when PAM_USER was not set from the command line, + also call pam_fail_delay() with FAIL_DELAY as the arg before authentication. + * etc/login.defs.pam.linux: new file, reflects options that PAM takesover + * etc/login.defs.pam.hurd: new file, same for Hurd + * debian/passwd.mk: make sure that login.defs.5 get's installed for Hurd + * pam.d/: Modified defaults for each service to reflect the old style and also + added commented options on how to enable obsoleted options from login.defs + in the PAM Way(tm). + * debian/rules: removed --disable-desrpc from configure options since it was + supposedly just a workaround for glibc 2.0 + * src/login.c: reset pam_fail_delay after every failure + * debian/rules: remove debian/files on clean target + * src/login.c: removed setup_limits() and check_nologin() usage when PAM is + enabled + * debian/login.pam.d,debian/login.defs.pam.linux: made notes about the pam_limits.so + module, as well as pam_nologin.so + * debian/su.pam.d: made notes about pam_limits.so module + * debian/control.in: removed depends on libpam-motd since it is now in libpam-modules, + also make login conflict with secure-su + * debian/*: setup so that Hurd does not get PAM, since they don't have it ported + completely yet. + * debian/*: Final approach to a final upload, modified login.postinst to check old + obsolete conffiles to see if the user needs a notice that they are no longer used. + + -- Ben Collins Sat, 11 Sep 1999 19:58:14 -0400 + +shadow (980403-0.3.3) unstable; urgency=low + + * Non maintainer upload. + * Add dpkg-architecture and cross compilation support to the package. + * Changes for the Hurd: + + Only build passwd, add etc/login.defs.hurd to this package. + + libmisc/rlogin.c: Conditionalize CBAUD, which is not portable. + + -- Marcus Brinkmann Thu, 5 Aug 1999 00:28:12 +0200 + +shadow (980403-0.3.2) unstable; urgency=low + + * configure.in patched for utmpx.h (for arm) + + -- Jim Pick Sun, 4 Oct 1998 19:06:15 -0700 + +shadow (980403-0.3.1) frozen unstable; urgency=low + + * Non maintainer upload. + changes.{guess,sub} changed to recognize a Arm architecture. + + -- Turbo Fredriksson Fri, 14 Aug 1998 22:37:58 -0400 + +shadow (980403-0.3) frozen unstable; urgency=high + + * Non maintainer upload. + * src/login.c: Applied patch from to + fix security hole of login not checking the return code from setgid(), + initgroups() or setuid(). [#24710] + + -- James Troup Fri, 17 Jul 1998 18:56:31 +0100 + +shadow (980403-0.2) frozen unstable; urgency=low + + * (login.defs): fixed UMASK + (thanks to James Troup for noticing my screwup :) + * Pruned non-Debian changelog entries. + + -- Joel Klecker Mon, 11 May 1998 11:25:22 -0700 + +shadow (980403-0.1) frozen unstable; urgency=low + + * Non-maintainer release. + * New upstream release (18225). + * (debian/login.postinst) + * Use 'touch' instead of 'cat >' when creating /var/log/faillog + (15998,16187,21687). + * No longer fails if no previous configured version exists (11433). + * (gpasswd): now checks which user invoked it before calling setuid() (18132). + * (debian/passwd.postinst): removed bashism (13753). + * (groupmod): NULL dereference fixed upstream, as a result, it no longer + dumps core when changing group name (16893,17894). + * (useradd): no longer segfaults if /etc/default/useradd is missing (18628). + * (login.defs.1): now documents more options (13485). + * (source): includes 'missing' (13815,18133,21280). + * (login.1): + * Removed mention of "d_passwd(5)", which doesn't exist, + and login.defs.5 now documents /etc/dialups (15176). + * Added /etc/nologin to FILES section and reference nologin(5) (21695). + * The URL mentioned in Bug#15391 is no longer valid. + * (login.defs): no longer sets ULIMIT (17529). + * (login): + * No longer uses static buffers for group lines (17532). + * Doesn't seem to make assumptions about gid_t any longer (21767). + * (faillog.8): s-/usr/adm-/var/log-g (19974). + * (lastlog.8): notes that "some systems" use /var/log instead of + /usr/adm (21746). + * Install upstream changelog as 'changelog.gz' as per policy (20052). + * (secure-su): Changed /etc/suauth to reference the group 'root' + instead of 'wheel' (17593). + + -- Joel Klecker Thu, 30 Apr 1998 18:32:12 -0700 + +shadow (970616-1) unstable; urgency=low + + * Upstream upgrade. + * chage works (10561). + * Fix NIS behavior (5634,8734,10032,10545,10984,11160,12064). + * Wrote pwconv,pwunconv,grpconv,grpunconv manpage (10940). + * vipw fixes (10521,10696,11618,11924,12184,13001) + * Fixes for new automake. + * Compile with glibc2. (8627,8777,9824,11713,11719,12082,12108,11442). + * debian/rules fixes (8876,12468). + * /etc/login.defs: UMASK=002 (9102). + * chown /dev/vcs* on login (9421,13255). + * Added tty9-tty12 to /etc/securetty (11644). + * Provide template and manpage for /etc/limits (12289). + * Fix security hole in postinst (11769). + * login fills out ut_addr field in utmp (10701). + * shadowconfig.sh fixes (9189,9328,9386,10968,12452,12469). + * Overcome postinst bug in old shadow-passwd package (9939,12120). + * useradd default GROUP=100 (9244). + * Allow 8 bit chars in chfn (12367). + * secure-su - set HOME, use SHELL if set (11003,11189). + + -- Guy Maor Fri, 26 Sep 1997 19:23:42 -0500 + +shadow (970616) unstable; urgency=low + + * vipw preserves permissions on edited files (10521). + * various other bug fixes. + + -- Marek Michalkiewicz Mon, 16 Jun 1997 02:02:00 +0200 + +shadow (970601) unstable; urgency=low + + * Fix typo in libmisc/mail.c causing login to segfault. + + -- Marek Michalkiewicz Mon, 2 Jun 1997 07:33:00 +0200 + +shadow (970502-2) unstable; urgency=low + + * Fixes to shadow group support (grpconv didn't work). + + -- Marek Michalkiewicz Fri, 2 May 1997 15:48:00 +0200 + +shadow (970502-1) unstable; urgency=low + + * Upstream upgrade. + + -- Marek Michalkiewicz Fri, 2 May 1997 03:18:00 +0200 + +shadow (961025-2) frozen unstable; urgency=medium + + * Fix useradd -D segfault (8098, 8152, 8733). + * Fix shadowconfig - permfix only on xlock; /etc/init.d/xdm rewrite, chmod + (8102, 8320, 8333, 8708). + * Remove HOWTO from usr/doc/passwd as it's in linux-doc (8150). + * Fixes to su.1 (8153). + * login, passwd, su each conflict and replace with the old shadow-* + version. (8269, 8290, 8393, 8394). + * Put /etc/shells back in passwd (8328). + * Fixed login.postinst for upgrade from shadow-login (8392). + * Added -e to pwck for use in shadowconfig: reports only errors, no + warnings (8542). + * Wrote shadowconfig.8 (8588). + + -- Guy Maor Sat, 19 Apr 1997 02:34:59 -0500 + +shadow (961025-1) unstable; urgency=low + + * Upstream upgrade, new source format. + + -- Guy Maor Mon, 10 Feb 1997 02:56:56 -0600 + +shadow (960530-1) experimental; urgency=LOW + + * Added grpunconv script + * Changed prerm/postinst scripts to remove/create shadowed group + file + * Added vipw/vigr binaries + * Renamed package to shadow-passwd + * Added packages shadow-su and shadow-login + * Added 'Essential: yes' to be able to replace passwd and login + * Section now base for shadow-passwd and shadow-login + * Added /etc/shell conffile + * Added /etc/securetty conffile + * Added new conffile /etc/suauth. Set it up so only users in group 0 + can su to root. + + -- Unknown Mon, 01 Jul 1996 00:00:00 +0000 + +shadow (960810-1) base; urgency=LOW + + * Added useradd default file so that default group is no longer 1 + * Also corrected the useradd manpage + * Replaced grpunconv script by real binary which does correct + locking. + * Added 'source' field control file to control files + * Changed version naming in debian.rules + * New upstream version + + -- Unknown Mon, 01 Jan 1996 00:00:00 +0000 + --- shadow-4.1.5.1.orig/debian/compat +++ shadow-4.1.5.1/debian/compat @@ -0,0 +1 @@ +6 --- shadow-4.1.5.1.orig/debian/control +++ shadow-4.1.5.1/debian/control @@ -0,0 +1,43 @@ +Source: shadow +Section: admin +Priority: required +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Shadow package maintainers +Standards-Version: 3.9.3 +Uploaders: Christian Perrier , Nicolas FRANCOIS (Nekral) +Build-Depends: autoconf, automake1.11, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3), libaudit-dev +Vcs-Svn: svn://svn.debian.org/svn/pkg-shadow/debian/trunk +Vcs-Browser: http://svn.debian.org/viewsvn/pkg-shadow/debian/trunk +Homepage: http://pkg-shadow.alioth.debian.org/ + +Package: passwd +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, debianutils (>= 2.15.2) +Replaces: manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1) +Multi-Arch: foreign +Description: change and administer password and group data + This package includes passwd, chsh, chfn, and many other programs to + maintain password and group data. + . + Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian + +Package: login +Architecture: any +Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libpam-modules +Conflicts: gnunet (<< 0.7.0c-2), amavisd-new (<<2.3.3-8), python-4suite (<< 0.99cvs20060405-1), backupninja (<< 0.9.3-5), echolot (<< 2.1.8-4) +Breaks: coreutils (<< 8.21-1.1~) [hurd-any], passwd (<< 1:4.1.5.1-1.1~) [hurd-any], hurd (<< 1:0.5.git20140206~) [hurd-any] +Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1), coreutils (<< 8.21-1.1~) [hurd-any], passwd (<< 1:4.1.5.1-1.1~) [hurd-any], hurd (<< 1:0.5.git20140206~) [hurd-any] +Essential: yes +Description: system login tools + These tools are required to be able to login and use your system. The + login program invokes your user shell and enables command execution. The + newgrp program is used to change your effective group ID (useful for + workgroup type situations). The su program allows changing your effective + user ID (useful being able to execute commands as another user). + +Package: uidmap +Depends: ${shlibs:Depends}, ${misc:Depends} +Architecture: any +Description: programs to help use subuids + These programs help unprivileged users to create uid and gid mappings in + user namespaces. --- shadow-4.1.5.1.orig/debian/copyright +++ shadow-4.1.5.1/debian/copyright @@ -0,0 +1,103 @@ +This is Debian GNU/Linux's prepackaged version of the shadow utilities. + +It was downloaded from: . +As of May 2007, this site is no longer available. + +Copyright: + +Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh. +All rights reserved. + +Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz. +All rights reserved. + +Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz +All rights reserved. + +Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of Julianne F. Haugh nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +This source code is currently archived on ftp.uu.net in the +comp.sources.misc portion of the USENET archives. You may also contact +the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have +any questions regarding this package. + +THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL +LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE +FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO +OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS +ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL +LOSS OF INFORMATION OR MACHINE RESOURCES. + +Special thanks are due to Chip Rosenthal for his fine testing efforts; +to Steve Simmons for his work in porting this code to BSD; and to Bill +Kennedy for his contributions of LaserJet printer time and energies. +Also, thanks for Dennis L. Mumaugh for the initial shadow password +information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System +V Release 4 changes. Effort in porting to SunOS has been contributed +by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr. +(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release +4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au). +Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl) +for taking over the Linux port of this software. + +Source files: login_access.c, login_desrpc.c, login_krb.c are derived +from the logdaemon-5.0 package, which is under the following license: + +/************************************************************************ +* Copyright 1995 by Wietse Venema. All rights reserved. Individual files +* may be covered by other copyrights (as noted in the file itself.) +* +* This material was originally written and compiled by Wietse Venema at +* Eindhoven University of Technology, The Netherlands, in 1990, 1991, +* 1992, 1993, 1994 and 1995. +* +* Redistribution and use in source and binary forms are permitted +* provided that this entire copyright notice is duplicated in all such +* copies. +* +* This software is provided "as is" and without any expressed or implied +* warranties, including, without limitation, the implied warranties of +* merchantibility and fitness for any particular purpose. +************************************************************************/ + +Some parts substantially in src/su.c derived from an ancestor of +su for GNU. Run a shell with substitute user and group IDs. +Copyright (C) 1992-2003 Free Software Foundation, Inc. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2, or (at your option) + any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + On Debian GNU/Linux systems, the complete text of the GNU General Public + License can be found in '/usr/share/common-licenses/GPL' --- shadow-4.1.5.1.orig/debian/cpgr.8 +++ shadow-4.1.5.1/debian/cpgr.8 @@ -0,0 +1 @@ +.so man8/cppw.8 --- shadow-4.1.5.1.orig/debian/cppw.8 +++ shadow-4.1.5.1/debian/cppw.8 @@ -0,0 +1,27 @@ +.TH CPPW 8 "7 Apr 2005" +.SH NAME +cppw, cpgr \- copy with locking the given file to the password or group file +.SH SYNOPSIS +\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file +.br +\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file + +.SH DESCRIPTION +.BR cppw " and " cpgr +will copy, with locking, the given file to +.IR /etc/passwd " and " /etc/group ", respectively." +With the \fB\-s\fR flag, they will copy the shadow versions of those files, +.IR /etc/shadow " and " /etc/gshadow ", respectively." + +With the \fB\-h\fR flag, the commands display a short help message and exit +silently. +.SH "SEE ALSO" +.BR vipw (8), +.BR vigr (8), +.BR group (5), +.BR passwd (5), +.BR shadow (5), +.BR gshadow (5) +.SH AUTHOR +\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on +\fBvipw\fR and \fBvigr\fR written by Guy Maor. --- shadow-4.1.5.1.orig/debian/login.defs +++ shadow-4.1.5.1/debian/login.defs @@ -0,0 +1,341 @@ +# +# /etc/login.defs - Configuration control definitions for the login package. +# +# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. +# If unspecified, some arbitrary (and possibly incorrect) value will +# be assumed. All other items are optional - if not specified then +# the described action or option will be inhibited. +# +# Comment lines (lines beginning with "#") and blank lines are ignored. +# +# Modified for Linux. --marekm + +# REQUIRED for useradd/userdel/usermod +# Directory where mailboxes reside, _or_ name of file, relative to the +# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, +# MAIL_DIR takes precedence. +# +# Essentially: +# - MAIL_DIR defines the location of users mail spool files +# (for mbox use) by appending the username to MAIL_DIR as defined +# below. +# - MAIL_FILE defines the location of the users mail spool files as the +# fully-qualified filename obtained by prepending the user home +# directory before $MAIL_FILE +# +# NOTE: This is no more used for setting up users MAIL environment variable +# which is, starting from shadow 4.0.12-1 in Debian, entirely the +# job of the pam_mail PAM modules +# See default PAM configuration files provided for +# login, su, etc. +# +# This is a temporary situation: setting these variables will soon +# move to /etc/default/useradd and the variables will then be +# no more supported +MAIL_DIR /var/mail +#MAIL_FILE .mail + +# +# Enable logging and display of /var/log/faillog login failure info. +# This option conflicts with the pam_tally PAM module. +# +FAILLOG_ENAB yes + +# +# Enable display of unknown usernames when login failures are recorded. +# +# WARNING: Unknown usernames may become world readable. +# See #290803 and #298773 for details about how this could become a security +# concern +LOG_UNKFAIL_ENAB no + +# +# Enable logging of successful logins +# +LOG_OK_LOGINS no + +# +# Enable "syslog" logging of su activity - in addition to sulog file logging. +# SYSLOG_SG_ENAB does the same for newgrp and sg. +# +SYSLOG_SU_ENAB yes +SYSLOG_SG_ENAB yes + +# +# If defined, all su activity is logged to this file. +# +#SULOG_FILE /var/log/sulog + +# +# If defined, file which maps tty line to TERM environment parameter. +# Each line of the file is in a format something like "vt100 tty01". +# +#TTYTYPE_FILE /etc/ttytype + +# +# If defined, login failures will be logged here in a utmp format +# last, when invoked as lastb, will read /var/log/btmp, so... +# +FTMP_FILE /var/log/btmp + +# +# If defined, the command name to display when running "su -". For +# example, if this is defined as "su" then a "ps" will display the +# command is "-su". If not defined, then "ps" would display the +# name of the shell actually being run, e.g. something like "-sh". +# +SU_NAME su + +# +# If defined, file which inhibits all the usual chatter during the login +# sequence. If a full pathname, then hushed mode will be enabled if the +# user's name or shell are found in the file. If not a full pathname, then +# hushed mode will be enabled if the file exists in the user's home directory. +# +HUSHLOGIN_FILE .hushlogin +#HUSHLOGIN_FILE /etc/hushlogins + +# +# *REQUIRED* The default PATH settings, for superuser and normal users. +# +# (they are minimal, add the rest in the shell startup files) +ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games + +# +# Terminal permissions +# +# TTYGROUP Login tty will be assigned this group ownership. +# TTYPERM Login tty will be set to this permission. +# +# If you have a "write" program which is "setgid" to a special group +# which owns the terminals, define TTYGROUP to the group number and +# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign +# TTYPERM to either 622 or 600. +# +# In Debian /usr/bin/bsd-write or similar programs are setgid tty +# However, the default and recommended value for TTYPERM is still 0600 +# to not allow anyone to write to anyone else console or terminal + +# Users can still allow other people to write them by issuing +# the "mesg y" command. + +TTYGROUP tty +TTYPERM 0600 + +# +# Login configuration initializations: +# +# ERASECHAR Terminal ERASE character ('\010' = backspace). +# KILLCHAR Terminal KILL character ('\025' = CTRL/U). +# UMASK Default "umask" value. +# +# The ERASECHAR and KILLCHAR are used only on System V machines. +# +# UMASK is the default umask value for pam_umask and is used by +# useradd and newusers to set the mode of the new home directories. +# 022 is the "historical" value in Debian for UMASK +# 027, or even 077, could be considered better for privacy +# There is no One True Answer here : each sysadmin must make up his/her +# mind. +# +# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value +# for private user groups, i. e. the uid is the same as gid, and username is +# the same as the primary group name: for these, the user permissions will be +# used as group permissions, e. g. 022 will become 002. +# +# Prefix these values with "0" to get octal, "0x" to get hexadecimal. +# +ERASECHAR 0177 +KILLCHAR 025 +UMASK 022 + +# +# Password aging controls: +# +# PASS_MAX_DAYS Maximum number of days a password may be used. +# PASS_MIN_DAYS Minimum number of days allowed between password changes. +# PASS_WARN_AGE Number of days warning given before a password expires. +# +PASS_MAX_DAYS 99999 +PASS_MIN_DAYS 0 +PASS_WARN_AGE 7 + +# +# Min/max values for automatic uid selection in useradd +# +UID_MIN 1000 +UID_MAX 60000 +# System accounts +#SYS_UID_MIN 100 +#SYS_UID_MAX 999 + +# +# Min/max values for automatic gid selection in groupadd +# +GID_MIN 1000 +GID_MAX 60000 +# System accounts +#SYS_GID_MIN 100 +#SYS_GID_MAX 999 + +# +# Max number of login retries if password is bad. This will most likely be +# overriden by PAM, since the default pam_unix module has it's own built +# in of 3 retries. However, this is a safe fallback in case you are using +# an authentication module that does not enforce PAM_MAXTRIES. +# +LOGIN_RETRIES 5 + +# +# Max time in seconds for login +# +LOGIN_TIMEOUT 60 + +# +# Which fields may be changed by regular users using chfn - use +# any combination of letters "frwh" (full name, room number, work +# phone, home phone). If not defined, no changes are allowed. +# For backward compatibility, "yes" = "rwh" and "no" = "frwh". +# +CHFN_RESTRICT rwh + +# +# Should login be allowed if we can't cd to the home directory? +# Default in no. +# +DEFAULT_HOME yes + +# +# If defined, this command is run when removing a user. +# It should remove any at/cron/print jobs etc. owned by +# the user to be removed (passed as the first argument). +# +#USERDEL_CMD /usr/sbin/userdel_local + +# +# Enable setting of the umask group bits to be the same as owner bits +# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is +# the same as gid, and username is the same as the primary group name. +# +# If set to yes, userdel will remove the user´s group if it contains no +# more members, and useradd will create by default a group with the name +# of the user. +# +USERGROUPS_ENAB yes + +# +# Instead of the real user shell, the program specified by this parameter +# will be launched, although its visible name (argv[0]) will be the shell's. +# The program may do whatever it wants (logging, additional authentification, +# banner, ...) before running the actual shell. +# +# FAKE_SHELL /bin/fakeshell + +# +# If defined, either full pathname of a file containing device names or +# a ":" delimited list of device names. Root logins will be allowed only +# upon these devices. +# +# This variable is used by login and su. +# +#CONSOLE /etc/consoles +#CONSOLE console:tty01:tty02:tty03:tty04 + +# +# List of groups to add to the user's supplementary group set +# when logging in on the console (as determined by the CONSOLE +# setting). Default is none. +# +# Use with caution - it is possible for users to gain permanent +# access to these groups, even when not logged in on the console. +# How to do it is left as an exercise for the reader... +# +# This variable is used by login and su. +# +#CONSOLE_GROUPS floppy:audio:cdrom + +# +# If set to "yes", new passwords will be encrypted using the MD5-based +# algorithm compatible with the one used by recent releases of FreeBSD. +# It supports passwords of unlimited length and longer salt strings. +# Set to "no" if you need to copy encrypted passwords to other systems +# which don't understand the new algorithm. Default is "no". +# +# This variable is deprecated. You should use ENCRYPT_METHOD. +# +#MD5_CRYPT_ENAB no + +# +# If set to MD5 , MD5-based algorithm will be used for encrypting password +# If set to SHA256, SHA256-based algorithm will be used for encrypting password +# If set to SHA512, SHA512-based algorithm will be used for encrypting password +# If set to DES, DES-based algorithm will be used for encrypting password (default) +# Overrides the MD5_CRYPT_ENAB option +# +# Note: It is recommended to use a value consistent with +# the PAM modules configuration. +# +ENCRYPT_METHOD SHA512 + +# +# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. +# +# Define the number of SHA rounds. +# With a lot of rounds, it is more difficult to brute forcing the password. +# But note also that it more CPU resources will be needed to authenticate +# users. +# +# If not specified, the libc will choose the default number of rounds (5000). +# The values must be inside the 1000-999999999 range. +# If only one of the MIN or MAX values is set, then this value will be used. +# If MIN > MAX, the highest value will be used. +# +# SHA_CRYPT_MIN_ROUNDS 5000 +# SHA_CRYPT_MAX_ROUNDS 5000 + +################# OBSOLETED BY PAM ############## +# # +# These options are now handled by PAM. Please # +# edit the appropriate file in /etc/pam.d/ to # +# enable the equivelants of them. +# +############### + +#MOTD_FILE +#DIALUPS_CHECK_ENAB +#LASTLOG_ENAB +#MAIL_CHECK_ENAB +#OBSCURE_CHECKS_ENAB +#PORTTIME_CHECKS_ENAB +#SU_WHEEL_ONLY +#CRACKLIB_DICTPATH +#PASS_CHANGE_TRIES +#PASS_ALWAYS_WARN +#ENVIRON_FILE +#NOLOGINS_FILE +#ISSUE_FILE +#PASS_MIN_LEN +#PASS_MAX_LEN +#ULIMIT +#ENV_HZ +#CHFN_AUTH +#CHSH_AUTH +#FAIL_DELAY + +################# OBSOLETED ####################### +# # +# These options are no more handled by shadow. # +# # +# Shadow utilities will display a warning if they # +# still appear. # +# # +################################################### + +# CLOSE_SESSIONS +# LOGIN_STRING +# NO_PASSWORD_CONSOLE +# QMAIL_DIR + + + --- shadow-4.1.5.1.orig/debian/login.dirs +++ shadow-4.1.5.1/debian/login.dirs @@ -0,0 +1 @@ +usr/share/lintian/overrides --- shadow-4.1.5.1.orig/debian/login.install +++ shadow-4.1.5.1/debian/login.install @@ -0,0 +1,25 @@ +usr/share/locale/*/LC_MESSAGES/shadow.mo +usr/share/man/*/man1/login.1 +usr/share/man/*/man1/newgrp.1 +usr/share/man/*/man1/sg.1 +usr/share/man/*/man1/su.1 +usr/share/man/*/man5/faillog.5 +usr/share/man/*/man5/login.defs.5 +usr/share/man/*/man8/faillog.8 +usr/share/man/*/man8/lastlog.8 +usr/share/man/*/man8/nologin.8 +usr/share/man/man1/login.1 +usr/share/man/man1/newgrp.1 +usr/share/man/man1/sg.1 +usr/share/man/man1/su.1 +usr/share/man/man5/faillog.5 +usr/share/man/man5/login.defs.5 +usr/share/man/man8/faillog.8 +usr/share/man/man8/lastlog.8 +usr/share/man/man8/nologin.8 +usr/sbin/nologin +usr/bin/faillog +usr/bin/lastlog +usr/bin/newgrp +bin/login +bin/su --- shadow-4.1.5.1.orig/debian/login.links +++ shadow-4.1.5.1/debian/login.links @@ -0,0 +1 @@ +usr/bin/newgrp usr/bin/sg --- shadow-4.1.5.1.orig/debian/login.lintian-overrides +++ shadow-4.1.5.1/debian/login.lintian-overrides @@ -0,0 +1,3 @@ +login: setuid-binary usr/bin/newgrp 4755 root/root +login: setuid-binary bin/su 4755 root/root +login: possible-missing-colon-in-closes l667:closes bug 336321 --- shadow-4.1.5.1.orig/debian/login.pam +++ shadow-4.1.5.1/debian/login.pam @@ -0,0 +1,110 @@ +# +# The PAM configuration file for the Shadow `login' service +# + +# Enforce a minimal delay in case of failure (in microseconds). +# (Replaces the `FAIL_DELAY' setting from login.defs) +# Note that other modules may require another minimal delay. (for example, +# to disable any delay, you should add the nodelay option to pam_unix) +auth optional pam_faildelay.so delay=3000000 + +# Outputs an issue file prior to each login prompt (Replaces the +# ISSUE_FILE option from login.defs). Uncomment for use +# auth required pam_issue.so issue=/etc/issue + +# Disallows root logins except on tty's listed in /etc/securetty +# (Replaces the `CONSOLE' setting from login.defs) +# +# With the default control of this module: +# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] +# root will not be prompted for a password on insecure lines. +# if an invalid username is entered, a password is prompted (but login +# will eventually be rejected) +# +# You can change it to a "requisite" module if you think root may mis-type +# her login and should not be prompted for a password in that case. But +# this will leave the system as vulnerable to user enumeration attacks. +# +# You can change it to a "required" module if you think it permits to +# guess valid user names of your system (invalid user names are considered +# as possibly being root on insecure lines), but root passwords may be +# communicated over insecure lines. +auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so + +# Disallows other than root logins when /etc/nologin exists +# (Replaces the `NOLOGINS_FILE' option from login.defs) +auth requisite pam_nologin.so + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Standard Un*x authentication. +@include common-auth + +# This allows certain extra groups to be granted to a user +# based on things like time of day, tty, service, and user. +# Please edit /etc/security/group.conf to fit your needs +# (Replaces the `CONSOLE_GROUPS' option in login.defs) +auth optional pam_group.so + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on logins. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# Uncomment and edit /etc/security/access.conf if you need to +# set access limits. +# (Replaces /etc/login.access file) +# account required pam_access.so + +# Sets up user limits according to /etc/security/limits.conf +# (Replaces the use of /etc/limits in old login) +session required pam_limits.so + +# Prints the last login info upon succesful login +# (Replaces the `LASTLOG_ENAB' option from login.defs) +session optional pam_lastlog.so + +# Prints the message of the day upon succesful login. +# (Replaces the `MOTD_FILE' option in login.defs) +# This includes a dynamically generated part from /run/motd.dynamic +# and a static (admin-editable) part from /etc/motd. +session optional pam_motd.so motd=/run/motd.dynamic noupdate +session optional pam_motd.so + +# Prints the status of the user's mailbox upon succesful login +# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). +# +# This also defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +session optional pam_mail.so standard + +# Standard Un*x account and session +@include common-account +@include common-session +@include common-password + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) --- shadow-4.1.5.1.orig/debian/login.postinst +++ shadow-4.1.5.1/debian/login.postinst @@ -0,0 +1,49 @@ +#!/bin/sh -e + +if test "$1" = configure +then + if test -f /etc/init.d/logoutd + then + if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd" + then + echo "removing logoutd cruft" + rm /etc/init.d/logoutd + update-rc.d logoutd remove + fi + fi +fi +rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null + +if [ "$1" = "configure" ]; then + # Install faillog during initial installs only + if [ "$2" = "" ] && [ ! -f /var/log/faillog ] ; then + touch /var/log/faillog + chown root:root /var/log/faillog + chmod 644 /var/log/faillog + fi + + # FIXME: Transition code, can be dropped after Ubuntu 13.10 goes EOL + if [ -e /etc/subuid.pre-upgrade ]; then + mv /etc/subuid.pre-upgrade /etc/subuid + fi + if [ -e /etc/subgid.pre-upgrade ]; then + mv /etc/subgid.pre-upgrade /etc/subgid + fi + + # Create subuid/subgid if missing + if [ ! -e /etc/subuid ]; then + touch /etc/subuid + chown root:root /etc/subuid + chmod 644 /etc/subuid + fi + + if [ ! -e /etc/subgid ]; then + touch /etc/subgid + chown root:root /etc/subgid + chmod 644 /etc/subgid + fi +fi + +#DEBHELPER# + +exit 0 --- shadow-4.1.5.1.orig/debian/login.preinst +++ shadow-4.1.5.1/debian/login.preinst @@ -0,0 +1,62 @@ +#! /bin/sh + +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +remove_md5() { + if md5sum $1 2>/dev/null |grep -q $2; then + cp $1 $1.pre-upgrade + sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \ + && mv $1.post-upgrade $1 + fi + } + + +case "$1" in + install|upgrade) + if [ "x$2" != "x" ] ; then + if dpkg --compare-versions $2 lt 1:4.0.3 ; then + remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff + fi + fi + + + # FIXME: Transition code, can be dropped after Ubuntu 13.10 goes EOL + if dpkg --compare-versions $2 lt 1:4.1.5.1-1ubuntu7; then + if [ -e /etc/subuid ]; then + mv /etc/subuid /etc/subuid.pre-upgrade + fi + if [ -e /etc/subgid ]; then + mv /etc/subgid /etc/subgid.pre-upgrade + fi + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- shadow-4.1.5.1.orig/debian/login.su.pam +++ shadow-4.1.5.1/debian/login.su.pam @@ -0,0 +1,62 @@ +# +# The PAM configuration file for the Shadow `su' service +# + +# This allows root to su without passwords (normal operation) +auth sufficient pam_rootok.so + +# Uncomment this to force users to be a member of group root +# before they can use `su'. You can also add "group=foo" +# to the end of this line if you want to use a group other +# than the default "root" (but this may have side effect of +# denying "root" user, unless she's a member of "foo" or explicitly +# permitted earlier by e.g. "sufficient pam_rootok.so"). +# (Replaces the `SU_WHEEL_ONLY' option from login.defs) +# auth required pam_wheel.so + +# Uncomment this if you want wheel members to be able to +# su without a password. +# auth sufficient pam_wheel.so trust + +# Uncomment this if you want members of a specific group to not +# be allowed to use su at all. +# auth required pam_wheel.so deny group=nosu + +# Uncomment and edit /etc/security/time.conf if you need to set +# time restrainst on su usage. +# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs +# as well as /etc/porttime) +# account requisite pam_time.so + +# This module parses environment configuration file(s) +# and also allows you to use an extended config +# file /etc/security/pam_env.conf. +# +# parsing /etc/environment needs "readenv=1" +session required pam_env.so readenv=1 +# locale variables are also kept into /etc/default/locale in etch +# reading this file *in addition to /etc/environment* does not hurt +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Defines the MAIL environment variable +# However, userdel also needs MAIL_DIR and MAIL_FILE variables +# in /etc/login.defs to make sure that removing a user +# also removes the user's mail spool file. +# See comments in /etc/login.defs +# +# "nopen" stands to avoid reporting new mail when su'ing to another user +session optional pam_mail.so nopen + +# Sets up user limits, please uncomment and read /etc/security/limits.conf +# to enable this functionality. +# (Replaces the use of /etc/limits in old login) +# session required pam_limits.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +@include common-auth +@include common-account +@include common-session + + --- shadow-4.1.5.1.orig/debian/passwd.chage.pam +++ shadow-4.1.5.1/debian/passwd.chage.pam @@ -0,0 +1,8 @@ +# The PAM configuration file for the Shadow 'chage' service +# + +# This allows root to change password aging being prompted for a password +auth sufficient pam_rootok.so + +# checks for account validity +account required pam_permit.so --- shadow-4.1.5.1.orig/debian/passwd.chfn.pam +++ shadow-4.1.5.1/debian/passwd.chfn.pam @@ -0,0 +1,16 @@ +# +# The PAM configuration file for the Shadow `chfn' service +# + +# This allows root to change user infomation without being +# prompted for a password +auth sufficient pam_rootok.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +@include common-auth +@include common-account +@include common-session + + --- shadow-4.1.5.1.orig/debian/passwd.chpasswd.pam +++ shadow-4.1.5.1/debian/passwd.chpasswd.pam @@ -0,0 +1,5 @@ +# The PAM configuration file for the Shadow 'chpasswd' service +# + +@include common-password + --- shadow-4.1.5.1.orig/debian/passwd.chsh.pam +++ shadow-4.1.5.1/debian/passwd.chsh.pam @@ -0,0 +1,20 @@ +# +# The PAM configuration file for the Shadow `chsh' service +# + +# This will not allow a user to change their shell unless +# their current one is listed in /etc/shells. This keeps +# accounts with special shells from changing them. +auth required pam_shells.so + +# This allows root to change user shell without being +# prompted for a password +auth sufficient pam_rootok.so + +# The standard Unix authentication modules, used with +# NIS (man nsswitch) as well as normal /etc/passwd and +# /etc/shadow entries. +@include common-auth +@include common-account +@include common-session + --- shadow-4.1.5.1.orig/debian/passwd.conf +++ shadow-4.1.5.1/debian/passwd.conf @@ -0,0 +1,18 @@ +# passwd - clear locks on passwd and related files +# +# Copyright 2012 Canonical Ltd. +# Author: Dmitrijs Ledkovs +# +# This helper clears locks on passwd to avoid million duplicate bug reports +# like this one: https://launchpad.net/bugs/523896 +# Ideally we'd know what lock-up, and doesn't clear the lock, and fix that. +# But it appears to be safe enough to clear them unconditionally on boot. +# + +description "Clear passwd locks" + +start on filesystem + +task + +exec rm -f /etc/gshadow.lock /etc/shadow.lock /etc/passwd.lock /etc/group.lock --- shadow-4.1.5.1.orig/debian/passwd.cron.daily +++ shadow-4.1.5.1/debian/passwd.cron.daily @@ -0,0 +1,9 @@ +#!/bin/sh + +cd /var/backups || exit 0 + +for FILE in passwd group shadow gshadow; do + test -f /etc/$FILE || continue + cmp -s $FILE.bak /etc/$FILE && continue + cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak +done --- shadow-4.1.5.1.orig/debian/passwd.dirs +++ shadow-4.1.5.1/debian/passwd.dirs @@ -0,0 +1,3 @@ +usr/share/lintian/overrides +etc/default +etc/init --- shadow-4.1.5.1.orig/debian/passwd.examples +++ shadow-4.1.5.1/debian/passwd.examples @@ -0,0 +1 @@ +debian/passwd.expire.cron --- shadow-4.1.5.1.orig/debian/passwd.expire.cron +++ shadow-4.1.5.1/debian/passwd.expire.cron @@ -0,0 +1,57 @@ +#!/usr/bin/perl +# +# passwd.expire.cron: sample expiry notification script for use as a cronjob +# +# Copyright 1999 by Ben Collins , complete rights granted +# for use, distribution, modification, etc. +# +# Usage: +# edit the listed options, including the actual email, then rename to +# /etc/cron.daily/passwd +# +# If your users don't have a valid login shell (ie. they are ftp or mail +# users only), they will need some other way to change their password +# (telnet will work since login will handle password aging, or a poppasswd +# program, if they are mail users). + +# # + +# should be same as /etc/adduser.conf +$LOW_UID=1000; +$HIGH_UID=29999; + +# this let's the MTA handle the domain, +# set it manually if you want. Make sure +# you also add the @ like "\@domain.com" +$MAIL_DOM=""; + +# # + +# Set the current day reference +$curdays = int(time() / (60 * 60 * 24)); + +# Now go through the list + +open(SH, "< /etc/shadow"); +while () { + @shent = split(':', $_); + @userent = getpwnam($shent[0]); + if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) { + if ($curdays > $shent[2] + $shent[4] - $shent[5] && + $shent[4] != -1 && $shent[4] != 0 && + $shent[5] != -1 && $shent[5] != 0) { + $daysleft = ($shent[2] + $shent[4]) - $curdays; + if ($daysleft == 1) { $days = "day"; } else {$days = "days"; } + if ($daysleft < 0) { next; } + open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}"); + print MAIL </dev/null ); do + if [ -e "$log" ]; then + chmod 600 "$log" + fi + done + fi + + rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null + if ! getent group shadow | grep -q '^shadow:[^:]*:42' + then + groupadd -g 42 shadow || ( + cat < `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +remove_md5() { + if md5sum $1 2>/dev/null |grep -q $2; then + cp $1 $1.pre-upgrade + sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \ + && mv $1.post-upgrade $1 + fi + } + + +case "$1" in + install|upgrade) + if [ "x$2" != "x" ] ; then + if dpkg --compare-versions $2 lt 1:4.0.3 ; then + remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9 + fi + fi + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 + + --- shadow-4.1.5.1.orig/debian/passwd.useradd.pam +++ shadow-4.1.5.1/debian/passwd.useradd.pam @@ -0,0 +1,8 @@ +# The PAM configuration file for the Shadow 'useradd' service +# + +# This allows root to add users without being prompted for a password +auth sufficient pam_rootok.so + +# checks for account validity +account required pam_permit.so --- shadow-4.1.5.1.orig/debian/passwd.userdel.pam +++ shadow-4.1.5.1/debian/passwd.userdel.pam @@ -0,0 +1,8 @@ +# The PAM configuration file for the Shadow 'userdel' service +# + +# This allows root to remove users without being prompted for a password +auth sufficient pam_rootok.so + +# checks for account validity +account required pam_permit.so --- shadow-4.1.5.1.orig/debian/passwd.usermod.pam +++ shadow-4.1.5.1/debian/passwd.usermod.pam @@ -0,0 +1,8 @@ +# The PAM configuration file for the Shadow 'groupdel' service +# + +# This allows root to remove groups without being prompted for a password +auth sufficient pam_rootok.so + +# checks for account validity +account required pam_permit.so --- shadow-4.1.5.1.orig/debian/patches/008_login_log_failure_in_FTMP +++ shadow-4.1.5.1/debian/patches/008_login_log_failure_in_FTMP @@ -0,0 +1,51 @@ +Goal: Log login failures to the btmp file + +Notes: + * I'm not sure login should add an entry in the FTMP file when PAM is used. + (but nothing in /etc/login.defs indicates that the failure is not logged) + +--- a/src/login.c ++++ b/src/login.c +@@ -835,6 +835,24 @@ + (void) puts (""); + (void) puts (_("Login incorrect")); + ++ if (getdef_str("FTMP_FILE") != NULL) { ++#ifdef USE_UTMPX ++ struct utmpx *failent = ++ prepare_utmpx (failent_user, ++ tty, ++ /* FIXME: or fromhost? */hostname, ++ utent); ++#else /* !USE_UTMPX */ ++ struct utmp *failent = ++ prepare_utmp (failent_user, ++ tty, ++ hostname, ++ utent); ++#endif /* !USE_UTMPX */ ++ failtmp (failent_user, failent); ++ free (failent); ++ } ++ + if (failcount >= retries) { + SYSLOG ((LOG_NOTICE, + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -62,6 +62,7 @@ + {"ERASECHAR", NULL}, + {"FAIL_DELAY", NULL}, + {"FAKE_SHELL", NULL}, ++ {"FTMP_FILE", NULL}, + {"GID_MAX", NULL}, + {"GID_MIN", NULL}, + {"HUSHLOGIN_FILE", NULL}, +@@ -103,7 +104,6 @@ + {"ENVIRON_FILE", NULL}, + {"ENV_TZ", NULL}, + {"FAILLOG_ENAB", NULL}, +- {"FTMP_FILE", NULL}, + {"ISSUE_FILE", NULL}, + {"LASTLOG_ENAB", NULL}, + {"LOGIN_STRING", NULL}, --- shadow-4.1.5.1.orig/debian/patches/1000_configure_userns +++ shadow-4.1.5.1/debian/patches/1000_configure_userns @@ -0,0 +1,105 @@ +=== modified file 'etc/login.defs' +Index: shadow/etc/login.defs +=================================================================== +--- shadow.orig/etc/login.defs 2014-02-16 19:31:38.934898148 -0500 ++++ shadow/etc/login.defs 2014-02-16 19:31:38.926898149 -0500 +@@ -229,7 +229,7 @@ + # Extra per user uids + SUB_UID_MIN 100000 + SUB_UID_MAX 600100000 +-SUB_UID_COUNT 10000 ++SUB_UID_COUNT 65536 + + # + # Min/max values for automatic gid selection in groupadd +@@ -242,7 +242,7 @@ + # Extra per user group ids + SUB_GID_MIN 100000 + SUB_GID_MAX 600100000 +-SUB_GID_COUNT 10000 ++SUB_GID_COUNT 65536 + + # + # Max number of login retries if password is bad +Index: shadow/src/newusers.c +=================================================================== +--- shadow.orig/src/newusers.c 2014-02-16 19:31:38.934898148 -0500 ++++ shadow/src/newusers.c 2014-02-16 19:31:38.926898149 -0500 +@@ -946,8 +946,8 @@ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif +- is_sub_uid = sub_uid_file_present (); +- is_sub_gid = sub_gid_file_present (); ++ is_sub_uid = sub_uid_file_present () && !rflg; ++ is_sub_gid = sub_gid_file_present () && !rflg; + + open_files (); + +Index: shadow/src/useradd.c +=================================================================== +--- shadow.orig/src/useradd.c 2014-02-16 19:31:38.934898148 -0500 ++++ shadow/src/useradd.c 2014-02-16 19:31:38.926898149 -0500 +@@ -1978,6 +1978,10 @@ + #endif /* USE_PAM */ + #endif /* ACCT_TOOLS_SETUID */ + ++ /* Needed for userns check */ ++ uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); ++ uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); ++ + /* + * Get my name so that I can use it to report errors. + */ +@@ -2001,18 +2005,20 @@ + */ + user_groups[0] = (char *) 0; + +- + is_shadow_pwd = spw_file_present (); + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif +- is_sub_uid = sub_uid_file_present (); +- is_sub_gid = sub_gid_file_present (); +- +- get_defaults (); + + process_flags (argc, argv); + ++ is_sub_uid = sub_uid_file_present () && !rflg && ++ (!user_id || (user_id <= uid_max && user_id >= uid_min)); ++ is_sub_gid = sub_gid_file_present () && !rflg && ++ (!user_id || (user_id <= uid_max && user_id >= uid_min)); ++ ++ get_defaults (); ++ + #ifdef ACCT_TOOLS_SETUID + #ifdef USE_PAM + { +Index: shadow/libmisc/find_new_sub_uids.c +=================================================================== +--- shadow.orig/libmisc/find_new_sub_uids.c 2014-02-16 19:31:38.934898148 -0500 ++++ shadow/libmisc/find_new_sub_uids.c 2014-02-16 19:31:38.926898149 -0500 +@@ -56,7 +56,7 @@ + + min = getdef_ulong ("SUB_UID_MIN", 100000UL); + max = getdef_ulong ("SUB_UID_MAX", 600100000UL); +- count = getdef_ulong ("SUB_UID_COUNT", 10000); ++ count = getdef_ulong ("SUB_UID_COUNT", 65536); + + if (min >= max || count >= max || (min + count) >= max) { + (void) fprintf (stderr, +Index: shadow/libmisc/find_new_sub_gids.c +=================================================================== +--- shadow.orig/libmisc/find_new_sub_gids.c 2014-02-16 19:32:21.298896382 -0500 ++++ shadow/libmisc/find_new_sub_gids.c 2014-02-16 19:32:34.462895834 -0500 +@@ -56,7 +56,7 @@ + + min = getdef_ulong ("SUB_GID_MIN", 100000UL); + max = getdef_ulong ("SUB_GID_MAX", 600100000UL); +- count = getdef_ulong ("SUB_GID_COUNT", 10000); ++ count = getdef_ulong ("SUB_GID_COUNT", 65536); + + if (min >= max || count >= max || (min + count) >= max) { + (void) fprintf (stderr, --- shadow-4.1.5.1.orig/debian/patches/1010_extrausers.patch +++ shadow-4.1.5.1/debian/patches/1010_extrausers.patch @@ -0,0 +1,176 @@ +Description: Add support to passwd for updating libnss-extrausers locations +Author: Michael Terry + +Index: shadow-4.1.5.1/lib/defines.h +=================================================================== +--- shadow-4.1.5.1.orig/lib/defines.h ++++ shadow-4.1.5.1/lib/defines.h +@@ -316,6 +316,14 @@ char *strchr (), *strrchr (), *strtok () + #endif + #endif + ++#ifndef EXTRAUSERS_PASSWD_FILE ++#define EXTRAUSERS_PASSWD_FILE "/var/lib/extrausers/passwd" ++#endif ++ ++#ifndef EXTRAUSERS_SHADOW_FILE ++#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow" ++#endif ++ + #ifndef NULL + #define NULL ((void *) 0) + #endif +Index: shadow-4.1.5.1/src/passwd.c +=================================================================== +--- shadow-4.1.5.1.orig/src/passwd.c ++++ shadow-4.1.5.1/src/passwd.c +@@ -544,8 +544,15 @@ static void update_noshadow (void) + { + const struct passwd *pw; + struct passwd *npw; ++ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 && ++ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0; + + if (pw_lock () == 0) { ++ if (try_extrausers) { ++ pw_setdbname (EXTRAUSERS_PASSWD_FILE); ++ update_noshadow (); ++ return; ++ } + (void) fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, pw_dbname ()); +@@ -553,6 +560,20 @@ static void update_noshadow (void) + } + pw_locked = true; + if (pw_open (O_RDWR) == 0) { ++ if (try_extrausers) { ++ if (pw_unlock () == 0) { ++ (void) fprintf (stderr, ++ _("%s: failed to unlock %s\n"), ++ Prog, pw_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); ++ /* continue */ ++ } ++ pw_locked = false; ++ ++ pw_setdbname (EXTRAUSERS_PASSWD_FILE); ++ update_noshadow (); ++ return; ++ } + (void) fprintf (stderr, + _("%s: cannot open %s\n"), + Prog, pw_dbname ()); +@@ -561,6 +582,21 @@ static void update_noshadow (void) + } + pw = pw_locate (name); + if (NULL == pw) { ++ if (try_extrausers) { ++ (void) pw_close (); ++ if (pw_unlock () == 0) { ++ (void) fprintf (stderr, ++ _("%s: failed to unlock %s\n"), ++ Prog, pw_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ())); ++ /* continue */ ++ } ++ pw_locked = false; ++ ++ pw_setdbname (EXTRAUSERS_PASSWD_FILE); ++ update_noshadow (); ++ return; ++ } + (void) fprintf (stderr, + _("%s: user '%s' does not exist in %s\n"), + Prog, name, pw_dbname ()); +@@ -598,8 +634,15 @@ static void update_shadow (void) + { + const struct spwd *sp; + struct spwd *nsp; ++ bool try_extrausers = strcmp (spw_dbname (), EXTRAUSERS_SHADOW_FILE) != 0 && ++ access (EXTRAUSERS_SHADOW_FILE, F_OK) == 0; + + if (spw_lock () == 0) { ++ if (try_extrausers) { ++ spw_setdbname (EXTRAUSERS_SHADOW_FILE); ++ update_shadow (); ++ return; ++ } + (void) fprintf (stderr, + _("%s: cannot lock %s; try again later.\n"), + Prog, spw_dbname ()); +@@ -607,6 +650,20 @@ static void update_shadow (void) + } + spw_locked = true; + if (spw_open (O_RDWR) == 0) { ++ if (try_extrausers) { ++ if (spw_unlock () == 0) { ++ (void) fprintf (stderr, ++ _("%s: failed to unlock %s\n"), ++ Prog, spw_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ())); ++ /* continue */ ++ } ++ spw_locked = false; ++ ++ spw_setdbname (EXTRAUSERS_SHADOW_FILE); ++ update_shadow (); ++ return; ++ } + (void) fprintf (stderr, + _("%s: cannot open %s\n"), + Prog, spw_dbname ()); +@@ -617,7 +674,9 @@ static void update_shadow (void) + if (NULL == sp) { + /* Try to update the password in /etc/passwd instead. */ + (void) spw_close (); +- update_noshadow (); ++ if (!try_extrausers) { ++ update_noshadow (); ++ } + if (spw_unlock () == 0) { + (void) fprintf (stderr, + _("%s: failed to unlock %s\n"), +@@ -626,6 +685,10 @@ static void update_shadow (void) + /* continue */ + } + spw_locked = false; ++ if (try_extrausers) { ++ spw_setdbname (EXTRAUSERS_SHADOW_FILE); ++ update_shadow (); ++ } + return; + } + nsp = __spw_dup (sp); +Index: shadow-4.1.5.1/lib/commonio.c +=================================================================== +--- shadow-4.1.5.1.orig/lib/commonio.c ++++ shadow-4.1.5.1/lib/commonio.c +@@ -401,6 +401,7 @@ int commonio_lock_nowait (struct commoni + int commonio_lock (struct commonio_db *db) + { + #ifdef HAVE_LCKPWDF ++ if (strncmp(db->filename, "/etc/", 5) == 0) { + /* + * only if the system libc has a real lckpwdf() - the one from + * lockpw.c calls us and would cause infinite recursion! +@@ -428,7 +429,9 @@ int commonio_lock (struct commonio_db *d + + ulckpwdf (); + return 0; /* failure */ +-#else /* !HAVE_LCKPWDF */ ++ } else /* strncmp(db->filename, "/etc/", 5) == 0 */ ++#endif /* HAVE_LCKPWDF */ ++ { + int i; + + /* +@@ -456,7 +459,7 @@ int commonio_lock (struct commonio_db *d + } + } + return 0; /* failure */ +-#endif /* !HAVE_LCKPWDF */ ++ } + } + + static void dec_lock_count (void) --- shadow-4.1.5.1.orig/debian/patches/1011_extrausers_toggle.patch +++ shadow-4.1.5.1/debian/patches/1011_extrausers_toggle.patch @@ -0,0 +1,144 @@ +--- a/lib/defines.h ++++ b/lib/defines.h +@@ -324,6 +324,22 @@ + #define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow" + #endif + ++#ifndef EXTRAUSERS_GROUP_FILE ++#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group" ++#endif ++ ++#ifndef EXTRAUSERS_SHADOWGROUP_FILE ++#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow" ++#endif ++ ++#ifndef EXTRAUSERS_SUBUID_FILE ++#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid" ++#endif ++ ++#ifndef EXTRAUSERS_SUBGID_FILE ++#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid" ++#endif ++ + #ifndef NULL + #define NULL ((void *) 0) + #endif +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -102,6 +102,12 @@ + static void check_flags (void); + static void check_perms (void); + ++#ifndef EXTRAUSERS_OPT ++#define EXTRAUSERS_OPT 100000 ++#endif ++ ++static bool use_extrausers = false; ++ + /* + * usage - display usage message and exit + */ +@@ -123,6 +129,7 @@ + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); ++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); + } +@@ -386,12 +393,16 @@ + {"password", required_argument, NULL, 'p'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, ++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT}, + {NULL, 0, NULL, '\0'} + }; + + while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", + long_options, NULL)) != -1) { + switch (c) { ++ case EXTRAUSERS_OPT: ++ use_extrausers = true; ++ break; + case 'f': + /* + * "force" - do nothing, just exit(0), if the +@@ -598,7 +609,18 @@ + + check_perms (); + ++ if (use_extrausers) { ++ fprintf (stderr, "ENTER EXTRAUSERS_GROUP_FILE"); ++ gr_setdbname (EXTRAUSERS_GROUP_FILE); ++ fprintf (stderr, "EXIT EXTRAUSERS_GROUP_FILE"); ++ } ++ + #ifdef SHADOWGRP ++ if (use_extrausers) { ++ fprintf (stderr, "ENTER EXTRAUSERS_SHADOWGROUP_FILE"); ++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE); ++ fprintf (stderr, "EXIT EXTRAUSERS_SHADOWGROUP_FILE"); ++ } + is_shadow_grp = sgr_file_present (); + #endif + +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -137,6 +137,12 @@ + static gid_t sub_gid_start; /* New subordinate gid range */ + static unsigned long sub_gid_count; + ++#ifndef EXTRAUSERS_OPT ++#define EXTRAUSERS_OPT 100000 ++#endif ++ ++static bool use_extrausers = false; ++ + static bool + bflg = false, /* new default root of home directory */ + cflg = false, /* comment (GECOS) field for new account */ +@@ -770,6 +776,7 @@ + #ifdef WITH_SELINUX + (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout); + #endif /* WITH_SELINUX */ ++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); + } +@@ -1044,6 +1051,7 @@ + #ifdef WITH_SELINUX + {"selinux-user", required_argument, NULL, 'Z'}, + #endif /* WITH_SELINUX */ ++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT}, + {NULL, 0, NULL, '\0'} + }; + while ((c = getopt_long (argc, argv, +@@ -1054,6 +1062,9 @@ + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { ++ case EXTRAUSERS_OPT: ++ use_extrausers = true; ++ break; + case 'b': + if ( ( !VALID (optarg) ) + || ( optarg[0] != '/' )) { +@@ -2104,6 +2115,18 @@ + } + } + ++ if (use_extrausers) { ++ pw_setdbname (EXTRAUSERS_PASSWD_FILE); ++ spw_setdbname (EXTRAUSERS_SHADOW_FILE); ++ gr_setdbname (EXTRAUSERS_GROUP_FILE); ++ /* TODO expose this information in other tools */ ++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE); ++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE); ++#ifdef SHADOWGRP ++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE); ++#endif ++ } ++ + /* + * Do the hard stuff: + * - open the files, --- shadow-4.1.5.1.orig/debian/patches/1020_fix_user_busy_errors +++ shadow-4.1.5.1/debian/patches/1020_fix_user_busy_errors @@ -0,0 +1,24 @@ +Description: Fix user_busy to not leave subuid open in case of error. +Author: William Grant +Bug: https://bugs.launchpad.net/ubuntu/vivid/+source/shadow/+bug/1436937 + +Index: shadow-4.1.5.1/libmisc/user_busy.c +=================================================================== +--- shadow-4.1.5.1.orig/libmisc/user_busy.c ++++ shadow-4.1.5.1/libmisc/user_busy.c +@@ -168,6 +168,7 @@ static int user_busy_processes (const ch + if (stat ("/", &sbroot) != 0) { + perror ("stat (\"/\")"); + (void) closedir (proc); ++ sub_uid_close(); + return 0; + } + +@@ -205,6 +206,7 @@ static int user_busy_processes (const ch + + if (check_status (name, tmp_d_name, uid) != 0) { + (void) closedir (proc); ++ sub_uid_close(); + fprintf (stderr, + _("%s: user %s is currently used by process %d\n"), + Prog, name, pid); --- shadow-4.1.5.1.orig/debian/patches/401_cppw_src.dpatch +++ shadow-4.1.5.1/debian/patches/401_cppw_src.dpatch @@ -0,0 +1,276 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 401_cppw_src.dpatch by Nicolas FRANCOIS +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Add cppw / cpgr + +@DPATCH@ +--- /dev/null ++++ b/src/cppw.c +@@ -0,0 +1,238 @@ ++/* ++ cppw, cpgr copy with locking given file over the password or group file ++ with -s will copy with locking given file over shadow or gshadow file ++ ++ Copyright (C) 1999 Stephen Frost ++ ++ Based on vipw, vigr by: ++ Copyright (C) 1997 Guy Maor ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software ++ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++ ++ */ ++ ++#include ++#include "defines.h" ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "exitcodes.h" ++#include "prototypes.h" ++#include "pwio.h" ++#include "shadowio.h" ++#include "groupio.h" ++#include "sgroupio.h" ++ ++ ++const char *Prog; ++ ++const char *filename, *filenewname; ++static bool filelocked = false; ++static int (*unlock) (void); ++ ++/* local function prototypes */ ++static int create_copy (FILE *fp, const char *dest, struct stat *sb); ++static void cppwexit (const char *msg, int syserr, int ret); ++static void cppwcopy (const char *file, ++ const char *in_file, ++ int (*file_lock) (void), ++ int (*file_unlock) (void)); ++ ++static int create_copy (FILE *fp, const char *dest, struct stat *sb) ++{ ++ struct utimbuf ub; ++ FILE *bkfp; ++ int c; ++ mode_t mask; ++ ++ mask = umask (077); ++ bkfp = fopen (dest, "w"); ++ (void) umask (mask); ++ if (NULL == bkfp) { ++ return -1; ++ } ++ ++ rewind (fp); ++ while ((c = getc (fp)) != EOF) { ++ if (putc (c, bkfp) == EOF) { ++ break; ++ } ++ } ++ ++ if ( (c != EOF) ++ || (fflush (bkfp) != 0)) { ++ (void) fclose (bkfp); ++ (void) unlink (dest); ++ return -1; ++ } ++ if ( (fsync (fileno (bkfp)) != 0) ++ || (fclose (bkfp) != 0)) { ++ (void) unlink (dest); ++ return -1; ++ } ++ ++ ub.actime = sb->st_atime; ++ ub.modtime = sb->st_mtime; ++ if ( (utime (dest, &ub) != 0) ++ || (chmod (dest, sb->st_mode) != 0) ++ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) { ++ (void) unlink (dest); ++ return -1; ++ } ++ return 0; ++} ++ ++static void cppwexit (const char *msg, int syserr, int ret) ++{ ++ int err = errno; ++ if (filelocked) { ++ (*unlock) (); ++ } ++ if (NULL != msg) { ++ fprintf (stderr, "%s: %s", Prog, msg); ++ if (0 != syserr) { ++ fprintf (stderr, ": %s", strerror (err)); ++ } ++ (void) fputs ("\n", stderr); ++ } ++ if (NULL != filename) { ++ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename); ++ } else { ++ fprintf (stderr, _("%s: no changes\n"), Prog); ++ } ++ ++ exit (ret); ++} ++ ++static void cppwcopy (const char *file, ++ const char *in_file, ++ int (*file_lock) (void), ++ int (*file_unlock) (void)) ++{ ++ struct stat st1; ++ FILE *f; ++ char filenew[1024]; ++ ++ snprintf (filenew, sizeof filenew, "%s.new", file); ++ unlock = file_unlock; ++ filename = file; ++ filenewname = filenew; ++ ++ if (access (file, F_OK) != 0) { ++ cppwexit (file, 1, 1); ++ } ++ if (file_lock () == 0) { ++ cppwexit (_("Couldn't lock file"), 0, 5); ++ } ++ filelocked = true; ++ ++ /* file to copy has same owners, perm */ ++ if (stat (file, &st1) != 0) { ++ cppwexit (file, 1, 1); ++ } ++ f = fopen (in_file, "r"); ++ if (NULL == f) { ++ cppwexit (in_file, 1, 1); ++ } ++ if (create_copy (f, filenew, &st1) != 0) { ++ cppwexit (_("Couldn't make copy"), errno, 1); ++ } ++ ++ /* XXX - here we should check filenew for errors; if there are any, ++ * fail w/ an appropriate error code and let the user manually fix ++ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly ++ * stolen from '--marekm's comment) */ ++ ++ if (rename (filenew, file) != 0) { ++ fprintf (stderr, _("%s: can't copy %s: %s)\n"), ++ Prog, filenew, strerror (errno)); ++ cppwexit (NULL,0,1); ++ } ++ ++ (*file_unlock) (); ++} ++ ++int main (int argc, char **argv) ++{ ++ int flag; ++ bool cpshadow = false; ++ char *in_file; ++ int e = E_USAGE; ++ bool do_cppw = true; ++ ++ (void) setlocale (LC_ALL, ""); ++ (void) bindtextdomain (PACKAGE, LOCALEDIR); ++ (void) textdomain (PACKAGE); ++ ++ Prog = Basename (argv[0]); ++ if (strcmp (Prog, "cpgr") == 0) { ++ do_cppw = false; ++ } ++ ++ while ((flag = getopt (argc, argv, "ghps")) != EOF) { ++ switch (flag) { ++ case 'p': ++ do_cppw = true; ++ break; ++ case 'g': ++ do_cppw = false; ++ break; ++ case 's': ++ cpshadow = true; ++ break; ++ case 'h': ++ e = E_SUCCESS; ++ /*pass through*/ ++ default: ++ (void) fputs (_("Usage:\n\ ++`cppw ' copys over /etc/passwd `cppw -s ' copys over /etc/shadow\n\ ++`cpgr ' copys over /etc/group `cpgr -s ' copys over /etc/gshadow\n\ ++"), (E_SUCCESS != e) ? stderr : stdout); ++ exit (e); ++ } ++ } ++ ++ if (argc != optind + 1) { ++ cppwexit (_("wrong number of arguments, -h for usage"),0,1); ++ } ++ ++ in_file = argv[optind]; ++ ++ if (do_cppw) { ++ if (cpshadow) { ++ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock); ++ } else { ++ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock); ++ } ++ } else { ++#ifdef SHADOWGRP ++ if (cpshadow) { ++ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock); ++ } else ++#endif /* SHADOWGRP */ ++ { ++ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock); ++ } ++ } ++ ++ return 0; ++} ++ +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -26,6 +26,7 @@ + sbin_PROGRAMS = nologin + ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd + usbin_PROGRAMS = \ ++ cppw \ + chgpasswd \ + chpasswd \ + groupadd \ +@@ -82,6 +83,7 @@ + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) ++cppw_LDADD = $(LDADD) $(LIBSELINUX) + gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) + groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) + groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -85,6 +85,7 @@ + src/chgpasswd.c + src/chpasswd.c + src/chsh.c ++src/cppw.c + src/expiry.c + src/faillog.c + src/gpasswd.c --- shadow-4.1.5.1.orig/debian/patches/402_cppw_selinux +++ shadow-4.1.5.1/debian/patches/402_cppw_selinux @@ -0,0 +1,62 @@ +Goal: Add selinux support to cppw + +Fix: + +Status wrt upstream: cppw is not available upstream. + The patch was made based on the + 302_vim_selinux_support patch. It needs to be + reviewed by an SE-Linux aware person. + +Depends on 401_cppw_src.dpatch + +--- a/src/cppw.c ++++ b/src/cppw.c +@@ -34,6 +34,9 @@ + #include + #include + #include ++#ifdef WITH_SELINUX ++#include ++#endif /* WITH_SELINUX */ + #include "exitcodes.h" + #include "prototypes.h" + #include "pwio.h" +@@ -139,6 +142,22 @@ + if (access (file, F_OK) != 0) { + cppwexit (file, 1, 1); + } ++#ifdef WITH_SELINUX ++ /* if SE Linux is enabled then set the context of all new files ++ * to be the context of the file we are editing */ ++ if (is_selinux_enabled () > 0) { ++ security_context_t passwd_context=NULL; ++ int ret = 0; ++ if (getfilecon (file, &passwd_context) < 0) { ++ cppwexit (_("Couldn't get file context"), errno, 1); ++ } ++ ret = setfscreatecon (passwd_context); ++ freecon (passwd_context); ++ if (0 != ret) { ++ cppwexit (_("setfscreatecon () failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ + if (file_lock () == 0) { + cppwexit (_("Couldn't lock file"), 0, 5); + } +@@ -167,6 +186,15 @@ + cppwexit (NULL,0,1); + } + ++#ifdef WITH_SELINUX ++ /* unset the fscreatecon */ ++ if (is_selinux_enabled () > 0) { ++ if (setfscreatecon (NULL)) { ++ cppwexit (_("setfscreatecon() failed"), errno, 1); ++ } ++ } ++#endif /* WITH_SELINUX */ ++ + (*file_unlock) (); + } + --- shadow-4.1.5.1.orig/debian/patches/429_login_FAILLOG_ENAB +++ shadow-4.1.5.1/debian/patches/429_login_FAILLOG_ENAB @@ -0,0 +1,92 @@ +Goal: Re-enable logging and displaying failures on login when login is + compiled with PAM and when FAILLOG_ENAB is set to yes. And create the + faillog file if it does not exist on postinst (as on Woody). +Depends: 008_login_more_LOG_UNKFAIL_ENAB +Fixes: #192849 + +Note: It could be removed if pam_tally could report the number of failures + preceding a successful login. + +--- a/src/login.c ++++ b/src/login.c +@@ -133,9 +133,9 @@ + /*@null@*/const struct utmp *utent); + #endif /* ! USE_PAM */ + +-#ifndef USE_PAM + static struct faillog faillog; + ++#ifndef USE_PAM + static void bad_time_notify (void); + static void check_nologin (bool login_to_root); + #else +@@ -795,6 +795,9 @@ + SYSLOG ((LOG_NOTICE, + "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", + failcount, fromhost, failent_user)); ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } + fprintf (stderr, + _("Maximum number of tries exceeded (%u)\n"), + failcount); +@@ -812,6 +815,14 @@ + pam_strerror (pamh, retcode))); + failed = true; + } ++ if ( (NULL != pwd) ++ && getdef_bool("FAILLOG_ENAB") ++ && ! failcheck (pwd->pw_uid, &faillog, failed)) { ++ SYSLOG((LOG_CRIT, ++ "exceeded failure limit for `%s' %s", ++ failent_user, fromhost)); ++ failed = 1; ++ } + + if (!failed) { + break; +@@ -835,6 +846,10 @@ + (void) puts (""); + (void) puts (_("Login incorrect")); + ++ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { ++ failure (pwd->pw_uid, tty, &faillog); ++ } ++ + if (getdef_str("FTMP_FILE") != NULL) { + #ifdef USE_UTMPX + struct utmpx *failent = +@@ -1291,6 +1306,7 @@ + */ + #ifndef USE_PAM + motd (); /* print the message of the day */ ++#endif + if ( getdef_bool ("FAILLOG_ENAB") + && (0 != faillog.fail_cnt)) { + failprint (&faillog); +@@ -1303,6 +1319,7 @@ + username, (int) faillog.fail_cnt)); + } + } ++#ifndef USE_PAM + if ( getdef_bool ("LASTLOG_ENAB") + && (ll.ll_time != 0)) { + time_t ll_time = ll.ll_time; +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -61,6 +61,7 @@ + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, + {"FAIL_DELAY", NULL}, ++ {"FAILLOG_ENAB", NULL}, + {"FAKE_SHELL", NULL}, + {"FTMP_FILE", NULL}, + {"GID_MAX", NULL}, +@@ -103,7 +104,6 @@ + {"ENV_HZ", NULL}, + {"ENVIRON_FILE", NULL}, + {"ENV_TZ", NULL}, +- {"FAILLOG_ENAB", NULL}, + {"ISSUE_FILE", NULL}, + {"LASTLOG_ENAB", NULL}, + {"LOGIN_STRING", NULL}, --- shadow-4.1.5.1.orig/debian/patches/463_login_delay_obeys_to_PAM +++ shadow-4.1.5.1/debian/patches/463_login_delay_obeys_to_PAM @@ -0,0 +1,105 @@ +Goal: Do not hardcode pam_fail_delay and let pam_unix do its + job to set a delay...or not + +Fixes: #87648 + +Status wrt upstream: Forwarded but not applied yet + +Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs + +--- a/src/login.c ++++ b/src/login.c +@@ -529,7 +529,6 @@ + #if defined(HAVE_STRFTIME) && !defined(USE_PAM) + char ptime[80]; + #endif +- unsigned int delay; + unsigned int retries; + bool subroot = false; + #ifndef USE_PAM +@@ -549,6 +548,7 @@ + pid_t child; + char *pam_user = NULL; + #else ++ unsigned int delay; + struct spwd *spwd = NULL; + #endif + /* +@@ -709,7 +709,6 @@ + } + + environ = newenvp; /* make new environment active */ +- delay = getdef_unum ("FAIL_DELAY", 1); + retries = getdef_unum ("LOGIN_RETRIES", RETRIES); + + #ifdef USE_PAM +@@ -725,8 +724,7 @@ + + /* + * hostname & tty are either set to NULL or their correct values, +- * depending on how much we know. We also set PAM's fail delay to +- * ours. ++ * depending on how much we know. + * + * PAM_RHOST and PAM_TTY are used for authentication, only use + * information coming from login or from the caller (e.g. no utmp) +@@ -735,10 +733,6 @@ + PAM_FAIL_CHECK; + retcode = pam_set_item (pamh, PAM_TTY, tty); + PAM_FAIL_CHECK; +-#ifdef HAS_PAM_FAIL_DELAY +- retcode = pam_fail_delay (pamh, 1000000 * delay); +- PAM_FAIL_CHECK; +-#endif + /* if fflg, then the user has already been authenticated */ + if (!fflg) { + unsigned int failcount = 0; +@@ -779,12 +773,6 @@ + bool failed = false; + + failcount++; +-#ifdef HAS_PAM_FAIL_DELAY +- if (delay > 0) { +- retcode = pam_fail_delay(pamh, 1000000*delay); +- PAM_FAIL_CHECK; +- } +-#endif + + retcode = pam_authenticate (pamh, 0); + +@@ -1107,14 +1095,17 @@ + free (username); + username = NULL; + ++#ifndef USE_PAM + /* + * Wait a while (a la SVR4 /usr/bin/login) before attempting + * to login the user again. If the earlier alarm occurs + * before the sleep() below completes, login will exit. + */ ++ delay = getdef_unum ("FAIL_DELAY", 1); + if (delay > 0) { + (void) sleep (delay); + } ++#endif + + (void) puts (_("Login incorrect")); + +--- a/lib/getdef.c ++++ b/lib/getdef.c +@@ -60,7 +60,6 @@ + {"ENV_PATH", NULL}, + {"ENV_SUPATH", NULL}, + {"ERASECHAR", NULL}, +- {"FAIL_DELAY", NULL}, + {"FAILLOG_ENAB", NULL}, + {"FAKE_SHELL", NULL}, + {"FTMP_FILE", NULL}, +@@ -104,6 +103,7 @@ + {"ENV_HZ", NULL}, + {"ENVIRON_FILE", NULL}, + {"ENV_TZ", NULL}, ++ {"FAIL_DELAY", NULL}, + {"ISSUE_FILE", NULL}, + {"LASTLOG_ENAB", NULL}, + {"LOGIN_STRING", NULL}, --- shadow-4.1.5.1.orig/debian/patches/495_stdout-encrypted-password +++ shadow-4.1.5.1/debian/patches/495_stdout-encrypted-password @@ -0,0 +1,129 @@ +## Description: add some description +## Origin/Author: add some origin or author +## Bug: bug URL +Index: b/man/chpasswd.8.xml +=================================================================== +--- a/man/chpasswd.8.xml ++++ b/man/chpasswd.8.xml +@@ -169,6 +169,12 @@ + + + ++ , ++ ++ Report encrypted passwords to stdout instead of updating password file. ++ ++ ++ + , + + Display help message and exit. +Index: b/src/chpasswd.c +=================================================================== +--- a/src/chpasswd.c ++++ b/src/chpasswd.c +@@ -71,6 +71,8 @@ + static bool pw_locked = false; + static bool spw_locked = false; + ++static int use_stdout = 0; ++ + /* local function prototypes */ + static void fail_exit (int code); + static /*@noreturn@*/void usage (int status); +@@ -134,6 +136,9 @@ + " crypt algorithms\n"), + usageout); + #endif /* USE_SHA_CRYPT */ ++ (void) fputs (_(" -S, --stdout report encrypted passwords to stdout\n" ++ " instead of changing the passwd file\n"), ++ usageout); + (void) fputs ("\n", usageout); + + exit (status); +@@ -156,14 +161,15 @@ + #ifdef USE_SHA_CRYPT + {"sha-rounds", required_argument, NULL, 's'}, + #endif /* USE_SHA_CRYPT */ ++ {"stdout", no_argument, NULL, 'S'}, + {NULL, 0, NULL, '\0'} + }; + + while ((c = getopt_long (argc, argv, + #ifdef USE_SHA_CRYPT +- "c:ehmR:s:", ++ "c:ehmR:s:S", + #else /* !USE_SHA_CRYPT */ +- "c:ehmR:", ++ "c:ehmR:S", + #endif /* !USE_SHA_CRYPT */ + long_options, NULL)) != -1) { + switch (c) { +@@ -192,6 +198,9 @@ + } + break; + #endif /* USE_SHA_CRYPT */ ++ case 'S': ++ use_stdout = 1; ++ break; + default: + usage (E_USAGE); + /*@notreached@*/break; +@@ -255,6 +264,7 @@ + */ + static void check_perms (void) + { ++ if (use_stdout) return; + #ifdef USE_PAM + #ifdef ACCT_TOOLS_SETUID + /* If chpasswd uses PAM and is SUID, check the permissions, +@@ -405,17 +415,19 @@ + + OPENLOG ("chpasswd"); + ++ if (!use_stdout) { + check_perms (); + + #ifdef USE_PAM +- if (!use_pam) ++ if (!use_pam) { + #endif /* USE_PAM */ +- { + is_shadow_pwd = spw_file_present (); + + open_files (); ++#ifdef USE_PAM ++ } ++#endif /* USE_PAM */ + } +- + /* + * Read each line, separating the user name from the password. The + * password entry for each user will be looked up in the appropriate +@@ -493,6 +505,10 @@ + cp = pw_encrypt (newpwd, + crypt_make_salt(crypt_method, arg)); + } ++ if (use_stdout) { ++ fprintf (stdout, "%s:%s\n", name, cp); ++ continue; ++ } + + /* + * Get the password file entry for this user. The user must +@@ -608,6 +624,7 @@ + fail_exit (1); + } + ++ if (!use_stdout) { + #ifdef USE_PAM + if (!use_pam) + #endif /* USE_PAM */ +@@ -617,6 +634,7 @@ + } + + nscd_flush_cache ("passwd"); ++ } + + return (0); + } --- shadow-4.1.5.1.orig/debian/patches/496_su_kill_process_group +++ shadow-4.1.5.1/debian/patches/496_su_kill_process_group @@ -0,0 +1,29 @@ +Description: su: Kill the child process group, not just the immediate child + This is needed now that su no longer starts a controlling terminal when not + running an interactive shell. +Author: Colin Watson +Forwarded: no +Last-Update: 2013-07-26 + +Index: b/src/su.c +=================================================================== +--- a/src/su.c ++++ b/src/su.c +@@ -194,7 +194,7 @@ + static RETSIGTYPE kill_child (int unused(s)) + { + if (0 != pid_child) { +- (void) kill (pid_child, SIGKILL); ++ (void) kill (-pid_child, SIGKILL); + (void) fputs (_(" ...killed.\n"), stderr); + } else { + (void) fputs (_(" ...waiting for child to terminate.\n"), +@@ -383,7 +383,7 @@ + (void) fputs ("\n", stderr); + (void) fputs (_("Session terminated, terminating shell..."), + stderr); +- (void) kill (pid_child, caught); ++ (void) kill (-pid_child, caught); + } + + ret = pam_close_session (pamh, 0); --- shadow-4.1.5.1.orig/debian/patches/501_commonio_group_shadow +++ shadow-4.1.5.1/debian/patches/501_commonio_group_shadow @@ -0,0 +1,37 @@ +Goal: save the [g]shadow files with the 'shadow' group and mode 0440 + +Fixes: #166793 + +--- a/lib/commonio.c ++++ b/lib/commonio.c +@@ -44,6 +44,7 @@ + #include + #include + #include ++#include + #include "nscd.h" + #ifdef WITH_TCB + #include +@@ -966,13 +967,20 @@ + goto fail; + } + } else { ++ struct group *grp; + /* + * Default permissions for new [g]shadow files. + * (passwd and group always exist...) + */ +- sb.st_mode = 0400; ++ sb.st_mode = 0440; + sb.st_uid = 0; +- sb.st_gid = 0; ++ /* ++ * Try to retrieve the shadow's GID, and fall back to GID 0. ++ */ ++ if ((grp = getgrnam("shadow")) != NULL) ++ sb.st_gid = grp->gr_gid; ++ else ++ sb.st_gid = 0; + } + + snprintf (buf, sizeof buf, "%s+", db->filename); --- shadow-4.1.5.1.orig/debian/patches/503_shadowconfig.8 +++ shadow-4.1.5.1/debian/patches/503_shadowconfig.8 @@ -0,0 +1,191 @@ +Goal: Document the shadowconfig utility + +Status wrt upstream: The shadowconfig utility is debian specific. + Its man page also (but it used to be distributed) + +--- /dev/null ++++ b/man/shadowconfig.8 +@@ -0,0 +1,41 @@ ++.\"Generated by db2man.xsl. Don't modify this, modify the source. ++.de Sh \" Subsection ++.br ++.if t .Sp ++.ne 5 ++.PP ++\fB\\$1\fR ++.PP ++.. ++.de Sp \" Vertical space (when we can't use .PP) ++.if t .sp .5v ++.if n .sp ++.. ++.de Ip \" List item ++.br ++.ie \\n(.$>=3 .ne \\$3 ++.el .ne 3 ++.IP "\\$1" \\$2 ++.. ++.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" "" ++.SH NAME ++shadowconfig \- toggle shadow passwords on and off ++.SH "SYNOPSIS" ++.ad l ++.hy 0 ++.HP 13 ++\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR ++.ad ++.hy ++ ++.SH "DESCRIPTION" ++ ++.PP ++\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&. ++ ++.PP ++Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&. ++ ++.PP ++Note that turning shadow passwords off and on again will lose all password aging information\&. ++ +--- /dev/null ++++ b/man/shadowconfig.8.xml +@@ -0,0 +1,52 @@ ++ ++ ++ ++ ++ ++ 19 Apr 1997 ++ ++ ++ shadowconfig ++ 8 ++ 19 Apr 1997 ++ Debian GNU/Linux ++ ++ ++ shadowconfig ++ toggle shadow passwords on and off ++ ++ ++ ++ ++ shadowconfig ++ ++ on ++ off ++ ++ ++ ++ ++ ++ DESCRIPTION ++ shadowconfig on will turn shadow passwords on; ++ shadowconfig off will turn shadow ++ passwords off. shadowconfig will print an error ++ message and exit with a nonzero code if it finds anything awry. If ++ that happens, you should correct the error and run it again. Turning ++ shadow passwords on when they are already on, or off when they are ++ already off, is harmless. ++ ++ ++ ++ Read /usr/share/doc/passwd/README.Debian for a ++ brief introduction ++ to shadow passwords and related features. ++ ++ ++ Note that turning shadow passwords off and on again will lose all ++ password ++ aging information. ++ ++ ++ +--- /dev/null ++++ b/man/fr/shadowconfig.8 +@@ -0,0 +1,26 @@ ++.\" This file was generated with po4a. Translate the source file. ++.\" ++.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ ++.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" ++.SH NOM ++shadowconfig \- active ou désactive les mots de passe cachés ++.SH SYNOPSIS ++\fBshadowconfig\fP \fIon\fP | \fIoff\fP ++.SH DESCRIPTION ++.PP ++\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message ++d'erreur et quitte avec une valeur de retour non nulle s'il rencontre ++quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant ++de recommencer. ++ ++Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les ++désactiver lorsqu'ils ne sont pas actifs est sans effet. ++ ++Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux ++mots de passe cachés et à leurs fonctionnalités. ++ ++Notez que désactiver puis réactiver les mots de passe cachés aura pour ++conséquence la perte des informations d'âge sur les mots de passe. ++.SH TRADUCTION ++Nicolas FRANÇOIS, 2004. ++Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. +--- /dev/null ++++ b/man/ja/shadowconfig.8 +@@ -0,0 +1,25 @@ ++.\" all right reserved, ++.\" Translated Tue Oct 30 11:59:11 JST 2001 ++.\" by Maki KURODA ++.\" ++.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" ++.SH 名前 ++shadowconfig \- shadow パスワードの設定をオン及びオフに切替える ++.SH 書式 ++.B "shadowconfig" ++.IR on " | " off ++.SH 説明 ++.PP ++.B shadowconfig on ++は shadow パスワードを有効にする。 ++.B shadowconfig off ++は shadow パスワードを無効にする。 ++.B shadowconfig ++は何らかの間違いがあると、エラーメッセージを表示し、 ++ゼロではない返り値を返す。 ++もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 ++shadow パスワードの設定がすでにオンの場合にオンに設定したり、 ++すでにオフの場合にオフに設定しても、何の影響もない。 ++ ++.I /usr/share/doc/passwd/README.debian.gz ++には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 +--- /dev/null ++++ b/man/pl/shadowconfig.8 +@@ -0,0 +1,27 @@ ++.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ ++.\" {PTM/WK/1999-09-14} ++.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" ++.SH NAZWA ++shadowconfig - przełącza ochronę haseł i grup przez pliki shadow ++.SH SKŁADNIA ++.B "shadowconfig" ++.IR on " | " off ++.SH OPIS ++.PP ++.B shadowconfig on ++włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); ++.B shadowconfig off ++wyłącza dodatkowe pliki haseł i grup. ++.B shadowconfig ++wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli ++znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd ++.\" if it finds anything awry. ++i uruchomić program ponownie. ++ ++Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, ++gdy jest wyłączona jest nieszkodliwe. ++ ++Przeczytaj ++.IR /usr/share/doc/passwd/README.debian.gz , ++gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych ++plików haseł przesłanianych (shadow passwords) i związanych tematów. --- shadow-4.1.5.1.orig/debian/patches/505_useradd_recommend_adduser +++ shadow-4.1.5.1/debian/patches/505_useradd_recommend_adduser @@ -0,0 +1,36 @@ +Goal: Recommend using adduser and deluser. + +Fixes: #406046 + +Status wrt upstream: Debian specific patch. + +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -84,6 +84,12 @@ + + DESCRIPTION + ++ useradd is a low level utility for adding ++ users. On Debian, administrators should usually use ++ adduser ++ 8 instead. ++ ++ + When invoked without the option, the + useradd command creates a new user account using + the values specified on the command line plus the default values from +--- a/man/userdel.8.xml ++++ b/man/userdel.8.xml +@@ -64,6 +64,12 @@ + + DESCRIPTION + ++ userdel is a low level utility for removing ++ users. On Debian, administrators should usually use ++ deluser ++ 8 instead. ++ ++ + The userdel command modifies the system account + files, deleting all entries that refer to the user name LOGIN. The named user must exist. --- shadow-4.1.5.1.orig/debian/patches/506_relaxed_usernames +++ shadow-4.1.5.1/debian/patches/506_relaxed_usernames @@ -0,0 +1,100 @@ +Goal: Relaxed usernames/groupnames checking patch. + +Status wrt upstream: Debian specific. Not to be used upstream + +Details: + Allows any non-empty user/grounames that don't contain ':', ',' or '\n' + characters and don't start with '-', '+', or '~'. This patch is more + restrictive than original Karl's version. closes: #264879 + Also closes: #377844 + + Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): + + I can't come up with a good justification as to why characters other + than ':'s and '\0's should be disallowed in group and usernames (other + than '-' as the leading character). Thus, the maintenance tools don't + anymore. closes: #79682, #166798, #171179 + +--- a/libmisc/chkname.c ++++ b/libmisc/chkname.c +@@ -48,6 +48,7 @@ + + static bool is_valid_name (const char *name) + { ++#if 0 + /* + * User/group names must match [a-z_][a-z0-9_-]*[$] + */ +@@ -66,6 +67,26 @@ + return false; + } + } ++#endif ++ /* ++ * POSIX indicate that usernames are composed of characters from the ++ * portable filename character set [A-Za-z0-9._-], and that the hyphen ++ * should not be used as the first character of a portable user name. ++ * ++ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ ++ */ ++ if ( ('\0' == *name) ++ || ('-' == *name) ++ || ('~' == *name) ++ || ('+' == *name)) { ++ return false; ++ } ++ do { ++ if ((':' == *name) || (',' == *name) || isspace(*name)) { ++ return false; ++ } ++ name++; ++ } while ('\0' != *name); + + return true; + } +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -635,12 +635,20 @@ + + + +- Usernames must start with a lower case letter or an underscore, ++ It is usually recommended to only use usernames that begin with a lower case letter or an underscore, + followed by lower case letters, digits, underscores, or dashes. + They can end with a dollar sign. + In regular expression terms: [a-z_][a-z0-9_-]*[$]? + + ++ On Debian, the only constraints are that usernames must neither start ++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a ++ colon (':'), a comma (','), or a whitespace (space: ' ', ++ end of line: '\n', tabulation: '\t', etc.). Note that using a slash ++ ('/') may break the default algorithm for the definition of the ++ user's home directory. ++ ++ + Usernames may only be up to 32 characters long. + + +--- a/man/groupadd.8.xml ++++ b/man/groupadd.8.xml +@@ -240,12 +240,18 @@ + + CAVEATS + +- Groupnames must start with a lower case letter or an underscore, ++ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore, + followed by lower case letters, digits, underscores, or dashes. + They can end with a dollar sign. + In regular expression terms: [a-z_][a-z0-9_-]*[$]? + + ++ On Debian, the only constraints are that groupnames must neither start ++ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a ++ colon (':'), a comma (','), or a whitespace (space:' ', ++ end of line: '\n', tabulation: '\t', etc.). ++ ++ + Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. + + --- shadow-4.1.5.1.orig/debian/patches/508_nologin_in_usr_sbin +++ shadow-4.1.5.1/debian/patches/508_nologin_in_usr_sbin @@ -0,0 +1,18 @@ +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -23,7 +23,6 @@ + # $prefix/bin and $prefix/sbin, no install-data hacks...) + + bin_PROGRAMS = groups login su +-sbin_PROGRAMS = nologin + ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd + usbin_PROGRAMS = \ + cppw \ +@@ -38,6 +37,7 @@ + grpunconv \ + logoutd \ + newusers \ ++ nologin \ + pwck \ + pwconv \ + pwunconv \ --- shadow-4.1.5.1.orig/debian/patches/523_su_arguments_are_concatenated +++ shadow-4.1.5.1/debian/patches/523_su_arguments_are_concatenated @@ -0,0 +1,48 @@ +Goal: Concatenate the non-su arguments and provide them to the shell with + the -c option +Fixes: #317264 + see also #276419 + +Status wrt upstream: This is a Debian specific patch. + +Note: the fix of the man page is still missing. + (to be taken from the trunk) + +--- a/src/su.c ++++ b/src/su.c +@@ -1150,6 +1150,35 @@ + argv[0] = "-c"; + argv[1] = command; + } ++ /* On Debian, the arguments are concatenated and the ++ * resulting string is always given to the shell with its ++ * -c option. ++ */ ++ { ++ char **parg; ++ unsigned int cmd_len = 0; ++ char *cmd = NULL; ++ if (strcmp(argv[0], "-c") != 0) { ++ argv--; ++ argv[0] = "-c"; ++ } ++ /* Now argv[0] is always -c, and other arguments ++ * can be concatenated ++ */ ++ cmd_len = 1; /* finale '\0' */ ++ for (parg = &argv[1]; *parg; parg++) { ++ cmd_len += strlen (*parg) + 1; ++ } ++ cmd = (char *) xmalloc (sizeof (char) * cmd_len); ++ cmd[0] = '\0'; ++ for (parg = &argv[1]; *parg; parg++) { ++ strcat (cmd, " "); ++ strcat (cmd, *parg); ++ } ++ cmd[cmd_len - 1] = '\0'; ++ argv[1] = &cmd[1]; /* do not take first space */ ++ argv[2] = NULL; ++ } + /* + * Use the shell and create an argv + * with the rest of the command line included. --- shadow-4.1.5.1.orig/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ shadow-4.1.5.1/debian/patches/523_su_arguments_are_no_more_concatenated_by_default @@ -0,0 +1,50 @@ +Goal: Do not concatenate the additional arguments, and support an + environment variable to revert to the old Debian's su behavior. + +This patch needs the su_arguments_are_concatenated patch. + +This patch, and su_arguments_are_concatenated should be dropped after +Etch. + +Status wrt upstream: This patch is Debian specific. + +--- a/src/su.c ++++ b/src/su.c +@@ -104,6 +104,19 @@ + /* If nonzero, change some environment vars to indicate the user su'd to. */ + static bool change_environment = true; + ++/* ++ * If nonzero, keep the old Debian behavior: ++ * * concatenate all the arguments and provide them to the -c option of ++ * the shell ++ * * If there are some additional arguments, but no -c, add a -c ++ * argument anyway ++ * Drawbacks: ++ * * you can't provide options to the shell (other than -c) ++ * * you can't rely on the argument count ++ * See http://bugs.debian.org/276419 ++ */ ++static int old_debian_behavior; ++ + #ifdef USE_PAM + static pam_handle_t *pamh = NULL; + static int caught = 0; +@@ -950,6 +963,8 @@ + int ret; + #endif /* USE_PAM */ + ++ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL); ++ + (void) setlocale (LC_ALL, ""); + (void) bindtextdomain (PACKAGE, LOCALEDIR); + (void) textdomain (PACKAGE); +@@ -1154,7 +1169,7 @@ + * resulting string is always given to the shell with its + * -c option. + */ +- { ++ if (old_debian_behavior) { + char **parg; + unsigned int cmd_len = 0; + char *cmd = NULL; --- shadow-4.1.5.1.orig/debian/patches/542_useradd-O_option +++ shadow-4.1.5.1/debian/patches/542_useradd-O_option @@ -0,0 +1,43 @@ +Goal: accepts the -O flag for backward compatibility. (was used by adduser?) + +Note: useradd.8 needs to be regenerated. + +Status wrt upstream: not included as this is just specific + backward compatibility for Debian + +--- a/man/useradd.8.xml ++++ b/man/useradd.8.xml +@@ -321,6 +321,11 @@ + databases are resetted to avoid reusing the entry from a previously + deleted user. + ++ ++ For the compatibility with previous Debian's ++ useradd, the option is ++ also supported. ++ + + + +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -1011,9 +1011,9 @@ + }; + while ((c = getopt_long (argc, argv, + #ifdef WITH_SELINUX +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:", + #else /* !WITH_SELINUX */ +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", ++ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U", + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { +@@ -1136,6 +1136,7 @@ + kflg = true; + break; + case 'K': ++ case 'O': /* compatibility with previous Debian useradd */ + /* + * override login.defs defaults (-K name=value) + * example: -K UID_MIN=100 -K UID_MAX=499 --- shadow-4.1.5.1.orig/debian/patches/900_testsuite_groupmems +++ shadow-4.1.5.1/debian/patches/900_testsuite_groupmems @@ -0,0 +1,81 @@ +--- a/debian/passwd.install ++++ b/debian/passwd.install +@@ -9,6 +9,7 @@ + usr/sbin/cppw + usr/sbin/groupadd + usr/sbin/groupdel ++usr/sbin/groupmems + usr/sbin/groupmod + usr/sbin/grpck + usr/sbin/grpconv +@@ -33,6 +34,7 @@ + usr/share/man/*/man8/chpasswd.8 + usr/share/man/*/man8/groupadd.8 + usr/share/man/*/man8/groupdel.8 ++usr/share/man/*/man8/groupmems.8 + usr/share/man/*/man8/groupmod.8 + usr/share/man/*/man8/grpck.8 + usr/share/man/*/man8/grpconv.8 +@@ -59,6 +61,7 @@ + usr/share/man/man8/chpasswd.8 + usr/share/man/man8/groupadd.8 + usr/share/man/man8/groupdel.8 ++usr/share/man/man8/groupmems.8 + usr/share/man/man8/groupmod.8 + usr/share/man/man8/grpck.8 + usr/share/man/man8/grpconv.8 +--- a/debian/passwd.postinst ++++ b/debian/passwd.postinst +@@ -31,6 +31,24 @@ + exit 1 + ) + fi ++ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99' ++ then ++ groupadd -g 99 groupmems || ( ++ cat < -h" will give you some hints about it. "man quilt" is +a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete +manual, with tutorial. + + --- shadow-4.1.5.1.orig/debian/patches/series +++ shadow-4.1.5.1/debian/patches/series @@ -0,0 +1,40 @@ +# These patches are only for the testsuite: +#900_testsuite_groupmems +#901_testsuite_gcov + +503_shadowconfig.8 +008_login_log_failure_in_FTMP +429_login_FAILLOG_ENAB +401_cppw_src.dpatch +# 402 should be merged in 401, but should be reviewed by SE Linux experts first +402_cppw_selinux +506_relaxed_usernames +542_useradd-O_option +501_commonio_group_shadow +463_login_delay_obeys_to_PAM +523_su_arguments_are_concatenated +523_su_arguments_are_no_more_concatenated_by_default +508_nologin_in_usr_sbin +505_useradd_recommend_adduser +495_stdout-encrypted-password +userns/01_userns_doc +userns/02_userns_doc_login.defs +userns/03_userns_implement_commonio_append +userns/04_userns_add_backend_support +userns/05_userns_implemend_find_new_sub_xids +userns/06_userns_userdel +userns/07_userns_useradd +userns/08_userns_detect_busy_subids +userns/09_userns_usermod +userns/10_userns_newusers +userns/11_userns_newxidmap +userns/12_userns_selinuxlibs +userns/13_subordinate_parse_static_buf +userns/14_fix_getopt +userns/manpagetypo +userns/16_add-argument-sanity-checking.patch +496_su_kill_process_group +1000_configure_userns +1010_extrausers.patch +1020_fix_user_busy_errors +1011_extrausers_toggle.patch --- shadow-4.1.5.1.orig/debian/patches/userns/01_userns_doc +++ shadow-4.1.5.1/debian/patches/userns/01_userns_doc @@ -0,0 +1,334 @@ +From ebiederm@xmission.com Tue Jan 22 09:14:18 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id DAC33C80F4; Tue, 22 Jan 2013 09:14:18 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 274ACC80D1 + for ; Tue, 22 Jan 2013 09:14:14 +0000 (UTC) +Received: from out01.mta.xmission.com ([166.70.13.231]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZuB-0006Xm-N5; Tue, 22 Jan 2013 02:12:31 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZuA-0005NR-BQ; Tue, 22 Jan 2013 02:12:30 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZu7-0004Pj-Ec; Tue, 22 Jan 2013 02:12:30 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:12:23 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <877gn5shs8.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX18YouPWtKNAX3LovSW2+p/ONbuCHMFEQpM= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 01/11] Documentation for /etc/subuid and /etc/subgid +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2071 +Status: RO +Content-Length: 9835 +Lines: 286 + + +Signed-off-by: "Eric W. Biederman" +--- + man/Makefile.am | 4 ++ + man/subgid.5.xml | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + man/subuid.5.xml | 120 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 244 insertions(+), 0 deletions(-) + create mode 100644 man/subgid.5.xml + create mode 100644 man/subuid.5.xml + +Index: shadow/man/Makefile.am +=================================================================== +--- shadow.orig/man/Makefile.am 2013-02-01 15:26:14.428082026 -0600 ++++ shadow/man/Makefile.am 2013-02-01 15:27:37.000000000 -0600 +@@ -43,6 +43,8 @@ + man5/shadow.5 \ + man1/su.1 \ + man5/suauth.5 \ ++ man5/subgid.5 \ ++ man5/subuid.5 \ + man8/useradd.8 \ + man8/userdel.8 \ + man8/usermod.8 \ +@@ -94,6 +96,8 @@ + sg.1.xml \ + su.1.xml \ + suauth.5.xml \ ++ subgid.5.xml \ ++ subuid.5.xml \ + useradd.8.xml \ + userdel.8.xml \ + usermod.8.xml \ +Index: shadow/man/subgid.5.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/subgid.5.xml 2013-02-01 15:26:14.424082026 -0600 +@@ -0,0 +1,120 @@ ++ ++ ++ ++]> ++ ++ ++ subgid ++ 5 ++ File Formats and Conversions ++ shadow-utils ++ &SHADOW_UTILS_VERSION; ++ ++ ++ subgid ++ the subordinate gid file ++ ++ ++ ++ DESCRIPTION ++ ++ Each line in /etc/subgid contains ++ a user id and a range of suboridinate user ids that user ++ is allowed to use. ++ ++ This is specified with three fields delimited by colons ++ (:). ++ These fields are: ++ ++ ++ ++ login name ++ ++ ++ numerical subordinate user ID ++ ++ ++ numerical subordinate user ID count ++ ++ ++ ++ ++ This file specifies the group IDs to be that each user may use ++ with the newgidmap command that ordinary users can use to ++ configure gid mapping in a user namespace. ++ ++ ++ ++ Multiple ranges may be specified per user ID. ++ ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/subgid ++ ++ Per user subordinate group IDs. ++ ++ ++ ++ /etc/subgid- ++ ++ Backup file for /etc/subgid. ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ subuid5 ++ , ++ ++ logindefs5 ++ , ++ ++ newuidmap1 ++ , ++ ++ newgidmap1 ++ , ++ ++ usermod8 ++ , ++ ++ ++ +Index: shadow/man/subuid.5.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/subuid.5.xml 2013-02-01 15:26:14.424082026 -0600 +@@ -0,0 +1,120 @@ ++ ++ ++ ++]> ++ ++ ++ subuid ++ 5 ++ File Formats and Conversions ++ shadow-utils ++ &SHADOW_UTILS_VERSION; ++ ++ ++ subuid ++ the subordinate uid file ++ ++ ++ ++ DESCRIPTION ++ ++ Each line in /etc/subuid contains ++ a user id and a range of suboridinate user ids that user ++ is allowed to use. ++ ++ This is specified with three fields delimited by colons ++ (:). ++ These fields are: ++ ++ ++ ++ login name ++ ++ ++ numerical subordinate user ID ++ ++ ++ numerical subordinate user ID count ++ ++ ++ ++ ++ This file specifies the user IDs to be that each user may use ++ with the newuidmap command that ordinary users can use to ++ configure uid mapping in a user namespace. ++ ++ ++ ++ Multiple ranges may be specified per user ID. ++ ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/subuid ++ ++ Per user subordinate user IDs. ++ ++ ++ ++ /etc/subuid- ++ ++ Backup file for /etc/subuid. ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ subgid5 ++ , ++ ++ logindefs5 ++ , ++ ++ newuidmap1 ++ , ++ ++ newgidmap1 ++ , ++ ++ usermod8 ++ , ++ ++ ++ --- shadow-4.1.5.1.orig/debian/patches/userns/02_userns_doc_login.defs +++ shadow-4.1.5.1/debian/patches/userns/02_userns_doc_login.defs @@ -0,0 +1,218 @@ +From ebiederm@xmission.com Tue Jan 22 09:14:55 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id 140DBC80F4; Tue, 22 Jan 2013 09:14:55 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 5D815C80D1 + for ; Tue, 22 Jan 2013 09:14:50 +0000 (UTC) +Received: from out03.mta.xmission.com ([166.70.13.233]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZum-0006il-0f; Tue, 22 Jan 2013 02:13:08 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZul-0004GF-Id; Tue, 22 Jan 2013 02:13:07 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZuf-0004T0-MS; Tue, 22 Jan 2013 02:13:07 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:12:58 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <871uddshr9.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX19iYyOCEx6dl2v1Ya/KIGpixG5+3MVA1bY= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 02/11] login.defs.5: Document the new variables in login.defs +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2072 +Status: RO +Content-Length: 7615 +Lines: 170 + + +Signed-off-by: "Eric W. Biederman" +--- + man/Makefile.am | 2 + + man/login.defs.5.xml | 8 ++++++ + man/login.defs.d/SUB_GID_COUNT.xml | 46 ++++++++++++++++++++++++++++++++++++ + man/login.defs.d/SUB_UID_COUNT.xml | 46 ++++++++++++++++++++++++++++++++++++ + 4 files changed, 102 insertions(+), 0 deletions(-) + create mode 100644 man/login.defs.d/SUB_GID_COUNT.xml + create mode 100644 man/login.defs.d/SUB_UID_COUNT.xml + +Index: shadow/man/Makefile.am +=================================================================== +--- shadow.orig/man/Makefile.am 2013-02-01 15:27:51.048080390 -0600 ++++ shadow/man/Makefile.am 2013-02-01 15:27:51.040080390 -0600 +@@ -163,6 +163,8 @@ + USERDEL_CMD.xml \ + USERGROUPS_ENAB.xml \ + USE_TCB.xml \ ++ SUB_GID_COUNT.xml \ ++ SUB_UID_COUNT.xml \ + SYS_GID_MAX.xml \ + SYS_UID_MAX.xml + +Index: shadow/man/login.defs.5.xml +=================================================================== +--- shadow.orig/man/login.defs.5.xml 2013-02-01 15:27:51.048080390 -0600 ++++ shadow/man/login.defs.5.xml 2013-02-01 15:27:51.044080390 -0600 +@@ -78,6 +78,8 @@ + + + ++ ++ + + + +@@ -216,6 +218,8 @@ + &SULOG_FILE; + &SU_NAME; + &SU_WHEEL_ONLY; ++ &SUB_GID_COUNT; ++ &SUB_UID_COUNT; + &SYS_GID_MAX; + &SYS_UID_MAX; + &SYSLOG_SG_ENAB; +@@ -393,6 +397,8 @@ + PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE + SHA_CRYPT_MAX_ROUNDS + SHA_CRYPT_MIN_ROUNDS ++ SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN ++ SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN + SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN + UMASK + +@@ -470,6 +476,8 @@ + GID_MAX GID_MIN + MAIL_DIR MAX_MEMBERS_PER_GROUP + PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE ++ SUB_GID_COUNT SUB_GID_MAX SUB_GID_MIN ++ SUB_UID_COUNT SUB_UID_MAX SUB_UID_MIN + SYS_GID_MAX SYS_GID_MIN SYS_UID_MAX SYS_UID_MIN UID_MAX UID_MIN + UMASK + TCB_AUTH_GROUP TCB_SYMLINK USE_TCB +Index: shadow/man/login.defs.d/SUB_GID_COUNT.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/login.defs.d/SUB_GID_COUNT.xml 2013-02-01 15:27:51.044080390 -0600 +@@ -0,0 +1,46 @@ ++ ++ ++ (number) ++ (number) ++ (number) ++ ++ ++ The commands useradd and newusers ++ allocate unused group IDs from the range ++ to for each ++ new user. ++ ++ ++ The default values for , ++ , ++ are respectively 100000, 600100000 and 10000. ++ ++ ++ +Index: shadow/man/login.defs.d/SUB_UID_COUNT.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/login.defs.d/SUB_UID_COUNT.xml 2013-02-01 15:27:51.044080390 -0600 +@@ -0,0 +1,46 @@ ++ ++ ++ (number) ++ (number) ++ (number) ++ ++ ++ The commands useradd and newusers ++ allocate unused user IDs from the range ++ to for each ++ new user. ++ ++ ++ The default values for , ++ , ++ are respectively 100000, 600100000 and 10000. ++ ++ ++ --- shadow-4.1.5.1.orig/debian/patches/userns/03_userns_implement_commonio_append +++ shadow-4.1.5.1/debian/patches/userns/03_userns_implement_commonio_append @@ -0,0 +1,110 @@ +From ebiederm@xmission.com Tue Jan 22 09:15:19 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id CAFA8C80F6; Tue, 22 Jan 2013 09:15:19 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 43FAEC80D1 + for ; Tue, 22 Jan 2013 09:15:15 +0000 (UTC) +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZvA-0006sA-Pq; Tue, 22 Jan 2013 02:13:32 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZv8-0004VI-Fi; Tue, 22 Jan 2013 02:13:32 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:13:26 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87vcapr361.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1++0A/mQBimfZkeNedO095IfnCYGQfIolI= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 03/11] Implement commonio_append. +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2073 +Status: RO +Content-Length: 1874 +Lines: 65 + + +To support files that do not have a simple unique key implement +commonio_append to allow new entries to be added. + +Signed-off-by: "Eric W. Biederman" +--- + lib/commonio.c | 30 ++++++++++++++++++++++++++++++ + lib/commonio.h | 1 + + 2 files changed, 31 insertions(+), 0 deletions(-) + +Index: shadow/lib/commonio.c +=================================================================== +--- shadow.orig/lib/commonio.c 2013-02-01 15:27:51.376080384 -0600 ++++ shadow/lib/commonio.c 2013-02-01 15:27:51.368080384 -0600 +@@ -1121,6 +1121,36 @@ + return 1; + } + ++int commonio_append (struct commonio_db *db, const void *eptr) ++{ ++ struct commonio_entry *p; ++ void *nentry; ++ ++ if (!db->isopen || db->readonly) { ++ errno = EINVAL; ++ return 0; ++ } ++ nentry = db->ops->dup (eptr); ++ if (NULL == nentry) { ++ errno = ENOMEM; ++ return 0; ++ } ++ /* new entry */ ++ p = (struct commonio_entry *) malloc (sizeof *p); ++ if (NULL == p) { ++ db->ops->free (nentry); ++ errno = ENOMEM; ++ return 0; ++ } ++ ++ p->eptr = nentry; ++ p->line = NULL; ++ p->changed = true; ++ add_one_entry (db, p); ++ ++ db->changed = true; ++ return 1; ++} + + void commonio_del_entry (struct commonio_db *db, const struct commonio_entry *p) + { +Index: shadow/lib/commonio.h +=================================================================== +--- shadow.orig/lib/commonio.h 2013-02-01 15:27:51.376080384 -0600 ++++ shadow/lib/commonio.h 2013-02-01 15:27:51.368080384 -0600 +@@ -146,6 +146,7 @@ + extern int commonio_open (struct commonio_db *, int); + extern /*@observer@*/ /*@null@*/const void *commonio_locate (struct commonio_db *, const char *); + extern int commonio_update (struct commonio_db *, const void *); ++extern int commonio_append (struct commonio_db *, const void *); + extern int commonio_remove (struct commonio_db *, const char *); + extern int commonio_rewind (struct commonio_db *); + extern /*@observer@*/ /*@null@*/const void *commonio_next (struct commonio_db *); --- shadow-4.1.5.1.orig/debian/patches/userns/04_userns_add_backend_support +++ shadow-4.1.5.1/debian/patches/userns/04_userns_add_backend_support @@ -0,0 +1,685 @@ +From ebiederm@xmission.com Tue Jan 22 09:16:29 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id AF9A9C80F4; Tue, 22 Jan 2013 09:16:29 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id EDF70C80D1 + for ; Tue, 22 Jan 2013 09:16:24 +0000 (UTC) +Received: from out01.mta.xmission.com ([166.70.13.231]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZwI-0007HS-Mn; Tue, 22 Jan 2013 02:14:42 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZwI-0005wP-8E; Tue, 22 Jan 2013 02:14:42 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZwE-0004bA-Mv; Tue, 22 Jan 2013 02:14:42 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:14:35 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87liblr344.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/3QOlmT6VsAuzQbs/RJ/nb1IrpO++QYVA= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 04/11] Add backend support for suboridnate uids and gids +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2074 +Status: RO +X-Status: A +Content-Length: 15967 +Lines: 636 + + +These files list the set of subordinate uids and gids that users are allowed +to use. The expect use case is with the user namespace but other uses are +allowed. + +Signed-off-by: "Eric W. Biederman" +--- + etc/login.defs | 8 + + lib/Makefile.am | 2 + + lib/getdef.c | 6 + + lib/subordinateio.c | 512 +++++++++++++++++++++++++++++++++++++++++++++++++++ + lib/subordinateio.h | 38 ++++ + 5 files changed, 566 insertions(+), 0 deletions(-) + create mode 100644 lib/subordinateio.c + create mode 100644 lib/subordinateio.h + +Index: shadow/etc/login.defs +=================================================================== +--- shadow.orig/etc/login.defs 2013-02-01 15:27:51.684080379 -0600 ++++ shadow/etc/login.defs 2013-02-01 15:27:51.676080379 -0600 +@@ -226,6 +226,10 @@ + # System accounts + SYS_UID_MIN 101 + SYS_UID_MAX 999 ++# Extra per user uids ++SUB_UID_MIN 100000 ++SUB_UID_MAX 600100000 ++SUB_UID_COUNT 10000 + + # + # Min/max values for automatic gid selection in groupadd +@@ -235,6 +239,10 @@ + # System accounts + SYS_GID_MIN 101 + SYS_GID_MAX 999 ++# Extra per user group ids ++SUB_GID_MIN 100000 ++SUB_GID_MAX 600100000 ++SUB_GID_COUNT 10000 + + # + # Max number of login retries if password is bad +Index: shadow/lib/Makefile.am +=================================================================== +--- shadow.orig/lib/Makefile.am 2013-02-01 15:27:51.684080379 -0600 ++++ shadow/lib/Makefile.am 2013-02-01 15:27:51.676080379 -0600 +@@ -39,6 +39,8 @@ + pwio.c \ + pwio.h \ + pwmem.c \ ++ subordinateio.h \ ++ subordinateio.c \ + selinux.c \ + semanage.c \ + sgetgrent.c \ +Index: shadow/lib/getdef.c +=================================================================== +--- shadow.orig/lib/getdef.c 2013-02-01 15:27:51.684080379 -0600 ++++ shadow/lib/getdef.c 2013-02-01 15:27:51.680080379 -0600 +@@ -82,6 +82,12 @@ + {"SHA_CRYPT_MAX_ROUNDS", NULL}, + {"SHA_CRYPT_MIN_ROUNDS", NULL}, + #endif ++ {"SUB_GID_COUNT", NULL}, ++ {"SUB_GID_MAX", NULL}, ++ {"SUB_GID_MIN", NULL}, ++ {"SUB_UID_COUNT", NULL}, ++ {"SUB_UID_MAX", NULL}, ++ {"SUB_UID_MIN", NULL}, + {"SULOG_FILE", NULL}, + {"SU_NAME", NULL}, + {"SYS_GID_MAX", NULL}, +Index: shadow/lib/subordinateio.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/lib/subordinateio.c 2013-02-01 15:27:51.680080379 -0600 +@@ -0,0 +1,512 @@ ++/* ++ * Copyright (c) 2012 - Eric Biederman ++ */ ++ ++#include ++#include "prototypes.h" ++#include "defines.h" ++#include ++#include "commonio.h" ++#include "subordinateio.h" ++ ++struct subordinate_range { ++ const char *owner; ++ unsigned long start; ++ unsigned long count; ++}; ++ ++#define NFIELDS 3 ++ ++static /*@null@*/ /*@only@*/void *subordinate_dup (const void *ent) ++{ ++ const struct subordinate_range *rangeent = ent; ++ struct subordinate_range *range; ++ ++ range = (struct subordinate_range *) malloc (sizeof *range); ++ if (NULL == range) { ++ return NULL; ++ } ++ range->owner = strdup (rangeent->owner); ++ if (NULL == range->owner) { ++ free(range); ++ return NULL; ++ } ++ range->start = rangeent->start; ++ range->count = rangeent->count; ++ ++ return range; ++} ++ ++static void subordinate_free (/*@out@*/ /*@only@*/void *ent) ++{ ++ struct subordinate_range *rangeent = ent; ++ ++ free ((void *)(rangeent->owner)); ++ free (rangeent); ++} ++ ++static void *subordinate_parse (const char *line) ++{ ++ static struct subordinate_range range; ++ char rangebuf[1024]; ++ int i; ++ char *cp; ++ char *fields[NFIELDS]; ++ ++ /* ++ * Copy the string to a temporary buffer so the substrings can ++ * be modified to be NULL terminated. ++ */ ++ if (strlen (line) >= sizeof rangebuf) ++ return NULL; /* fail if too long */ ++ strcpy (rangebuf, line); ++ ++ /* ++ * Save a pointer to the start of each colon separated ++ * field. The fields are converted into NUL terminated strings. ++ */ ++ ++ for (cp = rangebuf, i = 0; (i < NFIELDS) && (NULL != cp); i++) { ++ fields[i] = cp; ++ while (('\0' != *cp) && (':' != *cp)) { ++ cp++; ++ } ++ ++ if ('\0' != *cp) { ++ *cp = '\0'; ++ cp++; ++ } else { ++ cp = NULL; ++ } ++ } ++ ++ /* ++ * There must be exactly NFIELDS colon separated fields or ++ * the entry is invalid. Also, fields must be non-blank. ++ */ ++ if (i != NFIELDS || *fields[0] == '\0' || *fields[1] == '\0' || *fields[2] == '\0') ++ return NULL; ++ range.owner = fields[0]; ++ if (getulong (fields[1], &range.start) == 0) ++ return NULL; ++ if (getulong (fields[2], &range.count) == 0) ++ return NULL; ++ ++ return ⦥ ++} ++ ++static int subordinate_put (const void *ent, FILE * file) ++{ ++ const struct subordinate_range *range = ent; ++ ++ return fprintf(file, "%s:%lu:%lu\n", ++ range->owner, ++ range->start, ++ range->count) < 0 ? -1 : 0; ++} ++ ++static struct commonio_ops subordinate_ops = { ++ subordinate_dup, /* dup */ ++ subordinate_free, /* free */ ++ NULL, /* getname */ ++ subordinate_parse, /* parse */ ++ subordinate_put, /* put */ ++ fgets, /* fgets */ ++ fputs, /* fputs */ ++ NULL, /* open_hook */ ++ NULL, /* close_hook */ ++}; ++ ++static /*@observer@*/ /*@null*/const struct subordinate_range *subordinate_next(struct commonio_db *db) ++{ ++ commonio_next (db); ++} ++ ++static bool is_range_free(struct commonio_db *db, unsigned long start, ++ unsigned long count) ++{ ++ const struct subordinate_range *range; ++ unsigned long end = start + count - 1; ++ ++ commonio_rewind(db); ++ while ((range = commonio_next(db)) != NULL) { ++ unsigned long first = range->start; ++ unsigned long last = first + range->count - 1; ++ ++ if ((end >= first) && (start <= last)) ++ return false; ++ } ++ return true; ++} ++ ++static const bool range_exists(struct commonio_db *db, const char *owner) ++{ ++ const struct subordinate_range *range; ++ commonio_rewind(db); ++ while ((range = commonio_next(db)) != NULL) { ++ unsigned long first = range->start; ++ unsigned long last = first + range->count - 1; ++ ++ if (0 == strcmp(range->owner, owner)) ++ return true; ++ } ++ return false; ++} ++ ++static const struct subordinate_range *find_range(struct commonio_db *db, ++ const char *owner, unsigned long val) ++{ ++ const struct subordinate_range *range; ++ commonio_rewind(db); ++ while ((range = commonio_next(db)) != NULL) { ++ unsigned long first = range->start; ++ unsigned long last = first + range->count - 1; ++ ++ if (0 != strcmp(range->owner, owner)) ++ continue; ++ ++ if ((val >= first) && (val <= last)) ++ return range; ++ } ++ return NULL; ++} ++ ++static bool have_range(struct commonio_db *db, ++ const char *owner, unsigned long start, unsigned long count) ++{ ++ const struct subordinate_range *range; ++ unsigned long end; ++ ++ if (count == 0) ++ return false; ++ ++ end = start + count - 1; ++ range = find_range (db, owner, start); ++ while (range) { ++ unsigned long last; ++ ++ last = range->start + range->count - 1; ++ if (last >= (start + count - 1)) ++ return true; ++ ++ count = end - last; ++ start = last + 1; ++ range = find_range(db, owner, start); ++ } ++ return false; ++} ++ ++static int subordinate_range_cmp (const void *p1, const void *p2) ++{ ++ struct subordinate_range *range1, *range2; ++ ++ if ((*(struct commonio_entry **) p1)->eptr == NULL) ++ return 1; ++ if ((*(struct commonio_entry **) p2)->eptr == NULL) ++ return -1; ++ ++ range1 = ((struct subordinate_range *) (*(struct commonio_entry **) p1)->eptr); ++ range2 = ((struct subordinate_range *) (*(struct commonio_entry **) p2)->eptr); ++ ++ if (range1->start < range2->start) ++ return -1; ++ else if (range1->start > range2->start) ++ return 1; ++ else if (range1->count < range2->count) ++ return -1; ++ else if (range1->count > range2->count) ++ return 1; ++ else ++ return strcmp(range1->owner, range2->owner); ++} ++ ++static unsigned long find_free_range(struct commonio_db *db, ++ unsigned long min, unsigned long max, ++ unsigned long count) ++{ ++ const struct subordinate_range *range; ++ unsigned long low, high; ++ ++ /* When given invalid parameters fail */ ++ if ((count == 0) || (max <= min)) ++ goto fail; ++ ++ /* Sort by range than by owner */ ++ commonio_sort (db, subordinate_range_cmp); ++ commonio_rewind(db); ++ ++ low = min; ++ while ((range = commonio_next(db)) != NULL) { ++ unsigned long first = range->start; ++ unsigned long last = first + range->count - 1; ++ ++ /* Find the top end of the hole before this range */ ++ high = first; ++ if (high > max) ++ high = max; ++ ++ /* Is the hole before this range large enough? */ ++ if ((high > low) && (((high - low) + 1) >= count)) ++ return low; ++ ++ /* Compute the low end of the next hole */ ++ if (low < (last + 1)) ++ low = last + 1; ++ if (low > max) ++ goto fail; ++ } ++ ++ /* Is the remaining unclaimed area large enough? */ ++ if (((max - low) + 1) >= count) ++ return low; ++fail: ++ return ULONG_MAX; ++} ++ ++static int add_range(struct commonio_db *db, ++ const char *owner, unsigned long start, unsigned long count) ++{ ++ struct subordinate_range range; ++ range.owner = owner; ++ range.start = start; ++ range.count = count; ++ ++ /* See if the range is already present */ ++ if (have_range(db, owner, start, count)) ++ return 1; ++ ++ /* Oterwise append the range */ ++ return commonio_append(db, &range); ++} ++ ++static int remove_range(struct commonio_db *db, ++ const char *owner, unsigned long start, unsigned long count) ++{ ++ struct commonio_entry *ent; ++ unsigned long end; ++ ++ if (count == 0) ++ return 1; ++ ++ end = start + count - 1; ++ for (ent = db->head; ent; ent = ent->next) { ++ struct subordinate_range *range = ent->eptr; ++ unsigned long first; ++ unsigned long last; ++ ++ /* Skip unparsed entries */ ++ if (!range) ++ continue; ++ ++ first = range->start; ++ last = first + range->count - 1; ++ ++ /* Skip entries with a different owner */ ++ if (0 != strcmp(range->owner, owner)) ++ continue; ++ ++ /* Skip entries outside of the range to remove */ ++ if ((end < first) || (start > last)) ++ continue; ++ ++ /* Is entry completely contained in the range to remove? */ ++ if ((start <= first) && (end >= last)) { ++ commonio_del_entry (db, ent); ++ } ++ /* Is just the start of the entry removed? */ ++ else if ((start <= first) && (end < last)) { ++ range->start = end + 1; ++ range->count = (last - range->start) + 1; ++ ++ ent->changed = true; ++ } ++ /* Is just the end of the entry removed? */ ++ else if ((start > first) && (end >= last)) { ++ range->count = (start - range->start) + 1; ++ ++ ent->changed = true; ++ } ++ /* The middle of the range is removed */ ++ else { ++ struct subordinate_range tail; ++ tail.owner = range->owner; ++ tail.start = end + 1; ++ tail.count = (last - tail.start) + 1; ++ ++ if (!commonio_append(db, &tail)) ++ return 0; ++ ++ range->count = (start - range->start) + 1; ++ ++ ent->changed = true; ++ } ++ } ++ ++ return 1; ++} ++ ++static struct commonio_db subordinate_uid_db = { ++ "/etc/subuid", /* filename */ ++ &subordinate_ops, /* ops */ ++ NULL, /* fp */ ++#ifdef WITH_SELINUX ++ NULL, /* scontext */ ++#endif ++ NULL, /* head */ ++ NULL, /* tail */ ++ NULL, /* cursor */ ++ false, /* changed */ ++ false, /* isopen */ ++ false, /* locked */ ++ false /* readonly */ ++}; ++ ++int sub_uid_setdbname (const char *filename) ++{ ++ return commonio_setname (&subordinate_uid_db, filename); ++} ++ ++/*@observer@*/const char *sub_uid_dbname (void) ++{ ++ return subordinate_uid_db.filename; ++} ++ ++bool sub_uid_file_present (void) ++{ ++ return commonio_present (&subordinate_uid_db); ++} ++ ++int sub_uid_lock (void) ++{ ++ return commonio_lock (&subordinate_uid_db); ++} ++ ++int sub_uid_open (int mode) ++{ ++ return commonio_open (&subordinate_uid_db, mode); ++} ++ ++bool is_sub_uid_range_free(uid_t start, unsigned long count) ++{ ++ return is_range_free (&subordinate_uid_db, start, count); ++} ++ ++bool sub_uid_assigned(const char *owner) ++{ ++ return range_exists (&subordinate_uid_db, owner); ++} ++ ++bool have_sub_uids(const char *owner, uid_t start, unsigned long count) ++{ ++ return have_range (&subordinate_uid_db, owner, start, count); ++} ++ ++int sub_uid_add (const char *owner, uid_t start, unsigned long count) ++{ ++ return add_range (&subordinate_uid_db, owner, start, count); ++} ++ ++int sub_uid_remove (const char *owner, uid_t start, unsigned long count) ++{ ++ return remove_range (&subordinate_uid_db, owner, start, count); ++} ++ ++int sub_uid_close (void) ++{ ++ return commonio_close (&subordinate_uid_db); ++} ++ ++int sub_uid_unlock (void) ++{ ++ return commonio_unlock (&subordinate_uid_db); ++} ++ ++uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count) ++{ ++ unsigned long start; ++ start = find_free_range (&subordinate_uid_db, min, max, count); ++ return start == ULONG_MAX ? (uid_t) -1 : start; ++} ++ ++static struct commonio_db subordinate_gid_db = { ++ "/etc/subgid", /* filename */ ++ &subordinate_ops, /* ops */ ++ NULL, /* fp */ ++#ifdef WITH_SELINUX ++ NULL, /* scontext */ ++#endif ++ NULL, /* head */ ++ NULL, /* tail */ ++ NULL, /* cursor */ ++ false, /* changed */ ++ false, /* isopen */ ++ false, /* locked */ ++ false /* readonly */ ++}; ++ ++int sub_gid_setdbname (const char *filename) ++{ ++ return commonio_setname (&subordinate_gid_db, filename); ++} ++ ++/*@observer@*/const char *sub_gid_dbname (void) ++{ ++ return subordinate_gid_db.filename; ++} ++ ++bool sub_gid_file_present (void) ++{ ++ return commonio_present (&subordinate_gid_db); ++} ++ ++int sub_gid_lock (void) ++{ ++ return commonio_lock (&subordinate_gid_db); ++} ++ ++int sub_gid_open (int mode) ++{ ++ return commonio_open (&subordinate_gid_db, mode); ++} ++ ++bool is_sub_gid_range_free(gid_t start, unsigned long count) ++{ ++ return is_range_free (&subordinate_gid_db, start, count); ++} ++ ++bool have_sub_gids(const char *owner, gid_t start, unsigned long count) ++{ ++ return have_range(&subordinate_gid_db, owner, start, count); ++} ++ ++bool sub_gid_assigned(const char *owner) ++{ ++ return range_exists (&subordinate_gid_db, owner); ++} ++ ++int sub_gid_add (const char *owner, gid_t start, unsigned long count) ++{ ++ return add_range (&subordinate_gid_db, owner, start, count); ++} ++ ++int sub_gid_remove (const char *owner, gid_t start, unsigned long count) ++{ ++ return remove_range (&subordinate_gid_db, owner, start, count); ++} ++ ++int sub_gid_close (void) ++{ ++ return commonio_close (&subordinate_gid_db); ++} ++ ++int sub_gid_unlock (void) ++{ ++ return commonio_unlock (&subordinate_gid_db); ++} ++ ++gid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count) ++{ ++ unsigned long start; ++ start = find_free_range (&subordinate_gid_db, min, max, count); ++ return start == ULONG_MAX ? (gid_t) -1 : start; ++} +Index: shadow/lib/subordinateio.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/lib/subordinateio.h 2013-02-01 15:27:51.680080379 -0600 +@@ -0,0 +1,38 @@ ++/* ++ * Copyright (c) 2012- Eric W. Biederman ++ */ ++ ++#ifndef _SUBORDINATEIO_H ++#define _SUBORDINATEIO_H ++ ++#include ++ ++extern int sub_uid_close(void); ++extern bool is_sub_uid_range_free(uid_t start, unsigned long count); ++extern bool have_sub_uids(const char *owner, uid_t start, unsigned long count); ++extern bool sub_uid_file_present (void); ++extern bool sub_uid_assigned(const char *owner); ++extern int sub_uid_lock (void); ++extern int sub_uid_setdbname (const char *filename); ++extern /*@observer@*/const char *sub_uid_dbname (void); ++extern int sub_uid_open (int mode); ++extern int sub_uid_unlock (void); ++extern int sub_uid_add (const char *owner, uid_t start, unsigned long count); ++extern int sub_uid_remove (const char *owner, uid_t start, unsigned long count); ++extern uid_t sub_uid_find_free_range(uid_t min, uid_t max, unsigned long count); ++ ++extern int sub_gid_close(void); ++extern bool is_sub_gid_range_free(gid_t start, unsigned long count); ++extern bool have_sub_gids(const char *owner, gid_t start, unsigned long count); ++extern bool sub_gid_file_present (void); ++extern bool sub_gid_assigned(const char *owner); ++extern int sub_gid_lock (void); ++extern int sub_gid_setdbname (const char *filename); ++extern /*@observer@*/const char *sub_gid_dbname (void); ++extern int sub_gid_open (int mode); ++extern int sub_gid_unlock (void); ++extern int sub_gid_add (const char *owner, gid_t start, unsigned long count); ++extern int sub_gid_remove (const char *owner, gid_t start, unsigned long count); ++extern uid_t sub_gid_find_free_range(gid_t min, gid_t max, unsigned long count); ++ ++#endif --- shadow-4.1.5.1.orig/debian/patches/userns/05_userns_implemend_find_new_sub_xids +++ shadow-4.1.5.1/debian/patches/userns/05_userns_implemend_find_new_sub_xids @@ -0,0 +1,283 @@ +From ebiederm@xmission.com Tue Jan 22 09:17:02 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id 480ABC80F4; Tue, 22 Jan 2013 09:17:02 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 90ACFC80D1 + for ; Tue, 22 Jan 2013 09:16:57 +0000 (UTC) +Received: from out01.mta.xmission.com ([166.70.13.231]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZwp-0007cg-9X; Tue, 22 Jan 2013 02:15:15 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out01.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZwo-0006DN-OT; Tue, 22 Jan 2013 02:15:14 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZwj-0004g0-9e; Tue, 22 Jan 2013 02:15:14 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:15:05 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87fw1tr33a.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX19KHX5xUOkaLY5iIEqDVLxZKDTByyA0Xk8= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 05/11] Implement find_new_sub_uids find_new_sub_gids +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2075 +Status: RO +Content-Length: 8108 +Lines: 235 + + +Functions for finding new subordinate uid and gids ranges for use +with useradd. + +Signed-off-by: "Eric W. Biederman" +--- + lib/prototypes.h | 9 ++++ + libmisc/Makefile.am | 2 + + libmisc/find_new_sub_gids.c | 87 +++++++++++++++++++++++++++++++++++++++++++ + libmisc/find_new_sub_uids.c | 87 +++++++++++++++++++++++++++++++++++++++++++ + 4 files changed, 185 insertions(+), 0 deletions(-) + create mode 100644 libmisc/find_new_sub_gids.c + create mode 100644 libmisc/find_new_sub_uids.c + +Index: shadow/lib/prototypes.h +=================================================================== +--- shadow.orig/lib/prototypes.h 2013-02-01 15:27:52.044080373 -0600 ++++ shadow/lib/prototypes.h 2013-02-01 15:27:52.040080373 -0600 +@@ -149,6 +149,15 @@ + uid_t *uid, + /*@null@*/uid_t const *preferred_uid); + ++/* find_new_sub_gids.c */ ++extern int find_new_sub_gids (const char *owner, ++ gid_t *range_start, unsigned long *range_count); ++ ++/* find_new_sub_uids.c */ ++extern int find_new_sub_uids (const char *owner, ++ uid_t *range_start, unsigned long *range_count); ++ ++ + /* get_gid.c */ + extern int get_gid (const char *gidstr, gid_t *gid); + +Index: shadow/libmisc/Makefile.am +=================================================================== +--- shadow.orig/libmisc/Makefile.am 2013-02-01 15:27:52.044080373 -0600 ++++ shadow/libmisc/Makefile.am 2013-02-01 15:27:52.040080373 -0600 +@@ -25,6 +25,8 @@ + failure.h \ + find_new_gid.c \ + find_new_uid.c \ ++ find_new_sub_gids.c \ ++ find_new_sub_uids.c \ + getdate.h \ + getdate.y \ + getgr_nam_gid.c \ +Index: shadow/libmisc/find_new_sub_gids.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/libmisc/find_new_sub_gids.c 2013-02-01 15:27:52.040080373 -0600 +@@ -0,0 +1,87 @@ ++/* ++ * Copyright (c) 2012 Eric Biederman ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++ ++#include ++#include ++#include ++ ++#include "prototypes.h" ++#include "subordinateio.h" ++#include "getdef.h" ++ ++/* ++ * find_new_sub_gids - Find a new unused range of GIDs. ++ * ++ * If successful, find_new_sub_gids provides a range of unused ++ * user IDs in the [SUB_GID_MIN:SUB_GID_MAX] range. ++ * ++ * Return 0 on success, -1 if no unused GIDs are available. ++ */ ++int find_new_sub_gids (const char *owner, ++ gid_t *range_start, unsigned long *range_count) ++{ ++ unsigned long min, max; ++ unsigned long count; ++ gid_t start; ++ ++ assert (range_start != NULL); ++ assert (range_count != NULL); ++ ++ min = getdef_ulong ("SUB_GID_MIN", 100000UL); ++ max = getdef_ulong ("SUB_GID_MAX", 600100000UL); ++ count = getdef_ulong ("SUB_GID_COUNT", 10000); ++ ++ /* Is there a preferred range that works? */ ++ if ((*range_count != 0) && ++ (*range_start >= min) && ++ (((*range_start) + (*range_count) - 1) <= max) && ++ is_sub_gid_range_free(*range_start, *range_count)) { ++ return 0; ++ } ++ ++ if (max < (min + count)) { ++ (void) fprintf (stderr, ++ _("%s: Invalid configuration: SUB_GID_MIN (%lu), SUB_GID_MAX (%lu)\n"), ++ Prog, min, max); ++ return -1; ++ } ++ start = sub_gid_find_free_range(min, max, count); ++ if (start == (gid_t)-1) { ++ fprintf (stderr, ++ _("%s: Can't get unique secondary GID range\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, "no more available secondary GIDs on the system")); ++ return -1; ++ } ++ *range_start = start; ++ *range_count = count; ++ return 0; ++} ++ +Index: shadow/libmisc/find_new_sub_uids.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/libmisc/find_new_sub_uids.c 2013-02-01 15:27:52.040080373 -0600 +@@ -0,0 +1,87 @@ ++/* ++ * Copyright (c) 2012 Eric Biederman ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++ ++#include ++#include ++#include ++ ++#include "prototypes.h" ++#include "subordinateio.h" ++#include "getdef.h" ++ ++/* ++ * find_new_sub_uids - Find a new unused range of UIDs. ++ * ++ * If successful, find_new_sub_uids provides a range of unused ++ * user IDs in the [SUB_UID_MIN:SUB_UID_MAX] range. ++ * ++ * Return 0 on success, -1 if no unused UIDs are available. ++ */ ++int find_new_sub_uids (const char *owner, ++ uid_t *range_start, unsigned long *range_count) ++{ ++ unsigned long min, max; ++ unsigned long count; ++ uid_t start; ++ ++ assert (range_start != NULL); ++ assert (range_count != NULL); ++ ++ min = getdef_ulong ("SUB_UID_MIN", 100000UL); ++ max = getdef_ulong ("SUB_UID_MAX", 600100000UL); ++ count = getdef_ulong ("SUB_UID_COUNT", 10000); ++ ++ /* Is there a preferred range that works? */ ++ if ((*range_count != 0) && ++ (*range_start >= min) && ++ (((*range_start) + (*range_count) - 1) <= max) && ++ is_sub_uid_range_free(*range_start, *range_count)) { ++ return 0; ++ } ++ ++ if (max < (min + count)) { ++ (void) fprintf (stderr, ++ _("%s: Invalid configuration: SUB_UID_MIN (%lu), SUB_UID_MAX (%lu)\n"), ++ Prog, min, max); ++ return -1; ++ } ++ start = sub_uid_find_free_range(min, max, count); ++ if (start == (uid_t)-1) { ++ fprintf (stderr, ++ _("%s: Can't get unique secondary UID range\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, "no more available secondary UIDs on the system")); ++ return -1; ++ } ++ *range_start = start; ++ *range_count = count; ++ return 0; ++} ++ --- shadow-4.1.5.1.orig/debian/patches/userns/06_userns_userdel +++ shadow-4.1.5.1/debian/patches/userns/06_userns_userdel @@ -0,0 +1,236 @@ +From ebiederm@xmission.com Tue Jan 22 09:18:47 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id F2E6AC80F6; Tue, 22 Jan 2013 09:18:46 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 996B1C80D1 + for ; Tue, 22 Jan 2013 09:18:42 +0000 (UTC) +Received: from out03.mta.xmission.com ([166.70.13.233]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZyW-0008Bi-3X; Tue, 22 Jan 2013 02:17:00 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZyU-0005NA-Qm; Tue, 22 Jan 2013 02:16:59 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZyQ-0004qs-T1; Tue, 22 Jan 2013 02:16:58 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:16:51 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <878v7lr30c.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/1l7dElNy9uNLAXx8eC28OMs/pxPM8NEo= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 06/11] userdel: Add support for removing subordinate user and group ids. +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2076 +Status: O +Content-Length: 5573 +Lines: 186 + + +Signed-off-by: "Eric W. Biederman" +--- + src/userdel.c | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 files changed, 115 insertions(+), 0 deletions(-) + +Index: shadow/src/userdel.c +=================================================================== +--- shadow.orig/src/userdel.c 2013-02-01 15:27:52.380080367 -0600 ++++ shadow/src/userdel.c 2013-02-01 15:27:52.372080367 -0600 +@@ -65,6 +65,7 @@ + #endif /* WITH_TCB */ + /*@-exitarg@*/ + #include "exitcodes.h" ++#include "subordinateio.h" + + /* + * exit status values +@@ -75,6 +76,8 @@ + #define E_GRP_UPDATE 10 /* can't update group file */ + #define E_HOMEDIR 12 /* can't remove home directory */ + #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ ++#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ ++#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */ + + /* + * Global variables +@@ -96,9 +99,13 @@ + static bool is_shadow_grp; + static bool sgr_locked = false; + #endif /* SHADOWGRP */ ++static bool is_sub_uid; ++static bool is_sub_gid; + static bool pw_locked = false; + static bool gr_locked = false; + static bool spw_locked = false; ++static bool sub_uid_locked = false; ++static bool sub_gid_locked = false; + + /* local function prototypes */ + static void usage (int status); +@@ -437,6 +444,34 @@ + sgr_locked = false; + } + #endif /* SHADOWGRP */ ++ ++ if (is_sub_uid) { ++ if (sub_uid_close () == 0) { ++ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ sub_uid_locked = false; ++ } ++ ++ if (is_sub_gid) { ++ if (sub_gid_close () == 0) { ++ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ sub_gid_locked = false; ++ } + } + + /* +@@ -474,6 +509,20 @@ + } + } + #endif /* SHADOWGRP */ ++ if (sub_uid_locked) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ } ++ if (sub_gid_locked) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_USER, Prog, +@@ -595,6 +644,58 @@ + } + } + #endif /* SHADOWGRP */ ++ if (is_sub_uid) { ++ if (sub_uid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_uid_dbname ()); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_DEL_USER, Prog, ++ "locking subordinate user file", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_FAILURE); ++#endif /* WITH_AUDIT */ ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ sub_uid_locked = true; ++ if (sub_uid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), Prog, sub_uid_dbname ()); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_DEL_USER, Prog, ++ "opening subordinate user file", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_FAILURE); ++#endif /* WITH_AUDIT */ ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ } ++ if (is_sub_gid) { ++ if (sub_gid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_gid_dbname ()); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_DEL_USER, Prog, ++ "locking subordinate group file", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_FAILURE); ++#endif /* WITH_AUDIT */ ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ sub_gid_locked = true; ++ if (sub_gid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), Prog, sub_gid_dbname ()); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_DEL_USER, Prog, ++ "opening subordinate group file", ++ user_name, (unsigned int) user_id, ++ SHADOW_AUDIT_FAILURE); ++#endif /* WITH_AUDIT */ ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ } + } + + /* +@@ -619,6 +720,18 @@ + Prog, user_name, spw_dbname ()); + fail_exit (E_PW_UPDATE); + } ++ if (is_sub_uid && sub_uid_remove(user_name, 0, ULONG_MAX) == 0) { ++ fprintf (stderr, ++ _("%s: cannot remove entry %lu from %s\n"), ++ Prog, (unsigned long)user_id, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ if (is_sub_gid && sub_gid_remove(user_name, 0, ULONG_MAX) == 0) { ++ fprintf (stderr, ++ _("%s: cannot remove entry %lu from %s\n"), ++ Prog, (unsigned long)user_id, sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } + #ifdef WITH_AUDIT + audit_logger (AUDIT_DEL_USER, Prog, + "deleting user entries", +@@ -966,6 +1079,8 @@ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif /* SHADOWGRP */ ++ is_sub_uid = sub_uid_file_present (); ++ is_sub_gid = sub_gid_file_present (); + + /* + * Start with a quick check to see if the user exists. --- shadow-4.1.5.1.orig/debian/patches/userns/07_userns_useradd +++ shadow-4.1.5.1/debian/patches/userns/07_userns_useradd @@ -0,0 +1,285 @@ +From ebiederm@xmission.com Tue Jan 22 09:19:29 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id 61652C80DB; Tue, 22 Jan 2013 09:19:29 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id E0ABBC80F4 + for ; Tue, 22 Jan 2013 09:19:23 +0000 (UTC) +Received: from out03.mta.xmission.com ([166.70.13.233]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZzB-0008QG-Kq; Tue, 22 Jan 2013 02:17:41 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZz7-0005Ui-1H; Tue, 22 Jan 2013 02:17:37 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZz4-0004tF-BP; Tue, 22 Jan 2013 02:17:36 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:17:30 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <8738xtr2z9.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/Jm5H2PcjgcLXEyKh9YL3DVs2WZBJhDB8= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 07/11] useradd: Add support for subordinate user identifiers +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2077 +Status: RO +Content-Length: 6886 +Lines: 235 + + +Signed-off-by: "Eric W. Biederman" +--- + src/useradd.c | 141 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 files changed, 140 insertions(+), 1 deletions(-) + +Index: shadow/src/useradd.c +=================================================================== +--- shadow.orig/src/useradd.c 2013-02-01 15:27:52.668080362 -0600 ++++ shadow/src/useradd.c 2013-02-01 15:27:52.660080362 -0600 +@@ -65,6 +65,7 @@ + #include "sgroupio.h" + #endif + #include "shadowio.h" ++#include "subordinateio.h" + #ifdef WITH_TCB + #include "tcbfuncs.h" + #endif +@@ -121,12 +122,20 @@ + static bool is_shadow_grp; + static bool sgr_locked = false; + #endif ++static bool is_sub_uid = false; ++static bool is_sub_gid = false; + static bool pw_locked = false; + static bool gr_locked = false; + static bool spw_locked = false; ++static bool sub_uid_locked = false; ++static bool sub_gid_locked = false; + static char **user_groups; /* NULL-terminated list */ + static long sys_ngroups; + static bool do_grp_update = false; /* group files need to be updated */ ++static uid_t sub_uid_start; /* New subordinate uid range */ ++static unsigned long sub_uid_count; ++static gid_t sub_gid_start; /* New subordinate gid range */ ++static unsigned long sub_gid_count; + + static bool + bflg = false, /* new default root of home directory */ +@@ -168,6 +177,8 @@ + #define E_GRP_UPDATE 10 /* can't update group file */ + #define E_HOMEDIR 12 /* can't create home directory */ + #define E_SE_UPDATE 14 /* can't update SELinux user mapping */ ++#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ ++#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */ + + #define DGROUP "GROUP=" + #define DHOME "HOME=" +@@ -268,6 +279,32 @@ + } + } + #endif ++ if (sub_uid_locked) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "unlocking subodinate user file", ++ user_name, AUDIT_NO_ID, ++ SHADOW_AUDIT_FAILURE); ++#endif ++ /* continue */ ++ } ++ } ++ if (sub_gid_locked) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "unlocking subodinate group file", ++ user_name, AUDIT_NO_ID, ++ SHADOW_AUDIT_FAILURE); ++#endif ++ /* continue */ ++ } ++ } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, +@@ -1379,6 +1416,18 @@ + } + #endif + } ++ if (is_sub_uid && (sub_uid_close () == 0)) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ if (is_sub_gid && (sub_gid_close () == 0)) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); ++ fail_exit (E_SUB_GID_UPDATE); ++ } + if (is_shadow_pwd) { + if (spw_unlock () == 0) { + fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, spw_dbname ()); +@@ -1433,6 +1482,34 @@ + sgr_locked = false; + } + #endif ++ if (is_sub_uid) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "unlocking subordinate user file", ++ user_name, AUDIT_NO_ID, ++ SHADOW_AUDIT_FAILURE); ++#endif ++ /* continue */ ++ } ++ sub_uid_locked = false; ++ } ++ if (is_sub_gid) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++#ifdef WITH_AUDIT ++ audit_logger (AUDIT_ADD_USER, Prog, ++ "unlocking subordinate group file", ++ user_name, AUDIT_NO_ID, ++ SHADOW_AUDIT_FAILURE); ++#endif ++ /* continue */ ++ } ++ sub_gid_locked = false; ++ } + } + + /* +@@ -1487,6 +1564,36 @@ + } + } + #endif ++ if (is_sub_uid) { ++ if (sub_uid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ sub_uid_locked = true; ++ if (sub_uid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ } ++ if (is_sub_gid) { ++ if (sub_gid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ sub_gid_locked = true; ++ if (sub_gid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ } + } + + static void open_shadow (void) +@@ -1733,13 +1840,27 @@ + #endif + fail_exit (E_PW_UPDATE); + } ++ if (is_sub_uid && ++ (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) { ++ fprintf (stderr, ++ _("%s: failed to prepare the new %s entry\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ if (is_sub_gid && ++ (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) { ++ fprintf (stderr, ++ _("%s: failed to prepare the new %s entry\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ + #ifdef WITH_AUDIT + audit_logger (AUDIT_ADD_USER, Prog, + "adding user", + user_name, (unsigned int) user_id, + SHADOW_AUDIT_SUCCESS); + #endif +- + /* + * Do any group file updates for this user. + */ +@@ -1885,6 +2006,8 @@ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif ++ is_sub_uid = sub_uid_file_present (); ++ is_sub_gid = sub_gid_file_present (); + + get_defaults (); + +@@ -2035,6 +2158,22 @@ + grp_add (); + } + ++ if (is_sub_uid) { ++ if (find_new_sub_uids(user_name, &sub_uid_start, &sub_uid_count) < 0) { ++ fprintf (stderr, ++ _("%s: can't find subordinate user range\n"), ++ Prog); ++ fail_exit(E_SUB_UID_UPDATE); ++ } ++ } ++ if (is_sub_gid) { ++ if (find_new_sub_gids(user_name, &sub_gid_start, &sub_gid_count) < 0) { ++ fprintf (stderr, ++ _("%s: can't find subordinate group range\n"), ++ Prog); ++ fail_exit(E_SUB_GID_UPDATE); ++ } ++ } + usr_update (); + + if (mflg) { --- shadow-4.1.5.1.orig/debian/patches/userns/08_userns_detect_busy_subids +++ shadow-4.1.5.1/debian/patches/userns/08_userns_detect_busy_subids @@ -0,0 +1,133 @@ +From ebiederm@xmission.com Tue Jan 22 09:19:49 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id E0EA3C80F4; Tue, 22 Jan 2013 09:19:49 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00, + RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 1A2C7C80D1 + for ; Tue, 22 Jan 2013 09:19:46 +0000 (UTC) +Received: from out03.mta.xmission.com ([166.70.13.233]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZzX-00006D-G7; Tue, 22 Jan 2013 02:18:03 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1TxZzV-0005Zh-Qq; Tue, 22 Jan 2013 02:18:02 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZzN-0004ul-H6; Tue, 22 Jan 2013 02:18:01 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:17:50 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87y5flpoe9.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/ZWJZMWIVV2ekPIrRQjHLl4Oh/kdyWJUw= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 08/11] Add support for detecting busy subordinate user ids +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2078 +Status: RO +Content-Length: 2655 +Lines: 83 + + +Signed-off-by: "Eric W. Biederman" +--- + libmisc/user_busy.c | 18 +++++++++++++----- + 1 files changed, 13 insertions(+), 5 deletions(-) + +Index: shadow/libmisc/user_busy.c +=================================================================== +--- shadow.orig/libmisc/user_busy.c 2013-02-01 15:27:52.952080357 -0600 ++++ shadow/libmisc/user_busy.c 2013-02-01 15:27:52.948080357 -0600 +@@ -38,11 +38,13 @@ + #include + #include + #include ++#include + #include "defines.h" + #include "prototypes.h" ++#include "subordinateio.h" + + #ifdef __linux__ +-static int check_status (const char *sname, uid_t uid); ++static int check_status (const char *name, const char *sname, uid_t uid); + static int user_busy_processes (const char *name, uid_t uid); + #else /* !__linux__ */ + static int user_busy_utmp (const char *name); +@@ -102,7 +104,7 @@ + #endif /* !__linux__ */ + + #ifdef __linux__ +-static int check_status (const char *sname, uid_t uid) ++static int check_status (const char *name, const char *sname, uid_t uid) + { + /* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */ + char status[40]; +@@ -125,7 +127,10 @@ + &ruid, &euid, &suid) == 3) { + if ( (ruid == (unsigned long) uid) + || (euid == (unsigned long) uid) +- || (suid == (unsigned long) uid)) { ++ || (suid == (unsigned long) uid) ++ || have_sub_uids(name, ruid, 1) ++ || have_sub_uids(name, euid, 1) ++ || have_sub_uids(name, suid, 1)) { + (void) fclose (sfile); + return 1; + } +@@ -153,6 +158,8 @@ + struct stat sbroot; + struct stat sbroot_process; + ++ sub_uid_open (O_RDONLY); ++ + proc = opendir ("/proc"); + if (proc == NULL) { + perror ("opendir /proc"); +@@ -196,7 +203,7 @@ + continue; + } + +- if (check_status (tmp_d_name, uid) != 0) { ++ if (check_status (name, tmp_d_name, uid) != 0) { + (void) closedir (proc); + fprintf (stderr, + _("%s: user %s is currently used by process %d\n"), +@@ -216,7 +223,7 @@ + if (tid == pid) { + continue; + } +- if (check_status (task_path+6, uid) != 0) { ++ if (check_status (name, task_path+6, uid) != 0) { + (void) closedir (proc); + fprintf (stderr, + _("%s: user %s is currently used by process %d\n"), +@@ -231,6 +238,7 @@ + } + + (void) closedir (proc); ++ sub_uid_close(); + return 0; + } + #endif /* __linux__ */ --- shadow-4.1.5.1.orig/debian/patches/userns/09_userns_usermod +++ shadow-4.1.5.1/debian/patches/userns/09_userns_usermod @@ -0,0 +1,536 @@ +From ebiederm@xmission.com Tue Jan 22 09:20:27 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id 8625BC80F4; Tue, 22 Jan 2013 09:20:27 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=0.1 required=8.0 tests=BAD_ENC_HEADER,BAYES_00 + autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 69CACC80D1 + for ; Tue, 22 Jan 2013 09:20:23 +0000 (UTC) +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1Txa08-0000JL-Uo; Tue, 22 Jan 2013 02:18:41 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1TxZzw-0004wm-8g; Tue, 22 Jan 2013 02:18:40 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:18:24 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87sj5tpodb.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/EkNiL4owL54HOscHbdbK8RucFTofOBo8= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 09/11] usermod: Add support for subordinate uids and gids. +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2079 +Status: O +Content-Length: 15455 +Lines: 491 + + +Signed-off-by: "Eric W. Biederman" +--- + man/usermod.8.xml | 80 +++++++++++++++++ + src/usermod.c | 255 ++++++++++++++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 332 insertions(+), 3 deletions(-) + +Index: shadow/man/usermod.8.xml +=================================================================== +--- shadow.orig/man/usermod.8.xml 2013-02-01 15:27:53.240080352 -0600 ++++ shadow/man/usermod.8.xml 2013-02-01 15:27:53.232080353 -0600 +@@ -391,6 +391,86 @@ + + + ++ , ++ FIRST-LAST ++ ++ ++ ++ Add a range of subordinate uids to the users account. ++ ++ ++ This option may be specified multiple times to add multiple ranges to a users account. ++ ++ ++ No checks will be performed with regard to ++ , , or ++ from /etc/login.defs. ++ ++ ++ ++ ++ ++ , ++ FIRST-LAST ++ ++ ++ ++ Remove a range of subordinate uids from the users account. ++ ++ ++ This option may be specified multiple times to remove multiple ranges to a users account. ++ When both and are specified ++ remove of all subordinate uid ranges happens before any subordinate uid ranges are added. ++ ++ ++ No checks will be performed with regard to ++ , , or ++ from /etc/login.defs. ++ ++ ++ ++ ++ ++ , ++ FIRST-LAST ++ ++ ++ ++ Add a range of subordinate gids to the users account. ++ ++ ++ This option may be specified multiple times to add multiple ranges to a users account. ++ ++ ++ No checks will be performed with regard to ++ , , or ++ from /etc/login.defs. ++ ++ ++ ++ ++ ++ , ++ FIRST-LAST ++ ++ ++ ++ Remove a range of subordinate gids from the users account. ++ ++ ++ This option may be specified multiple times to remove multiple ranges to a users account. ++ When both and are specified ++ remove of all subordinate gid ranges happens before any subordinate gid ranges are added. ++ ++ ++ No checks will be performed with regard to ++ , , or ++ from /etc/login.defs. ++ ++ ++ ++ ++ + , + SEUSER + +Index: shadow/src/usermod.c +=================================================================== +--- shadow.orig/src/usermod.c 2013-02-01 15:27:53.240080352 -0600 ++++ shadow/src/usermod.c 2013-02-01 15:27:53.236080353 -0600 +@@ -63,6 +63,7 @@ + #include "sgroupio.h" + #endif + #include "shadowio.h" ++#include "subordinateio.h" + #ifdef WITH_TCB + #include "tcbfuncs.h" + #endif +@@ -86,6 +87,8 @@ + /* #define E_NOSPACE 11 insufficient space to move home dir */ + #define E_HOMEDIR 12 /* unable to complete home dir move */ + #define E_SE_UPDATE 13 /* can't update SELinux user mapping */ ++#define E_SUB_UID_UPDATE 16 /* can't update the subordinate uid file */ ++#define E_SUB_GID_UPDATE 18 /* can't update the subordinate gid file */ + #define VALID(s) (strcspn (s, ":\n") == strlen (s)) + /* + * Global variables +@@ -133,7 +136,11 @@ + Zflg = false, /* new selinux user */ + #endif + uflg = false, /* specify new user ID */ +- Uflg = false; /* unlock the password */ ++ Uflg = false, /* unlock the password */ ++ vflg = false, /* add subordinate uids */ ++ Vflg = false, /* delete subordinate uids */ ++ wflg = false, /* add subordinate gids */ ++ Wflg = false; /* delete subordinate gids */ + + static bool is_shadow_pwd; + +@@ -141,12 +148,17 @@ + static bool is_shadow_grp; + #endif + ++static bool is_sub_uid = false; ++static bool is_sub_gid = false; ++ + static bool pw_locked = false; + static bool spw_locked = false; + static bool gr_locked = false; + #ifdef SHADOWGRP + static bool sgr_locked = false; + #endif ++static bool sub_uid_locked = false; ++static bool sub_gid_locked = false; + + + /* local function prototypes */ +@@ -302,6 +314,69 @@ + return 0; + } + ++struct ulong_range ++{ ++ unsigned long first; ++ unsigned long last; ++}; ++ ++static struct ulong_range getulong_range(const char *str) ++{ ++ struct ulong_range result = { .first = ULONG_MAX, .last = 0 }; ++ unsigned long long first, last; ++ char *pos; ++ ++ errno = 0; ++ first = strtoll(str, &pos, 10); ++ if (('\0' == *str) || ('-' != *pos ) || (ERANGE == errno) || ++ (first != (unsigned long int)first)) ++ goto out; ++ ++ errno = 0; ++ last = strtoul(pos + 1, &pos, 10); ++ if (('\0' != *pos ) || (ERANGE == errno) || ++ (last != (unsigned long int)last)) ++ goto out; ++ ++ if (first > last) ++ goto out; ++ ++ result.first = (unsigned long int)first; ++ result.last = (unsigned long int)last; ++out: ++ return result; ++ ++} ++ ++struct ulong_range_list_entry { ++ struct ulong_range_list_entry *next; ++ struct ulong_range range; ++}; ++ ++static struct ulong_range_list_entry *add_sub_uids = NULL, *del_sub_uids = NULL; ++static struct ulong_range_list_entry *add_sub_gids = NULL, *del_sub_gids = NULL; ++ ++static int prepend_range(const char *str, struct ulong_range_list_entry **head) ++{ ++ struct ulong_range range; ++ struct ulong_range_list_entry *entry; ++ range = getulong_range(str); ++ if (range.first > range.last) ++ return 0; ++ ++ entry = malloc(sizeof(*entry)); ++ if (!entry) { ++ fprintf (stderr, ++ _("%s: failed to allocate memory: %s\n"), ++ Prog, strerror (errno)); ++ return 0; ++ } ++ entry->next = *head; ++ entry->range = range; ++ *head = entry; ++ return 1; ++} ++ + /* + * usage - display usage message and exit + */ +@@ -334,6 +409,10 @@ + (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); + (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); + (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); ++ (void) fputs (_(" -v, --add-subuids FIRST-LAST add range of subordinate uids\n"), usageout); ++ (void) fputs (_(" -V, --del-subuids FIRST-LAST remvoe range of subordinate uids\n"), usageout); ++ (void) fputs (_(" -w, --add-subgids FIRST-LAST add range of subordinate gids\n"), usageout); ++ (void) fputs (_(" -W, --del-subgids FIRST-LAST remvoe range of subordinate gids\n"), usageout); + #ifdef WITH_SELINUX + (void) fputs (_(" -Z, --selinux-user SEUSER new SELinux user mapping for the user account\n"), usageout); + #endif /* WITH_SELINUX */ +@@ -590,6 +669,20 @@ + /* continue */ + } + } ++ if (sub_uid_locked) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ } ++ if (sub_gid_locked) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ } + + #ifdef WITH_AUDIT + audit_logger (AUDIT_USER_CHAUTHTOK, Prog, +@@ -889,6 +982,10 @@ + {"shell", required_argument, NULL, 's'}, + {"uid", required_argument, NULL, 'u'}, + {"unlock", no_argument, NULL, 'U'}, ++ {"add-subuids", required_argument, NULL, 'v'}, ++ {"del-subuids", required_argument, NULL, 'V'}, ++ {"add-subgids", required_argument, NULL, 'w'}, ++ {"del-subgids", required_argument, NULL, 'W'}, + #ifdef WITH_SELINUX + {"selinux-user", required_argument, NULL, 'Z'}, + #endif /* WITH_SELINUX */ +@@ -1018,6 +1115,41 @@ + case 'U': + Uflg = true; + break; ++ case 'v': ++ if (prepend_range (optarg, &add_sub_uids) == 0) { ++ fprintf (stderr, ++ _("%s: invalid subordinate uid range '%s'\n"), ++ Prog, optarg); ++ exit(E_BAD_ARG); ++ } ++ vflg = true; ++ break; ++ case 'V': ++ if (prepend_range (optarg, &del_sub_uids) == 0) { ++ fprintf (stderr, ++ _("%s: invalid subordinate uid range '%s'\n"), ++ Prog, optarg); ++ exit(E_BAD_ARG); ++ } ++ Vflg = true; ++ break; ++ case 'w': ++ if (prepend_range (optarg, &add_sub_gids) == 0) { ++ fprintf (stderr, ++ _("%s: invalid subordinate gid range '%s'\n"), ++ Prog, optarg); ++ exit(E_BAD_ARG); ++ } ++ wflg = true; ++ case 'W': ++ if (prepend_range (optarg, &del_sub_gids) == 0) { ++ fprintf (stderr, ++ _("%s: invalid subordinate gid range '%s'\n"), ++ Prog, optarg); ++ exit(E_BAD_ARG); ++ } ++ Wflg = true; ++ break; + #ifdef WITH_SELINUX + case 'Z': + if (is_selinux_enabled () > 0) { +@@ -1170,6 +1302,7 @@ + + if (!(Uflg || uflg || sflg || pflg || mflg || Lflg || + lflg || Gflg || gflg || fflg || eflg || dflg || cflg ++ || vflg || Vflg || wflg || Wflg + #ifdef WITH_SELINUX + || Zflg + #endif /* WITH_SELINUX */ +@@ -1200,6 +1333,7 @@ + Prog, (unsigned long) user_newid); + exit (E_UID_IN_USE); + } ++ + } + + /* +@@ -1248,6 +1382,10 @@ + sgr_dbname ())); + fail_exit (E_GRP_UPDATE); + } ++ } ++#endif ++#ifdef SHADOWGRP ++ if (is_shadow_grp) { + if (sgr_unlock () == 0) { + fprintf (stderr, + _("%s: failed to unlock %s\n"), +@@ -1296,6 +1434,33 @@ + sgr_locked = false; + #endif + ++ if (vflg || Vflg) { ++ if (!is_sub_uid || (sub_uid_close () == 0)) { ++ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ if (!is_sub_uid || (sub_uid_unlock () == 0)) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ sub_uid_locked = false; ++ } ++ if (wflg || Wflg) { ++ if (!is_sub_gid || (sub_gid_close () == 0)) { ++ fprintf (stderr, _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ if (!is_sub_gid || (sub_gid_unlock () == 0)) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ sub_gid_locked = false; ++ } ++ + /* + * Close the DBM and/or flat files + */ +@@ -1375,6 +1540,36 @@ + } + #endif + } ++ if (vflg || Vflg) { ++ if (!is_sub_uid || (sub_uid_lock () == 0)) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ sub_uid_locked = true; ++ if (!is_sub_uid || (sub_uid_open (O_RDWR) == 0)) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ } ++ if (wflg || Wflg) { ++ if (!is_sub_gid || (sub_gid_lock () == 0)) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ sub_gid_locked = true; ++ if (!is_sub_gid || (sub_gid_open (O_RDWR) == 0)) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ } + } + + /* +@@ -1476,6 +1671,58 @@ + fail_exit (E_PW_UPDATE); + } + } ++ if (Vflg) { ++ struct ulong_range_list_entry *ptr; ++ for (ptr = del_sub_uids; ptr != NULL; ptr = ptr->next) { ++ unsigned long count = ptr->range.last - ptr->range.first + 1; ++ if (sub_uid_remove(user_name, ptr->range.first, count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to remove uid range %lu-%lu from '%s'\n"), ++ Prog, ptr->range.first, ptr->range.last, ++ sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ } ++ } ++ if (vflg) { ++ struct ulong_range_list_entry *ptr; ++ for (ptr = add_sub_uids; ptr != NULL; ptr = ptr->next) { ++ unsigned long count = ptr->range.last - ptr->range.first + 1; ++ if (sub_uid_add(user_name, ptr->range.first, count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to add uid range %lu-%lu from '%s'\n"), ++ Prog, ptr->range.first, ptr->range.last, ++ sub_uid_dbname ()); ++ fail_exit (E_SUB_UID_UPDATE); ++ } ++ } ++ } ++ if (Wflg) { ++ struct ulong_range_list_entry *ptr; ++ for (ptr = del_sub_gids; ptr != NULL; ptr = ptr->next) { ++ unsigned long count = ptr->range.last - ptr->range.first + 1; ++ if (sub_gid_remove(user_name, ptr->range.first, count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to remove gid range %lu-%lu from '%s'\n"), ++ Prog, ptr->range.first, ptr->range.last, ++ sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ } ++ } ++ if (wflg) { ++ struct ulong_range_list_entry *ptr; ++ for (ptr = add_sub_gids; ptr != NULL; ptr = ptr->next) { ++ unsigned long count = ptr->range.last - ptr->range.first + 1; ++ if (sub_gid_add(user_name, ptr->range.first, count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to add gid range %lu-%lu from '%s'\n"), ++ Prog, ptr->range.first, ptr->range.last, ++ sub_gid_dbname ()); ++ fail_exit (E_SUB_GID_UPDATE); ++ } ++ } ++ } + } + + /* +@@ -1811,6 +2058,8 @@ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif ++ is_sub_uid = sub_uid_file_present (); ++ is_sub_gid = sub_gid_file_present (); + + process_flags (argc, argv); + +@@ -1818,7 +2067,7 @@ + * The home directory, the username and the user's UID should not + * be changed while the user is logged in. + */ +- if ( (uflg || lflg || dflg) ++ if ( (uflg || lflg || dflg || Vflg || Wflg) + && (user_busy (user_name, user_id) != 0)) { + exit (E_USER_BUSY); + } +@@ -1871,7 +2120,7 @@ + */ + open_files (); + if ( cflg || dflg || eflg || fflg || gflg || Lflg || lflg || pflg +- || sflg || uflg || Uflg) { ++ || sflg || uflg || Uflg || vflg || Vflg || wflg || Wflg) { + usr_update (); + } + if (Gflg || lflg) { --- shadow-4.1.5.1.orig/debian/patches/userns/10_userns_newusers +++ shadow-4.1.5.1/debian/patches/userns/10_userns_newusers @@ -0,0 +1,256 @@ +From ebiederm@xmission.com Tue Jan 22 09:21:21 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id ADE59C80F5; Tue, 22 Jan 2013 09:21:21 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=-2.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00, + RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id D56AEC80DB + for ; Tue, 22 Jan 2013 09:21:17 +0000 (UTC) +Received: from out03.mta.xmission.com ([166.70.13.233]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1Txa11-0000bo-MQ; Tue, 22 Jan 2013 02:19:35 -0700 +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out03.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1Txa11-0005wx-1p; Tue, 22 Jan 2013 02:19:35 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1Txa0y-000519-2O; Tue, 22 Jan 2013 02:19:34 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:19:28 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87k3r5pobj.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1+qhualZ5pxk+DVqanIJA7JrJwlPXicL8c= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 10/11] newusers: Add support for assiging subordinate uids and gids. +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2080 +Status: O +Content-Length: 5597 +Lines: 206 + + +Signed-off-by: "Eric W. Biederman" +--- + src/newusers.c | 124 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 files changed, 124 insertions(+), 0 deletions(-) + +Index: shadow/src/newusers.c +=================================================================== +--- shadow.orig/src/newusers.c 2013-02-01 15:27:53.548080347 -0600 ++++ shadow/src/newusers.c 2013-02-01 15:27:53.540080347 -0600 +@@ -65,6 +65,7 @@ + #include "pwio.h" + #include "sgroupio.h" + #include "shadowio.h" ++#include "subordinateio.h" + #include "chkname.h" + + /* +@@ -82,6 +83,8 @@ + #endif /* USE_SHA_CRYPT */ + #endif /* !USE_PAM */ + ++static bool is_sub_uid = false; ++static bool is_sub_gid = false; + static bool is_shadow; + #ifdef SHADOWGRP + static bool is_shadow_grp; +@@ -90,6 +93,8 @@ + static bool pw_locked = false; + static bool gr_locked = false; + static bool spw_locked = false; ++static bool sub_uid_locked = false; ++static bool sub_gid_locked = false; + + /* local function prototypes */ + static void usage (int status); +@@ -178,6 +183,20 @@ + } + } + #endif ++ if (sub_uid_locked) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ } ++ if (sub_gid_locked) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ } + + exit (code); + } +@@ -732,6 +751,24 @@ + sgr_locked = true; + } + #endif ++ if (is_sub_uid) { ++ if (sub_uid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (EXIT_FAILURE); ++ } ++ sub_uid_locked = true; ++ } ++ if (is_sub_gid) { ++ if (sub_gid_lock () == 0) { ++ fprintf (stderr, ++ _("%s: cannot lock %s; try again later.\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (EXIT_FAILURE); ++ } ++ sub_gid_locked = true; ++ } + + if (pw_open (O_RDWR) == 0) { + fprintf (stderr, _("%s: cannot open %s\n"), Prog, pw_dbname ()); +@@ -751,6 +788,22 @@ + fail_exit (EXIT_FAILURE); + } + #endif ++ if (is_sub_uid) { ++ if (sub_uid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_uid_dbname ()); ++ fail_exit (EXIT_FAILURE); ++ } ++ } ++ if (is_sub_gid) { ++ if (sub_gid_open (O_RDWR) == 0) { ++ fprintf (stderr, ++ _("%s: cannot open %s\n"), ++ Prog, sub_gid_dbname ()); ++ fail_exit (EXIT_FAILURE); ++ } ++ } + } + + /* +@@ -795,6 +848,19 @@ + SYSLOG ((LOG_ERR, "failure while writing changes to %s", gr_dbname ())); + fail_exit (EXIT_FAILURE); + } ++ if (is_sub_uid && (sub_uid_close () == 0)) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_uid_dbname ())); ++ fail_exit (EXIT_FAILURE); ++ } ++ if (is_sub_gid && (sub_gid_close () == 0)) { ++ fprintf (stderr, ++ _("%s: failure while writing changes to %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failure while writing changes to %s", sub_gid_dbname ())); ++ fail_exit (EXIT_FAILURE); ++ } ++ + if (gr_unlock () == 0) { + fprintf (stderr, + _("%s: failed to unlock %s\n"), +@@ -823,6 +889,22 @@ + sgr_locked = false; + } + #endif ++ if (is_sub_uid) { ++ if (sub_uid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_uid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ())); ++ /* continue */ ++ } ++ sub_uid_locked = false; ++ } ++ if (is_sub_gid) { ++ if (sub_gid_unlock () == 0) { ++ fprintf (stderr, _("%s: failed to unlock %s\n"), Prog, sub_gid_dbname ()); ++ SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ())); ++ /* continue */ ++ } ++ sub_gid_locked = false; ++ } + } + + int main (int argc, char **argv) +@@ -864,6 +946,8 @@ + #ifdef SHADOWGRP + is_shadow_grp = sgr_file_present (); + #endif ++ is_sub_uid = sub_uid_file_present (); ++ is_sub_gid = sub_gid_file_present (); + + open_files (); + +@@ -1044,6 +1128,46 @@ + errors++; + continue; + } ++ ++ /* ++ * Add subordinate uids if the user does not have them. ++ */ ++ if (is_sub_uid && !sub_uid_assigned(fields[0])) { ++ uid_t sub_uid_start = 0; ++ unsigned long sub_uid_count = 0; ++ if (find_new_sub_uids(fields[0], &sub_uid_start, &sub_uid_count) == 0) { ++ if (sub_uid_add(fields[0], sub_uid_start, sub_uid_count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to prepare new %s entry\n"), ++ Prog, sub_uid_dbname ()); ++ } ++ } else { ++ fprintf (stderr, ++ _("%s: can't find subordinate user range\n"), ++ Prog); ++ errors++; ++ } ++ } ++ ++ /* ++ * Add subordinate gids if the user does not have them. ++ */ ++ if (is_sub_gid && !sub_gid_assigned(fields[0])) { ++ gid_t sub_gid_start = 0; ++ unsigned long sub_gid_count = 0; ++ if (find_new_sub_gids(fields[0], &sub_gid_start, &sub_gid_count) == 0) { ++ if (sub_gid_add(fields[0], sub_gid_start, sub_gid_count) == 0) { ++ fprintf (stderr, ++ _("%s: failed to prepare new %s entry\n"), ++ Prog, sub_uid_dbname ()); ++ } ++ } else { ++ fprintf (stderr, ++ _("%s: can't find subordinate group range\n"), ++ Prog); ++ errors++; ++ } ++ } + } + + /* --- shadow-4.1.5.1.orig/debian/patches/userns/11_userns_newxidmap +++ shadow-4.1.5.1/debian/patches/userns/11_userns_newxidmap @@ -0,0 +1,1004 @@ +From ebiederm@xmission.com Tue Jan 22 09:22:07 2013 +Return-Path: +X-Original-To: serge@hallyn.com +Delivered-To: serge@hallyn.com +Received: by mail.hallyn.com (Postfix, from userid 5001) + id E5D16C80F4; Tue, 22 Jan 2013 09:22:07 +0000 (UTC) +X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail +X-Spam-Level: +X-Spam-Status: No, score=-0.2 required=8.0 tests=BAD_ENC_HEADER,BAYES_00, + LONGWORDS,RCVD_IN_DNSWL_MED autolearn=no version=3.3.1 +Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) + (using TLSv1 with cipher AES256-SHA (256/256 bits)) + (No client certificate requested) + by mail.hallyn.com (Postfix) with ESMTPS id 2E206C80D1 + for ; Tue, 22 Jan 2013 09:22:03 +0000 (UTC) +Received: from in02.mta.xmission.com ([166.70.13.52]) + by out02.mta.xmission.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) + (Exim 4.76) + (envelope-from ) + id 1Txa1k-0000xE-Ix; Tue, 22 Jan 2013 02:20:20 -0700 +Received: from c-98-207-153-68.hsd1.ca.comcast.net ([98.207.153.68] helo=eric-ThinkPad-X220.xmission.com) + by in02.mta.xmission.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) + (Exim 4.76) + (envelope-from ) + id 1Txa1b-00059T-Lu; Tue, 22 Jan 2013 02:20:20 -0700 +From: ebiederm@xmission.com (Eric W. Biederman) +To: Nicolas =?utf-8?Q?Fran=C3=A7ois?= +Cc: , Linux Containers , "Michael Kerrisk \(man-pages\)" , "Serge E. Hallyn" +References: <87d2wxshu0.fsf@xmission.com> +Date: Tue, 22 Jan 2013 01:20:07 -0800 +In-Reply-To: <87d2wxshu0.fsf@xmission.com> (Eric W. Biederman's message of + "Tue, 22 Jan 2013 01:11:19 -0800") +Message-ID: <87ehhdpoag.fsf@xmission.com> +User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.1 (gnu/linux) +MIME-Version: 1.0 +Content-Type: text/plain +X-XM-AID: U2FsdGVkX1/nox3f5bDq7zL9eOiGra/HoCkv7o07HDs= +X-SA-Exim-Connect-IP: 98.207.153.68 +X-SA-Exim-Mail-From: ebiederm@xmission.com +Subject: [PATCH 11/11] newuidmap,newgidmap: New suid helpers for using subordinate uids and gids +X-SA-Exim-Version: 4.2.1 (built Wed, 14 Nov 2012 14:26:46 -0700) +X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) +X-UID: 2081 +Status: RO +Content-Length: 31344 +Lines: 965 + + +Signed-off-by: "Eric W. Biederman" +--- + libmisc/Makefile.am | 2 + + libmisc/idmapping.c | 126 +++++++++++++++++++++++++++++++++++ + libmisc/idmapping.h | 44 ++++++++++++ + man/Makefile.am | 4 + + man/newgidmap.1.xml | 157 +++++++++++++++++++++++++++++++++++++++++++ + man/newuidmap.1.xml | 154 +++++++++++++++++++++++++++++++++++++++++++ + src/Makefile.am | 5 +- + src/newgidmap.c | 183 +++++++++++++++++++++++++++++++++++++++++++++++++++ + src/newuidmap.c | 183 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 9 files changed, 856 insertions(+), 2 deletions(-) + create mode 100644 libmisc/idmapping.c + create mode 100644 libmisc/idmapping.h + create mode 100644 man/newgidmap.1.xml + create mode 100644 man/newuidmap.1.xml + create mode 100644 src/newgidmap.c + create mode 100644 src/newuidmap.c + +Index: shadow/libmisc/Makefile.am +=================================================================== +--- shadow.orig/libmisc/Makefile.am 2013-02-01 15:27:53.836080342 -0600 ++++ shadow/libmisc/Makefile.am 2013-02-01 15:27:53.828080343 -0600 +@@ -32,6 +32,8 @@ + getgr_nam_gid.c \ + getrange.c \ + hushed.c \ ++ idmapping.h \ ++ idmapping.c \ + isexpired.c \ + limits.c \ + list.c log.c \ +Index: shadow/libmisc/idmapping.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/libmisc/idmapping.c 2013-02-01 15:27:53.828080343 -0600 +@@ -0,0 +1,126 @@ ++/* ++ * Copyright (c) 2013 Eric Biederman ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include "prototypes.h" ++#include "idmapping.h" ++ ++struct map_range *get_map_ranges(int ranges, int argc, char **argv) ++{ ++ struct map_range *mappings, *mapping; ++ int idx, argidx; ++ ++ if ((ranges * 3) > argc) { ++ fprintf(stderr, "ranges: %u argc: %d\n", ++ ranges, argc); ++ fprintf(stderr, ++ _( "%s: Not enough arguments to form %u mappings\n"), ++ Prog, ranges); ++ return NULL; ++ } ++ ++ mappings = calloc(ranges, sizeof(*mappings)); ++ if (!mappings) { ++ fprintf(stderr, _( "%s: Memory allocation failure\n"), ++ Prog); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* Gather up the ranges from the command line */ ++ mapping = mappings; ++ for (idx = 0; idx < ranges; idx++, argidx += 3, mapping++) { ++ if (!getulong(argv[argidx + 0], &mapping->upper)) ++ return NULL; ++ if (!getulong(argv[argidx + 1], &mapping->lower)) ++ return NULL; ++ if (!getulong(argv[argidx + 2], &mapping->count)) ++ return NULL; ++ } ++ return mappings; ++} ++ ++/* Number of ascii digits needed to print any unsigned long in decimal. ++ * There are approximately 10 bits for every 3 decimal digits. ++ * So from bits to digits the formula is roundup((Number of bits)/10) * 3. ++ * For common sizes of integers this works out to: ++ * 2bytes --> 6 ascii estimate -> 65536 (5 real) ++ * 4bytes --> 12 ascii estimated -> 4294967296 (10 real) ++ * 8bytes --> 21 ascii estimated -> 18446744073709551616 (20 real) ++ * 16bytes --> 39 ascii estimated -> 340282366920938463463374607431768211456 (39 real) ++ */ ++#define ULONG_DIGITS ((((sizeof(unsigned long) * CHAR_BIT) + 9)/10)*3) ++ ++ ++void write_mapping(int proc_dir_fd, int ranges, struct map_range *mappings, ++ const char *map_file) ++{ ++ int idx; ++ struct map_range *mapping; ++ size_t bufsize; ++ char *buf, *pos; ++ int fd; ++ ++ bufsize = ranges * ((ULONG_DIGITS + 1) * 3); ++ pos = buf = xmalloc(bufsize); ++ ++ /* Build the mapping command */ ++ mapping = mappings; ++ for (idx = 0; idx < ranges; idx++, mapping++) { ++ /* Append this range to the string that will be written */ ++ int written = snprintf(pos, bufsize - (pos - buf), ++ "%lu %lu %lu\n", ++ mapping->upper, ++ mapping->lower, ++ mapping->count); ++ if ((written <= 0) || (written >= (bufsize - (pos - buf)))) { ++ fprintf(stderr, _("%s: snprintf failed!\n"), Prog); ++ exit(EXIT_FAILURE); ++ } ++ pos += written; ++ } ++ ++ /* Write the mapping to the maping file */ ++ fd = openat(proc_dir_fd, map_file, O_WRONLY); ++ if (fd < 0) { ++ fprintf(stderr, _("%s: open of %s failed: %s\n"), ++ Prog, map_file, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ if (write(fd, buf, pos - buf) != (pos - buf)) { ++ fprintf(stderr, _("%s: write to %s failed: %s\n"), ++ Prog, map_file, strerror(errno)); ++ exit(EXIT_FAILURE); ++ } ++ close(fd); ++} +Index: shadow/libmisc/idmapping.h +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/libmisc/idmapping.h 2013-02-01 15:27:53.828080343 -0600 +@@ -0,0 +1,44 @@ ++/* ++ * Copyright (c) 2013 Eric Biederman ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#ifndef _IDMAPPING_H_ ++#define _IDMAPPING_H_ ++ ++struct map_range { ++ unsigned long upper; ++ unsigned long lower; ++ unsigned long count; ++}; ++ ++extern struct map_range *get_map_ranges(int ranges, int argc, char **argv); ++extern void write_mapping(int proc_dir_fd, int ranges, ++ struct map_range *mappings, const char *map_file); ++ ++#endif /* _ID_MAPPING_H_ */ ++ +Index: shadow/man/Makefile.am +=================================================================== +--- shadow.orig/man/Makefile.am 2013-02-01 15:27:53.836080342 -0600 ++++ shadow/man/Makefile.am 2013-02-01 15:27:53.828080343 -0600 +@@ -30,7 +30,9 @@ + man1/login.1 \ + man5/login.defs.5 \ + man8/logoutd.8 \ ++ man1/newgidmap.1 \ + man1/newgrp.1 \ ++ man1/newuidmap.1 \ + man8/newusers.8 \ + man8/nologin.8 \ + man1/passwd.1 \ +@@ -83,7 +85,9 @@ + login.access.5.xml \ + login.defs.5.xml \ + logoutd.8.xml \ ++ newgidmap.1.xml \ + newgrp.1.xml \ ++ newuidmap.1.xml \ + newusers.8.xml \ + nologin.8.xml \ + passwd.1.xml \ +Index: shadow/man/newgidmap.1.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/newgidmap.1.xml 2013-02-01 15:27:53.828080343 -0600 +@@ -0,0 +1,157 @@ ++ ++ ++ ++]> ++ ++ ++ ++ newgidmap ++ 1 ++ User Commands ++ shadow-utils ++ &SHADOW_UTILS_VERSION; ++ ++ ++ newgidmap ++ set the gid mapping of a user namespace ++ ++ ++ ++ ++ newgidmap ++ ++ pid ++ ++ ++ gid ++ ++ ++ lowergid ++ ++ ++ count ++ ++ ++ ++ pid ++ ++ ++ gid ++ ++ ++ lowergid ++ ++ ++ count ++ ++ ++ ... ++ ++ ++ ++ ++ ++ ++ DESCRIPTION ++ ++ The newgidmap sets /proc/[pid]/gid_map based on it's ++ command line arguments and the gids allowed in /etc/subgid. ++ ++ ++ ++ ++ ++ OPTIONS ++ ++ There currently are no options to the newgidmap command. ++ ++ ++ ++ ++ ++ ++ NOTE ++ ++ The only restriction placed on the login shell is that the command ++ name must be listed in /etc/shells, unless the ++ invoker is the superuser, and then any value may be added. An ++ account with a restricted login shell may not change her login shell. ++ For this reason, placing /bin/rsh in ++ /etc/shells is discouraged since accidentally ++ changing to a restricted shell would prevent the user from ever ++ changing her login shell back to its original value. ++ ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/subgid ++ ++ List of users subordinate user IDs. ++ ++ ++ ++ /proc/[pid]/gid_map ++ ++ Mapping of gids from one between user namespaces. ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ login.defs5 ++ , ++ ++ useradd8 ++ , ++ ++ usermod8 ++ , ++ ++ newusers8 ++ , ++ ++ userdel8 ++ , ++ ++ subgid5 ++ . ++ ++ ++ +Index: shadow/man/newuidmap.1.xml +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/man/newuidmap.1.xml 2013-02-01 15:27:53.828080343 -0600 +@@ -0,0 +1,154 @@ ++ ++ ++ ++]> ++ ++ ++ ++ newuidmap ++ 1 ++ User Commands ++ shadow-utils ++ &SHADOW_UTILS_VERSION; ++ ++ ++ newuidmap ++ set the uid mapping of a user namespace ++ ++ ++ ++ ++ newuidmap ++ ++ pid ++ ++ ++ uid ++ ++ ++ loweruid ++ ++ ++ count ++ ++ ++ ++ uid ++ ++ ++ loweruid ++ ++ ++ count ++ ++ ++ ... ++ ++ ++ ++ ++ ++ ++ DESCRIPTION ++ ++ The newuidmap sets /proc/[pid]/uid_map based on it's ++ command line arguments and the uids allowed in /etc/subuid. ++ ++ ++ ++ ++ ++ OPTIONS ++ ++ There currently are no options to the newuidmap command. ++ ++ ++ ++ ++ ++ ++ NOTE ++ ++ The only restriction placed on the login shell is that the command ++ name must be listed in /etc/shells, unless the ++ invoker is the superuser, and then any value may be added. An ++ account with a restricted login shell may not change her login shell. ++ For this reason, placing /bin/rsh in ++ /etc/shells is discouraged since accidentally ++ changing to a restricted shell would prevent the user from ever ++ changing her login shell back to its original value. ++ ++ ++ ++ ++ ++ FILES ++ ++ ++ /etc/subuid ++ ++ List of users subordinate user IDs. ++ ++ ++ ++ /proc/[pid]/uid_map ++ ++ Mapping of uids from one between user namespaces. ++ ++ ++ ++ ++ ++ ++ SEE ALSO ++ ++ ++ login.defs5 ++ , ++ ++ useradd8 ++ , ++ ++ usermod8 ++ , ++ ++ newusers8 ++ , ++ ++ userdel8 ++ , ++ ++ subuid5 ++ . ++ ++ ++ +Index: shadow/src/Makefile.am +=================================================================== +--- shadow.orig/src/Makefile.am 2013-02-01 15:27:53.836080342 -0600 ++++ shadow/src/Makefile.am 2013-02-01 15:27:53.832080342 -0600 +@@ -23,7 +23,8 @@ + # $prefix/bin and $prefix/sbin, no install-data hacks...) + + bin_PROGRAMS = groups login su +-ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd ++ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd \ ++ newgidmap newuidmap + usbin_PROGRAMS = \ + cppw \ + chgpasswd \ +@@ -50,7 +51,7 @@ + noinst_PROGRAMS = id sulogin + + suidbins = su +-suidubins = chage chfn chsh expiry gpasswd newgrp passwd ++suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap + if ACCT_TOOLS_SETUID + suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod + endif +Index: shadow/src/newgidmap.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/src/newgidmap.c 2013-02-01 15:27:53.832080342 -0600 +@@ -0,0 +1,183 @@ ++/* ++ * Copyright (c) 2013 Eric Biederman ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "defines.h" ++#include "prototypes.h" ++#include "subordinateio.h" ++#include "idmapping.h" ++ ++/* ++ * Global variables ++ */ ++const char *Prog; ++ ++static bool verify_range(struct passwd *pw, struct map_range *range) ++{ ++ /* An empty range is invalid */ ++ if (range->count == 0) ++ return false; ++ ++ /* Test /etc/subgid */ ++ if (have_sub_gids(pw->pw_name, range->lower, range->count)) ++ return true; ++ ++ /* Allow a process to map it's own gid */ ++ if ((range->count == 1) && (pw->pw_gid == range->lower)) ++ return true; ++ ++ return false; ++} ++ ++static void verify_ranges(struct passwd *pw, int ranges, ++ struct map_range *mappings) ++{ ++ struct map_range *mapping; ++ int idx; ++ ++ mapping = mappings; ++ for (idx = 0; idx < ranges; idx++, mapping++) { ++ if (!verify_range(pw, mapping)) { ++ fprintf(stderr, _( "%s: gid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), ++ Prog, ++ mapping->upper, ++ mapping->upper + mapping->count, ++ mapping->lower, ++ mapping->lower + mapping->count); ++ exit(EXIT_FAILURE); ++ } ++ } ++} ++ ++static void usage(void) ++{ ++ fprintf(stderr, _("usage: %s [ ] ... \n"), Prog); ++ exit(EXIT_FAILURE); ++} ++ ++/* ++ * newgidmap - Set the gid_map for the specified process ++ */ ++int main(int argc, char **argv) ++{ ++ char proc_dir_name[PATH_MAX]; ++ char *target_str; ++ pid_t target, parent; ++ int proc_dir_fd; ++ int ranges; ++ struct map_range *mappings; ++ struct stat st; ++ struct passwd *pw; ++ int written; ++ ++ Prog = Basename (argv[0]); ++ ++ /* ++ * The valid syntax are ++ * newgidmap target_pid ++ */ ++ if (argc < 2) ++ usage(); ++ ++ /* Find the process that needs it's user namespace ++ * gid mapping set. ++ */ ++ target_str = argv[1]; ++ if (!get_pid(target_str, &target)) ++ usage(); ++ ++ written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/", ++ target); ++ if ((written <= 0) || (written >= sizeof(proc_dir_name))) { ++ fprintf(stderr, "%s: snprintf of proc path failed: %s\n", ++ Prog, strerror(errno)); ++ } ++ ++ proc_dir_fd = open(proc_dir_name, O_DIRECTORY); ++ if (proc_dir_fd < 0) { ++ fprintf(stderr, _("%s: Could not open proc directory for target %u\n"), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ /* Who am i? */ ++ pw = get_my_pwent (); ++ if (NULL == pw) { ++ fprintf (stderr, ++ _("%s: Cannot determine your user name.\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", ++ (unsigned long) getuid ())); ++ return EXIT_FAILURE; ++ } ++ ++ /* Get the effective uid and effective gid of the target process */ ++ if (fstat(proc_dir_fd, &st) < 0) { ++ fprintf(stderr, _("%s: Could not stat directory for target %u\n"), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ /* Verify real user and real group matches the password entry ++ * and the effective user and group of the program whose ++ * mappings we have been asked to set. ++ */ ++ if ((getuid() != pw->pw_uid) || ++ (getgid() != pw->pw_gid) || ++ (pw->pw_uid != st.st_uid) || ++ (pw->pw_gid != st.st_gid)) { ++ fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ if (!sub_gid_open(O_RDONLY)) { ++ return EXIT_FAILURE; ++ } ++ ++ ranges = ((argc - 2) + 2) / 3; ++ mappings = get_map_ranges(ranges, argc - 2, argv + 2); ++ if (!mappings) ++ usage(); ++ ++ verify_ranges(pw, ranges, mappings); ++ ++ write_mapping(proc_dir_fd, ranges, mappings, "gid_map"); ++ sub_gid_close(); ++ ++ return EXIT_SUCCESS; ++} +Index: shadow/src/newuidmap.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ shadow/src/newuidmap.c 2013-02-01 15:27:53.832080342 -0600 +@@ -0,0 +1,183 @@ ++/* ++ * Copyright (c) 2013 Eric Biederman ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * 3. The name of the copyright holders or contributors may not be used to ++ * endorse or promote products derived from this software without ++ * specific prior written permission. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ++ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT ++ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A ++ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT ++ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT ++ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE ++ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include "defines.h" ++#include "prototypes.h" ++#include "subordinateio.h" ++#include "idmapping.h" ++ ++/* ++ * Global variables ++ */ ++const char *Prog; ++ ++static bool verify_range(struct passwd *pw, struct map_range *range) ++{ ++ /* An empty range is invalid */ ++ if (range->count == 0) ++ return false; ++ ++ /* Test /etc/subuid */ ++ if (have_sub_uids(pw->pw_name, range->lower, range->count)) ++ return true; ++ ++ /* Allow a process to map it's own uid */ ++ if ((range->count == 1) && (pw->pw_uid == range->lower)) ++ return true; ++ ++ return false; ++} ++ ++static void verify_ranges(struct passwd *pw, int ranges, ++ struct map_range *mappings) ++{ ++ struct map_range *mapping; ++ int idx; ++ ++ mapping = mappings; ++ for (idx = 0; idx < ranges; idx++, mapping++) { ++ if (!verify_range(pw, mapping)) { ++ fprintf(stderr, _( "%s: uid range [%lu-%lu) -> [%lu-%lu) not allowed\n"), ++ Prog, ++ mapping->upper, ++ mapping->upper + mapping->count, ++ mapping->lower, ++ mapping->lower + mapping->count); ++ exit(EXIT_FAILURE); ++ } ++ } ++} ++ ++void usage(void) ++{ ++ fprintf(stderr, _("usage: %s [ ] ... \n"), Prog); ++ exit(EXIT_FAILURE); ++} ++ ++/* ++ * newuidmap - Set the uid_map for the specified process ++ */ ++int main(int argc, char **argv) ++{ ++ char proc_dir_name[PATH_MAX]; ++ char *target_str; ++ pid_t target, parent; ++ int proc_dir_fd; ++ int ranges; ++ struct map_range *mappings; ++ struct stat st; ++ struct passwd *pw; ++ int written; ++ ++ Prog = Basename (argv[0]); ++ ++ /* ++ * The valid syntax are ++ * newuidmap target_pid ++ */ ++ if (argc < 2) ++ usage(); ++ ++ /* Find the process that needs it's user namespace ++ * uid mapping set. ++ */ ++ target_str = argv[1]; ++ if (!get_pid(target_str, &target)) ++ usage(); ++ ++ written = snprintf(proc_dir_name, sizeof(proc_dir_name), "/proc/%u/", ++ target); ++ if ((written <= 0) || (written >= sizeof(proc_dir_name))) { ++ fprintf(stderr, "%s: snprintf of proc path failed: %s\n", ++ Prog, strerror(errno)); ++ } ++ ++ proc_dir_fd = open(proc_dir_name, O_DIRECTORY); ++ if (proc_dir_fd < 0) { ++ fprintf(stderr, _("%s: Could not open proc directory for target %u\n"), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ /* Who am i? */ ++ pw = get_my_pwent (); ++ if (NULL == pw) { ++ fprintf (stderr, ++ _("%s: Cannot determine your user name.\n"), ++ Prog); ++ SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)", ++ (unsigned long) getuid ())); ++ return EXIT_FAILURE; ++ } ++ ++ /* Get the effective uid and effective gid of the target process */ ++ if (fstat(proc_dir_fd, &st) < 0) { ++ fprintf(stderr, _("%s: Could not stat directory for target %u\n"), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ /* Verify real user and real group matches the password entry ++ * and the effective user and group of the program whose ++ * mappings we have been asked to set. ++ */ ++ if ((getuid() != pw->pw_uid) || ++ (getgid() != pw->pw_gid) || ++ (pw->pw_uid != st.st_uid) || ++ (pw->pw_gid != st.st_gid)) { ++ fprintf(stderr, _( "%s: Target %u is owned by a different user\n" ), ++ Prog, target); ++ return EXIT_FAILURE; ++ } ++ ++ if (!sub_uid_open(O_RDONLY)) { ++ return EXIT_FAILURE; ++ } ++ ++ ranges = ((argc - 2) + 2) / 3; ++ mappings = get_map_ranges(ranges, argc - 2, argv + 2); ++ if (!mappings) ++ usage(); ++ ++ verify_ranges(pw, ranges, mappings); ++ ++ write_mapping(proc_dir_fd, ranges, mappings, "uid_map"); ++ sub_uid_close(); ++ ++ return EXIT_SUCCESS; ++} --- shadow-4.1.5.1.orig/debian/patches/userns/12_userns_selinuxlibs +++ shadow-4.1.5.1/debian/patches/userns/12_userns_selinuxlibs @@ -0,0 +1,13 @@ +Index: shadow-4.1.5.1/src/Makefile.am +=================================================================== +--- shadow-4.1.5.1.orig/src/Makefile.am 2013-02-04 11:56:40.485335430 -0600 ++++ shadow-4.1.5.1/src/Makefile.am 2013-02-04 11:57:49.525334261 -0600 +@@ -80,6 +80,8 @@ + endif + + chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ++newuidmap_LDADD = $(LDADD) $(LIBSELINUX) ++newgidmap_LDADD = $(LDADD) $(LIBSELINUX) + chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) + chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) + chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) --- shadow-4.1.5.1.orig/debian/patches/userns/13_subordinate_parse_static_buf +++ shadow-4.1.5.1/debian/patches/userns/13_subordinate_parse_static_buf @@ -0,0 +1,23 @@ +Description: subordinateio: Fix subordinate_parse to have an internal static buffer + subordinate_parse is supposed to return a static structure that + represents one line in /etc/subuid or /etc/subgid. I goofed and + failed to make the variable rangebuf that holds the username of + in the returned structure static. + . + Add this missing static specification. +Author: +Origin: upstream +Forwarded: no +Index: shadow-4.1.5.1/lib/subordinateio.c +=================================================================== +--- shadow-4.1.5.1.orig/lib/subordinateio.c 2013-02-04 11:56:40.265335433 -0600 ++++ shadow-4.1.5.1/lib/subordinateio.c 2013-02-04 12:32:46.653298752 -0600 +@@ -48,7 +48,7 @@ + static void *subordinate_parse (const char *line) + { + static struct subordinate_range range; +- char rangebuf[1024]; ++ static char rangebuf[1024]; + int i; + char *cp; + char *fields[NFIELDS]; --- shadow-4.1.5.1.orig/debian/patches/userns/14_fix_getopt +++ shadow-4.1.5.1/debian/patches/userns/14_fix_getopt @@ -0,0 +1,24 @@ +Index: shadow-userns/src/usermod.c +=================================================================== +--- shadow-userns.orig/src/usermod.c 2013-02-05 16:35:10.608485591 +0000 ++++ shadow-userns/src/usermod.c 2013-02-05 17:16:20.540485591 +0000 +@@ -993,9 +993,9 @@ + }; + while ((c = getopt_long (argc, argv, + #ifdef WITH_SELINUX +- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:", ++ "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:v:w:V:W:", + #else /* !WITH_SELINUX */ +- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U", ++ "ac:d:e:f:g:G:hl:Lmop:R:s:u:Uv:w:V:W:", + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { +@@ -1141,6 +1141,7 @@ + exit(E_BAD_ARG); + } + wflg = true; ++ break; + case 'W': + if (prepend_range (optarg, &del_sub_gids) == 0) { + fprintf (stderr, --- shadow-4.1.5.1.orig/debian/patches/userns/16_add-argument-sanity-checking.patch +++ shadow-4.1.5.1/debian/patches/userns/16_add-argument-sanity-checking.patch @@ -0,0 +1,80 @@ +From df3c8c1f7f47ceff607595067458f1d8e53eaab8 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Fri, 21 Jun 2013 11:47:36 -0500 +Subject: [PATCH 1/1] userns: add argument sanity checking + +In find_new_sub_{u,g}ids, check for min, count and max values. + +In idmapping.c:get_map_ranges(), make sure that the value passed +in for ranges did not overflow. Couldn't happen with the current +code, but this is a sanity check for any future potential mis-uses. + +Signed-off-by: Serge Hallyn +--- + libmisc/find_new_sub_gids.c | 8 ++++++++ + libmisc/find_new_sub_uids.c | 8 ++++++++ + libmisc/idmapping.c | 10 ++++++++++ + 3 files changed, 26 insertions(+) + +diff --git a/libmisc/find_new_sub_gids.c b/libmisc/find_new_sub_gids.c +index 68046ac..fd44978 100644 +--- a/libmisc/find_new_sub_gids.c ++++ b/libmisc/find_new_sub_gids.c +@@ -58,6 +58,14 @@ int find_new_sub_gids (const char *owner, + max = getdef_ulong ("SUB_GID_MAX", 600100000UL); + count = getdef_ulong ("SUB_GID_COUNT", 10000); + ++ if (min >= max || count >= max || (min + count) >= max) { ++ (void) fprintf (stderr, ++ _("%s: Invalid configuration: SUB_GID_MIN (%lu)," ++ " SUB_GID_MAX (%lu), SUB_GID_COUNT (%lu)\n"), ++ Prog, min, max, count); ++ return -1; ++ } ++ + /* Is there a preferred range that works? */ + if ((*range_count != 0) && + (*range_start >= min) && +diff --git a/libmisc/find_new_sub_uids.c b/libmisc/find_new_sub_uids.c +index f1720f9..b608c59 100644 +--- a/libmisc/find_new_sub_uids.c ++++ b/libmisc/find_new_sub_uids.c +@@ -58,6 +58,14 @@ int find_new_sub_uids (const char *owner, + max = getdef_ulong ("SUB_UID_MAX", 600100000UL); + count = getdef_ulong ("SUB_UID_COUNT", 10000); + ++ if (min >= max || count >= max || (min + count) >= max) { ++ (void) fprintf (stderr, ++ _("%s: Invalid configuration: SUB_UID_MIN (%lu)," ++ " SUB_UID_MAX (%lu), SUB_UID_COUNT (%lu)\n"), ++ Prog, min, max, count); ++ return -1; ++ } ++ + /* Is there a preferred range that works? */ + if ((*range_count != 0) && + (*range_start >= min) && +diff --git a/libmisc/idmapping.c b/libmisc/idmapping.c +index cb9e898..4147796 100644 +--- a/libmisc/idmapping.c ++++ b/libmisc/idmapping.c +@@ -41,6 +41,16 @@ struct map_range *get_map_ranges(int ranges, int argc, char **argv) + struct map_range *mappings, *mapping; + int idx, argidx; + ++ if (ranges < 0 || argc < 0) { ++ fprintf(stderr, "%s: error calculating number of arguments\n", Prog); ++ return NULL; ++ } ++ ++ if (ranges != ((argc - 2) + 2) / 3) { ++ fprintf(stderr, "%s: ranges: %u is wrong for argc: %d\n", Prog, ranges, argc); ++ return NULL; ++ } ++ + if ((ranges * 3) > argc) { + fprintf(stderr, "ranges: %u argc: %d\n", + ranges, argc); +-- +1.8.1.2 + --- shadow-4.1.5.1.orig/debian/patches/userns/manpagetypo +++ shadow-4.1.5.1/debian/patches/userns/manpagetypo @@ -0,0 +1,26 @@ +Index: shadow/man/subgid.5.xml +=================================================================== +--- shadow.orig/man/subgid.5.xml 2013-03-06 15:19:23.848386200 -0600 ++++ shadow/man/subgid.5.xml 2013-03-06 15:19:51.240386816 -0600 +@@ -104,7 +104,7 @@ + subuid5 + , + +- logindefs5 ++ login.defs5 + , + + newuidmap1 +Index: shadow/man/subuid.5.xml +=================================================================== +--- shadow.orig/man/subuid.5.xml 2013-03-06 15:19:09.660385881 -0600 ++++ shadow/man/subuid.5.xml 2013-03-06 15:19:44.956386675 -0600 +@@ -104,7 +104,7 @@ + subgid5 + , + +- logindefs5 ++ login.defs5 + , + + newuidmap1 --- shadow-4.1.5.1.orig/debian/rules +++ shadow-4.1.5.1/debian/rules @@ -0,0 +1,90 @@ +#!/usr/bin/make -f +# -*- mode: makefile; coding: utf-8 -*- + +DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) + +# Enable PIE, BINDNOW, and possible future flags. +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +include /usr/share/cdbs/1/rules/debhelper.mk +# Specify where dh_install will find the files that it needs to move: +DEB_DH_INSTALL_SOURCEDIR=debian/tmp +# Specify the destination of shadow's "make install" +# (This is only needed on The Hurd, where only one package is built. On +# the other arch, DEB_DESTDIR already points to debian/tmp) +DEB_DESTDIR=$(CURDIR)/debian/tmp + +include /usr/share/cdbs/1/class/autotools.mk +# Automatically update autoconf, etc. +DEB_AUTO_UPDATE_ACLOCAL = 1.11 +DEB_AUTO_UPDATE_AUTOCONF = 1.11 +DEB_AUTO_UPDATE_AUTOMAKE = 1.11 +DEB_AUTO_UPDATE_LIBTOOL = pre + +# Adds extra options when calling the configure script: +DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --with-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --disable-account-tools-setuid --with-group-name-max-length=32 --without-acl --without-attr --without-tcb +ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) + DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE) +endif + +# Automatically controls patching at build time: +include /usr/share/cdbs/1/rules/patchsys-quilt.mk + +# Add extras to the install process: +binary-install/login:: +ifeq ($(DEB_HOST_ARCH_OS),hurd) + # /bin/login is provided by the hurd package. + rm -f debian/login/bin/login +endif + dh_installpam -p login + dh_installpam -p login --name=su + install -c -m 444 debian/login.defs debian/login/etc/login.defs + install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty + install -d debian/login/usr/share/apport/package-hooks + install -c -m 644 debian/source_shadow.py debian/login/usr/share/apport/package-hooks/source_shadow.py + dh_lintian -p login + +binary-install/passwd:: + install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8 + install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8 + install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8 + install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8 + # Distribute the pam.d files; unless for the commands with disabled PAM + # support + dh_installpam -p passwd --name=passwd + dh_installpam -p passwd --name=chfn + dh_installpam -p passwd --name=chsh + dh_installpam -p passwd --name=chpasswd + dh_installpam -p passwd --name=newusers + install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd + + ## Ubuntu + # Upstart job for clearing locks + install -m 644 debian/passwd.conf debian/passwd/etc/init/passwd.conf + ## + + install -d debian/passwd/sbin + install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig + install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8 + install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8 + dh_lintian -p passwd + +binary-predeb/uidmap:: + chmod u+s debian/uidmap/usr/bin/newuidmap + chmod u+s debian/uidmap/usr/bin/newgidmap + +binary-predeb/login:: + # No real need for login to be setuid root + # chmod u+s debian/login/bin/login + chmod u+s debian/login/bin/su + chmod u+s debian/login/usr/bin/newgrp + +binary-predeb/passwd:: + chmod u+s debian/passwd/usr/bin/chfn + chmod u+s debian/passwd/usr/bin/chsh + chmod u+s debian/passwd/usr/bin/gpasswd + chmod u+s debian/passwd/usr/bin/passwd + chgrp shadow debian/passwd/usr/bin/chage + chgrp shadow debian/passwd/usr/bin/expiry + chmod g+s debian/passwd/usr/bin/chage + chmod g+s debian/passwd/usr/bin/expiry --- shadow-4.1.5.1.orig/debian/securetty.hurd +++ shadow-4.1.5.1/debian/securetty.hurd @@ -0,0 +1,71 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# for people with serial port consoles +com0 + +# Standard consoles +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 +tty13 +tty14 +tty15 +tty16 +tty17 +tty18 +tty19 +tty20 +tty21 +tty22 +tty23 +tty24 +tty25 +tty26 +tty27 +tty28 +tty29 +tty30 +tty31 +tty32 +tty33 +tty34 +tty35 +tty36 +tty37 +tty38 +tty39 +tty40 +tty41 +tty42 +tty43 +tty44 +tty45 +tty46 +tty47 +tty48 +tty49 +tty50 +tty51 +tty52 +tty53 +tty54 +tty55 +tty56 +tty57 +tty58 +tty59 +tty60 +tty61 +tty62 +tty63 --- shadow-4.1.5.1.orig/debian/securetty.kfreebsd +++ shadow-4.1.5.1/debian/securetty.kfreebsd @@ -0,0 +1,24 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# for people with serial port consoles +ttyd0 +ttyd1 + +# Standard consoles +ttyv0 +ttyv1 +ttyv2 +ttyv3 +ttyv4 +ttyv5 +ttyv6 +ttyv7 +ttyva +ttyvb +ttyvc +ttyvd +ttyve +ttyvf + --- shadow-4.1.5.1.orig/debian/securetty.knetbsd +++ shadow-4.1.5.1/debian/securetty.knetbsd @@ -0,0 +1,12 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). +console + +# for people with serial port consoles +tty00 + +# Standard consoles +ttyE0 +ttyE1 +ttyE2 +ttyE3 --- shadow-4.1.5.1.orig/debian/securetty.linux +++ shadow-4.1.5.1/debian/securetty.linux @@ -0,0 +1,400 @@ +# /etc/securetty: list of terminals on which root is allowed to login. +# See securetty(5) and login(1). + +console + +# Local X displays (allows empty passwords with pam_unix's nullok_secure) +:0 +:0.0 +:0.1 +:1 +:1.0 +:1.1 +:2 +:2.0 +:2.1 +:3 +:3.0 +:3.1 +#... + + +# ========================================================== +# +# TTYs sorted by major number according to Documentation/devices.txt +# +# ========================================================== + +# Virtual consoles +tty1 +tty2 +tty3 +tty4 +tty5 +tty6 +tty7 +tty8 +tty9 +tty10 +tty11 +tty12 +tty13 +tty14 +tty15 +tty16 +tty17 +tty18 +tty19 +tty20 +tty21 +tty22 +tty23 +tty24 +tty25 +tty26 +tty27 +tty28 +tty29 +tty30 +tty31 +tty32 +tty33 +tty34 +tty35 +tty36 +tty37 +tty38 +tty39 +tty40 +tty41 +tty42 +tty43 +tty44 +tty45 +tty46 +tty47 +tty48 +tty49 +tty50 +tty51 +tty52 +tty53 +tty54 +tty55 +tty56 +tty57 +tty58 +tty59 +tty60 +tty61 +tty62 +tty63 + +# UART serial ports +ttyS0 +ttyS1 +ttyS2 +ttyS3 +ttyS4 +ttyS5 +#...ttyS191 + +# Serial Mux devices (Linux/PA-RISC only) +ttyB0 +ttyB1 +#... + +# Chase serial card +ttyH0 +ttyH1 +#... + +# Cyclades serial cards +ttyC0 +ttyC1 +#...ttyC31 + +# Digiboard serial cards +ttyD0 +ttyD1 +#... + +# Stallion serial cards +ttyE0 +ttyE1 +#...ttyE255 + +# Specialix serial cards +ttyX0 +ttyX1 +#... + +# Comtrol Rocketport serial cards +ttyR0 +ttyR1 +#... + +# SDL RISCom serial cards +ttyL0 +ttyL1 +#... + +# Hayes ESP serial card +ttyP0 +ttyP1 +#... + +# Computone IntelliPort II serial card +ttyF0 +ttyF1 +#...ttyF255 + +# Specialix IO8+ serial card +ttyW0 +ttyW1 +#... + +# Comtrol VS-1000 serial controller +ttyV0 +ttyV1 +#... + +# ISI serial card +ttyM0 +ttyM1 +#... + +# Technology Concepts serial card +ttyT0 +ttyT1 +#... + +# Specialix RIO serial card +ttySR0 +ttySR1 +#...ttySR511 + +# Chase Research AT/PCI-Fast serial card +ttyCH0 +ttyCH1 +#...ttyCH63 + +# Moxa Intellio serial card +ttyMX0 +ttyMX1 +#...ttyMX127 + +# SmartIO serial card +ttySI0 +ttySI1 +#... + +# USB dongles +ttyUSB0 +ttyUSB1 +ttyUSB2 +#... + +# LinkUp Systems L72xx UARTs +ttyLU0 +ttyLU1 +ttyLU2 +ttyLU3 + +# StrongARM builtin serial ports +ttySA0 +ttySA1 +ttySA2 + +# SCI serial port (SuperH) ports and SC26xx serial ports +ttySC0 +ttySC1 +ttySC2 +ttySC3 + +# ARM "AMBA" serial ports +ttyAM0 +ttyAM1 +ttyAM2 +ttyAM3 +ttyAM4 +ttyAM5 +ttyAM6 +ttyAM7 +ttyAM8 +ttyAM9 +ttyAM10 +ttyAM11 +ttyAM12 +ttyAM13 +ttyAM14 +ttyAM15 + +# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) +ttyAMA0 +ttyAMA1 +ttyAMA2 +ttyAMA3 + +# DataBooster serial ports +ttyDB0 +ttyDB1 +ttyDB2 +ttyDB3 +ttyDB4 +ttyDB5 +ttyDB6 +ttyDB7 + +# SGI Altix console ports +ttySG0 + +# Motorola i.MX ports +ttySMX0 +ttySMX1 +ttySMX2 + +# Marvell MPSC ports +ttyMM0 +ttyMM1 + +# PPC CPM (SCC or SMC) ports +ttyCPM0 +ttyCPM1 +ttyCPM2 +ttyCPM3 +ttyCPM4 +ttyCPM5 + +# Altix serial cards +ttyIOC0 +ttyIOC1 +#...ttyIOC31 + +# NEC VR4100 series SIU +ttyVR0 + +# NEC VR4100 series SSIU +ttyVR1 + +# Altix ioc4 serial cards +ttyIOC84 +ttyIOC85 +#...ttyIOC115 + +# Altix ioc3 serial cards +ttySIOC0 +ttySIOC1 +#...ttySIOC31 + +# PPC PSC ports +ttyPSC0 +ttyPSC1 +ttyPSC2 +ttyPSC3 +ttyPSC4 +ttyPSC5 + +# ATMEL serial ports +ttyAT0 +ttyAT1 +#...ttyAT15 + +# Hilscher netX serial port +ttyNX0 +ttyNX1 +#...ttyNX15 + +# Xilinx uartlite - port +ttyUL0 +ttyUL1 +ttyUL2 +ttyUL3 + +# Xen virtual console - port 0 +xvc0 + +# pmac_zilog - port +ttyPZ0 +ttyPZ1 +ttyPZ2 +ttyPZ3 + +# TX39/49 serial port +ttyTX0 +ttyTX1 +ttyTX2 +ttyTX3 +ttyTX4 +ttyTX5 +ttyTX6 +ttyTX7 + +# SC26xx serial ports (see SCI serial ports (SuperH)) + +# MAX3100 serial ports +ttyMAX0 +ttyMAX1 +ttyMAX2 +ttyMAX3 + +# OMAP serial ports +ttyO0 +ttyO1 +ttyO2 +ttyO3 + +# User space serial ports +ttyU0 +ttyU1 + +# A2232 serial card +ttyY0 +ttyY1 + +# IBM 3270 terminal Unix tty access +3270/tty1 +3270/tty2 +#... + +# IBM iSeries/pSeries virtual console +hvc0 +hvc1 +#... +#IBM pSeries console ports +hvsi0 +hvsi1 +hvsi2 + +# Equinox SST multi-port serial boards +ttyEQ0 +ttyEQ1 +#...ttyEQ1027 + +# ========================================================== +# +# Not in Documentation/Devices.txt +# +# ========================================================== + +# Embedded Freescale i.MX ports +ttymxc0 +ttymxc1 +ttymxc2 +ttymxc3 +ttymxc4 +ttymxc5 + +# LXC (Linux Containers) +lxc/console +lxc/tty1 +lxc/tty2 +lxc/tty3 +lxc/tty4 + +# Serial Console for MIPS Swarm +duart0 +duart1 + +# s390 and s390x ports in LPAR mode +ttysclp0 --- shadow-4.1.5.1.orig/debian/shadowconfig.sh +++ shadow-4.1.5.1/debian/shadowconfig.sh @@ -0,0 +1,49 @@ +#!/bin/sh +# turn shadow passwords on or off on a Debian system + +set -e + +shadowon () { + set -e + pwck -q -r + grpck -r + pwconv + grpconv + chown root:root /etc/passwd /etc/group + chmod 644 /etc/passwd /etc/group + chown root:shadow /etc/shadow /etc/gshadow + chmod 640 /etc/shadow /etc/gshadow +} + +shadowoff () { + set -e + pwck -q -r + grpck -r + pwunconv + grpunconv + # sometimes the passwd perms get munged + chown root:root /etc/passwd /etc/group + chmod 644 /etc/passwd /etc/group +} + +case "$1" in + "on") + if shadowon ; then + echo Shadow passwords are now on. + else + echo Please correct the error and rerun \`$0 on\' + exit 1 + fi + ;; + "off") + if shadowoff ; then + echo Shadow passwords are now off. + else + echo Please correct the error and rerun \`$0 off\' + exit 1 + fi + ;; + *) + echo Usage: $0 on \| off + ;; +esac --- shadow-4.1.5.1.orig/debian/source_shadow.py +++ shadow-4.1.5.1/debian/source_shadow.py @@ -0,0 +1,26 @@ +#!/usr/bin/python + +'''Apport package hook for shadow + +(c) 2010 Canonical Ltd. +Contributors: +Marc Deslauriers + +This program is free software; you can redistribute it and/or modify it +under the terms of the GNU General Public License as published by the +Free Software Foundation; either version 2 of the License, or (at your +option) any later version. See http://www.gnu.org/copyleft/gpl.html for +the full text of the license. +''' + +from apport.hookutils import * + +def add_info(report): + + attach_file_if_exists(report, '/etc/login.defs', 'LoginDefs') + +if __name__ == '__main__': + report = {} + add_info(report) + for key in report: + print('[%s]\n%s' % (key, report[key])) --- shadow-4.1.5.1.orig/debian/uidmap.install +++ shadow-4.1.5.1/debian/uidmap.install @@ -0,0 +1,4 @@ +usr/bin/newuidmap +usr/bin/newgidmap +usr/share/man/man1/newuidmap.1 +usr/share/man/man1/newgidmap.1 --- shadow-4.1.5.1.orig/debian/useradd.default +++ shadow-4.1.5.1/debian/useradd.default @@ -0,0 +1,37 @@ +# Default values for useradd(8) +# +# The SHELL variable specifies the default login shell on your +# system. +# Similar to DHSELL in adduser. However, we use "sh" here because +# useradd is a low level utility and should be as general +# as possible +SHELL=/bin/sh +# +# The default group for users +# 100=users on Debian systems +# Same as USERS_GID in adduser +# This argument is used when the -n flag is specified. +# The default behavior (when -n and -g are not specified) is to create a +# primary user group with the same name as the user being added to the +# system. +# GROUP=100 +# +# The default home directory. Same as DHOME for adduser +# HOME=/home +# +# The number of days after a password expires until the account +# is permanently disabled +# INACTIVE=-1 +# +# The default expire date +# EXPIRE= +# +# The SKEL variable specifies the directory containing "skeletal" user +# files; in other words, files such as a sample .profile that will be +# copied to the new user's home directory when it is created. +# SKEL=/etc/skel +# +# Defines whether the mail spool should be created while +# creating the account +# CREATE_MAIL_SPOOL=yes + --- shadow-4.1.5.1.orig/debian/watch +++ shadow-4.1.5.1/debian/watch @@ -0,0 +1,3 @@ +version=3 +ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-(.*)\.tar\.gz \ + debian uupdate