Index: Linux-PAM/Makefile
===================================================================
--- Linux-PAM/Makefile (nonexistent)
+++ Linux-PAM/Makefile (revision 5)
@@ -0,0 +1,68 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+
+include ../../../../build-system/constants.mk
+
+
+url = $(DOWNLOAD_SERVER)/sources/packages/s/Linux-PAM
+
+versions = 1.5.1
+pkgname = Linux-PAM
+suffix = tar.xz
+
+tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
+docs = $(addsuffix -docs.$(suffix), $(addprefix $(pkgname)-, $(versions)))
+sha1s = $(addsuffix .sha1sum, $(tarballs))
+sha1s += $(addsuffix .sha1sum, $(docs))
+
+patches = $(CURDIR)/patches/Linux-PAM-1.5.1-env-comment.patch
+patches += $(CURDIR)/patches/Linux-PAM-1.5.1-redhat-modules.patch
+patches += $(CURDIR)/patches/Linux-PAM-1.5.1-unix-nomsg.patch
+
+.NOTPARALLEL: $(patches)
+
+
+BUILD_TARGETS = $(tarballs) $(docs) $(sha1s) $(patches)
+
+
+include ../../../../build-system/core.mk
+
+
+.PHONY: download_clean
+
+
+$(tarballs):
+ @echo -e "\n======= Downloading source tarballs =======\n" ; \
+ for tarball in $(tarballs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(docs):
+ @echo -e "\n======= Downloading documentation tarballs =======\n" ; \
+ for tarball in $(docs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(sha1s): $(tarballs) $(docs)
+ @for sha in $@ ; do \
+ echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
+ echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
+ touch $$sha ; \
+ echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
+ sha1sum --check $$sha ; ret="$$?" ; \
+ if [ "$$ret" == "1" ]; then \
+ echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
+ exit 1 ; \
+ fi ; \
+ done
+
+$(patches): $(sha1s)
+ @echo -e "\n======= Create Patches =======\n" ; \
+ ( cd create-1.5.1-env-comment-patch ; ./create.patch.sh ) ; \
+ ( cd create-1.5.1-redhat-modules-patch ; ./create.patch.sh ) ; \
+ ( cd create-1.5.1-unix-nomsg-patch ; ./create.patch.sh ) ; \
+ echo -e "\n"
+
+download_clean:
+ @rm -f $(tarballs) $(docs) $(sha1s) $(patches)
Index: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env/environment
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env/environment (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env/environment (revision 5)
@@ -0,0 +1,10 @@
+# /etc/environment
+# This file is parsed by pam_env module.
+# This file may contain environment variable settings that should be used
+# system-wide. Please note that it is not a script file and should only
+# contain assignment expressions, one per line.
+# The environment variables in this file will be loaded before those in other
+# files such as: /etc/profile, /etc/profile.d/*, ~/.profile, etc.
+#
+# Syntax: simple "KEY=VAL" pairs on separate lines
+#
Index: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env (revision 5)
Property changes on: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules/pam_env
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules (revision 5)
Property changes on: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new/modules
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new (revision 5)
Property changes on: Linux-PAM/create-1.5.1-env-comment-patch/Linux-PAM-1.5.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-env-comment-patch/create.patch.sh
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/create.patch.sh (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=1.5.1
+
+tar --files-from=file.list -xJvf ../Linux-PAM-$VERSION.tar.xz
+mv Linux-PAM-$VERSION Linux-PAM-$VERSION-orig
+
+cp -rf ./Linux-PAM-$VERSION-new ./Linux-PAM-$VERSION
+
+diff --unified -Nr Linux-PAM-$VERSION-orig Linux-PAM-$VERSION > Linux-PAM-$VERSION-env-comment.patch
+
+mv Linux-PAM-$VERSION-env-comment.patch ../patches
+
+rm -rf ./Linux-PAM-$VERSION
+rm -rf ./Linux-PAM-$VERSION-orig
Property changes on: Linux-PAM/create-1.5.1-env-comment-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: Linux-PAM/create-1.5.1-env-comment-patch/file.list
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch/file.list (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch/file.list (revision 5)
@@ -0,0 +1 @@
+Linux-PAM-1.5.1/modules/pam_env/environment
Index: Linux-PAM/create-1.5.1-env-comment-patch
===================================================================
--- Linux-PAM/create-1.5.1-env-comment-patch (nonexistent)
+++ Linux-PAM/create-1.5.1-env-comment-patch (revision 5)
Property changes on: Linux-PAM/create-1.5.1-env-comment-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/configure.ac
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/configure.ac (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/configure.ac (revision 5)
@@ -0,0 +1,673 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT([Linux-PAM], [1.5.1], , [Linux-PAM])
+AC_CONFIG_SRCDIR([conf/pam_conv1/pam_conv_y.y])
+AC_CONFIG_AUX_DIR([build-aux])
+AM_INIT_AUTOMAKE([-Wall -Wno-portability])
+AC_PREREQ([2.61])
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_MACRO_DIR([m4])
+AC_CANONICAL_HOST
+
+AC_SUBST(PACKAGE)
+AC_SUBST(VERSION)
+
+dnl
+dnl By default, everything under PAM is installed below /usr.
+dnl
+AC_PREFIX_DEFAULT(/usr)
+
+dnl and some hacks to use /etc and /lib
+test "${prefix}" = "NONE" && prefix="/usr"
+if test ${prefix} = '/usr'
+then
+dnl If we use /usr as prefix, use /etc for config files
+ if test ${sysconfdir} = '${prefix}/etc'
+ then
+ sysconfdir="/etc"
+ fi
+ if test ${libdir} = '${exec_prefix}/lib'
+ then
+ case "$host_cpu" in
+ x86_64|ppc64|s390x|sparc64)
+ libdir="/lib64" ;;
+ *)
+ libdir="/lib" ;;
+ esac
+ fi
+ if test ${sbindir} = '${exec_prefix}/sbin'
+ then
+ sbindir="/sbin"
+ fi
+dnl If we use /usr as prefix, use /usr/share/man for manual pages
+ if test ${mandir} = '${prefix}/man'
+ then
+ mandir='${prefix}/share/man'
+ fi
+dnl Add security to include directory
+ if test ${includedir} = '${prefix}/include'
+ then
+ includedir="${prefix}/include/security"
+ fi
+
+dnl Add /var directory
+ if test ${localstatedir} = '${prefix}/var'
+ then
+ localstatedir="/var"
+ fi
+
+fi
+
+dnl This should be called before any macros that run the C compiler.
+AC_USE_SYSTEM_EXTENSIONS
+
+LT_INIT([disable-static])
+AC_ENABLE_STATIC([no])
+AC_ENABLE_SHARED([yes])
+
+dnl Checks for programs.
+AC_PROG_CC
+AC_PROG_YACC
+AM_PROG_LEX
+AC_PROG_INSTALL
+AC_PROG_LN_S
+AC_PROG_MAKE_SET
+AM_PROG_CC_C_O
+PAM_LD_AS_NEEDED
+PAM_LD_NO_UNDEFINED
+PAM_LD_O1
+PAM_LD_Z_NOW
+
+dnl Largefile support
+AC_SYS_LARGEFILE
+
+pam_WARN_LANG_FLAGS
+
+if test "x${CC_FOR_BUILD+set}" != "xset" ; then
+ if test "x$cross_compiling" = "xyes" ; then
+ AC_CHECK_PROGS(CC_FOR_BUILD, gcc cc)
+ else
+ CC_FOR_BUILD=${CC}
+ fi
+fi
+AC_MSG_CHECKING([for CC_FOR_BUILD])
+AC_MSG_RESULT([$CC_FOR_BUILD])
+AC_SUBST(CC_FOR_BUILD)
+
+if test "x${BUILD_CPPFLAGS+set}" != "xset" ; then
+ if test "x$cross_compiling" = "xyes" ; then
+ BUILD_CPPFLAGS=
+ else
+ BUILD_CPPFLAGS=${CPPFLAGS}
+ fi
+fi
+AC_SUBST(BUILD_CPPFLAGS)
+
+if test "x${BUILD_CFLAGS+set}" != "xset" ; then
+ if test "x$cross_compiling" = "xyes" ; then
+ BUILD_CFLAGS=
+ else
+ BUILD_CFLAGS=${CFLAGS}
+ fi
+fi
+AC_SUBST(BUILD_CFLAGS)
+
+if test "x${BUILD_LDFLAGS+set}" != "xset" ; then
+ if test "x$cross_compiling" = "xyes" ; then
+ BUILD_LDFLAGS=
+ else
+ BUILD_LDFLAGS=${LDFLAGS}
+ fi
+fi
+AC_SUBST(BUILD_LDFLAGS)
+
+PAM_ATTRIBUTE_UNUSED
+
+dnl
+dnl Check if --version-script is supported by ld
+dnl
+AC_CACHE_CHECK(for .symver assembler directive, libc_cv_asm_symver_directive,
+[cat > conftest.s <<EOF
+${libc_cv_dot_text}
+_sym:
+.symver _sym,sym@VERS
+EOF
+if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD; then
+ libc_cv_asm_symver_directive=yes
+else
+ libc_cv_asm_symver_directive=no
+fi
+rm -f conftest*])
+AC_CACHE_CHECK(for ld --version-script, libc_cv_ld_version_script_option, [dnl
+if test $libc_cv_asm_symver_directive = yes; then
+ cat > conftest.s <<EOF
+${libc_cv_dot_text}
+_sym:
+.symver _sym,sym@VERS
+EOF
+ cat > conftest.map <<EOF
+VERS_1 {
+ global: sym;
+};
+
+VERS_2 {
+ global: sym;
+} VERS_1;
+EOF
+ if ${CC-cc} -c $ASFLAGS conftest.s 1>&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD;
+then
+ if AC_TRY_COMMAND([${CC-cc} $CFLAGS $LDFLAGS -shared
+ -o conftest.so conftest.o
+ -nostartfiles -nostdlib
+ -Wl,--version-script,conftest.map
+ 1>&AS_MESSAGE_LOG_FD]);
+ then
+ libc_cv_ld_version_script_option=yes
+ else
+ libc_cv_ld_version_script_option=no
+ fi
+ else
+ libc_cv_ld_version_script_option=no
+ fi
+else
+ libc_cv_ld_version_script_option=no
+fi
+rm -f conftest*])
+AM_CONDITIONAL([HAVE_VERSIONING],
+ [test "$libc_cv_ld_version_script_option" = "yes"])
+
+AC_ARG_ENABLE([pie],
+ [AS_HELP_STRING([--disable-pie],
+ [disable position-independent executables (PIE)])],
+ [], [enable_pie=check])
+case "$enable_pie" in
+ no) ;;
+ yes|check)
+ dnl Check for -fpie/-pie support
+ AC_CACHE_CHECK([for -fpie/-pie support],
+ [pam_cv_pie],
+ [saved_CFLAGS="$CFLAGS"
+ saved_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CFLAGS -fpie"
+ LDFLAGS="$LDFLAGS -pie"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM(,)],
+ [pam_cv_pie=yes],
+ [pam_cv_pie=no])
+ LDFLAGS="$saved_LDFLAGS"
+ CFLAGS="$saved_CFLAGS"])
+ AS_IF([test "$pam_cv_pie" = yes],
+ [enable_pie=yes],
+ [AS_IF([test "$enable_pie" = yes],
+ [AC_MSG_FAILURE([requested -fpie/-pie support not found])],
+ [enable_pie=no])])
+ ;;
+ *) AC_MSG_ERROR([bad value $enable_pie for --enable-pie option]) ;;
+esac
+
+AS_IF([test "$enable_pie" = yes],
+ [PIE_CFLAGS="-fpie"
+ PIE_LDFLAGS="-pie"],
+ [PIE_CFLAGS=
+ PIE_LDFLAGS=])
+
+EXE_CFLAGS="$PIE_CFLAGS"
+EXE_LDFLAGS="$PIE_LDFLAGS $ZNOW_LDFLAGS"
+AC_SUBST(EXE_CFLAGS)
+AC_SUBST(EXE_LDFLAGS)
+
+
+dnl
+dnl options and defaults
+dnl
+
+AC_ARG_ENABLE([doc],
+ AS_HELP_STRING([--disable-doc],[Do not generate or install documentation]),
+ WITH_DOC=$enableval, WITH_DOC=yes)
+AM_CONDITIONAL([HAVE_DOC], [test "x$WITH_DOC" = "xyes"])
+
+AC_ARG_ENABLE([prelude],
+ AS_HELP_STRING([--disable-prelude],[do not use prelude]),
+ WITH_PRELUDE=$enableval, WITH_PRELUDE=yes)
+if test "$WITH_PRELUDE" = "yes" ; then
+ AM_PATH_LIBPRELUDE([0.9.0])
+ if test "$LIBPRELUDE_CONFIG" != "no" ; then
+ LIBPRELUDE_CFLAGS="$LIBPRELUDE_CFLAGS -DPRELUDE=1"
+ fi
+fi
+
+dnl lots of debugging information goes to /var/run/pam-debug.log
+AC_ARG_ENABLE([debug],
+ AS_HELP_STRING([--enable-debug],[specify you are building with debugging on]))
+
+if test x"$enable_debug" = x"yes" ; then
+ AC_DEFINE([PAM_DEBUG],,
+ [lots of stuff gets written to /var/run/pam-debug.log])
+fi
+
+AC_ARG_ENABLE(securedir,
+ AS_HELP_STRING([--enable-securedir=DIR],[path to location of PAMs @<:@default=$libdir/security@:>@]),
+ SECUREDIR=$enableval, SECUREDIR=$libdir/security)
+AC_SUBST(SECUREDIR)
+
+AC_ARG_ENABLE([isadir],
+ AS_HELP_STRING([--enable-isadir=DIR],[path to arch-specific module files @<:@default=../../(basename of $libdir)/security@:>@]),
+ISA=$enableval,
+ISA=../../`basename $libdir`/security)
+unset mylibdirbase
+AC_DEFINE_UNQUOTED(_PAM_ISA,"$ISA",[Define to the path, relative to SECUREDIR, where PAMs specific to this architecture can be found.])
+AC_MSG_RESULT([Defining \$ISA to "$ISA"])
+
+AC_ARG_ENABLE(sconfigdir,
+ AS_HELP_STRING([--enable-sconfigdir=DIR],[path to module conf files @<:@default=$sysconfdir/security@:>@]),
+ SCONFIGDIR=$enableval, SCONFIGDIR=$sysconfdir/security)
+AC_SUBST(SCONFIGDIR)
+
+AC_ARG_ENABLE(pamlocking,
+ AS_HELP_STRING([--enable-pamlocking],[configure libpam to observe a global authentication lock]))
+
+if test x"$enable_pamlocking" = "xyes"; then
+ AC_DEFINE([PAM_LOCKING],,
+ [libpam should observe a global authentication lock])
+fi
+
+AC_ARG_ENABLE(read-both-confs,
+ AS_HELP_STRING([--enable-read-both-confs],[read both /etc/pam.d and /etc/pam.conf files]))
+
+if test x"$enable_read_both_confs" = "xyes"; then
+ AC_DEFINE([PAM_READ_BOTH_CONFS],,
+ [read both /etc/pam.d and /etc/pam.conf files])
+fi
+
+AC_ARG_ENABLE([lckpwdf],
+ AS_HELP_STRING([--disable-lckpwdf],[do not use the lckpwdf function]),
+ WITH_LCKPWDF=$enableval, WITH_LCKPWDF=yes)
+if test "$WITH_LCKPWDF" = "yes" ; then
+ AC_DEFINE([USE_LCKPWDF], 1,
+ [Define to 1 if the lckpwdf function should be used])
+fi
+
+AC_CHECK_HEADERS(paths.h)
+AC_ARG_WITH(mailspool,
+[ --with-mailspool path to mail spool directory
+ [default _PATH_MAILDIR if defined in paths.h, otherwise /var/spool/mail]],
+with_mailspool=${withval})
+if test x$with_mailspool != x ; then
+ pam_mail_spool="\"$with_mailspool\""
+else
+ AC_RUN_IFELSE([AC_LANG_SOURCE([[
+#include <paths.h>
+int main() {
+#ifdef _PATH_MAILDIR
+exit(0);
+#else
+exit(1);
+#endif
+}]])],[pam_mail_spool="_PATH_MAILDIR"],[pam_mail_spool="\"/var/spool/mail\""],[pam_mail_spool="\"/var/spool/mail\""])
+fi
+AC_DEFINE_UNQUOTED(PAM_PATH_MAILDIR, $pam_mail_spool,
+ [Path where mails are stored])
+
+AC_ARG_WITH(xauth,
+[ --with-xauth additional path to check for xauth when it is called from pam_xauth
+ [added to the default of /usr/X11R6/bin/xauth, /usr/bin/xauth, /usr/bin/X11/xauth]],
+pam_xauth_path=${withval})
+if test x$with_xauth = x ; then
+ AC_PATH_PROG(pam_xauth_path, xauth)
+dnl There is no sense in adding the first default path
+ if test x$pam_xauth_path = x/usr/X11R6/bin/xauth ; then
+ unset pam_xauth_path
+ fi
+fi
+
+if test x$pam_xauth_path != x ; then
+ AC_DEFINE_UNQUOTED(PAM_PATH_XAUTH, "$pam_xauth_path",
+ [Additional path of xauth executable])
+fi
+
+dnl Checks for the existence of libdl - in musl its a part of libc
+saved_LIBS="$LIBS"
+AC_SEARCH_LIBS([dlopen], [dl])
+LIBS="$saved_LIBS"
+case "$ac_cv_search_dlopen" in
+ no) AC_MSG_FAILURE([failed to find dlopen]) ;;
+ -l*) LIBDL="$ac_cv_search_dlopen" ;;
+ *) LIBDL= ;;
+esac
+AC_SUBST(LIBDL)
+
+dnl Look for Linux Auditing library - see documentation
+AC_ARG_ENABLE([audit],
+ AS_HELP_STRING([--disable-audit],[do not enable audit support]),
+ WITH_LIBAUDIT=$enableval, WITH_LIBAUDIT=yes)
+if test x"$WITH_LIBAUDIT" != xno ; then
+ AC_CHECK_HEADER([libaudit.h],
+ [AC_CHECK_LIB(audit, audit_log_acct_message, LIBAUDIT=-laudit, LIBAUDIT="")
+ AC_CHECK_TYPE([struct audit_tty_status],
+ [HAVE_AUDIT_TTY_STATUS=yes],
+ [HAVE_AUDIT_TTY_STATUS=""],
+ [#include <libaudit.h>])]
+ )
+ if test -n "$LIBAUDIT" -a "$ac_cv_header_libaudit_h" != "no" ; then
+ AC_DEFINE([HAVE_LIBAUDIT], 1, [Define to 1 if audit support should be compiled in.])
+ fi
+ if test -n "$HAVE_AUDIT_TTY_STATUS" ; then
+ AC_CHECK_MEMBERS([struct audit_tty_status.log_passwd], [],
+ AC_MSG_WARN([audit_tty_status.log_passwd is not available. The log_passwd option is disabled.]),
+ [[#include <libaudit.h>]])
+ fi
+else
+ LIBAUDIT=""
+fi
+AC_SUBST(LIBAUDIT)
+
+AC_CHECK_HEADERS(xcrypt.h crypt.h)
+AS_IF([test "x$ac_cv_header_xcrypt_h" = "xyes"],
+ [crypt_libs="xcrypt crypt"],
+ [crypt_libs="crypt"])
+
+BACKUP_LIBS=$LIBS
+AC_SEARCH_LIBS([crypt],[$crypt_libs])
+case "$ac_cv_search_crypt" in
+ -l*) LIBCRYPT="$ac_cv_search_crypt" ;;
+ *) LIBCRYPT="" ;;
+esac
+AC_CHECK_FUNCS(crypt_r crypt_gensalt_r)
+LIBS=$BACKUP_LIBS
+AC_SUBST(LIBCRYPT)
+if test "$LIBCRYPT" = "-lxcrypt" -a "$ac_cv_header_xcrypt_h" = "yes" ; then
+ AC_DEFINE([HAVE_LIBXCRYPT], 1, [Define to 1 if xcrypt support should be compiled in.])
+fi
+
+AC_ARG_WITH([randomdev], AS_HELP_STRING([--with-randomdev=(<path>|yes|no)],[use specified random device instead of /dev/urandom or 'no' to disable]), opt_randomdev=$withval)
+if test "$opt_randomdev" = yes -o -z "$opt_randomdev"; then
+ opt_randomdev="/dev/urandom"
+elif test "$opt_randomdev" = no; then
+ opt_randomdev=
+fi
+if test -n "$opt_randomdev"; then
+ AC_DEFINE_UNQUOTED(PAM_PATH_RANDOMDEV, "$opt_randomdev", [Random device path.])
+fi
+
+dnl check for libdb or libndbm as fallback. Some libndbm compat
+dnl libraries are unusable, so try libdb first.
+AC_ARG_ENABLE([db],
+ AS_HELP_STRING([--enable-db=(db|ndbm|yes|no)],[Default behavior 'yes', which is to check for libdb first, followed by ndbm. Use 'no' to disable db support.]),
+ WITH_DB=$enableval, WITH_DB=yes)
+AC_ARG_WITH([db-uniquename],
+ AS_HELP_STRING([--with-db-uniquename=extension],[Unique name for db libraries and functions.]))
+if test x"$WITH_DB" != xno ; then
+ if test x"$WITH_DB" = xyes -o x"$WITH_DB" = xdb ; then
+ old_libs=$LIBS
+ LIBS="$LIBS -ldb$with_db_uniquename"
+ AC_CHECK_FUNCS([db_create$with_db_uniquename db_create dbm_store$with_db_uniquename dbm_store],
+ [LIBDB="-ldb$with_db_uniquename"; break])
+ LIBS=$old_libs
+ fi
+ if test -z "$LIBDB" ; then
+ AC_CHECK_LIB([ndbm],[dbm_store], LIBDB="-lndbm", LIBDB="")
+ if test -n "$LIBDB" ; then
+ AC_CHECK_HEADERS(ndbm.h)
+ fi
+ else
+ AC_CHECK_HEADERS(db.h)
+ fi
+fi
+AC_SUBST(LIBDB)
+
+AC_ARG_ENABLE([nis],
+ AS_HELP_STRING([--disable-nis], [Disable building NIS/YP support in pam_unix]))
+
+AS_IF([test "x$enable_nis" != "xno"], [
+ old_CFLAGS=$CFLAGS
+ old_CPPFLAGS=$CPPFLAGS
+ old_LIBS=$LIBS
+
+ dnl if there's libtirpc available, prefer that over the system
+ dnl implementation.
+ PKG_CHECK_MODULES([TIRPC], [libtirpc], [
+ CFLAGS="$CFLAGS $TIRPC_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $TIRPC_CFLAGS"
+ LIBS="$LIBS $TIRPC_LIBS"
+ ], [:;])
+
+ PKG_CHECK_MODULES([NSL], [libnsl], [],
+ [AC_CHECK_LIB([nsl],[yp_match],[NSL_LIBS="-lnsl"],[NSL_LIBS=""])])
+ CFLAGS="$CFLAGS $NSL_CFLAGS"
+ CPPFLAGS="$CPPFLAGS $NSL_CFLAGS"
+ LIBS="$LIBS $NSL_LIBS"
+
+ AC_CHECK_FUNCS([yp_get_default_domain yperr_string yp_master yp_bind yp_match yp_unbind])
+ AC_CHECK_FUNCS([getrpcport rpcb_getaddr])
+ AC_CHECK_HEADERS([rpc/rpc.h rpcsvc/ypclnt.h rpcsvc/yp_prot.h])
+ AC_CHECK_DECLS([getrpcport], , , [
+ #if HAVE_RPC_RPC_H
+ # include <rpc/rpc.h>
+ #endif
+ ])
+
+ CFLAGS="$old_CFLAGS"
+ CPPFLAGS="$old_CPPFLAGS"
+ LIBS="$old_LIBS"
+])
+
+AC_SUBST([NIS_CFLAGS])
+AC_SUBST([NIS_LIBS])
+
+AC_ARG_ENABLE([usergroups],
+ AS_HELP_STRING([--enable-usergroups], [sets the usergroups option default to enabled]),
+ [WITH_USERGROUPS=$enableval], WITH_USERGROUPS=no)
+if test "$WITH_USERGROUPS" = "yes" ; then
+ AC_DEFINE([DEFAULT_USERGROUPS_SETTING], 1,
+ [Defines the value usergroups option should have by default])
+else
+ AC_DEFINE([DEFAULT_USERGROUPS_SETTING], 0,
+ [Defines the value usergroups option should have by default])
+fi
+
+AC_ARG_ENABLE([selinux],
+ AS_HELP_STRING([--disable-selinux],[do not use SELinux]),
+ WITH_SELINUX=$enableval, WITH_SELINUX=yes)
+if test "$WITH_SELINUX" = "yes" ; then
+ AC_CHECK_LIB([selinux],[getfilecon], LIBSELINUX="-lselinux", LIBSELINUX="")
+else
+ LIBSELINUX=""
+fi
+AC_SUBST(LIBSELINUX)
+if test -n "$LIBSELINUX" ; then
+ AC_DEFINE([WITH_SELINUX], 1, [Defined if SE Linux support is compiled in])
+ BACKUP_LIBS=$LIBS
+ LIBS="$LIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(setkeycreatecon)
+ AC_CHECK_FUNCS(getseuser)
+ LIBS=$BACKUP_LIBS
+fi
+
+AC_ARG_ENABLE([econf],
+ AS_HELP_STRING([--disable-econf], [do not use libeconf]),
+ [WITH_ECONF=$enableval], WITH_ECONF=yes)
+if test "$WITH_ECONF" = "yes" ; then
+ PKG_CHECK_MODULES([ECONF], [libeconf], [],
+ [AC_CHECK_LIB([econf],[econf_readDirs],[ECONF_LIBS="-leconf"],[ECONF_LIBS=""])])
+ if test -n "$ECONF_LIBS" ; then
+ ECONF_CFLAGS="-DUSE_ECONF=1 $ECONF_CFLAGS"
+ fi
+fi
+AC_SUBST([ECONF_CFLAGS])
+AC_SUBST([ECONF_LIBS])
+AC_ARG_ENABLE([vendordir],
+ AS_HELP_STRING([--enable-vendordir=DIR], [Directory for distribution provided configuration files]),,[])
+if test -n "$enable_vendordir"; then
+ AC_DEFINE_UNQUOTED([VENDORDIR], ["$enable_vendordir"],
+ [Directory for distribution provided configuration files])
+ STRINGPARAM_VENDORDIR="--stringparam vendordir '$enable_vendordir'"
+else
+ STRINGPARAM_VENDORDIR="--stringparam vendordir '<vendordir>'"
+fi
+AC_SUBST([STRINGPARAM_VENDORDIR])
+
+dnl Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS(fcntl.h limits.h malloc.h sys/file.h sys/ioctl.h sys/time.h syslog.h net/if.h termio.h unistd.h sys/fsuid.h inittypes.h)
+
+dnl For module/pam_lastlog
+AC_CHECK_HEADERS(lastlog.h utmp.h utmpx.h)
+
+dnl Checks for typedefs, structures, and compiler characteristics.
+AC_C_BIGENDIAN
+AC_C_CONST
+AC_TYPE_UID_T
+AC_TYPE_OFF_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_HEADER_TIME
+AC_STRUCT_TM
+
+dnl Checks for library functions.
+AC_TYPE_GETGROUPS
+AC_PROG_GCC_TRADITIONAL
+AC_FUNC_MEMCMP
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS(fseeko getdomainname gethostname gettimeofday lckpwdf mkdir select)
+AC_CHECK_FUNCS(strcspn strdup strspn strstr strtol uname)
+AC_CHECK_FUNCS(getutent_r getpwnam_r getpwuid_r getgrnam_r getgrgid_r getspnam_r getmntent_r)
+AC_CHECK_FUNCS(getgrouplist getline getdelim)
+AC_CHECK_FUNCS(inet_ntop inet_pton innetgr)
+AC_CHECK_FUNCS(quotactl)
+AC_CHECK_FUNCS(unshare)
+AC_CHECK_FUNCS([ruserok_af ruserok], [break])
+BACKUP_LIBS=$LIBS
+LIBS="$LIBS -lutil"
+AC_CHECK_FUNCS([logwtmp])
+LIBS=$BACKUP_LIBS
+
+AC_ARG_ENABLE([regenerate-docu],
+ AS_HELP_STRING([--disable-regenerate-docu],[Don't re-build documentation from XML sources]),
+ [enable_docu=$enableval], [enable_docu=yes])
+dnl
+dnl Check for xsltproc
+dnl
+AC_PATH_PROG([XSLTPROC], [xsltproc])
+if test -z "$XSLTPROC"; then
+ enable_docu=no
+fi
+AC_PATH_PROG([XMLLINT], [xmllint],[/bin/true])
+dnl check for DocBook DTD and stylesheets in the local catalog.
+JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.4//EN],
+ [DocBook XML DTD V4.4], [], enable_docu=no)
+JH_CHECK_XML_CATALOG([http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl],
+ [DocBook XSL Stylesheets], [], enable_docu=no)
+
+AC_PATH_PROG([BROWSER], [w3m])
+if test -n "$BROWSER"; then
+ BROWSER="$BROWSER -T text/html -dump"
+else
+ AC_PATH_PROG([BROWSER], [elinks])
+ if test -n "$BROWSER"; then
+ BROWSER="$BROWSER -no-numbering -no-references -dump"
+ else
+ enable_docu=no
+ fi
+fi
+
+AC_PATH_PROG([FO2PDF], [fop])
+
+AM_CONDITIONAL(ENABLE_REGENERATE_MAN, test x$enable_docu != xno -a x$enable_doc != xno)
+AM_CONDITIONAL(ENABLE_GENERATE_PDF, test -n "$FO2PDF")
+
+
+AM_GNU_GETTEXT_VERSION([0.18.3])
+AM_GNU_GETTEXT([external])
+AC_CHECK_FUNCS(dngettext)
+
+AH_BOTTOM([#ifdef ENABLE_NLS
+#include <libintl.h>
+#define _(msgid) dgettext(PACKAGE, msgid)
+#define N_(msgid) msgid
+#else
+#define _(msgid) (msgid)
+#define N_(msgid) msgid
+#endif /* ENABLE_NLS */])
+
+dnl
+dnl Check for the availability of the kernel key management facility
+dnl - The pam_keyinit module only requires the syscalls, not the error codes
+dnl
+AC_CHECK_DECL(__NR_keyctl, [have_key_syscalls=1],[have_key_syscalls=0],[#include <sys/syscall.h>])
+
+dnl
+dnl Get values for default uid ranges in login.defs used in pam_usertype
+dnl
+AC_ARG_WITH([uidmin], AS_HELP_STRING([--with-uidmin=<number>],[default value for regular user min uid (1000)]), opt_uidmin=$withval)
+test -n "$opt_uidmin" ||
+ opt_uidmin=1000
+AC_DEFINE_UNQUOTED(PAM_USERTYPE_UIDMIN, $opt_uidmin, [Minimum regular user uid.])
+
+AC_ARG_WITH([sysuidmin], AS_HELP_STRING([--with-sysuidmin=<number>],[default value for system user min uid (101)]), opt_sysuidmin=$withval)
+test -n "$opt_sysuidmin" ||
+ opt_sysuidmin=101
+AC_DEFINE_UNQUOTED(PAM_USERTYPE_SYSUIDMIN, $opt_sysuidmin, [Minimum system user uid.])
+
+AC_ARG_WITH([kernel-overflow-uid], AS_HELP_STRING([--with-kernel-overflow-uid=<number>],[kernel overflow uid, default (uint16_t)-2=65534]), opt_kerneloverflowuid=$withval)
+test -n "$opt_kerneloverflowuid" ||
+ opt_kerneloverflowuid=65534
+AC_DEFINE_UNQUOTED(PAM_USERTYPE_OVERFLOW_UID, $opt_kerneloverflowuid, [Kernel overflow uid.])
+
+AC_ARG_ENABLE([unix],
+ [AS_HELP_STRING([--disable-unix],
+ [do not build pam_unix module])],
+ [], [enable_unix=yes])
+case "$enable_unix" in
+ yes|no) ;;
+ *) AC_MSG_ERROR([bad value $enable_unix for --enable-unix option]) ;;
+esac
+
+AM_CONDITIONAL([COND_BUILD_PAM_KEYINIT], [test "$have_key_syscalls" = 1])
+AM_CONDITIONAL([COND_BUILD_PAM_LASTLOG], [test "$ac_cv_func_logwtmp" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_NAMESPACE], [test "$ac_cv_func_unshare" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_RHOSTS], [test "$ac_cv_func_ruserok_af" = yes -o "$ac_cv_func_ruserok" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_SELINUX], [test -n "$LIBSELINUX"])
+AM_CONDITIONAL([COND_BUILD_PAM_SEPERMIT], [test -n "$LIBSELINUX"])
+AM_CONDITIONAL([COND_BUILD_PAM_SETQUOTA], [test "$ac_cv_func_quotactl" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_TTY_AUDIT], [test "$HAVE_AUDIT_TTY_STATUS" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_UNIX], [test "$enable_unix" = yes])
+AM_CONDITIONAL([COND_BUILD_PAM_USERDB], [test -n "$LIBDB"])
+
+dnl Files to be created from when we run configure
+AC_CONFIG_FILES([Makefile libpam/Makefile libpamc/Makefile libpamc/test/Makefile \
+ libpam_misc/Makefile conf/Makefile conf/pam_conv1/Makefile \
+ po/Makefile.in \
+ Make.xml.rules \
+ modules/Makefile \
+ modules/pam_chroot/Makefile modules/pam_console/Makefile \
+ modules/pam_postgresok/Makefile \
+ modules/pam_access/Makefile \
+ modules/pam_debug/Makefile modules/pam_deny/Makefile \
+ modules/pam_echo/Makefile modules/pam_env/Makefile \
+ modules/pam_faildelay/Makefile modules/pam_faillock/Makefile \
+ modules/pam_filter/Makefile modules/pam_filter/upperLOWER/Makefile \
+ modules/pam_ftp/Makefile modules/pam_group/Makefile \
+ modules/pam_issue/Makefile modules/pam_keyinit/Makefile \
+ modules/pam_lastlog/Makefile modules/pam_limits/Makefile \
+ modules/pam_listfile/Makefile modules/pam_localuser/Makefile \
+ modules/pam_loginuid/Makefile modules/pam_mail/Makefile \
+ modules/pam_mkhomedir/Makefile modules/pam_motd/Makefile \
+ modules/pam_namespace/Makefile \
+ modules/pam_namespace/pam_namespace_helper modules/pam_namespace/pam_namespace.service \
+ modules/pam_nologin/Makefile modules/pam_permit/Makefile \
+ modules/pam_pwhistory/Makefile modules/pam_rhosts/Makefile \
+ modules/pam_rootok/Makefile modules/pam_exec/Makefile \
+ modules/pam_securetty/Makefile modules/pam_selinux/Makefile \
+ modules/pam_sepermit/Makefile modules/pam_setquota/Makefile \
+ modules/pam_shells/Makefile modules/pam_stress/Makefile \
+ modules/pam_succeed_if/Makefile modules/pam_time/Makefile \
+ modules/pam_timestamp/Makefile modules/pam_tty_audit/Makefile \
+ modules/pam_umask/Makefile \
+ modules/pam_unix/Makefile modules/pam_userdb/Makefile \
+ modules/pam_usertype/Makefile \
+ modules/pam_warn/Makefile modules/pam_wheel/Makefile \
+ modules/pam_xauth/Makefile doc/Makefile doc/specs/Makefile \
+ doc/man/Makefile doc/sag/Makefile doc/adg/Makefile \
+ doc/mwg/Makefile examples/Makefile tests/Makefile \
+ xtests/Makefile])
+AC_OUTPUT
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules/Makefile.am
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules/Makefile.am (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules/Makefile.am (revision 5)
@@ -0,0 +1,97 @@
+#
+# Copyright (c) 2005, 2006, 2008 Thorsten Kukuk <kukuk@thkukuk.de>
+#
+
+if COND_BUILD_PAM_KEYINIT
+ MAYBE_PAM_KEYINIT = pam_keyinit
+endif
+
+if COND_BUILD_PAM_LASTLOG
+ MAYBE_PAM_LASTLOG = pam_lastlog
+endif
+
+if COND_BUILD_PAM_NAMESPACE
+ MAYBE_PAM_NAMESPACE = pam_namespace
+endif
+
+if COND_BUILD_PAM_RHOSTS
+ MAYBE_PAM_RHOSTS = pam_rhosts
+endif
+
+if COND_BUILD_PAM_SELINUX
+ MAYBE_PAM_SELINUX = pam_selinux
+endif
+
+if COND_BUILD_PAM_SEPERMIT
+ MAYBE_PAM_SEPERMIT = pam_sepermit
+endif
+
+if COND_BUILD_PAM_SETQUOTA
+ MAYBE_PAM_SETQUOTA = pam_setquota
+endif
+
+if COND_BUILD_PAM_TTY_AUDIT
+ MAYBE_PAM_TTY_AUDIT = pam_tty_audit
+endif
+
+if COND_BUILD_PAM_UNIX
+ MAYBE_PAM_UNIX = pam_unix
+endif
+
+if COND_BUILD_PAM_USERDB
+ MAYBE_PAM_USERDB = pam_userdb
+endif
+
+SUBDIRS := \
+ pam_access \
+ pam_chroot \
+ pam_console \
+ pam_debug \
+ pam_deny \
+ pam_echo \
+ pam_env \
+ pam_exec \
+ pam_faildelay \
+ pam_faillock \
+ pam_filter \
+ pam_ftp \
+ pam_group \
+ pam_issue \
+ $(MAYBE_PAM_KEYINIT) \
+ $(MAYBE_PAM_LASTLOG) \
+ pam_limits \
+ pam_listfile \
+ pam_localuser \
+ pam_loginuid \
+ pam_mail \
+ pam_mkhomedir \
+ pam_motd \
+ $(MAYBE_PAM_NAMESPACE) \
+ pam_nologin \
+ pam_permit \
+ pam_postgresok \
+ pam_pwhistory \
+ $(MAYBE_PAM_RHOSTS) \
+ pam_rootok \
+ pam_securetty \
+ $(MAYBE_PAM_SELINUX) \
+ $(MAYBE_PAM_SEPERMIT) \
+ $(MAYBE_PAM_SETQUOTA) \
+ pam_shells \
+ pam_stress \
+ pam_succeed_if \
+ pam_time \
+ pam_timestamp \
+ $(MAYBE_PAM_TTY_AUDIT) \
+ pam_umask \
+ $(MAYBE_PAM_UNIX) \
+ $(MAYBE_PAM_USERDB) \
+ pam_usertype \
+ pam_warn \
+ pam_wheel \
+ pam_xauth \
+ #
+
+CLEANFILES = *~
+
+EXTRA_DIST = modules.map
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules (revision 5)
Property changes on: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new/modules
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new (revision 5)
Property changes on: Linux-PAM/create-1.5.1-redhat-modules-patch/Linux-PAM-1.5.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/create.patch.sh
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/create.patch.sh (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=1.5.1
+
+tar --files-from=file.list -xJvf ../Linux-PAM-$VERSION.tar.xz
+mv Linux-PAM-$VERSION Linux-PAM-$VERSION-orig
+
+cp -rf ./Linux-PAM-$VERSION-new ./Linux-PAM-$VERSION
+
+diff --unified -Nr Linux-PAM-$VERSION-orig Linux-PAM-$VERSION > Linux-PAM-$VERSION-redhat-modules.patch
+
+mv Linux-PAM-$VERSION-redhat-modules.patch ../patches
+
+rm -rf ./Linux-PAM-$VERSION
+rm -rf ./Linux-PAM-$VERSION-orig
Property changes on: Linux-PAM/create-1.5.1-redhat-modules-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: Linux-PAM/create-1.5.1-redhat-modules-patch/file.list
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch/file.list (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch/file.list (revision 5)
@@ -0,0 +1,2 @@
+Linux-PAM-1.5.1/configure.ac
+Linux-PAM-1.5.1/modules/Makefile.am
Index: Linux-PAM/create-1.5.1-redhat-modules-patch
===================================================================
--- Linux-PAM/create-1.5.1-redhat-modules-patch (nonexistent)
+++ Linux-PAM/create-1.5.1-redhat-modules-patch (revision 5)
Property changes on: Linux-PAM/create-1.5.1-redhat-modules-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix/pam_unix_passwd.c
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix/pam_unix_passwd.c (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix/pam_unix_passwd.c (revision 5)
@@ -0,0 +1,869 @@
+/*
+ * pam_unix password management
+ *
+ * Main coding by Elliot Lee <sopwith@redhat.com>, Red Hat Software.
+ * Copyright (C) 1996.
+ * Copyright (c) Jan Rękorajski, 1999.
+ * Copyright (c) Red Hat, Inc., 2007, 2008.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, and the entire permission notice in its entirety,
+ * including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ * products derived from this software without specific prior
+ * written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions. (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <malloc.h>
+#include <unistd.h>
+#include <errno.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <syslog.h>
+#include <shadow.h>
+#include <time.h> /* for time() */
+#include <fcntl.h>
+#include <ctype.h>
+#include <sys/time.h>
+#include <sys/stat.h>
+
+#include <signal.h>
+#include <sys/wait.h>
+#include <sys/resource.h>
+
+#include <security/_pam_macros.h>
+#include <security/pam_modules.h>
+#include <security/pam_ext.h>
+#include <security/pam_modutil.h>
+
+#include "pam_cc_compat.h"
+#include "md5.h"
+#include "support.h"
+#include "passverify.h"
+#include "bigcrypt.h"
+
+#if (HAVE_YP_GET_DEFAULT_DOMAIN || HAVE_GETDOMAINNAME) && HAVE_YP_MASTER
+# define HAVE_NIS
+#endif
+
+#ifdef HAVE_NIS
+# include <rpc/rpc.h>
+
+# if HAVE_RPCSVC_YP_PROT_H
+# include <rpcsvc/yp_prot.h>
+# endif
+
+# if HAVE_RPCSVC_YPCLNT_H
+# include <rpcsvc/ypclnt.h>
+# endif
+
+# include "yppasswd.h"
+
+# if !HAVE_DECL_GETRPCPORT &&!HAVE_RPCB_GETADDR
+extern int getrpcport(const char *host, unsigned long prognum,
+ unsigned long versnum, unsigned int proto);
+# endif /* GNU libc 2.1 */
+#endif
+
+/*
+ How it works:
+ Gets in username (has to be done) from the calling program
+ Does authentication of user (only if we are not running as root)
+ Gets new password/checks for sanity
+ Sets it.
+ */
+
+#define MAX_PASSWD_TRIES 3
+
+#ifdef HAVE_NIS
+#ifdef HAVE_RPCB_GETADDR
+static unsigned short
+__taddr2port (const struct netconfig *nconf, const struct netbuf *nbuf)
+{
+ unsigned short port = 0;
+ struct __rpc_sockinfo si;
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+ if (!__rpc_nconf2sockinfo(nconf, &si))
+ return 0;
+
+ switch (si.si_af)
+ {
+ case AF_INET:
+ sin = nbuf->buf;
+ port = sin->sin_port;
+ break;
+ case AF_INET6:
+ sin6 = nbuf->buf;
+ port = sin6->sin6_port;
+ break;
+ default:
+ break;
+ }
+
+ return htons (port);
+}
+#endif
+
+static char *getNISserver(pam_handle_t *pamh, unsigned long long ctrl)
+{
+ char *master;
+ char *domainname;
+ int port, err;
+#if defined(HAVE_RPCB_GETADDR)
+ struct netconfig *nconf;
+ struct netbuf svcaddr;
+ char addrbuf[INET6_ADDRSTRLEN];
+ void *handle;
+ int found;
+#endif
+
+
+#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
+ if ((err = yp_get_default_domain(&domainname)) != 0) {
+ pam_syslog(pamh, LOG_WARNING, "can't get local yp domain: %s",
+ yperr_string(err));
+ return NULL;
+ }
+#elif defined(HAVE_GETDOMAINNAME)
+ char domainname_res[256];
+
+ if (getdomainname (domainname_res, sizeof (domainname_res)) == 0)
+ {
+ if (strcmp (domainname_res, "(none)") == 0)
+ {
+ /* If domainname is not set, some systems will return "(none)" */
+ domainname_res[0] = '\0';
+ }
+ domainname = domainname_res;
+ }
+ else domainname = NULL;
+#endif
+
+ if ((err = yp_master(domainname, "passwd.byname", &master)) != 0) {
+ pam_syslog(pamh, LOG_WARNING, "can't find the master ypserver: %s",
+ yperr_string(err));
+ return NULL;
+ }
+#ifdef HAVE_RPCB_GETADDR
+ svcaddr.len = 0;
+ svcaddr.maxlen = sizeof (addrbuf);
+ svcaddr.buf = addrbuf;
+ port = 0;
+ found = 0;
+
+ handle = setnetconfig();
+ while ((nconf = getnetconfig(handle)) != NULL) {
+ if (!strcmp(nconf->nc_proto, "udp")) {
+ if (rpcb_getaddr(YPPASSWDPROG, YPPASSWDPROC_UPDATE,
+ nconf, &svcaddr, master)) {
+ port = __taddr2port (nconf, &svcaddr);
+ endnetconfig (handle);
+ found=1;
+ break;
+ }
+
+ if (rpc_createerr.cf_stat != RPC_UNKNOWNHOST) {
+ clnt_pcreateerror (master);
+ pam_syslog (pamh, LOG_ERR,
+ "rpcb_getaddr (%s) failed!", master);
+ return NULL;
+ }
+ }
+ }
+
+ if (!found) {
+ pam_syslog (pamh, LOG_ERR,
+ "Cannot find suitable transport for protocol 'udp'");
+ return NULL;
+ }
+#else
+ port = getrpcport(master, YPPASSWDPROG, YPPASSWDPROC_UPDATE, IPPROTO_UDP);
+#endif
+ if (port == 0) {
+ pam_syslog(pamh, LOG_WARNING,
+ "yppasswdd not running on NIS master host");
+ return NULL;
+ }
+ if (port >= IPPORT_RESERVED) {
+ pam_syslog(pamh, LOG_WARNING,
+ "yppasswd daemon running on illegal port");
+ return NULL;
+ }
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_DEBUG, "Use NIS server on %s with port %d",
+ master, port);
+ }
+ return master;
+}
+#endif
+
+#ifdef WITH_SELINUX
+
+static int _unix_run_update_binary(pam_handle_t *pamh, unsigned long long ctrl, const char *user,
+ const char *fromwhat, const char *towhat, int remember)
+{
+ int retval, child, fds[2];
+ struct sigaction newsa, oldsa;
+
+ D(("called."));
+ /* create a pipe for the password */
+ if (pipe(fds) != 0) {
+ D(("could not make pipe"));
+ return PAM_AUTH_ERR;
+ }
+
+ if (off(UNIX_NOREAP, ctrl)) {
+ /*
+ * This code arranges that the demise of the child does not cause
+ * the application to receive a signal it is not expecting - which
+ * may kill the application or worse.
+ *
+ * The "noreap" module argument is provided so that the admin can
+ * override this behavior.
+ */
+ memset(&newsa, '\0', sizeof(newsa));
+ newsa.sa_handler = SIG_DFL;
+ sigaction(SIGCHLD, &newsa, &oldsa);
+ }
+
+ /* fork */
+ child = fork();
+ if (child == 0) {
+ static char *envp[] = { NULL };
+ const char *args[] = { NULL, NULL, NULL, NULL, NULL, NULL };
+ char buffer[16];
+
+ /* XXX - should really tidy up PAM here too */
+
+ /* reopen stdin as pipe */
+ if (dup2(fds[0], STDIN_FILENO) != STDIN_FILENO) {
+ pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", "stdin");
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
+
+ if (pam_modutil_sanitize_helper_fds(pamh, PAM_MODUTIL_IGNORE_FD,
+ PAM_MODUTIL_PIPE_FD,
+ PAM_MODUTIL_PIPE_FD) < 0) {
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ }
+
+ /* exec binary helper */
+ args[0] = UPDATE_HELPER;
+ args[1] = user;
+ args[2] = "update";
+ if (on(UNIX_SHADOW, ctrl))
+ args[3] = "1";
+ else
+ args[3] = "0";
+
+ snprintf(buffer, sizeof(buffer), "%d", remember);
+ args[4] = buffer;
+
+ DIAG_PUSH_IGNORE_CAST_QUAL;
+ execve(UPDATE_HELPER, (char *const *) args, envp);
+ DIAG_POP_IGNORE_CAST_QUAL;
+
+ /* should not get here: exit with error */
+ D(("helper binary is not available"));
+ _exit(PAM_AUTHINFO_UNAVAIL);
+ } else if (child > 0) {
+ /* wait for child */
+ /* if the stored password is NULL */
+ int rc=0;
+ if (fromwhat) {
+ int len = strlen(fromwhat);
+
+ if (len > PAM_MAX_RESP_SIZE)
+ len = PAM_MAX_RESP_SIZE;
+ pam_modutil_write(fds[1], fromwhat, len);
+ }
+ pam_modutil_write(fds[1], "", 1);
+ if (towhat) {
+ int len = strlen(towhat);
+
+ if (len > PAM_MAX_RESP_SIZE)
+ len = PAM_MAX_RESP_SIZE;
+ pam_modutil_write(fds[1], towhat, len);
+ }
+ pam_modutil_write(fds[1], "", 1);
+
+ close(fds[0]); /* close here to avoid possible SIGPIPE above */
+ close(fds[1]);
+ /* wait for helper to complete: */
+ while ((rc=waitpid(child, &retval, 0)) < 0 && errno == EINTR);
+ if (rc<0) {
+ pam_syslog(pamh, LOG_ERR, "unix_update waitpid failed: %m");
+ retval = PAM_AUTHTOK_ERR;
+ } else if (!WIFEXITED(retval)) {
+ pam_syslog(pamh, LOG_ERR, "unix_update abnormal exit: %d", retval);
+ retval = PAM_AUTHTOK_ERR;
+ } else {
+ retval = WEXITSTATUS(retval);
+ }
+ } else {
+ D(("fork failed"));
+ close(fds[0]);
+ close(fds[1]);
+ retval = PAM_AUTH_ERR;
+ }
+
+ if (off(UNIX_NOREAP, ctrl)) {
+ sigaction(SIGCHLD, &oldsa, NULL); /* restore old signal handler */
+ }
+
+ return retval;
+}
+#endif
+
+static int check_old_password(const char *forwho, const char *newpass)
+{
+ static char buf[16384];
+ char *s_pas;
+ int retval = PAM_SUCCESS;
+ FILE *opwfile;
+ size_t len = strlen(forwho);
+
+ opwfile = fopen(OLD_PASSWORDS_FILE, "r");
+ if (opwfile == NULL)
+ return PAM_ABORT;
+
+ while (fgets(buf, 16380, opwfile)) {
+ if (!strncmp(buf, forwho, len) && (buf[len] == ':' ||
+ buf[len] == ',')) {
+ char *sptr;
+ buf[strlen(buf) - 1] = '\0';
+ /* s_luser = */ strtok_r(buf, ":,", &sptr);
+ /* s_uid = */ strtok_r(NULL, ":,", &sptr);
+ /* s_npas = */ strtok_r(NULL, ":,", &sptr);
+ s_pas = strtok_r(NULL, ":,", &sptr);
+ while (s_pas != NULL) {
+ char *md5pass = Goodcrypt_md5(newpass, s_pas);
+ if (md5pass == NULL || !strcmp(md5pass, s_pas)) {
+ _pam_delete(md5pass);
+ retval = PAM_AUTHTOK_ERR;
+ break;
+ }
+ s_pas = strtok_r(NULL, ":,", &sptr);
+ _pam_delete(md5pass);
+ }
+ break;
+ }
+ }
+ fclose(opwfile);
+
+ return retval;
+}
+
+static int _do_setpass(pam_handle_t* pamh, const char *forwho,
+ const char *fromwhat,
+ char *towhat, unsigned long long ctrl, int remember)
+{
+ struct passwd *pwd = NULL;
+ int retval = 0;
+ int unlocked = 0;
+
+ D(("called"));
+
+ pwd = getpwnam(forwho);
+
+ if (pwd == NULL) {
+ retval = PAM_AUTHTOK_ERR;
+ goto done;
+ }
+
+ if (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, forwho, 0, 1)) {
+#ifdef HAVE_NIS
+ char *master;
+
+ if ((master=getNISserver(pamh, ctrl)) != NULL) {
+ struct timeval timeout;
+ struct yppasswd yppwd;
+ CLIENT *clnt;
+ int status;
+ enum clnt_stat err;
+
+ /* Unlock passwd file to avoid deadlock */
+ unlock_pwdf();
+ unlocked = 1;
+
+ /* Initialize password information */
+ yppwd.newpw.pw_passwd = pwd->pw_passwd;
+ yppwd.newpw.pw_name = pwd->pw_name;
+ yppwd.newpw.pw_uid = pwd->pw_uid;
+ yppwd.newpw.pw_gid = pwd->pw_gid;
+ yppwd.newpw.pw_gecos = pwd->pw_gecos;
+ yppwd.newpw.pw_dir = pwd->pw_dir;
+ yppwd.newpw.pw_shell = pwd->pw_shell;
+ yppwd.oldpass = fromwhat ? strdup (fromwhat) : strdup ("");
+ yppwd.newpw.pw_passwd = towhat;
+
+ D(("Set password %s for %s", yppwd.newpw.pw_passwd, forwho));
+
+ /* The yppasswd.x file said `unix authentication required',
+ * so I added it. This is the only reason it is in here.
+ * My yppasswdd doesn't use it, but maybe some others out there
+ * do. --okir
+ */
+ clnt = clnt_create(master, YPPASSWDPROG, YPPASSWDVERS, "udp");
+ clnt->cl_auth = authunix_create_default();
+ memset((char *) &status, '\0', sizeof(status));
+ timeout.tv_sec = 25;
+ timeout.tv_usec = 0;
+ err = clnt_call(clnt, YPPASSWDPROC_UPDATE,
+ (xdrproc_t) xdr_yppasswd, (char *) &yppwd,
+ (xdrproc_t) xdr_int, (char *) &status,
+ timeout);
+
+ free (yppwd.oldpass);
+
+ if (err) {
+ _make_remark(pamh, ctrl, PAM_TEXT_INFO,
+ clnt_sperrno(err));
+ } else if (status) {
+ D(("Error while changing NIS password.\n"));
+ }
+ D(("The password has%s been changed on %s.",
+ (err || status) ? " not" : "", master));
+ pam_syslog(pamh, LOG_NOTICE, "password%s changed for %s on %s",
+ (err || status) ? " not" : "", pwd->pw_name, master);
+
+ auth_destroy(clnt->cl_auth);
+ clnt_destroy(clnt);
+ if (err || status) {
+ _make_remark(pamh, ctrl, PAM_TEXT_INFO,
+ _("NIS password could not be changed."));
+ retval = PAM_TRY_AGAIN;
+ }
+#ifdef PAM_DEBUG
+ sleep(5);
+#endif
+ } else {
+ retval = PAM_TRY_AGAIN;
+ }
+#else
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_DEBUG, "No NIS support available");
+ }
+
+ retval = PAM_TRY_AGAIN;
+#endif
+ }
+
+ if (_unix_comesfromsource(pamh, forwho, 1, 0)) {
+ if(unlocked) {
+ if (lock_pwdf() != PAM_SUCCESS) {
+ return PAM_AUTHTOK_LOCK_BUSY;
+ }
+ }
+#ifdef WITH_SELINUX
+ if (unix_selinux_confined())
+ return _unix_run_update_binary(pamh, ctrl, forwho, fromwhat, towhat, remember);
+#endif
+ /* first, save old password */
+ if (save_old_password(pamh, forwho, fromwhat, remember)) {
+ retval = PAM_AUTHTOK_ERR;
+ goto done;
+ }
+ if (on(UNIX_SHADOW, ctrl) || is_pwd_shadowed(pwd)) {
+ retval = unix_update_shadow(pamh, forwho, towhat);
+ if (retval == PAM_SUCCESS)
+ if (!is_pwd_shadowed(pwd))
+ retval = unix_update_passwd(pamh, forwho, "x");
+ } else {
+ retval = unix_update_passwd(pamh, forwho, towhat);
+ }
+ }
+
+
+done:
+ unlock_pwdf();
+
+ return retval;
+}
+
+static int _unix_verify_shadow(pam_handle_t *pamh, const char *user, unsigned long long ctrl)
+{
+ struct passwd *pwent = NULL; /* Password and shadow password */
+ struct spwd *spent = NULL; /* file entries for the user */
+ int daysleft;
+ int retval;
+
+ retval = get_account_info(pamh, user, &pwent, &spent);
+ if (retval == PAM_USER_UNKNOWN) {
+ return retval;
+ }
+
+ if (retval == PAM_SUCCESS && spent == NULL)
+ return PAM_SUCCESS;
+
+ if (retval == PAM_UNIX_RUN_HELPER) {
+ retval = _unix_run_verify_binary(pamh, ctrl, user, &daysleft);
+ if (retval == PAM_AUTH_ERR || retval == PAM_USER_UNKNOWN)
+ return retval;
+ }
+ else if (retval == PAM_SUCCESS)
+ retval = check_shadow_expiry(pamh, spent, &daysleft);
+
+ if (on(UNIX__IAMROOT, ctrl) || retval == PAM_NEW_AUTHTOK_REQD)
+ return PAM_SUCCESS;
+
+ return retval;
+}
+
+static int _pam_unix_approve_pass(pam_handle_t * pamh
+ ,unsigned long long ctrl
+ ,const char *pass_old
+ ,const char *pass_new,
+ int pass_min_len)
+{
+ const void *user;
+ const char *remark = NULL;
+ int retval = PAM_SUCCESS;
+
+ D(("&new=%p, &old=%p", pass_old, pass_new));
+ D(("new=[%s]", pass_new));
+ D(("old=[%s]", pass_old));
+
+ if (pass_new == NULL || (pass_old && !strcmp(pass_old, pass_new))) {
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_DEBUG, "bad authentication token");
+ }
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
+ _("No password has been supplied.") :
+ _("The password has not been changed."));
+ return PAM_AUTHTOK_ERR;
+ }
+ /*
+ * if one wanted to hardwire authentication token strength
+ * checking this would be the place - AGM
+ */
+
+ retval = pam_get_item(pamh, PAM_USER, &user);
+ if (retval != PAM_SUCCESS) {
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_ERR, "Can not get username");
+ return PAM_AUTHTOK_ERR;
+ }
+ }
+
+ if (strlen(pass_new) > PAM_MAX_RESP_SIZE) {
+ remark = _("You must choose a shorter password.");
+ D(("length exceeded [%s]", remark));
+ } else if (off(UNIX__IAMROOT, ctrl)) {
+ if ((int)strlen(pass_new) < pass_min_len)
+ remark = _("You must choose a longer password.");
+ D(("length check [%s]", remark));
+ if (on(UNIX_REMEMBER_PASSWD, ctrl)) {
+ if ((retval = check_old_password(user, pass_new)) == PAM_AUTHTOK_ERR)
+ remark = _("Password has been already used. Choose another.");
+ if (retval == PAM_ABORT) {
+ pam_syslog(pamh, LOG_ERR, "can't open %s file to check old passwords",
+ OLD_PASSWORDS_FILE);
+ return retval;
+ }
+ }
+ }
+ if (remark) {
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG, remark);
+ retval = PAM_AUTHTOK_ERR;
+ }
+ return retval;
+}
+
+int
+pam_sm_chauthtok(pam_handle_t *pamh, int flags, int argc, const char **argv)
+{
+ unsigned long long ctrl, lctrl;
+ int retval;
+ int remember = -1;
+ int rounds = 0;
+ int pass_min_len = 0;
+
+ /* <DO NOT free() THESE> */
+ const char *user;
+ const void *item;
+ const char *pass_old, *pass_new;
+ /* </DO NOT free() THESE> */
+
+ D(("called."));
+
+ ctrl = _set_ctrl(pamh, flags, &remember, &rounds, &pass_min_len,
+ argc, argv);
+
+ /*
+ * First get the name of a user
+ */
+ retval = pam_get_user(pamh, &user, NULL);
+ if (retval == PAM_SUCCESS) {
+ /*
+ * Various libraries at various times have had bugs related to
+ * '+' or '-' as the first character of a user name. Don't
+ * allow them.
+ */
+ if (user[0] == '-' || user[0] == '+') {
+ pam_syslog(pamh, LOG_NOTICE, "bad username [%s]", user);
+ return PAM_USER_UNKNOWN;
+ }
+ if (retval == PAM_SUCCESS && on(UNIX_DEBUG, ctrl))
+ pam_syslog(pamh, LOG_DEBUG, "username [%s] obtained",
+ user);
+ } else {
+ if (on(UNIX_DEBUG, ctrl))
+ pam_syslog(pamh, LOG_DEBUG,
+ "password - could not identify user");
+ return retval;
+ }
+
+ D(("Got username of %s", user));
+
+ /*
+ * Before we do anything else, check to make sure that the user's
+ * info is in one of the databases we can modify from this module,
+ * which currently is 'files' and 'nis'. We have to do this because
+ * getpwnam() doesn't tell you *where* the information it gives you
+ * came from, nor should it. That's our job.
+ */
+ if (_unix_comesfromsource(pamh, user, 1, on(UNIX_NIS, ctrl)) == 0) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "user \"%s\" does not exist in /etc/passwd%s",
+ user, on(UNIX_NIS, ctrl) ? " or NIS" : "");
+ return PAM_USER_UNKNOWN;
+ } else {
+ struct passwd *pwd;
+ _unix_getpwnam(pamh, user, 1, 1, &pwd);
+ if (pwd == NULL) {
+ pam_syslog(pamh, LOG_DEBUG,
+ "user \"%s\" has corrupted passwd entry",
+ user);
+ return PAM_USER_UNKNOWN;
+ }
+ }
+
+ /*
+ * This is not an AUTH module!
+ */
+ if (on(UNIX__NONULL, ctrl))
+ set(UNIX__NULLOK, ctrl);
+
+ if (on(UNIX__PRELIM, ctrl)) {
+ /*
+ * obtain and verify the current password (OLDAUTHTOK) for
+ * the user.
+ */
+ D(("prelim check"));
+
+ if (_unix_blankpasswd(pamh, ctrl, user)) {
+ return PAM_SUCCESS;
+ } else if (off(UNIX__IAMROOT, ctrl) ||
+ (on(UNIX_NIS, ctrl) && _unix_comesfromsource(pamh, user, 0, 1))) {
+ retval = pam_get_authtok(pamh, PAM_OLDAUTHTOK, &pass_old, NULL);
+
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE,
+ "password - (old) token not obtained");
+ return retval;
+ }
+ /* verify that this is the password for this user */
+
+ retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+ } else {
+ D(("process run by root so do nothing this time around"));
+ pass_old = NULL;
+ retval = PAM_SUCCESS; /* root doesn't have too */
+ }
+
+ if (retval != PAM_SUCCESS) {
+ D(("Authentication failed"));
+ pass_old = NULL;
+ return retval;
+ }
+ pass_old = NULL;
+ retval = _unix_verify_shadow(pamh,user, ctrl);
+ if (retval == PAM_AUTHTOK_ERR) {
+ if (off(UNIX__IAMROOT, ctrl))
+ _make_remark(pamh, ctrl, PAM_ERROR_MSG,
+ _("You must wait longer to change your password."));
+ else
+ retval = PAM_SUCCESS;
+ }
+ } else if (on(UNIX__UPDATE, ctrl)) {
+ /*
+ * tpass is used below to store the _pam_md() return; it
+ * should be _pam_delete()'d.
+ */
+
+ char *tpass = NULL;
+ int retry = 0;
+
+ /*
+ * obtain the proposed password
+ */
+
+ D(("do update"));
+
+ /*
+ * get the old token back. NULL was ok only if root [at this
+ * point we assume that this has already been enforced on a
+ * previous call to this function].
+ */
+
+ retval = pam_get_item(pamh, PAM_OLDAUTHTOK, &item);
+
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "user not authenticated");
+ return retval;
+ }
+ pass_old = item;
+ D(("pass_old [%s]", pass_old));
+
+ D(("get new password now"));
+
+ lctrl = ctrl;
+
+ if (on(UNIX_USE_AUTHTOK, lctrl)) {
+ set(UNIX_USE_FIRST_PASS, lctrl);
+ }
+ if (on(UNIX_USE_FIRST_PASS, lctrl)) {
+ retry = MAX_PASSWD_TRIES-1;
+ }
+ retval = PAM_AUTHTOK_ERR;
+ while ((retval != PAM_SUCCESS) && (retry++ < MAX_PASSWD_TRIES)) {
+ /*
+ * use_authtok is to force the use of a previously entered
+ * password -- needed for pluggable password strength checking
+ */
+
+ retval = pam_get_authtok(pamh, PAM_AUTHTOK, &pass_new, NULL);
+
+ if (retval != PAM_SUCCESS) {
+ if (on(UNIX_DEBUG, ctrl)) {
+ pam_syslog(pamh, LOG_ERR,
+ "password - new password not obtained");
+ }
+ pass_old = NULL; /* tidy up */
+ return retval;
+ }
+ D(("returned to _unix_chauthtok"));
+
+ /*
+ * At this point we know who the user is and what they
+ * propose as their new password. Verify that the new
+ * password is acceptable.
+ */
+
+ if (*(const char *)pass_new == '\0') { /* "\0" password = NULL */
+ pass_new = NULL;
+ }
+ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old,
+ pass_new, pass_min_len);
+
+ if (retval != PAM_SUCCESS) {
+ pam_set_item(pamh, PAM_AUTHTOK, NULL);
+ }
+ }
+
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE,
+ "new password not acceptable");
+ pass_new = pass_old = NULL; /* tidy up */
+ return retval;
+ }
+ if (lock_pwdf() != PAM_SUCCESS) {
+ return PAM_AUTHTOK_LOCK_BUSY;
+ }
+
+ if (pass_old) {
+ retval = _unix_verify_password(pamh, user, pass_old, ctrl);
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "user password changed by another process");
+ unlock_pwdf();
+ return retval;
+ }
+ }
+
+ retval = _unix_verify_shadow(pamh, user, ctrl);
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE, "user shadow entry expired");
+ unlock_pwdf();
+ return retval;
+ }
+
+ retval = _pam_unix_approve_pass(pamh, ctrl, pass_old, pass_new,
+ pass_min_len);
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_NOTICE,
+ "new password not acceptable 2");
+ pass_new = pass_old = NULL; /* tidy up */
+ unlock_pwdf();
+ return retval;
+ }
+
+ /*
+ * By reaching here we have approved the passwords and must now
+ * rebuild the password database file.
+ */
+
+ /*
+ * First we encrypt the new password.
+ */
+
+ tpass = create_password_hash(pamh, pass_new, ctrl, rounds);
+ if (tpass == NULL) {
+ pam_syslog(pamh, LOG_CRIT,
+ "crypt() failure or out of memory for password");
+ pass_new = pass_old = NULL; /* tidy up */
+ unlock_pwdf();
+ return PAM_BUF_ERR;
+ }
+
+ D(("password processed"));
+
+ /* update the password database(s) -- race conditions..? */
+
+ retval = _do_setpass(pamh, user, pass_old, tpass, ctrl,
+ remember);
+ /* _do_setpass has called unlock_pwdf for us */
+
+ _pam_delete(tpass);
+ pass_old = pass_new = NULL;
+ } else { /* something has broken with the module */
+ pam_syslog(pamh, LOG_CRIT,
+ "password received unknown request");
+ retval = PAM_ABORT;
+ }
+
+ D(("retval was %d", retval));
+
+ return retval;
+}
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix (revision 5)
Property changes on: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules/pam_unix
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules (revision 5)
Property changes on: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new/modules
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new (revision 5)
Property changes on: Linux-PAM/create-1.5.1-unix-nomsg-patch/Linux-PAM-1.5.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/create.patch.sh
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/create.patch.sh (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=1.5.1
+
+tar --files-from=file.list -xJvf ../Linux-PAM-$VERSION.tar.xz
+mv Linux-PAM-$VERSION Linux-PAM-$VERSION-orig
+
+cp -rf ./Linux-PAM-$VERSION-new ./Linux-PAM-$VERSION
+
+diff --unified -Nr Linux-PAM-$VERSION-orig Linux-PAM-$VERSION > Linux-PAM-$VERSION-unix-nomsg.patch
+
+mv Linux-PAM-$VERSION-unix-nomsg.patch ../patches
+
+rm -rf ./Linux-PAM-$VERSION
+rm -rf ./Linux-PAM-$VERSION-orig
Property changes on: Linux-PAM/create-1.5.1-unix-nomsg-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch/file.list
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch/file.list (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch/file.list (revision 5)
@@ -0,0 +1 @@
+Linux-PAM-1.5.1/modules/pam_unix/pam_unix_passwd.c
Index: Linux-PAM/create-1.5.1-unix-nomsg-patch
===================================================================
--- Linux-PAM/create-1.5.1-unix-nomsg-patch (nonexistent)
+++ Linux-PAM/create-1.5.1-unix-nomsg-patch (revision 5)
Property changes on: Linux-PAM/create-1.5.1-unix-nomsg-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM/patches/README
===================================================================
--- Linux-PAM/patches/README (nonexistent)
+++ Linux-PAM/patches/README (revision 5)
@@ -0,0 +1,6 @@
+
+/* begin *
+
+ TODO: Leave some comment here.
+
+ * end */
Index: Linux-PAM/patches
===================================================================
--- Linux-PAM/patches (nonexistent)
+++ Linux-PAM/patches (revision 5)
Property changes on: Linux-PAM/patches
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Linux-PAM
===================================================================
--- Linux-PAM (nonexistent)
+++ Linux-PAM (revision 5)
Property changes on: Linux-PAM
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: Makefile
===================================================================
--- Makefile (nonexistent)
+++ Makefile (revision 5)
@@ -0,0 +1,13 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+SOURCE_REQUIRES += ALL_DIRS
+
+
+include ../../../build-system/core.mk
+
+
+download_clean:
+ @true
+
+.PHONY: download_clean
Index: libpwquality/Makefile
===================================================================
--- libpwquality/Makefile (nonexistent)
+++ libpwquality/Makefile (revision 5)
@@ -0,0 +1,56 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+
+include ../../../../build-system/constants.mk
+
+
+url = $(DOWNLOAD_SERVER)/sources/packages/s/libpwquality
+
+versions = 1.4.4
+pkgname = libpwquality
+suffix = tar.xz
+
+tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
+sha1s = $(addsuffix .sha1sum, $(tarballs))
+
+patches = $(CURDIR)/patches/libpwquality-1.4.4-python.patch
+
+.NOTPARALLEL: $(patches)
+
+
+BUILD_TARGETS = $(tarballs) $(sha1s) $(patches)
+
+
+include ../../../../build-system/core.mk
+
+
+.PHONY: download_clean
+
+
+$(tarballs):
+ @echo -e "\n======= Downloading source tarballs =======\n" ; \
+ for tarball in $(tarballs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(sha1s): $(tarballs)
+ @for sha in $@ ; do \
+ echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
+ echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
+ touch $$sha ; \
+ echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
+ sha1sum --check $$sha ; ret="$$?" ; \
+ if [ "$$ret" == "1" ]; then \
+ echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
+ exit 1 ; \
+ fi ; \
+ done
+
+$(patches): $(sha1s)
+ @echo -e "\n======= Create Patches =======\n" ; \
+ ( cd create-1.4.4-python-patch ; ./create.patch.sh ) ; \
+ echo -e "\n"
+
+download_clean:
+ @rm -f $(tarballs) $(sha1s) $(patches)
Index: libpwquality/create-1.4.4-python-patch/create.patch.sh
===================================================================
--- libpwquality/create-1.4.4-python-patch/create.patch.sh (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=1.4.4
+
+tar --files-from=file.list -xJvf ../libpwquality-$VERSION.tar.xz
+mv libpwquality-$VERSION libpwquality-$VERSION-orig
+
+cp -rf ./libpwquality-$VERSION-new ./libpwquality-$VERSION
+
+diff --unified -Nr libpwquality-$VERSION-orig libpwquality-$VERSION > libpwquality-$VERSION-python.patch
+
+mv libpwquality-$VERSION-python.patch ../patches
+
+rm -rf ./libpwquality-$VERSION
+rm -rf ./libpwquality-$VERSION-orig
Property changes on: libpwquality/create-1.4.4-python-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: libpwquality/create-1.4.4-python-patch/file.list
===================================================================
--- libpwquality/create-1.4.4-python-patch/file.list (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/file.list (revision 5)
@@ -0,0 +1,3 @@
+libpwquality-1.4.4/python/Makefile.am
+libpwquality-1.4.4/python/Makefile.in
+libpwquality-1.4.4/python/setup.py.in
Index: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.am
===================================================================
--- libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.am (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.am (revision 5)
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2011 Red Hat, Inc.
+# Copyright (c) 2011 Tomas Mraz <tm@t8m.info>
+#
+
+pythonincdir = $(includedir)/python@PYTHONREV@
+pythonsitedir = @PYTHONSITEDIR@
+
+CLEANFILES = *~ constants.c *.so
+
+EXTRA_DIST = pwquality.c setup.py
+
+all-local:
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py egg_info
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV)
+
+install-exec-local:
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV) install --root=${DESTDIR} --prefix=${prefix} --install-lib=$(pythonsitedir)
+
+clean-local:
+ rm -rf py$(PYTHONREV)
Index: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.in
===================================================================
--- libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.in (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/Makefile.in (revision 5)
@@ -0,0 +1,491 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+#
+# Copyright (c) 2011 Red Hat, Inc.
+# Copyright (c) 2011 Tomas Mraz <tm@t8m.info>
+#
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = python
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
+ $(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
+ $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
+ $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
+ $(top_srcdir)/m4/progtest.m4 $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = setup.py
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/setup.py.in
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBCRACK = @LIBCRACK@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PAM_LIBS = @PAM_LIBS@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+PWQUALITY_LT_AGE = @PWQUALITY_LT_AGE@
+PWQUALITY_LT_CURRENT = @PWQUALITY_LT_CURRENT@
+PWQUALITY_LT_REVISION = @PWQUALITY_LT_REVISION@
+PYTHONBINARY = @PYTHONBINARY@
+PYTHONREV = @PYTHONREV@
+PYTHONSITEDIR = @PYTHONSITEDIR@
+RANLIB = @RANLIB@
+SCONFIGDIR = @SCONFIGDIR@
+SECUREDIR = @SECUREDIR@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+pythonincdir = $(includedir)/python@PYTHONREV@
+pythonsitedir = @PYTHONSITEDIR@
+CLEANFILES = *~ constants.c *.so
+EXTRA_DIST = pwquality.c setup.py
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu python/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+setup.py: $(top_builddir)/config.status $(srcdir)/setup.py.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags TAGS:
+
+ctags CTAGS:
+
+cscope cscopelist:
+
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile all-local
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-exec-local
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am all-local check check-am clean clean-generic \
+ clean-libtool clean-local cscopelist-am ctags-am distclean \
+ distclean-generic distclean-libtool distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-local install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags-am uninstall uninstall-am
+
+.PRECIOUS: Makefile
+
+
+all-local:
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py egg_info
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV)
+
+install-exec-local:
+ CFLAGS="${CFLAGS} -fno-strict-aliasing" @PYTHONBINARY@ setup.py build --build-base py$(PYTHONREV) install --root=${DESTDIR} --prefix=${prefix} --install-lib=$(pythonsitedir)
+
+clean-local:
+ rm -rf py$(PYTHONREV)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Index: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/setup.py.in
===================================================================
--- libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/setup.py.in (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/setup.py.in (revision 5)
@@ -0,0 +1,84 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+# See the end of the file for Copyright and License Information
+#
+
+import os
+
+from distutils.core import setup, Extension
+from distutils.command.build_ext import build_ext as _build_ext
+from distutils.command.sdist import sdist as _sdist
+
+def genconstants(headerfile, outputfile):
+ hf = open(headerfile, 'r')
+ of = open(outputfile, 'w')
+ of.write('/* This file is generated during build time from pwquality.h */\n\n')
+ for line in hf:
+ if line.startswith('#define PWQ_'):
+ s = line.split()
+ of.write('PyModule_AddIntConstant(module, "%s", %s);\n' % (s[1], s[2]))
+
+class build_ext(_build_ext):
+ def run(self):
+ if not os.path.exists('constants.c'):
+ genconstants('../src/pwquality.h', 'constants.c')
+ _build_ext.run(self)
+
+class sdist(_sdist):
+ def run(self):
+ if not os.path.exists('constants.c'):
+ genconstants('../src/pwquality.h', 'constants.c')
+ _sdist.run(self)
+
+python_cross_include_dir = os.getenv('PYTHON_CROSS_INCLUDE_DIR')
+
+pwqmodule = Extension('pwquality',
+ sources = ['pwquality.c'],
+ include_dirs = ['../src', python_cross_include_dir],
+ library_dirs = ['../src/.libs'],
+ libraries = ['pwquality'])
+
+setup(
+ name = 'pwquality',
+ version = '@VERSION@',
+ description = 'Python bindings for the libpwquality library for password quality checking',
+ author = 'Tomáš Mráz',
+ author_email = 'tm@t8m.info',
+ url = 'http://fedorahosted.org/libpwquality',
+ license = 'BSD or GPLv2+',
+ ext_modules = [pwqmodule],
+ cmdclass = {'build_ext': build_ext, 'sdist': sdist}
+)
+
+# Copyright (c) Red Hat, Inc, 2011
+# Copyright (c) Tomas Mraz <tm@t8m.info>, 2011
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, and the entire permission notice in its entirety,
+# including the disclaimer of warranties.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior
+# written permission.
+#
+# ALTERNATIVELY, this product may be distributed under the terms of
+# the GNU General Public License version 2 or later, in which case the
+# provisions of the GPL are required INSTEAD OF the above restrictions.
+#
+# THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
Property changes on: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python/setup.py.in
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python
===================================================================
--- libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python (revision 5)
Property changes on: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new/python
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new
===================================================================
--- libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new (nonexistent)
+++ libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new (revision 5)
Property changes on: libpwquality/create-1.4.4-python-patch/libpwquality-1.4.4-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libpwquality/create-1.4.4-python-patch
===================================================================
--- libpwquality/create-1.4.4-python-patch (nonexistent)
+++ libpwquality/create-1.4.4-python-patch (revision 5)
Property changes on: libpwquality/create-1.4.4-python-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libpwquality/patches/README
===================================================================
--- libpwquality/patches/README (nonexistent)
+++ libpwquality/patches/README (revision 5)
@@ -0,0 +1,6 @@
+
+/* begin *
+
+ TODO: Leave some comment here.
+
+ * end */
Index: libpwquality/patches
===================================================================
--- libpwquality/patches (nonexistent)
+++ libpwquality/patches (revision 5)
Property changes on: libpwquality/patches
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: libpwquality
===================================================================
--- libpwquality (nonexistent)
+++ libpwquality (revision 5)
Property changes on: libpwquality
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: pam-redhat/Makefile
===================================================================
--- pam-redhat/Makefile (nonexistent)
+++ pam-redhat/Makefile (revision 5)
@@ -0,0 +1,47 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+
+include ../../../../build-system/constants.mk
+
+
+url = $(DOWNLOAD_SERVER)/sources/packages/s/pam-redhat
+
+versions = 1.1.4
+pkgname = pam-redhat
+suffix = tar.xz
+
+tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
+sha1s = $(addsuffix .sha1sum, $(tarballs))
+
+
+BUILD_TARGETS = $(tarballs) $(sha1s)
+
+
+include ../../../../build-system/core.mk
+
+
+.PHONY: download_clean
+
+
+$(tarballs):
+ @echo -e "\n======= Downloading source tarballs =======\n" ; \
+ for tarball in $(tarballs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(sha1s): $(tarballs)
+ @for sha in $@ ; do \
+ echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
+ echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
+ touch $$sha ; \
+ echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
+ sha1sum --check $$sha ; ret="$$?" ; \
+ if [ "$$ret" == "1" ]; then \
+ echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
+ exit 1 ; \
+ fi ; \
+ done
+
+download_clean:
+ @rm -f $(tarballs) $(sha1s)
Index: pam-redhat
===================================================================
--- pam-redhat (nonexistent)
+++ pam-redhat (revision 5)
Property changes on: pam-redhat
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/Makefile
===================================================================
--- shadow/Makefile (nonexistent)
+++ shadow/Makefile (revision 5)
@@ -0,0 +1,60 @@
+
+COMPONENT_TARGETS = $(HARDWARE_NOARCH)
+
+
+include ../../../../build-system/constants.mk
+
+
+url = $(DOWNLOAD_SERVER)/sources/packages/a/shadow
+
+versions = 4.8.1
+pkgname = shadow
+suffix = tar.xz
+
+tarballs = $(addsuffix .$(suffix), $(addprefix $(pkgname)-, $(versions)))
+sha1s = $(addsuffix .sha1sum, $(tarballs))
+
+patches = $(CURDIR)/patches/shadow-4.8.1-CVE-2005-4890.patch
+patches += $(CURDIR)/patches/shadow-4.8.1-short-hostname.patch
+patches += $(CURDIR)/patches/shadow-4.8.1-sulogin-man.patch
+
+.NOTPARALLEL: $(patches)
+
+
+BUILD_TARGETS = $(tarballs) $(sha1s) $(patches)
+
+
+include ../../../../build-system/core.mk
+
+
+.PHONY: download_clean
+
+
+$(tarballs):
+ @echo -e "\n======= Downloading source tarballs =======" ; \
+ for tarball in $(tarballs) ; do \
+ echo "$(url)/$$tarball" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & \
+ done ; wait
+
+$(sha1s): $(tarballs)
+ @for sha in $@ ; do \
+ echo -e "\n======= Downloading '$$sha' signature =======\n" ; \
+ echo "$(url)/$$sha" | xargs -n 1 -P 100 wget $(WGET_OPTIONS) - & wait %1 ; \
+ touch $$sha ; \
+ echo -e "\n======= Check the '$$sha' sha1sum =======\n" ; \
+ sha1sum --check $$sha ; ret="$$?" ; \
+ if [ "$$ret" == "1" ]; then \
+ echo -e "\n======= ERROR: Bad '$$sha' sha1sum =======\n" ; \
+ exit 1 ; \
+ fi ; \
+ done
+
+$(patches): $(sha1s)
+ @echo -e "\n======= Create Patches =======\n" ; \
+ ( cd create-4.8.1-CVE-2005-4890-patch ; ./create.patch.sh ) ; \
+ ( cd create-4.8.1-short-hostname-patch ; ./create.patch.sh ) ; \
+ ( cd create-4.8.1-sulogin-man-patch ; ./create.patch.sh ) ; \
+ echo -e "\n"
+
+download_clean:
+ @rm -f $(tarballs) $(sha1s) $(patches)
Index: shadow/create-4.8.1-CVE-2005-4890-patch/create.patch.sh
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch/create.patch.sh (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=4.8.1
+
+tar --files-from=file.list -xJvf ../shadow-$VERSION.tar.xz
+mv shadow-$VERSION shadow-$VERSION-orig
+
+cp -rf ./shadow-$VERSION-new ./shadow-$VERSION
+
+diff --unified -Nr shadow-$VERSION-orig shadow-$VERSION > shadow-$VERSION-CVE-2005-4890.patch
+
+mv shadow-$VERSION-CVE-2005-4890.patch ../patches
+
+rm -rf ./shadow-$VERSION
+rm -rf ./shadow-$VERSION-orig
Property changes on: shadow/create-4.8.1-CVE-2005-4890-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: shadow/create-4.8.1-CVE-2005-4890-patch/file.list
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch/file.list (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch/file.list (revision 5)
@@ -0,0 +1 @@
+shadow-4.8.1/src/su.c
Index: shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src/su.c
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src/su.c (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src/su.c (revision 5)
@@ -0,0 +1,1205 @@
+/*
+ * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * Copyright (c) 2000 - 2006, Tomasz Kłoczko
+ * Copyright (c) 2007 - 2013, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Some parts substantially derived from an ancestor of:
+ su for GNU. Run a shell with substitute user and group IDs.
+
+ Copyright (C) 1992-2003 Free Software Foundation, Inc.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ Boston, MA 02110-1301, USA. */
+
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <getopt.h>
+#include <grp.h>
+#include <pwd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <unistd.h>
+#ifndef USE_PAM
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#endif /* !USE_PAM */
+#include "prototypes.h"
+#include "defines.h"
+#include "pwauth.h"
+#include "getdef.h"
+#ifdef USE_PAM
+#include "pam_defs.h"
+#endif /* USE_PAM */
+/*@-exitarg@*/
+#include "exitcodes.h"
+
+/*
+ * Global variables
+ */
+const char *Prog;
+static /*@observer@*/const char *caller_tty = NULL; /* Name of tty SU is run from */
+static bool caller_is_root = false;
+static uid_t caller_uid;
+#ifndef USE_PAM
+static bool caller_on_console = false;
+#ifdef SU_ACCESS
+static /*@only@*/char *caller_pass;
+#endif
+#endif /* !USE_PAM */
+static bool doshell = false;
+static bool fakelogin = false;
+static /*@observer@*/const char *shellstr;
+static /*@null@*/char *command = NULL;
+
+
+/* not needed by sulog.c anymore */
+static char name[BUFSIZ];
+static char caller_name[BUFSIZ];
+
+/* If nonzero, change some environment vars to indicate the user su'd to. */
+static bool change_environment = true;
+
+#ifdef USE_PAM
+static char kill_msg[256];
+static char wait_msg[256];
+static pam_handle_t *pamh = NULL;
+static int caught = 0;
+/* PID of the child, in case it needs to be killed */
+static pid_t pid_child = 0;
+#endif
+
+/*
+ * External identifiers
+ */
+
+extern char **newenvp; /* libmisc/env.c */
+extern size_t newenvc; /* libmisc/env.c */
+
+/* local function prototypes */
+
+static void execve_shell (const char *shellname,
+ char *args[],
+ char *const envp[]);
+#ifdef USE_PAM
+static RETSIGTYPE kill_child (int unused(s));
+static void prepare_pam_close_session (void);
+#else /* !USE_PAM */
+static RETSIGTYPE die (int);
+static bool iswheel (const char *);
+#endif /* !USE_PAM */
+static bool restricted_shell (const char *shellname);
+static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root);
+static /*@only@*/struct passwd * check_perms (void);
+#ifdef USE_PAM
+static void check_perms_pam (const struct passwd *pw);
+#else /* !USE_PAM */
+static void check_perms_nopam (const struct passwd *pw);
+#endif /* !USE_PAM */
+static void save_caller_context (char **argv);
+static void process_flags (int argc, char **argv);
+static void set_environment (struct passwd *pw);
+
+#ifndef USE_PAM
+/*
+ * die - set or reset termio modes.
+ *
+ * die() is called before processing begins. signal() is then called
+ * with die() as the signal handler. If signal later calls die() with a
+ * signal number, the terminal modes are then reset.
+ */
+static RETSIGTYPE die (int killed)
+{
+ static TERMIO sgtty;
+
+ if (killed != 0) {
+ STTY (0, &sgtty);
+ } else {
+ GTTY (0, &sgtty);
+ }
+
+ if (killed != 0) {
+ _exit (128+killed);
+ }
+}
+
+static bool iswheel (const char *username)
+{
+ struct group *grp;
+
+ grp = getgrnam ("wheel"); /* !USE_PAM, no need for xgetgrnam */
+ if ( (NULL ==grp)
+ || (NULL == grp->gr_mem)) {
+ return false;
+ }
+ return is_on_list (grp->gr_mem, username);
+}
+#else /* USE_PAM */
+static RETSIGTYPE kill_child (int unused(s))
+{
+ if (0 != pid_child) {
+ (void) kill (-pid_child, SIGKILL);
+ (void) write (STDERR_FILENO, kill_msg, strlen (kill_msg));
+ } else {
+ (void) write (STDERR_FILENO, wait_msg, strlen (wait_msg));
+ }
+ _exit (255);
+}
+#endif /* USE_PAM */
+
+/* borrowed from GNU sh-utils' "su.c" */
+static bool restricted_shell (const char *shellname)
+{
+ /*@observer@*/const char *line;
+
+ setusershell ();
+ while ((line = getusershell ()) != NULL) {
+ if (('#' != *line) && (strcmp (line, shellname) == 0)) {
+ endusershell ();
+ return false;
+ }
+ }
+ endusershell ();
+ return true;
+}
+
+static /*@noreturn@*/void su_failure (const char *tty, bool su_to_root)
+{
+ sulog (tty, false, caller_name, name); /* log failed attempt */
+#ifdef USE_SYSLOG
+ if (getdef_bool ("SYSLOG_SU_ENAB")) {
+ SYSLOG ((su_to_root ? LOG_NOTICE : LOG_INFO,
+ "- %s %s:%s", tty,
+ ('\0' != caller_name[0]) ? caller_name : "???",
+ ('\0' != name[0]) ? name : "???"));
+ }
+ closelog ();
+#endif
+
+#ifdef WITH_AUDIT
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_ROLE_CHANGE,
+ NULL, /* Prog. name */
+ "su",
+ ('\0' != caller_name[0]) ? caller_name : "???",
+ AUDIT_NO_ID,
+ "localhost",
+ NULL, /* addr */
+ tty,
+ 0); /* result */
+ close (audit_fd);
+#endif /* WITH_AUDIT */
+
+ exit (1);
+}
+
+/*
+ * execve_shell - Execute a shell with execve, or interpret it with
+ * /bin/sh
+ */
+static void execve_shell (const char *shellname,
+ char *args[],
+ char *const envp[])
+{
+ int err;
+ (void) execve (shellname, (char **) args, envp);
+ err = errno;
+
+ if (access (shellname, R_OK|X_OK) == 0) {
+ /*
+ * Assume this is a shell script (with no shebang).
+ * Interpret it with /bin/sh
+ */
+ size_t n_args = 0;
+ char **targs;
+ while (NULL != args[n_args]) {
+ n_args++;
+ }
+ targs = (char **) xmalloc ((n_args + 3) * sizeof (args[0]));
+ targs[0] = "sh";
+ targs[1] = "-";
+ targs[2] = xstrdup (shellname);
+ targs[n_args+2] = NULL;
+ while (1 != n_args) {
+ targs[n_args+1] = args[n_args - 1];
+ n_args--;
+ }
+
+ (void) execve (SHELL, targs, envp);
+ } else {
+ errno = err;
+ }
+}
+
+#ifdef USE_PAM
+/* Signal handler for parent process later */
+static void catch_signals (int sig)
+{
+ caught = sig;
+}
+
+/*
+ * prepare_pam_close_session - Fork and wait for the child to close the session
+ *
+ * Only the child returns. The parent will wait for the child to
+ * terminate and exit.
+ */
+static void prepare_pam_close_session (void)
+{
+ sigset_t ourset;
+ int status;
+ int ret;
+
+ pid_child = fork ();
+ if (pid_child == 0) { /* child shell */
+ return; /* Only the child will return from pam_create_session */
+ } else if ((pid_t)-1 == pid_child) {
+ (void) fprintf (stderr,
+ _("%s: Cannot fork user shell\n"),
+ Prog);
+ SYSLOG ((LOG_WARN, "Cannot execute %s", shellstr));
+ closelog ();
+ exit (1);
+ /* Only the child returns. See above. */
+ }
+
+ /* parent only */
+ sigfillset (&ourset);
+ if (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0) {
+ (void) fprintf (stderr,
+ _("%s: signal malfunction\n"),
+ Prog);
+ caught = SIGTERM;
+ }
+ if (0 == caught) {
+ struct sigaction action;
+
+ action.sa_handler = catch_signals;
+ sigemptyset (&action.sa_mask);
+ action.sa_flags = 0;
+ sigemptyset (&ourset);
+
+ if ( (sigaddset (&ourset, SIGTERM) != 0)
+ || (sigaddset (&ourset, SIGALRM) != 0)
+ || (sigaction (SIGTERM, &action, NULL) != 0)
+ || ( !doshell /* handle SIGINT (Ctrl-C), SIGQUIT
+ * (Ctrl-\), and SIGTSTP (Ctrl-Z)
+ * since the child will not control
+ * the tty.
+ */
+ && ( (sigaddset (&ourset, SIGINT) != 0)
+ || (sigaddset (&ourset, SIGQUIT) != 0)
+ || (sigaddset (&ourset, SIGTSTP) != 0)
+ || (sigaction (SIGINT, &action, NULL) != 0)
+ || (sigaction (SIGQUIT, &action, NULL) != 0)
+ || (sigaction (SIGTSTP, &action, NULL) != 0)))
+ || (sigprocmask (SIG_UNBLOCK, &ourset, NULL) != 0)
+ ) {
+ fprintf (stderr,
+ _("%s: signal masking malfunction\n"),
+ Prog);
+ caught = SIGTERM;
+ }
+ }
+
+ if (0 == caught) {
+ bool stop = true;
+
+ do {
+ pid_t pid;
+ stop = true;
+
+ pid = waitpid (-1, &status, WUNTRACED);
+
+ /* When interrupted by signal, the signal will be
+ * forwarded to the child, and termination will be
+ * forced later.
+ */
+ if ( ((pid_t)-1 == pid)
+ && (EINTR == errno)
+ && (SIGTSTP == caught)) {
+ caught = 0;
+ /* Except for SIGTSTP, which request to
+ * stop the child.
+ * We will SIGSTOP ourself on the next
+ * waitpid round.
+ */
+ kill (pid_child, SIGSTOP);
+ stop = false;
+ } else if ( ((pid_t)-1 != pid)
+ && (0 != WIFSTOPPED (status))) {
+ /* The child (shell) was suspended.
+ * Suspend su. */
+ kill (getpid (), SIGSTOP);
+ /* wake child when resumed */
+ kill (pid, SIGCONT);
+ stop = false;
+ } else if ( (pid_t)-1 != pid) {
+ pid_child = 0;
+ }
+ } while (!stop);
+ }
+
+ if (0 != caught && 0 != pid_child) {
+ (void) fputs ("\n", stderr);
+ (void) fputs (_("Session terminated, terminating shell..."),
+ stderr);
+ (void) kill (-pid_child, caught);
+
+ snprintf (kill_msg, sizeof kill_msg, _(" ...killed.\n"));
+ snprintf (wait_msg, sizeof wait_msg, _(" ...waiting for child to terminate.\n"));
+
+ (void) signal (SIGALRM, kill_child);
+ (void) signal (SIGCHLD, catch_signals);
+ (void) alarm (2);
+
+ sigemptyset (&ourset);
+ if ((sigaddset (&ourset, SIGALRM) != 0)
+ || (sigprocmask (SIG_BLOCK, &ourset, NULL) != 0)) {
+ fprintf (stderr, _("%s: signal masking malfunction\n"), Prog);
+ kill_child (0);
+ } else {
+ while (0 == waitpid (pid_child, &status, WNOHANG)) {
+ sigsuspend (&ourset);
+ }
+ pid_child = 0;
+ (void) sigprocmask (SIG_UNBLOCK, &ourset, NULL);
+ }
+
+ (void) fputs (_(" ...terminated.\n"), stderr);
+ }
+
+ ret = pam_close_session (pamh, 0);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_close_session: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
+ }
+
+ (void) pam_setcred (pamh, PAM_DELETE_CRED);
+ (void) pam_end (pamh, PAM_SUCCESS);
+
+ exit ((0 != WIFEXITED (status)) ? WEXITSTATUS (status)
+ : WTERMSIG (status) + 128);
+ /* Only the child returns. See above. */
+}
+#endif /* USE_PAM */
+
+/*
+ * usage - print command line syntax and exit
+ */
+static void usage (int status)
+{
+ (void)
+ fputs (_("Usage: su [options] [-] [username [args]]\n"
+ "\n"
+ "Options:\n"
+ " -c, --command COMMAND pass COMMAND to the invoked shell\n"
+ " -h, --help display this help message and exit\n"
+ " -, -l, --login make the shell a login shell\n"
+ " -m, -p,\n"
+ " --preserve-environment do not reset environment variables, and\n"
+ " keep the same shell\n"
+ " -s, --shell SHELL use SHELL instead of the default in passwd\n"
+ "\n"
+ "If no username is given, assume root.\n"), (E_SUCCESS != status) ? stderr : stdout);
+ exit (status);
+}
+
+#ifdef USE_PAM
+static void check_perms_pam (const struct passwd *pw)
+{
+ int ret;
+ ret = pam_authenticate (pamh, 0);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG (((pw->pw_uid != 0)? LOG_NOTICE : LOG_WARN, "pam_authenticate: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
+ (void) pam_end (pamh, ret);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+
+ ret = pam_acct_mgmt (pamh, 0);
+ if (PAM_SUCCESS != ret) {
+ if (caller_is_root) {
+ fprintf (stderr,
+ _("%s: %s\n(Ignored)\n"),
+ Prog, pam_strerror (pamh, ret));
+ } else if (PAM_NEW_AUTHTOK_REQD == ret) {
+ ret = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_chauthtok: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr,
+ _("%s: %s\n"),
+ Prog, pam_strerror (pamh, ret));
+ (void) pam_end (pamh, ret);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+ } else {
+ SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr,
+ _("%s: %s\n"),
+ Prog, pam_strerror (pamh, ret));
+ (void) pam_end (pamh, ret);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+ }
+}
+#else /* !USE_PAM */
+static void check_perms_nopam (const struct passwd *pw)
+{
+ /*@observer@*/const struct spwd *spwd = NULL;
+ /*@observer@*/const char *password = pw->pw_passwd;
+ RETSIGTYPE (*oldsig) (int);
+
+ if (caller_is_root) {
+ return;
+ }
+
+ /*
+ * BSD systems only allow "wheel" to SU to root. USG systems don't,
+ * so we make this a configurable option.
+ */
+
+ /* The original Shadow 3.3.2 did this differently. Do it like BSD:
+ *
+ * - check for UID 0 instead of name "root" - there are systems with
+ * several root accounts under different names,
+ *
+ * - check the contents of /etc/group instead of the current group
+ * set (you must be listed as a member, GID 0 is not sufficient).
+ *
+ * In addition to this traditional feature, we now have complete su
+ * access control (allow, deny, no password, own password). Thanks
+ * to Chris Evans <lady0110@sable.ox.ac.uk>.
+ */
+
+ if ( (0 == pw->pw_uid)
+ && getdef_bool ("SU_WHEEL_ONLY")
+ && !iswheel (caller_name)) {
+ fprintf (stderr,
+ _("You are not authorized to su %s\n"),
+ name);
+ exit (1);
+ }
+ spwd = getspnam (name); /* !USE_PAM, no need for xgetspnam */
+#ifdef SU_ACCESS
+ if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
+ if (NULL != spwd) {
+ password = spwd->sp_pwdp;
+ }
+ }
+
+ switch (check_su_auth (caller_name, name, 0 == pw->pw_uid)) {
+ case 0: /* normal su, require target user's password */
+ break;
+ case 1: /* require no password */
+ password = ""; /* XXX warning: const */
+ break;
+ case 2: /* require own password */
+ (void) puts (_("(Enter your own password)"));
+ password = caller_pass;
+ break;
+ default: /* access denied (-1) or unexpected value */
+ fprintf (stderr,
+ _("You are not authorized to su %s\n"),
+ name);
+ exit (1);
+ }
+#endif /* SU_ACCESS */
+ /*
+ * Set up a signal handler in case the user types QUIT.
+ */
+ die (0);
+ oldsig = signal (SIGQUIT, die);
+
+ /*
+ * See if the system defined authentication method is being used.
+ * The first character of an administrator defined method is an '@'
+ * character.
+ */
+ if (pw_auth (password, name, PW_SU, (char *) 0) != 0) {
+ SYSLOG (((pw->pw_uid != 0)? LOG_NOTICE : LOG_WARN,
+ "Authentication failed for %s", name));
+ fprintf(stderr, _("%s: Authentication failure\n"), Prog);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+ (void) signal (SIGQUIT, oldsig);
+
+ /*
+ * Check to see if the account is expired. root gets to ignore any
+ * expired accounts, but normal users can't become a user with an
+ * expired password.
+ */
+ if (NULL != spwd) {
+ (void) expire (pw, spwd);
+ }
+
+ /*
+ * Check to see if the account permits "su". root gets to ignore any
+ * restricted accounts, but normal users can't become a user if
+ * there is a "SU" entry in the /etc/porttime file denying access to
+ * the account.
+ */
+ if (!isttytime (name, "SU", time ((time_t *) 0))) {
+ SYSLOG (((0 != pw->pw_uid) ? LOG_WARN : LOG_CRIT,
+ "SU by %s to restricted account %s",
+ caller_name, name));
+ fprintf (stderr,
+ _("%s: You are not authorized to su at that time\n"),
+ Prog);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+}
+#endif /* !USE_PAM */
+
+/*
+ * check_perms - check permissions to switch to the user 'name'
+ *
+ * In case of subsystem login, the user is first authenticated in the
+ * caller's root subsystem, and then in the user's target subsystem.
+ */
+static /*@only@*/struct passwd * check_perms (void)
+{
+#ifdef USE_PAM
+ const char *tmp_name;
+ int ret;
+#endif /* !USE_PAM */
+ /*
+ * The password file entries for the user is gotten and the account
+ * validated.
+ */
+ struct passwd *pw = xgetpwnam (name);
+ if (NULL == pw) {
+ (void) fprintf (stderr,
+ _("No passwd entry for user '%s'\n"), name);
+ SYSLOG ((LOG_NOTICE, "No passwd entry for user '%s'", name));
+ su_failure (caller_tty, true);
+ }
+
+ (void) signal (SIGINT, SIG_IGN);
+ (void) signal (SIGQUIT, SIG_IGN);
+
+#ifdef USE_PAM
+ check_perms_pam (pw);
+ /* PAM authentication can request a change of account */
+ ret = pam_get_item(pamh, PAM_USER, (const void **) &tmp_name);
+ if (ret != PAM_SUCCESS) {
+ SYSLOG((LOG_ERR, "pam_get_item: internal PAM error\n"));
+ (void) fprintf (stderr,
+ "%s: Internal PAM error retrieving username\n",
+ Prog);
+ (void) pam_end (pamh, ret);
+ su_failure (caller_tty, 0 == pw->pw_uid);
+ }
+ if (strcmp (name, tmp_name) != 0) {
+ SYSLOG ((LOG_INFO,
+ "Change user from '%s' to '%s' as requested by PAM",
+ name, tmp_name));
+ strncpy (name, tmp_name, sizeof(name) - 1);
+ name[sizeof(name) - 1] = '\0';
+ pw = xgetpwnam (name);
+ if (NULL == pw) {
+ (void) fprintf (stderr,
+ _("No passwd entry for user '%s'\n"),
+ name);
+ SYSLOG ((LOG_NOTICE,
+ "No passwd entry for user '%s'", name));
+ su_failure (caller_tty, true);
+ }
+ }
+#else /* !USE_PAM */
+ check_perms_nopam (pw);
+#endif /* !USE_PAM */
+
+ (void) signal (SIGINT, SIG_DFL);
+ (void) signal (SIGQUIT, SIG_DFL);
+
+ /*
+ * Even if --shell is specified, the subsystem login test is based on
+ * the shell specified in /etc/passwd (not the one specified with
+ * --shell, which will be the one executed in the chroot later).
+ */
+ if ('*' == pw->pw_shell[0]) { /* subsystem root required */
+ subsystem (pw); /* change to the subsystem root */
+ endpwent (); /* close the old password databases */
+ endspent ();
+ pw_free (pw);
+ return check_perms (); /* authenticate in the subsystem */
+ }
+
+ return pw;
+}
+
+/*
+ * save_caller_context - save information from the call context
+ *
+ * Save the program's name (Prog), caller's UID (caller_uid /
+ * caller_is_root), name (caller_name), and password (caller_pass),
+ * the TTY (ttyp), and whether su was called from a console
+ * (is_console) for further processing and before they might change.
+ */
+static void save_caller_context (char **argv)
+{
+ struct passwd *pw = NULL;
+#ifndef USE_PAM
+#ifdef SU_ACCESS
+ const char *password = NULL;
+#endif /* SU_ACCESS */
+#endif /* !USE_PAM */
+ /*
+ * Get the program name. The program name is used as a prefix to
+ * most error messages.
+ */
+ Prog = Basename (argv[0]);
+
+ caller_uid = getuid ();
+ caller_is_root = (caller_uid == 0);
+
+ /*
+ * Get the tty name. Entries will be logged indicating that the user
+ * tried to change to the named new user from the current terminal.
+ */
+ caller_tty = ttyname (0);
+ if ((isatty (0) != 0) && (NULL != caller_tty)) {
+#ifndef USE_PAM
+ caller_on_console = console (caller_tty);
+#endif /* !USE_PAM */
+ } else {
+ /*
+ * Be more paranoid, like su from SimplePAMApps. --marekm
+ */
+ if (!caller_is_root) {
+ fprintf (stderr,
+ _("%s: must be run from a terminal\n"),
+ Prog);
+ exit (1);
+ }
+ caller_tty = "???";
+ }
+
+ /*
+ * Get the user's real name. The current UID is used to determine
+ * who has executed su. That user ID must exist.
+ */
+ pw = get_my_pwent ();
+ if (NULL == pw) {
+ fprintf (stderr,
+ _("%s: Cannot determine your user name.\n"),
+ Prog);
+ SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
+ (unsigned long) caller_uid));
+ su_failure (caller_tty, true); /* unknown target UID*/
+ }
+ STRFCPY (caller_name, pw->pw_name);
+
+#ifndef USE_PAM
+#ifdef SU_ACCESS
+ /*
+ * Sort out the password of user calling su, in case needed later
+ * -- chris
+ */
+ password = pw->pw_passwd;
+ if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
+ const struct spwd *spwd = getspnam (caller_name);
+ if (NULL != spwd) {
+ password = spwd->sp_pwdp;
+ }
+ }
+ free (caller_pass);
+ caller_pass = xstrdup (password);
+#endif /* SU_ACCESS */
+#endif /* !USE_PAM */
+ pw_free (pw);
+}
+
+/*
+ * process_flags - Process the command line arguments
+ *
+ * process_flags() interprets the command line arguments and sets
+ * the values that the user will be created with accordingly. The
+ * values are checked for sanity.
+ */
+static void process_flags (int argc, char **argv)
+{
+ int c;
+ static struct option long_options[] = {
+ {"command", required_argument, NULL, 'c'},
+ {"help", no_argument, NULL, 'h'},
+ {"login", no_argument, NULL, 'l'},
+ {"preserve-environment", no_argument, NULL, 'p'},
+ {"shell", required_argument, NULL, 's'},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv, "c:hlmps:",
+ long_options, NULL)) != -1) {
+ switch (c) {
+ case 'c':
+ command = optarg;
+ break;
+ case 'h':
+ usage (E_SUCCESS);
+ break;
+ case 'l':
+ fakelogin = true;
+ break;
+ case 'm':
+ case 'p':
+ /* This will only have an effect if the target
+ * user do not have a restricted shell, or if
+ * su is called by root.
+ */
+ change_environment = false;
+ break;
+ case 's':
+ shellstr = optarg;
+ break;
+ default:
+ usage (E_USAGE); /* NOT REACHED */
+ }
+ }
+
+ if ((optind < argc) && (strcmp (argv[optind], "-") == 0)) {
+ fakelogin = true;
+ optind++;
+ }
+
+ if (optind < argc) {
+ STRFCPY (name, argv[optind++]); /* use this login id */
+ }
+ if ('\0' == name[0]) { /* use default user */
+ struct passwd *root_pw = getpwnam ("root");
+ if ((NULL != root_pw) && (0 == root_pw->pw_uid)) {
+ (void) strcpy (name, "root");
+ } else {
+ root_pw = getpwuid (0);
+ if (NULL == root_pw) {
+ SYSLOG ((LOG_CRIT, "There is no UID 0 user."));
+ su_failure (caller_tty, true);
+ }
+ (void) strcpy (name, root_pw->pw_name);
+ }
+ }
+
+ doshell = (argc == optind); /* any arguments remaining? */
+ if (NULL != command) {
+ doshell = false;
+ }
+}
+
+static void set_environment (struct passwd *pw)
+{
+ const char *cp;
+ /*
+ * If a new login is being set up, the old environment will be
+ * ignored and a new one created later on.
+ */
+ if (change_environment && fakelogin) {
+ /*
+ * The terminal type will be left alone if it is present in
+ * the environment already.
+ */
+ cp = getenv ("TERM");
+ if (NULL != cp) {
+ addenv ("TERM", cp);
+ }
+
+ /*
+ * For some terminals COLORTERM seems to be the only way
+ * for checking for that specific terminal. For instance,
+ * gnome-terminal sets its TERM as "xterm" but its
+ * COLORTERM as "gnome-terminal". The COLORTERM variable
+ * is also of use when running GNU screen since it sets
+ * TERM to "screen" but doesn't touch COLORTERM.
+ */
+ cp = getenv ("COLORTERM");
+ if (NULL != cp) {
+ addenv ("COLORTERM", cp);
+ }
+
+#ifndef USE_PAM
+ cp = getdef_str ("ENV_TZ");
+ if (NULL != cp) {
+ addenv (('/' == *cp) ? tz (cp) : cp, NULL);
+ }
+
+ /*
+ * The clock frequency will be reset to the login value if required
+ */
+ cp = getdef_str ("ENV_HZ");
+ if (NULL != cp) {
+ addenv (cp, NULL); /* set the default $HZ, if one */
+ }
+#endif /* !USE_PAM */
+
+ /*
+ * Also leave DISPLAY and XAUTHORITY if present, else
+ * pam_xauth will not work.
+ */
+ cp = getenv ("DISPLAY");
+ if (NULL != cp) {
+ addenv ("DISPLAY", cp);
+ }
+ cp = getenv ("XAUTHORITY");
+ if (NULL != cp) {
+ addenv ("XAUTHORITY", cp);
+ }
+ } else {
+ char **envp = environ;
+ while (NULL != *envp) {
+ addenv (*envp, NULL);
+ envp++;
+ }
+ }
+
+ cp = getdef_str ((pw->pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
+ if (NULL == cp) {
+ addenv ((pw->pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
+ } else if (strchr (cp, '=') != NULL) {
+ addenv (cp, NULL);
+ } else {
+ addenv ("PATH", cp);
+ }
+
+ if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
+ addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
+ }
+
+ environ = newenvp; /* make new environment active */
+
+ if (change_environment) {
+ if (fakelogin) {
+ if (shellstr != pw->pw_shell) {
+ free (pw->pw_shell);
+ pw->pw_shell = xstrdup (shellstr);
+ }
+ setup_env (pw);
+ } else {
+ addenv ("HOME", pw->pw_dir);
+ addenv ("USER", pw->pw_name);
+ addenv ("LOGNAME", pw->pw_name);
+ addenv ("SHELL", shellstr);
+ }
+
+#ifdef USE_PAM
+ /* we need to setup the environment *after* pam_open_session(),
+ * else the UID is changed before stuff like pam_xauth could
+ * run, and we cannot access /etc/shadow and co
+ */
+ /* update environment with all pam set variables */
+ char **envcp = pam_getenvlist (pamh);
+ if (NULL != envcp) {
+ while (NULL != *envcp) {
+ addenv (*envcp, NULL);
+ envcp++;
+ }
+ }
+#endif /* !USE_PAM */
+ }
+
+}
+
+/*
+ * su - switch user id
+ *
+ * su changes the user's ids to the values for the specified user. if
+ * no new user name is specified, "root" or UID 0 is used by default.
+ *
+ * Any additional arguments are passed to the user's shell. In
+ * particular, the argument "-c" will cause the next argument to be
+ * interpreted as a command by the common shell programs.
+ */
+int main (int argc, char **argv)
+{
+ const char *cp;
+ struct passwd *pw = NULL;
+
+#ifdef USE_PAM
+ int ret;
+#endif /* USE_PAM */
+
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
+
+ save_caller_context (argv);
+
+ OPENLOG ("su");
+
+ process_flags (argc, argv);
+
+ initenv ();
+
+#ifdef USE_PAM
+ ret = pam_start ("su", name, &conv, &pamh);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
+ fprintf (stderr,
+ _("%s: pam_start: error %d\n"),
+ Prog, ret));
+ exit (1);
+ }
+
+ ret = pam_set_item (pamh, PAM_TTY, (const void *) caller_tty);
+ if (PAM_SUCCESS == ret) {
+ ret = pam_set_item (pamh, PAM_RUSER, (const void *) caller_name);
+ }
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_set_item: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
+ pam_end (pamh, ret);
+ exit (1);
+ }
+#endif /* USE_PAM */
+
+ pw = check_perms ();
+
+ /* If the user do not want to change the environment,
+ * use the current SHELL.
+ * (unless another shell is required by the command line)
+ */
+ if ((NULL == shellstr) && !change_environment) {
+ shellstr = getenv ("SHELL");
+ }
+
+ /* If su is not called by root, and the target user has a
+ * restricted shell, the environment must be changed and the shell
+ * must be the one specified in /etc/passwd.
+ */
+ if ( !caller_is_root
+ && restricted_shell (pw->pw_shell)) {
+ shellstr = NULL;
+ change_environment = true;
+ }
+
+ /* If the shell is not set at this time, use the shell specified
+ * in /etc/passwd.
+ */
+ if (NULL == shellstr) {
+ shellstr = pw->pw_shell;
+ }
+
+ /*
+ * Set the default shell.
+ */
+ if ((NULL == shellstr) || ('\0' == shellstr[0])) {
+ shellstr = SHELL;
+ }
+
+ sulog (caller_tty, true, caller_name, name); /* save SU information */
+#ifdef USE_SYSLOG
+ if (getdef_bool ("SYSLOG_SU_ENAB")) {
+ SYSLOG ((LOG_INFO, "+ %s %s:%s", caller_tty,
+ ('\0' != caller_name[0]) ? caller_name : "???",
+ ('\0' != name[0]) ? name : "???"));
+ }
+#endif
+
+#ifdef USE_PAM
+ /* set primary group id and supplementary groups */
+ if (setup_groups (pw) != 0) {
+ pam_end (pamh, PAM_ABORT);
+ exit (1);
+ }
+
+ /*
+ * pam_setcred() may do things like resource limits, console groups,
+ * and much more, depending on the configured modules
+ */
+ ret = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_setcred: %s", pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
+ (void) pam_end (pamh, ret);
+ exit (1);
+ }
+
+ ret = pam_open_session (pamh, 0);
+ if (PAM_SUCCESS != ret) {
+ SYSLOG ((LOG_ERR, "pam_open_session: %s",
+ pam_strerror (pamh, ret)));
+ fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
+ pam_setcred (pamh, PAM_DELETE_CRED);
+ (void) pam_end (pamh, ret);
+ exit (1);
+ }
+
+ prepare_pam_close_session ();
+
+ /* become the new user */
+ if (change_uid (pw) != 0) {
+ exit (1);
+ }
+#else /* !USE_PAM */
+ /* no limits if su from root (unless su must fake login's behavior) */
+ if (!caller_is_root || fakelogin) {
+ setup_limits (pw);
+ }
+
+ if (setup_uid_gid (pw, caller_on_console) != 0) {
+ exit (1);
+ }
+#endif /* !USE_PAM */
+
+#ifdef WITH_AUDIT
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_ROLE_CHANGE,
+ NULL, /* Prog. name */
+ "su",
+ ('\0' != caller_name[0]) ? caller_name : "???",
+ AUDIT_NO_ID,
+ "localhost",
+ NULL, /* addr */
+ caller_tty,
+ 1); /* result */
+ close (audit_fd);
+#endif /* WITH_AUDIT */
+
+ set_environment (pw);
+
+ if (!doshell && pw->pw_uid != 0) {
+ /* There is no need for a controlling terminal.
+ * This avoids the callee to inject commands on
+ * the caller's tty when the callee is not root. */
+ int err = -1;
+
+#ifdef USE_PAM
+ /* When PAM is used, we are on the child */
+ err = setsid ();
+#else
+ /* Otherwise, we cannot use setsid */
+ int fd = open ("/dev/tty", O_RDWR);
+
+ if (fd >= 0) {
+ err = ioctl (fd, TIOCNOTTY, (char *) 0);
+ (void) close (fd);
+ } else if (ENXIO == errno) {
+ /* There are no controlling terminal already */
+ err = 0;
+ }
+#endif /* USE_PAM */
+
+ if (-1 == err) {
+ (void) fprintf (stderr,
+ _("%s: Cannot drop the controlling terminal\n"),
+ Prog);
+ exit (1);
+ }
+ }
+
+ /*
+ * PAM_DATA_SILENT is not supported by some modules, and
+ * there is no strong need to clean up the process space's
+ * memory since we will either call exec or exit.
+ pam_end (pamh, PAM_SUCCESS | PAM_DATA_SILENT);
+ */
+
+ endpwent ();
+ endspent ();
+ /*
+ * This is a workaround for Linux libc bug/feature (?) - the
+ * /dev/log file descriptor is open without the close-on-exec flag
+ * and used to be passed to the new shell. There is "fcntl(LogFile,
+ * F_SETFD, 1)" in libc/misc/syslog.c, but it is commented out (at
+ * least in 5.4.33). Why? --marekm
+ */
+ closelog ();
+
+ /*
+ * See if the user has extra arguments on the command line. In that
+ * case they will be provided to the new user's shell as arguments.
+ */
+ if (fakelogin) {
+ char *arg0;
+
+ cp = getdef_str ("SU_NAME");
+ if (NULL == cp) {
+ cp = Basename (shellstr);
+ }
+
+ arg0 = xmalloc (strlen (cp) + 2);
+ arg0[0] = '-';
+ strcpy (arg0 + 1, cp);
+ cp = arg0;
+ } else {
+ cp = Basename (shellstr);
+ }
+
+ if (!doshell) {
+ int err;
+ /* Position argv to the remaining arguments */
+ argv += optind;
+ if (NULL != command) {
+ argv -= 2;
+ argv[0] = "-c";
+ argv[1] = command;
+ }
+ /*
+ * Use the shell and create an argv
+ * with the rest of the command line included.
+ */
+ argv[-1] = cp;
+ execve_shell (shellstr, &argv[-1], environ);
+ err = errno;
+ (void) fprintf (stderr,
+ _("Cannot execute %s\n"), shellstr);
+ errno = err;
+ } else {
+ (void) shell (shellstr, cp, environ);
+ }
+
+ pw_free (pw);
+
+ return (errno == ENOENT ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
+}
+
Index: shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src (revision 5)
Property changes on: shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new/src
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new (revision 5)
Property changes on: shadow/create-4.8.1-CVE-2005-4890-patch/shadow-4.8.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-CVE-2005-4890-patch
===================================================================
--- shadow/create-4.8.1-CVE-2005-4890-patch (nonexistent)
+++ shadow/create-4.8.1-CVE-2005-4890-patch (revision 5)
Property changes on: shadow/create-4.8.1-CVE-2005-4890-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-short-hostname-patch/create.patch.sh
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/create.patch.sh (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=4.8.1
+
+tar --files-from=file.list -xJvf ../shadow-$VERSION.tar.xz
+mv shadow-$VERSION shadow-$VERSION-orig
+
+cp -rf ./shadow-$VERSION-new ./shadow-$VERSION
+
+diff --unified -Nr shadow-$VERSION-orig shadow-$VERSION > shadow-$VERSION-short-hostname.patch
+
+mv shadow-$VERSION-short-hostname.patch ../patches
+
+rm -rf ./shadow-$VERSION
+rm -rf ./shadow-$VERSION-orig
Property changes on: shadow/create-4.8.1-short-hostname-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: shadow/create-4.8.1-short-hostname-patch/file.list
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/file.list (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/file.list (revision 5)
@@ -0,0 +1,2 @@
+shadow-4.8.1/libmisc/loginprompt.c
+shadow-4.8.1/src/login.c
Index: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc/loginprompt.c
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc/loginprompt.c (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc/loginprompt.c (revision 5)
@@ -0,0 +1,187 @@
+/*
+ * Copyright (c) 1989 - 1993, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2000, Marek Michałkiewicz
+ * Copyright (c) 2003 - 2005, Tomasz Kłoczko
+ * Copyright (c) 2008 - 2011, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <assert.h>
+#include <stdio.h>
+#include <signal.h>
+#include <ctype.h>
+#include "prototypes.h"
+#include "defines.h"
+#include "getdef.h"
+
+static void login_exit (unused int sig)
+{
+ exit (EXIT_FAILURE);
+}
+
+/*
+ * login_prompt - prompt the user for their login name
+ *
+ * login_prompt() displays the standard login prompt. If ISSUE_FILE
+ * is set in login.defs, this file is displayed before the prompt.
+ */
+
+void login_prompt (const char *prompt, char *name, int namesize)
+{
+ char buf[1024];
+
+#define MAX_ENV 32
+ char *envp[MAX_ENV];
+ char *cp;
+ int i;
+ FILE *fp;
+
+ RETSIGTYPE (*sigquit) (int);
+#ifdef SIGTSTP
+ RETSIGTYPE (*sigtstp) (int);
+#endif
+
+ /*
+ * There is a small chance that a QUIT character will be part of
+ * some random noise during a prompt. Deal with this by exiting
+ * instead of core dumping. If SIGTSTP is defined, do the same
+ * thing for that signal.
+ */
+
+ sigquit = signal (SIGQUIT, login_exit);
+#ifdef SIGTSTP
+ sigtstp = signal (SIGTSTP, login_exit);
+#endif
+
+ /*
+ * See if the user has configured the issue file to
+ * be displayed and display it before the prompt.
+ */
+
+ if (NULL != prompt) {
+ const char *fname = getdef_str ("ISSUE_FILE");
+ if (NULL != fname) {
+ fp = fopen (fname, "r");
+ if (NULL != fp) {
+ while ((i = getc (fp)) != EOF) {
+ (void) putc (i, stdout);
+ }
+
+ (void) fclose (fp);
+ }
+ }
+ (void) gethostname (buf, sizeof buf);
+ /* Trim away everything after the first '.': */
+ i = 0;
+ while (buf[i] != '\0' && i < sizeof(buf) - 1) {
+ if (buf[i] == '.') {
+ buf[i] = '\0';
+ break;
+ }
+ i++;
+ }
+ printf (prompt, buf);
+ (void) fflush (stdout);
+ }
+
+ /*
+ * Read the user's response. The trailing newline will be
+ * removed.
+ */
+
+ memzero (buf, sizeof buf);
+ if (fgets (buf, (int) sizeof buf, stdin) != buf) {
+ exit (EXIT_FAILURE);
+ }
+
+ cp = strchr (buf, '\n');
+ if (NULL == cp) {
+ exit (EXIT_FAILURE);
+ }
+ *cp = '\0'; /* remove \n [ must be there ] */
+
+ /*
+ * Skip leading whitespace. This makes " username" work right.
+ * Then copy the rest (up to the end or the first "non-graphic"
+ * character into the username.
+ */
+
+ for (cp = buf; *cp == ' ' || *cp == '\t'; cp++);
+
+ for (i = 0; i < namesize - 1 && isgraph (*cp); name[i++] = *cp++);
+ while (isgraph (*cp)) {
+ cp++;
+ }
+
+ if ('\0' != *cp) {
+ cp++;
+ }
+
+ name[i] = '\0';
+
+ /*
+ * This is a disaster, at best. The user may have entered extra
+ * environmental variables at the prompt. There are several ways
+ * to do this, and I just take the easy way out.
+ */
+
+ if ('\0' != *cp) { /* process new variables */
+ char *nvar;
+ int count = 1;
+ int envc;
+
+ for (envc = 0; envc < MAX_ENV; envc++) {
+ nvar = strtok ((0 != envc) ? (char *) 0 : cp, " \t,");
+ if (NULL == nvar) {
+ break;
+ }
+ if (strchr (nvar, '=') != NULL) {
+ envp[envc] = nvar;
+ } else {
+ size_t len = strlen (nvar) + 32;
+ envp[envc] = xmalloc (len);
+ (void) snprintf (envp[envc], len,
+ "L%d=%s", count++, nvar);
+ }
+ }
+ set_env (envc, envp);
+ }
+
+ /*
+ * Set the SIGQUIT handler back to its original value
+ */
+
+ (void) signal (SIGQUIT, sigquit);
+#ifdef SIGTSTP
+ (void) signal (SIGTSTP, sigtstp);
+#endif
+}
+
Index: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc (revision 5)
Property changes on: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/libmisc
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src/login.c
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src/login.c (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src/login.c (revision 5)
@@ -0,0 +1,1366 @@
+/*
+ * Copyright (c) 1989 - 1994, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2001, Marek Michałkiewicz
+ * Copyright (c) 2001 - 2006, Tomasz Kłoczko
+ * Copyright (c) 2007 - 2012, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ * endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <config.h>
+
+#ident "$Id$"
+
+#include <errno.h>
+#include <grp.h>
+#ifndef USE_PAM
+#include <lastlog.h>
+#endif /* !USE_PAM */
+#include <pwd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <assert.h>
+#include "defines.h"
+#include "faillog.h"
+#include "failure.h"
+#include "getdef.h"
+#include "prototypes.h"
+#include "pwauth.h"
+/*@-exitarg@*/
+#include "exitcodes.h"
+
+#ifdef USE_PAM
+#include "pam_defs.h"
+
+static pam_handle_t *pamh = NULL;
+
+#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
+ fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
+ SYSLOG((LOG_ERR,"%s",pam_strerror(pamh, retcode))); \
+ (void) pam_end(pamh, retcode); \
+ exit(1); \
+ }
+#define PAM_END { retcode = pam_close_session(pamh,0); \
+ (void) pam_end(pamh,retcode); }
+
+#endif /* USE_PAM */
+
+#ifndef USE_PAM
+/*
+ * Needed for MkLinux DR1/2/2.1 - J.
+ */
+#ifndef LASTLOG_FILE
+#define LASTLOG_FILE "/var/log/lastlog"
+#endif
+#endif /* !USE_PAM */
+
+/*
+ * Global variables
+ */
+const char *Prog;
+
+static const char *hostname = "";
+static /*@null@*/ /*@only@*/char *username = NULL;
+static int reason = PW_LOGIN;
+
+#ifndef USE_PAM
+static struct lastlog ll;
+#endif /* !USE_PAM */
+static bool pflg = false;
+static bool fflg = false;
+
+#ifdef RLOGIN
+static bool rflg = false;
+#else /* RLOGIN */
+#define rflg false
+#endif /* !RLOGIN */
+static bool hflg = false;
+static bool preauth_flag = false;
+
+static bool amroot;
+static char tmsg[256];
+
+/*
+ * External identifiers.
+ */
+
+extern char **newenvp;
+extern size_t newenvc;
+extern char **environ;
+
+#ifndef ALARM
+#define ALARM 60
+#endif
+
+#ifndef RETRIES
+#define RETRIES 3
+#endif
+
+/* local function prototypes */
+static void usage (void);
+static void setup_tty (void);
+static void process_flags (int argc, char *const *argv);
+static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user);
+static void update_utmp (const char *user,
+ const char *tty,
+ const char *host,
+#ifdef USE_UTMPX
+ /*@null@*/const struct utmpx *utent
+#else
+ /*@null@*/const struct utmp *utent
+#endif
+ );
+
+#ifndef USE_PAM
+static struct faillog faillog;
+
+static void bad_time_notify (void);
+static void check_nologin (bool login_to_root);
+#else
+static void get_pam_user (char **ptr_pam_user);
+#endif
+
+static void init_env (void);
+static RETSIGTYPE alarm_handler (int);
+
+/*
+ * usage - print login command usage and exit
+ *
+ * login [ name ]
+ * login -r hostname (for rlogind)
+ * login -h hostname (for telnetd, etc.)
+ * login -f name (for pre-authenticated login: datakit, xterm, etc.)
+ */
+static void usage (void)
+{
+ fprintf (stderr, _("Usage: %s [-p] [name]\n"), Prog);
+ if (!amroot) {
+ exit (1);
+ }
+ fprintf (stderr, _(" %s [-p] [-h host] [-f name]\n"), Prog);
+#ifdef RLOGIN
+ fprintf (stderr, _(" %s [-p] -r host\n"), Prog);
+#endif /* RLOGIN */
+ exit (1);
+}
+
+static void setup_tty (void)
+{
+ TERMIO termio;
+
+ if (GTTY (0, &termio) == 0) { /* get terminal characteristics */
+ int erasechar;
+ int killchar;
+
+ /*
+ * Add your favorite terminal modes here ...
+ */
+ termio.c_lflag |= ISIG | ICANON | ECHO | ECHOE;
+ termio.c_iflag |= ICRNL;
+
+#if defined(ECHOKE) && defined(ECHOCTL)
+ termio.c_lflag |= ECHOKE | ECHOCTL;
+#endif
+#if defined(ECHOPRT) && defined(NOFLSH) && defined(TOSTOP)
+ termio.c_lflag &= ~(ECHOPRT | NOFLSH | TOSTOP);
+#endif
+#ifdef ONLCR
+ termio.c_oflag |= ONLCR;
+#endif
+
+ /* leave these values unchanged if not specified in login.defs */
+ erasechar = getdef_num ("ERASECHAR", (int) termio.c_cc[VERASE]);
+ killchar = getdef_num ("KILLCHAR", (int) termio.c_cc[VKILL]);
+ termio.c_cc[VERASE] = (cc_t) erasechar;
+ termio.c_cc[VKILL] = (cc_t) killchar;
+ /* Make sure the values were valid.
+ * getdef_num cannot validate this.
+ */
+ if (erasechar != (int) termio.c_cc[VERASE]) {
+ fprintf (stderr,
+ _("configuration error - cannot parse %s value: '%d'"),
+ "ERASECHAR", erasechar);
+ exit (1);
+ }
+ if (killchar != (int) termio.c_cc[VKILL]) {
+ fprintf (stderr,
+ _("configuration error - cannot parse %s value: '%d'"),
+ "KILLCHAR", killchar);
+ exit (1);
+ }
+
+ /*
+ * ttymon invocation prefers this, but these settings
+ * won't come into effect after the first username login
+ */
+ (void) STTY (0, &termio);
+ }
+}
+
+
+#ifndef USE_PAM
+/*
+ * Tell the user that this is not the right time to login at this tty
+ */
+static void bad_time_notify (void)
+{
+ (void) puts (_("Invalid login time"));
+ (void) fflush (stdout);
+}
+
+static void check_nologin (bool login_to_root)
+{
+ const char *fname;
+
+ /*
+ * Check to see if system is turned off for non-root users.
+ * This would be useful to prevent users from logging in
+ * during system maintenance. We make sure the message comes
+ * out for root so she knows to remove the file if she's
+ * forgotten about it ...
+ */
+ fname = getdef_str ("NOLOGINS_FILE");
+ if ((NULL != fname) && (access (fname, F_OK) == 0)) {
+ FILE *nlfp;
+
+ /*
+ * Cat the file if it can be opened, otherwise just
+ * print a default message
+ */
+ nlfp = fopen (fname, "r");
+ if (NULL != nlfp) {
+ int c;
+ while ((c = getc (nlfp)) != EOF) {
+ if (c == '\n') {
+ (void) putchar ('\r');
+ }
+
+ (void) putchar (c);
+ }
+ (void) fflush (stdout);
+ (void) fclose (nlfp);
+ } else {
+ (void) puts (_("\nSystem closed for routine maintenance"));
+ }
+ /*
+ * Non-root users must exit. Root gets the message, but
+ * gets to login.
+ */
+
+ if (!login_to_root) {
+ closelog ();
+ exit (0);
+ }
+ (void) puts (_("\n[Disconnect bypassed -- root login allowed.]"));
+ }
+}
+#endif /* !USE_PAM */
+
+static void process_flags (int argc, char *const *argv)
+{
+ int arg;
+ int flag;
+
+ /*
+ * Check the flags for proper form. Every argument starting with
+ * "-" must be exactly two characters long. This closes all the
+ * clever rlogin, telnet, and getty holes.
+ */
+ for (arg = 1; arg < argc; arg++) {
+ if (argv[arg][0] == '-' && strlen (argv[arg]) > 2) {
+ usage ();
+ }
+ if (strcmp(argv[arg], "--") == 0) {
+ break; /* stop checking on a "--" */
+ }
+ }
+
+ /*
+ * Process options.
+ */
+ while ((flag = getopt (argc, argv, "d:fh:pr:")) != EOF) {
+ switch (flag) {
+ case 'd':
+ /* "-d device" ignored for compatibility */
+ break;
+ case 'f':
+ fflg = true;
+ break;
+ case 'h':
+ hflg = true;
+ hostname = optarg;
+ reason = PW_TELNET;
+ break;
+#ifdef RLOGIN
+ case 'r':
+ rflg = true;
+ hostname = optarg;
+ reason = PW_RLOGIN;
+ break;
+#endif /* RLOGIN */
+ case 'p':
+ pflg = true;
+ break;
+ default:
+ usage ();
+ }
+ }
+
+#ifdef RLOGIN
+ /*
+ * Neither -h nor -f should be combined with -r.
+ */
+
+ if (rflg && (hflg || fflg)) {
+ usage ();
+ }
+#endif /* RLOGIN */
+
+ /*
+ * Allow authentication bypass only if real UID is zero.
+ */
+
+ if ((rflg || fflg || hflg) && !amroot) {
+ fprintf (stderr, _("%s: Permission denied.\n"), Prog);
+ exit (1);
+ }
+
+ /*
+ * Get the user name.
+ */
+ if (optind < argc) {
+ assert (NULL == username);
+ username = xstrdup (argv[optind]);
+ strzero (argv[optind]);
+ ++optind;
+ }
+
+#ifdef RLOGIN
+ if (rflg && (NULL != username)) {
+ usage ();
+ }
+#endif /* RLOGIN */
+ if (fflg && (NULL == username)) {
+ usage ();
+ }
+
+}
+
+
+static void init_env (void)
+{
+#ifndef USE_PAM
+ const char *cp;
+#endif
+ char *tmp;
+
+ tmp = getenv ("LANG");
+ if (NULL != tmp) {
+ addenv ("LANG", tmp);
+ }
+
+ /*
+ * Add the timezone environmental variable so that time functions
+ * work correctly.
+ */
+ tmp = getenv ("TZ");
+ if (NULL != tmp) {
+ addenv ("TZ", tmp);
+ }
+#ifndef USE_PAM
+ else {
+ cp = getdef_str ("ENV_TZ");
+ if (NULL != cp) {
+ addenv (('/' == *cp) ? tz (cp) : cp, NULL);
+ }
+ }
+#endif /* !USE_PAM */
+ /*
+ * Add the clock frequency so that profiling commands work
+ * correctly.
+ */
+ tmp = getenv ("HZ");
+ if (NULL != tmp) {
+ addenv ("HZ", tmp);
+ }
+#ifndef USE_PAM
+ else {
+ cp = getdef_str ("ENV_HZ");
+ if (NULL != cp) {
+ addenv (cp, NULL);
+ }
+ }
+#endif /* !USE_PAM */
+}
+
+
+static RETSIGTYPE alarm_handler (unused int sig)
+{
+ write (STDERR_FILENO, tmsg, strlen (tmsg));
+ _exit (0);
+}
+
+#ifdef USE_PAM
+/*
+ * get_pam_user - Get the username according to PAM
+ *
+ * ptr_pam_user shall point to a malloc'ed string (or NULL).
+ */
+static void get_pam_user (char **ptr_pam_user)
+{
+ int retcode;
+ void *ptr_user;
+
+ assert (NULL != ptr_pam_user);
+
+ retcode = pam_get_item (pamh, PAM_USER, (const void **)&ptr_user);
+ PAM_FAIL_CHECK;
+
+ if (NULL != *ptr_pam_user) {
+ free (*ptr_pam_user);
+ }
+ if (NULL != ptr_user) {
+ *ptr_pam_user = xstrdup ((const char *)ptr_user);
+ } else {
+ *ptr_pam_user = NULL;
+ }
+}
+#endif
+
+/*
+ * get_failent_user - Return a string that can be used to log failure
+ * from an user.
+ *
+ * This will be either the user argument, or "UNKNOWN".
+ *
+ * It is quite common to mistyped the password for username, and passwords
+ * should not be logged.
+ */
+static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user)
+{
+ const char *failent_user = "UNKNOWN";
+ bool log_unkfail_enab = getdef_bool("LOG_UNKFAIL_ENAB");
+
+ if ((NULL != user) && ('\0' != user[0])) {
+ if ( log_unkfail_enab
+ || (getpwnam (user) != NULL)) {
+ failent_user = user;
+ }
+ }
+
+ return failent_user;
+}
+
+/*
+ * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and
+ * wtmpx
+ *
+ * utent should be the utmp entry returned by get_current_utmp (or
+ * NULL).
+ */
+static void update_utmp (const char *user,
+ const char *tty,
+ const char *host,
+#ifdef USE_UTMPX
+ /*@null@*/const struct utmpx *utent
+#else
+ /*@null@*/const struct utmp *utent
+#endif
+ )
+{
+#ifdef USE_UTMPX
+ struct utmpx *utx = prepare_utmpx (user, tty, host, utent);
+#else
+ struct utmp *ut = prepare_utmp (user, tty, host, utent);
+#endif /* USE_UTMPX */
+
+#ifndef USE_UTMPX
+ (void) setutmp (ut); /* make entry in the utmp & wtmp files */
+ free (ut);
+#else
+ (void) setutmpx (utx); /* make entry in the utmpx & wtmpx files */
+ free (utx);
+#endif /* USE_UTMPX */
+}
+
+/*
+ * login - create a new login session for a user
+ *
+ * login is typically called by getty as the second step of a
+ * new user session. getty is responsible for setting the line
+ * characteristics to a reasonable set of values and getting
+ * the name of the user to be logged in. login may also be
+ * called to create a new user session on a pty for a variety
+ * of reasons, such as X servers or network logins.
+ *
+ * the flags which login supports are
+ *
+ * -p - preserve the environment
+ * -r - perform autologin protocol for rlogin
+ * -f - do not perform authentication, user is preauthenticated
+ * -h - the name of the remote host
+ */
+int main (int argc, char **argv)
+{
+ const char *tmptty;
+ char tty[BUFSIZ];
+
+#ifdef RLOGIN
+ char term[128] = "";
+#endif /* RLOGIN */
+#if defined(HAVE_STRFTIME) && !defined(USE_PAM)
+ char ptime[80];
+#endif
+ unsigned int delay;
+ unsigned int retries;
+ bool subroot = false;
+#ifndef USE_PAM
+ bool is_console;
+#endif
+ int err;
+ unsigned int timeout;
+ const char *cp;
+ const char *tmp;
+ char fromhost[512];
+ struct passwd *pwd = NULL;
+ char **envp = environ;
+ const char *failent_user;
+#ifdef USE_UTMPX
+ /*@null@*/struct utmpx *utent;
+#else
+ /*@null@*/struct utmp *utent;
+#endif
+
+#ifdef USE_PAM
+ int retcode;
+ pid_t child;
+ char *pam_user = NULL;
+#else
+ struct spwd *spwd = NULL;
+#endif
+ /*
+ * Some quick initialization.
+ */
+
+ sanitize_env ();
+
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
+
+ initenv ();
+
+ amroot = (getuid () == 0);
+ Prog = Basename (argv[0]);
+
+ if (geteuid() != 0) {
+ fprintf (stderr, _("%s: Cannot possibly work without effective root\n"), Prog);
+ exit (1);
+ }
+
+ process_flags (argc, argv);
+
+ if ((isatty (0) == 0) || (isatty (1) == 0) || (isatty (2) == 0)) {
+ exit (1); /* must be a terminal */
+ }
+
+ utent = get_current_utmp ();
+ /*
+ * Be picky if run by normal users (possible if installed setuid
+ * root), but not if run by root. This way it still allows logins
+ * even if your getty is broken, or if something corrupts utmp,
+ * but users must "exec login" which will use the existing utmp
+ * entry (will not overwrite remote hostname). --marekm
+ */
+ if (!amroot && (NULL == utent)) {
+ (void) puts (_("No utmp entry. You must exec \"login\" from the lowest level \"sh\""));
+ exit (1);
+ }
+ /* NOTE: utent might be NULL afterwards */
+
+ tmptty = ttyname (0);
+ if (NULL == tmptty) {
+ tmptty = "UNKNOWN";
+ }
+ STRFCPY (tty, tmptty);
+
+#ifndef USE_PAM
+ is_console = console (tty);
+#endif
+
+ if (rflg || hflg) {
+ /*
+ * Add remote hostname to the environment. I think
+ * (not sure) I saw it once on Irix. --marekm
+ */
+ addenv ("REMOTEHOST", hostname);
+ }
+ if (fflg) {
+ preauth_flag = true;
+ }
+ if (hflg) {
+ reason = PW_RLOGIN;
+ }
+#ifdef RLOGIN
+ if (rflg) {
+ assert (NULL == username);
+ username = xmalloc (USER_NAME_MAX_LENGTH + 1);
+ username[USER_NAME_MAX_LENGTH] = '\0';
+ if (do_rlogin (hostname, username, USER_NAME_MAX_LENGTH, term, sizeof term)) {
+ preauth_flag = true;
+ } else {
+ free (username);
+ username = NULL;
+ }
+ }
+#endif /* RLOGIN */
+
+ OPENLOG ("login");
+
+ setup_tty ();
+
+#ifndef USE_PAM
+ (void) umask (getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+
+ {
+ /*
+ * Use the ULIMIT in the login.defs file, and if
+ * there isn't one, use the default value. The
+ * user may have one for themselves, but otherwise,
+ * just take what you get.
+ */
+ long limit = getdef_long ("ULIMIT", -1L);
+
+ if (limit != -1) {
+ set_filesize_limit (limit);
+ }
+ }
+
+#endif
+ /*
+ * The entire environment will be preserved if the -p flag
+ * is used.
+ */
+ if (pflg) {
+ while (NULL != *envp) { /* add inherited environment, */
+ addenv (*envp, NULL); /* some variables change later */
+ envp++;
+ }
+ }
+
+#ifdef RLOGIN
+ if (term[0] != '\0') {
+ addenv ("TERM", term);
+ } else
+#endif /* RLOGIN */
+ {
+ /* preserve TERM from getty */
+ if (!pflg) {
+ tmp = getenv ("TERM");
+ if (NULL != tmp) {
+ addenv ("TERM", tmp);
+ }
+ }
+ }
+
+ init_env ();
+
+ if (optind < argc) { /* now set command line variables */
+ set_env (argc - optind, &argv[optind]);
+ }
+
+ if (rflg || hflg) {
+ cp = hostname;
+#if defined(HAVE_STRUCT_UTMP_UT_HOST) || defined(USE_UTMPX)
+ } else if ((NULL != utent) && ('\0' != utent->ut_host[0])) {
+ cp = utent->ut_host;
+#endif /* HAVE_STRUCT_UTMP_UT_HOST */
+ } else {
+ cp = "";
+ }
+
+ if ('\0' != *cp) {
+ snprintf (fromhost, sizeof fromhost,
+ " on '%.100s' from '%.200s'", tty, cp);
+ } else {
+ snprintf (fromhost, sizeof fromhost,
+ " on '%.100s'", tty);
+ }
+
+ top:
+ /* only allow ALARM sec. for login */
+ timeout = getdef_unum ("LOGIN_TIMEOUT", ALARM);
+ snprintf (tmsg, sizeof tmsg,
+ _("\nLogin timed out after %u seconds.\n"), timeout);
+ (void) signal (SIGALRM, alarm_handler);
+ if (timeout > 0) {
+ (void) alarm (timeout);
+ }
+
+ environ = newenvp; /* make new environment active */
+ delay = getdef_unum ("FAIL_DELAY", 1);
+ retries = getdef_unum ("LOGIN_RETRIES", RETRIES);
+
+#ifdef USE_PAM
+ retcode = pam_start ("login", username, &conv, &pamh);
+ if (retcode != PAM_SUCCESS) {
+ fprintf (stderr,
+ _("login: PAM Failure, aborting: %s\n"),
+ pam_strerror (pamh, retcode));
+ SYSLOG ((LOG_ERR, "Couldn't initialize PAM: %s",
+ pam_strerror (pamh, retcode)));
+ exit (99);
+ }
+
+ /*
+ * hostname & tty are either set to NULL or their correct values,
+ * depending on how much we know. We also set PAM's fail delay to
+ * ours.
+ *
+ * PAM_RHOST and PAM_TTY are used for authentication, only use
+ * information coming from login or from the caller (e.g. no utmp)
+ */
+ retcode = pam_set_item (pamh, PAM_RHOST, hostname);
+ PAM_FAIL_CHECK;
+ retcode = pam_set_item (pamh, PAM_TTY, tty);
+ PAM_FAIL_CHECK;
+#ifdef HAS_PAM_FAIL_DELAY
+ retcode = pam_fail_delay (pamh, 1000000 * delay);
+ PAM_FAIL_CHECK;
+#endif
+ /* if fflg, then the user has already been authenticated */
+ if (!fflg) {
+ unsigned int failcount = 0;
+ char hostn[256];
+ char loginprompt[256]; /* That's one hell of a prompt :) */
+
+ /* Make the login prompt look like we want it */
+ if (gethostname (hostn, sizeof (hostn)) == 0) {
+ /* Trim away everything after the first '.': */
+ int i = 0;
+ while (hostn[i] != '\0' && i < sizeof(hostn) - 1) {
+ if (hostn[i] == '.') {
+ hostn[i] = '\0';
+ break;
+ }
+ i++;
+ }
+ snprintf (loginprompt,
+ sizeof (loginprompt),
+ _("%s login: "), hostn);
+ } else {
+ strncpy (loginprompt, _("login: "),
+ sizeof (loginprompt));
+ }
+
+ retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
+ PAM_FAIL_CHECK;
+
+ /* if we didn't get a user on the command line,
+ set it to NULL */
+ get_pam_user (&pam_user);
+ if ((NULL != pam_user) && ('\0' == pam_user[0])) {
+ retcode = pam_set_item (pamh, PAM_USER, NULL);
+ PAM_FAIL_CHECK;
+ }
+
+ /*
+ * There may be better ways to deal with some of
+ * these conditions, but at least this way I don't
+ * think we'll be giving away information. Perhaps
+ * someday we can trust that all PAM modules will
+ * pay attention to failure count and get rid of
+ * MAX_LOGIN_TRIES?
+ */
+ failcount = 0;
+ while (true) {
+ bool failed = false;
+
+ failcount++;
+#ifdef HAS_PAM_FAIL_DELAY
+ if (delay > 0) {
+ retcode = pam_fail_delay(pamh, 1000000*delay);
+ PAM_FAIL_CHECK;
+ }
+#endif
+
+ retcode = pam_authenticate (pamh, 0);
+
+ get_pam_user (&pam_user);
+ failent_user = get_failent_user (pam_user);
+
+ if (retcode == PAM_MAXTRIES) {
+ SYSLOG ((LOG_NOTICE,
+ "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
+ failcount, fromhost, failent_user));
+ fprintf (stderr,
+ _("Maximum number of tries exceeded (%u)\n"),
+ failcount);
+ PAM_END;
+ exit(0);
+ } else if (retcode == PAM_ABORT) {
+ /* Serious problems, quit now */
+ (void) fputs (_("login: abort requested by PAM\n"), stderr);
+ SYSLOG ((LOG_ERR,"PAM_ABORT returned from pam_authenticate()"));
+ PAM_END;
+ exit(99);
+ } else if (retcode != PAM_SUCCESS) {
+ SYSLOG ((LOG_NOTICE,"FAILED LOGIN (%u)%s FOR '%s', %s",
+ failcount, fromhost, failent_user,
+ pam_strerror (pamh, retcode)));
+ failed = true;
+ }
+
+ if (!failed) {
+ break;
+ }
+
+#ifdef WITH_AUDIT
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_LOGIN,
+ NULL, /* Prog. name */
+ "login",
+ failent_user,
+ AUDIT_NO_ID,
+ hostname,
+ NULL, /* addr */
+ tty,
+ 0); /* result */
+ close (audit_fd);
+#endif /* WITH_AUDIT */
+
+ (void) puts ("");
+ (void) puts (_("Login incorrect"));
+
+ if (failcount >= retries) {
+ SYSLOG ((LOG_NOTICE,
+ "TOO MANY LOGIN TRIES (%u)%s FOR '%s'",
+ failcount, fromhost, failent_user));
+ fprintf (stderr,
+ _("Maximum number of tries exceeded (%u)\n"),
+ failcount);
+ PAM_END;
+ exit(0);
+ }
+
+ /*
+ * Let's give it another go around.
+ * Even if a username was given on the command
+ * line, prompt again for the username.
+ */
+ retcode = pam_set_item (pamh, PAM_USER, NULL);
+ PAM_FAIL_CHECK;
+ }
+
+ /* We don't get here unless they were authenticated above */
+ (void) alarm (0);
+ }
+
+ /* Check the account validity */
+ retcode = pam_acct_mgmt (pamh, 0);
+ if (retcode == PAM_NEW_AUTHTOK_REQD) {
+ retcode = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+ }
+ PAM_FAIL_CHECK;
+
+ /* Open the PAM session */
+ get_pam_user (&pam_user);
+ retcode = pam_open_session (pamh, hushed (pam_user) ? PAM_SILENT : 0);
+ PAM_FAIL_CHECK;
+
+ /* Grab the user information out of the password file for future usage
+ * First get the username that we are actually using, though.
+ *
+ * From now on, we will discard changes of the user (PAM_USER) by
+ * PAM APIs.
+ */
+ get_pam_user (&pam_user);
+ if (NULL != username) {
+ free (username);
+ }
+ username = xstrdup (pam_user);
+ failent_user = get_failent_user (username);
+
+ pwd = xgetpwnam (username);
+ if (NULL == pwd) {
+ SYSLOG ((LOG_ERR, "cannot find user %s", failent_user));
+ fprintf (stderr,
+ _("Cannot find user (%s)\n"),
+ username);
+ exit (1);
+ }
+
+ /* This set up the process credential (group) and initialize the
+ * supplementary group access list.
+ * This has to be done before pam_setcred
+ */
+ if (setup_groups (pwd) != 0) {
+ exit (1);
+ }
+
+ retcode = pam_setcred (pamh, PAM_ESTABLISH_CRED);
+ PAM_FAIL_CHECK;
+ /* NOTE: If pam_setcred changes PAM_USER, this will not be taken
+ * into account.
+ */
+
+#else /* ! USE_PAM */
+ while (true) { /* repeatedly get login/password pairs */
+ bool failed;
+ /* user_passwd is always a pointer to this constant string
+ * or a passwd or shadow password that will be memzero by
+ * pw_free / spw_free.
+ * Do not free() user_passwd. */
+ const char *user_passwd = "!";
+
+ /* Do some cleanup to avoid keeping entries we do not need
+ * anymore. */
+ if (NULL != pwd) {
+ pw_free (pwd);
+ pwd = NULL;
+ }
+ if (NULL != spwd) {
+ spw_free (spwd);
+ spwd = NULL;
+ }
+
+ failed = false; /* haven't failed authentication yet */
+ if (NULL == username) { /* need to get a login id */
+ if (subroot) {
+ closelog ();
+ exit (1);
+ }
+ preauth_flag = false;
+ username = xmalloc (USER_NAME_MAX_LENGTH + 1);
+ username[USER_NAME_MAX_LENGTH] = '\0';
+ login_prompt (_("\n%s login: "), username, USER_NAME_MAX_LENGTH);
+
+ if ('\0' == username[0]) {
+ /* Prompt for a new login */
+ free (username);
+ username = NULL;
+ continue;
+ }
+ }
+ /* Get the username to be used to log failures */
+ failent_user = get_failent_user (username);
+
+ pwd = xgetpwnam (username);
+ if (NULL == pwd) {
+ preauth_flag = false;
+ failed = true;
+ } else {
+ user_passwd = pwd->pw_passwd;
+ /*
+ * If the encrypted password begins with a "!",
+ * the account is locked and the user cannot
+ * login, even if they have been
+ * "pre-authenticated."
+ */
+ if ( ('!' == user_passwd[0])
+ || ('*' == user_passwd[0])) {
+ failed = true;
+ }
+ }
+
+ if (strcmp (user_passwd, SHADOW_PASSWD_STRING) == 0) {
+ spwd = xgetspnam (username);
+ if (NULL != spwd) {
+ user_passwd = spwd->sp_pwdp;
+ } else {
+ /* The user exists in passwd, but not in
+ * shadow. SHADOW_PASSWD_STRING indicates
+ * that the password shall be in shadow.
+ */
+ SYSLOG ((LOG_WARN,
+ "no shadow password for '%s'%s",
+ username, fromhost));
+ }
+ }
+
+ /*
+ * The -r and -f flags provide a name which has already
+ * been authenticated by some server.
+ */
+ if (preauth_flag) {
+ goto auth_ok;
+ }
+
+ if (pw_auth (user_passwd, username, reason, (char *) 0) == 0) {
+ goto auth_ok;
+ }
+
+ SYSLOG ((LOG_WARN, "invalid password for '%s' %s",
+ failent_user, fromhost));
+ failed = true;
+
+ auth_ok:
+ /*
+ * This is the point where all authenticated users wind up.
+ * If you reach this far, your password has been
+ * authenticated and so on.
+ */
+ if ( !failed
+ && (NULL != pwd)
+ && (0 == pwd->pw_uid)
+ && !is_console) {
+ SYSLOG ((LOG_CRIT, "ILLEGAL ROOT LOGIN %s", fromhost));
+ failed = true;
+ }
+ if ( !failed
+ && !login_access (username, ('\0' != *hostname) ? hostname : tty)) {
+ SYSLOG ((LOG_WARN, "LOGIN '%s' REFUSED %s",
+ username, fromhost));
+ failed = true;
+ }
+ if ( (NULL != pwd)
+ && getdef_bool ("FAILLOG_ENAB")
+ && !failcheck (pwd->pw_uid, &faillog, failed)) {
+ SYSLOG ((LOG_CRIT,
+ "exceeded failure limit for '%s' %s",
+ username, fromhost));
+ failed = true;
+ }
+ if (!failed) {
+ break;
+ }
+
+ /* don't log non-existent users */
+ if ((NULL != pwd) && getdef_bool ("FAILLOG_ENAB")) {
+ failure (pwd->pw_uid, tty, &faillog);
+ }
+ if (getdef_str ("FTMP_FILE") != NULL) {
+#ifdef USE_UTMPX
+ struct utmpx *failent =
+ prepare_utmpx (failent_user,
+ tty,
+ /* FIXME: or fromhost? */hostname,
+ utent);
+#else /* !USE_UTMPX */
+ struct utmp *failent =
+ prepare_utmp (failent_user,
+ tty,
+ hostname,
+ utent);
+#endif /* !USE_UTMPX */
+ failtmp (failent_user, failent);
+ free (failent);
+ }
+
+ retries--;
+ if (retries <= 0) {
+ SYSLOG ((LOG_CRIT, "REPEATED login failures%s",
+ fromhost));
+ }
+
+ /*
+ * If this was a passwordless account and we get here, login
+ * was denied (securetty, faillog, etc.). There was no
+ * password prompt, so do it now (will always fail - the bad
+ * guys won't see that the passwordless account exists at
+ * all). --marekm
+ */
+ if (user_passwd[0] == '\0') {
+ pw_auth ("!", username, reason, (char *) 0);
+ }
+
+ /*
+ * Authentication of this user failed.
+ * The username must be confirmed in the next try.
+ */
+ free (username);
+ username = NULL;
+
+ /*
+ * Wait a while (a la SVR4 /usr/bin/login) before attempting
+ * to login the user again. If the earlier alarm occurs
+ * before the sleep() below completes, login will exit.
+ */
+ if (delay > 0) {
+ (void) sleep (delay);
+ }
+
+ (void) puts (_("Login incorrect"));
+
+ /* allow only one attempt with -r or -f */
+ if (rflg || fflg || (retries <= 0)) {
+ closelog ();
+ exit (1);
+ }
+ } /* while (true) */
+#endif /* ! USE_PAM */
+ assert (NULL != username);
+ assert (NULL != pwd);
+
+ (void) alarm (0); /* turn off alarm clock */
+
+#ifndef USE_PAM /* PAM does this */
+ /*
+ * porttime checks moved here, after the user has been
+ * authenticated. now prints a message, as suggested
+ * by Ivan Nejgebauer <ian@unsux.ns.ac.yu>. --marekm
+ */
+ if ( getdef_bool ("PORTTIME_CHECKS_ENAB")
+ && !isttytime (username, tty, time ((time_t *) 0))) {
+ SYSLOG ((LOG_WARN, "invalid login time for '%s'%s",
+ username, fromhost));
+ closelog ();
+ bad_time_notify ();
+ exit (1);
+ }
+
+ check_nologin (pwd->pw_uid == 0);
+#endif
+
+ if (getenv ("IFS")) { /* don't export user IFS ... */
+ addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
+ }
+
+ if (pwd->pw_shell[0] == '*') { /* subsystem root */
+ pwd->pw_shell++; /* skip the '*' */
+ subsystem (pwd); /* figure out what to execute */
+ subroot = true; /* say I was here again */
+ endpwent (); /* close all of the file which were */
+ endgrent (); /* open in the original rooted file */
+ endspent (); /* system. they will be re-opened */
+#ifdef SHADOWGRP
+ endsgent (); /* in the new rooted file system */
+#endif
+ goto top; /* go do all this all over again */
+ }
+
+#ifdef WITH_AUDIT
+ audit_fd = audit_open ();
+ audit_log_acct_message (audit_fd,
+ AUDIT_USER_LOGIN,
+ NULL, /* Prog. name */
+ "login",
+ username,
+ AUDIT_NO_ID,
+ hostname,
+ NULL, /* addr */
+ tty,
+ 1); /* result */
+ close (audit_fd);
+#endif /* WITH_AUDIT */
+
+#ifndef USE_PAM /* pam_lastlog handles this */
+ if ( getdef_bool ("LASTLOG_ENAB")
+ && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)) {
+ /* give last login and log this one */
+ dolastlog (&ll, pwd, tty, hostname);
+ }
+#endif
+
+#ifndef USE_PAM /* PAM handles this as well */
+ /*
+ * Have to do this while we still have root privileges, otherwise we
+ * don't have access to /etc/shadow.
+ */
+ if (NULL != spwd) { /* check for age of password */
+ if (expire (pwd, spwd)) {
+ /* The user updated her password, get the new
+ * entries.
+ * Use the x variants because we need to keep the
+ * entry for a long time, and there might be other
+ * getxxyyy in between.
+ */
+ pw_free (pwd);
+ pwd = xgetpwnam (username);
+ if (NULL == pwd) {
+ SYSLOG ((LOG_ERR,
+ "cannot find user %s after update of expired password",
+ username));
+ exit (1);
+ }
+ spw_free (spwd);
+ spwd = xgetspnam (username);
+ }
+ }
+ setup_limits (pwd); /* nice, ulimit etc. */
+#endif /* ! USE_PAM */
+ chown_tty (pwd);
+
+#ifdef USE_PAM
+ /*
+ * We must fork before setuid() because we need to call
+ * pam_close_session() as root.
+ */
+ (void) signal (SIGINT, SIG_IGN);
+ child = fork ();
+ if (child < 0) {
+ /* error in fork() */
+ fprintf (stderr, _("%s: failure forking: %s"),
+ Prog, strerror (errno));
+ PAM_END;
+ exit (0);
+ } else if (child != 0) {
+ /*
+ * parent - wait for child to finish, then cleanup
+ * session
+ */
+ wait (NULL);
+ PAM_END;
+ exit (0);
+ }
+ /* child */
+#endif
+
+ /* If we were init, we need to start a new session */
+ if (getppid() == 1) {
+ setsid();
+ if (ioctl(0, TIOCSCTTY, 1) != 0) {
+ fprintf (stderr, _("TIOCSCTTY failed on %s"), tty);
+ }
+ }
+
+ /*
+ * The utmp entry needs to be updated to indicate the new status
+ * of the session, the new PID and SID.
+ */
+ update_utmp (username, tty, hostname, utent);
+
+ /* The pwd and spwd entries for the user have been copied.
+ *
+ * Close all the files so that unauthorized access won't occur.
+ */
+ endpwent (); /* stop access to password file */
+ endgrent (); /* stop access to group file */
+ endspent (); /* stop access to shadow passwd file */
+#ifdef SHADOWGRP
+ endsgent (); /* stop access to shadow group file */
+#endif
+
+ /* Drop root privileges */
+#ifndef USE_PAM
+ if (setup_uid_gid (pwd, is_console))
+#else
+ /* The group privileges were already dropped.
+ * See setup_groups() above.
+ */
+ if (change_uid (pwd))
+#endif
+ {
+ exit (1);
+ }
+
+ setup_env (pwd); /* set env vars, cd to the home dir */
+
+#ifdef USE_PAM
+ {
+ const char *const *env;
+
+ env = (const char *const *) pam_getenvlist (pamh);
+ while ((NULL != env) && (NULL != *env)) {
+ addenv (*env, NULL);
+ env++;
+ }
+ }
+#endif
+
+ (void) setlocale (LC_ALL, "");
+ (void) bindtextdomain (PACKAGE, LOCALEDIR);
+ (void) textdomain (PACKAGE);
+
+ if (!hushed (username)) {
+ addenv ("HUSHLOGIN=FALSE", NULL);
+ /*
+ * pam_unix, pam_mail and pam_lastlog should take care of
+ * this
+ */
+#ifndef USE_PAM
+ motd (); /* print the message of the day */
+ if ( getdef_bool ("FAILLOG_ENAB")
+ && (0 != faillog.fail_cnt)) {
+ failprint (&faillog);
+ /* Reset the lockout times if logged in */
+ if ( (0 != faillog.fail_max)
+ && (faillog.fail_cnt >= faillog.fail_max)) {
+ (void) puts (_("Warning: login re-enabled after temporary lockout."));
+ SYSLOG ((LOG_WARN,
+ "login '%s' re-enabled after temporary lockout (%d failures)",
+ username, (int) faillog.fail_cnt));
+ }
+ }
+ if ( getdef_bool ("LASTLOG_ENAB")
+ && pwd->pw_uid <= (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL)
+ && (ll.ll_time != 0)) {
+ time_t ll_time = ll.ll_time;
+
+#ifdef HAVE_STRFTIME
+ (void) strftime (ptime, sizeof (ptime),
+ "%a %b %e %H:%M:%S %z %Y",
+ localtime (&ll_time));
+ printf (_("Last login: %s on %s"),
+ ptime, ll.ll_line);
+#else
+ printf (_("Last login: %.19s on %s"),
+ ctime (&ll_time), ll.ll_line);
+#endif
+#ifdef HAVE_LL_HOST /* __linux__ || SUN4 */
+ if ('\0' != ll.ll_host[0]) {
+ printf (_(" from %.*s"),
+ (int) sizeof ll.ll_host, ll.ll_host);
+ }
+#endif
+ printf (".\n");
+ }
+ agecheck (spwd);
+
+ mailcheck (); /* report on the status of mail */
+#endif /* !USE_PAM */
+ } else {
+ addenv ("HUSHLOGIN=TRUE", NULL);
+ }
+
+ ttytype (tty);
+
+ (void) signal (SIGQUIT, SIG_DFL); /* default quit signal */
+ (void) signal (SIGTERM, SIG_DFL); /* default terminate signal */
+ (void) signal (SIGALRM, SIG_DFL); /* default alarm signal */
+ (void) signal (SIGHUP, SIG_DFL); /* added this. --marekm */
+ (void) signal (SIGINT, SIG_DFL); /* default interrupt signal */
+
+ if (0 == pwd->pw_uid) {
+ SYSLOG ((LOG_NOTICE, "ROOT LOGIN %s", fromhost));
+ } else if (getdef_bool ("LOG_OK_LOGINS")) {
+ SYSLOG ((LOG_INFO, "'%s' logged in %s", username, fromhost));
+ }
+ closelog ();
+ tmp = getdef_str ("FAKE_SHELL");
+ if (NULL != tmp) {
+ err = shell (tmp, pwd->pw_shell, newenvp); /* fake shell */
+ } else {
+ /* exec the shell finally */
+ err = shell (pwd->pw_shell, (char *) 0, newenvp);
+ }
+
+ return ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
+}
+
Index: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src (revision 5)
Property changes on: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new/src
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new
===================================================================
--- shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new (revision 5)
Property changes on: shadow/create-4.8.1-short-hostname-patch/shadow-4.8.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-short-hostname-patch
===================================================================
--- shadow/create-4.8.1-short-hostname-patch (nonexistent)
+++ shadow/create-4.8.1-short-hostname-patch (revision 5)
Property changes on: shadow/create-4.8.1-short-hostname-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-sulogin-man-patch/create.patch.sh
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/create.patch.sh (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/create.patch.sh (revision 5)
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+VERSION=4.8.1
+
+tar --files-from=file.list -xJvf ../shadow-$VERSION.tar.xz
+mv shadow-$VERSION shadow-$VERSION-orig
+
+cp -rf ./shadow-$VERSION-new ./shadow-$VERSION
+
+diff --unified -Nr shadow-$VERSION-orig shadow-$VERSION > shadow-$VERSION-sulogin-man.patch
+
+mv shadow-$VERSION-sulogin-man.patch ../patches
+
+rm -rf ./shadow-$VERSION
+rm -rf ./shadow-$VERSION-orig
Property changes on: shadow/create-4.8.1-sulogin-man-patch/create.patch.sh
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: shadow/create-4.8.1-sulogin-man-patch/file.list
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/file.list (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/file.list (revision 5)
@@ -0,0 +1,2 @@
+shadow-4.8.1/man/Makefile.am
+shadow-4.8.1/man/Makefile.in
Index: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.am
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.am (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.am (revision 5)
@@ -0,0 +1,222 @@
+
+# subdirectories for translated manual pages
+if USE_NLS
+SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW
+else
+SUBDIRS =
+endif
+
+man_MANS = \
+ man1/chage.1 \
+ man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+ man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+ man3/getspnam.3 \
+ man1/gpasswd.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmems.8 \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+ man8/lastlog.8 \
+ man1/login.1 \
+ man5/login.defs.5 \
+ man8/logoutd.8 \
+ man1/newgrp.1 \
+ man8/newusers.8 \
+ man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man8/pwconv.8 \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+ man5/suauth.5 \
+ man8/sulogin.8 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8 \
+ man8/vigr.8 \
+ man8/vipw.8
+
+man_nopam = \
+ man5/limits.5 \
+ man5/login.access.5 \
+ man5/porttime.5
+
+if WITH_SU
+man_MANS += man1/su.1
+endif
+
+if !USE_PAM
+man_MANS += $(man_nopam)
+endif
+
+man_subids = \
+ man1/newgidmap.1 \
+ man1/newuidmap.1 \
+ man5/subgid.5 \
+ man5/subuid.5
+
+if ENABLE_SUBIDS
+man_MANS += $(man_subids)
+endif
+
+man_XMANS = \
+ chage.1.xml \
+ chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+ chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+ gpasswd.1.xml \
+ groupadd.8.xml \
+ groupdel.8.xml \
+ groupmems.8.xml \
+ groupmod.8.xml \
+ groups.1.xml \
+ grpck.8.xml \
+ gshadow.5.xml \
+ lastlog.8.xml \
+ limits.5.xml \
+ login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+ logoutd.8.xml \
+ newgidmap.1.xml \
+ newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+ passwd.1.xml \
+ passwd.5.xml \
+ porttime.5.xml \
+ pwck.8.xml \
+ pwconv.8.xml \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+ su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ sulogin.8.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+ usermod.8.xml \
+ vipw.8.xml
+
+login_defs_v = \
+ CHFN_AUTH.xml \
+ CHFN_RESTRICT.xml \
+ CHSH_AUTH.xml \
+ CONSOLE.xml \
+ CONSOLE_GROUPS.xml \
+ CREATE_HOME.xml \
+ DEFAULT_HOME.xml \
+ ENCRYPT_METHOD.xml \
+ ENV_HZ.xml \
+ ENVIRON_FILE.xml \
+ ENV_PATH.xml \
+ ENV_SUPATH.xml \
+ ENV_TZ.xml \
+ ERASECHAR.xml \
+ FAIL_DELAY.xml \
+ FAILLOG_ENAB.xml \
+ FAKE_SHELL.xml \
+ FTMP_FILE.xml \
+ GID_MAX.xml \
+ HUSHLOGIN_FILE.xml \
+ ISSUE_FILE.xml \
+ KILLCHAR.xml \
+ LASTLOG_ENAB.xml \
+ LASTLOG_UID_MAX.xml \
+ LOGIN_RETRIES.xml \
+ LOGIN_STRING.xml \
+ LOGIN_TIMEOUT.xml \
+ LOG_OK_LOGINS.xml \
+ LOG_UNKFAIL_ENAB.xml \
+ MAIL_CHECK_ENAB.xml \
+ MAIL_DIR.xml \
+ MAX_MEMBERS_PER_GROUP.xml \
+ MD5_CRYPT_ENAB.xml \
+ MOTD_FILE.xml \
+ NOLOGINS_FILE.xml \
+ OBSCURE_CHECKS_ENAB.xml \
+ PASS_ALWAYS_WARN.xml \
+ PASS_CHANGE_TRIES.xml \
+ PASS_MAX_DAYS.xml \
+ PASS_MAX_LEN.xml \
+ PASS_MIN_DAYS.xml \
+ PASS_WARN_AGE.xml \
+ PORTTIME_CHECKS_ENAB.xml \
+ QUOTAS_ENAB.xml \
+ SHA_CRYPT_MIN_ROUNDS.xml \
+ SULOG_FILE.xml \
+ SU_NAME.xml \
+ SU_WHEEL_ONLY.xml \
+ SYSLOG_SG_ENAB.xml \
+ SYSLOG_SU_ENAB.xml \
+ TCB_AUTH_GROUP.xml \
+ TCB_SYMLINKS.xml \
+ TTYGROUP.xml \
+ TTYTYPE_FILE.xml \
+ UID_MAX.xml \
+ ULIMIT.xml \
+ UMASK.xml \
+ USERDEL_CMD.xml \
+ USERGROUPS_ENAB.xml \
+ USE_TCB.xml \
+ SUB_GID_COUNT.xml \
+ SUB_UID_COUNT.xml \
+ SYS_GID_MAX.xml \
+ SYS_UID_MAX.xml
+
+EXTRA_DIST = \
+ $(man_MANS) \
+ $(man_XMANS) \
+ $(addprefix login.defs.d/,$(login_defs_v)) \
+ man1/id.1 \
+ id.1.xml \
+ generate_mans.mak \
+ generate_translations.mak
+
+if USE_PAM
+EXTRA_DIST += $(man_nopam)
+endif
+
+if !ENABLE_SUBIDS
+EXTRA_DIST += $(man_subids)
+endif
+
+generate_mans.deps: *.xml
+ echo "# This file is generated" > $@
+ awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $(man_XMANS) >> $@
+
+if ENABLE_REGENERATE_MAN
+
+@ENABLE_REGENERATE_MAN_TRUE@include generate_mans.deps
+
+include generate_mans.mak
+
+CLEANFILES = $(man_MANS) man1/id.1 man8/sulogin.8
+
+else
+$(man_MANS):
+ @echo ""
+ @echo "Error: you need to run configure with '--enable-man'"
+ @echo " in order to regenerate man pages."
+ @echo ""
+endif
Index: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.in
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.in (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man/Makefile.in (revision 5)
@@ -0,0 +1,1073 @@
+# Makefile.in generated by automake 1.16.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994-2018 Free Software Foundation, Inc.
+
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+am__is_gnu_make = { \
+ if test -z '$(MAKELEVEL)'; then \
+ false; \
+ elif test -n '$(MAKE_HOST)'; then \
+ true; \
+ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
+ true; \
+ else \
+ false; \
+ fi; \
+}
+am__make_running_with_option = \
+ case $${target_option-} in \
+ ?) ;; \
+ *) echo "am__make_running_with_option: internal error: invalid" \
+ "target option '$${target_option-}' specified" >&2; \
+ exit 1;; \
+ esac; \
+ has_opt=no; \
+ sane_makeflags=$$MAKEFLAGS; \
+ if $(am__is_gnu_make); then \
+ sane_makeflags=$$MFLAGS; \
+ else \
+ case $$MAKEFLAGS in \
+ *\\[\ \ ]*) \
+ bs=\\; \
+ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
+ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
+ esac; \
+ fi; \
+ skip_next=no; \
+ strip_trailopt () \
+ { \
+ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
+ }; \
+ for flg in $$sane_makeflags; do \
+ test $$skip_next = yes && { skip_next=no; continue; }; \
+ case $$flg in \
+ *=*|--*) continue;; \
+ -*I) strip_trailopt 'I'; skip_next=yes;; \
+ -*I?*) strip_trailopt 'I';; \
+ -*O) strip_trailopt 'O'; skip_next=yes;; \
+ -*O?*) strip_trailopt 'O';; \
+ -*l) strip_trailopt 'l'; skip_next=yes;; \
+ -*l?*) strip_trailopt 'l';; \
+ -[dEDm]) skip_next=yes;; \
+ -[JT]) skip_next=yes;; \
+ esac; \
+ case $$flg in \
+ *$$target_option*) has_opt=yes; break;; \
+ esac; \
+ done; \
+ test $$has_opt = yes
+am__make_dryrun = (target_option=n; $(am__make_running_with_option))
+am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@WITH_SU_TRUE@am__append_1 = man1/su.1
+@USE_PAM_FALSE@am__append_2 = $(man_nopam)
+@ENABLE_SUBIDS_TRUE@am__append_3 = $(man_subids)
+@USE_PAM_TRUE@am__append_4 = $(man_nopam)
+@ENABLE_SUBIDS_FALSE@am__append_5 = $(man_subids)
+subdir = man
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \
+ $(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = config.xml
+CONFIG_CLEAN_VPATH_FILES =
+AM_V_P = $(am__v_P_@AM_V@)
+am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+am__v_P_0 = false
+am__v_P_1 = :
+AM_V_GEN = $(am__v_GEN_@AM_V@)
+am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
+am__v_GEN_0 = @echo " GEN " $@;
+am__v_GEN_1 =
+AM_V_at = $(am__v_at_@AM_V@)
+am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
+am__v_at_0 = @
+am__v_at_1 =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
+ ctags-recursive dvi-recursive html-recursive info-recursive \
+ install-data-recursive install-dvi-recursive \
+ install-exec-recursive install-html-recursive \
+ install-info-recursive install-pdf-recursive \
+ install-ps-recursive install-recursive installcheck-recursive \
+ installdirs-recursive pdf-recursive ps-recursive \
+ tags-recursive uninstall-recursive
+am__can_run_installinfo = \
+ case $$AM_UPDATE_INFO_DIR in \
+ n|no|NO) false;; \
+ *) (install-info --version) >/dev/null 2>&1;; \
+ esac
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__uninstall_files_from_dir = { \
+ test -z "$$files" \
+ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
+ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \
+ $(am__cd) "$$dir" && rm -f $$files; }; \
+ }
+man1dir = $(mandir)/man1
+am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" \
+ "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"
+man3dir = $(mandir)/man3
+man5dir = $(mandir)/man5
+man8dir = $(mandir)/man8
+NROFF = nroff
+MANS = $(man_MANS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+am__recursive_targets = \
+ $(RECURSIVE_TARGETS) \
+ $(RECURSIVE_CLEAN_TARGETS) \
+ $(am__extra_recursive_targets)
+AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
+ distdir distdir-am
+am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
+# Read a list of newline-separated strings from the standard input,
+# and print each of them once, without duplicates. Input order is
+# *not* preserved.
+am__uniquify_input = $(AWK) '\
+ BEGIN { nonempty = 0; } \
+ { items[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in items) print i; }; } \
+'
+# Make sure the list of sources is unique. This is necessary because,
+# e.g., the same source file might be shared among _SOURCES variables
+# for different programs/libraries.
+am__define_uniq_tagged_files = \
+ list='$(am__tagged_files)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | $(am__uniquify_input)`
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr \
+ zh_CN zh_TW
+am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.xml.in \
+ $(srcdir)/generate_mans.mak
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DLLTOOL = @DLLTOOL@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+ECONF_CPPFLAGS = @ECONF_CPPFLAGS@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
+GMSGFMT = @GMSGFMT@
+GMSGFMT_015 = @GMSGFMT_015@
+GREP = @GREP@
+GROUP_NAME_MAX_LENGTH = @GROUP_NAME_MAX_LENGTH@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+INTLLIBS = @INTLLIBS@
+INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBACL = @LIBACL@
+LIBATTR = @LIBATTR@
+LIBAUDIT = @LIBAUDIT@
+LIBCRACK = @LIBCRACK@
+LIBCRYPT = @LIBCRYPT@
+LIBECONF = @LIBECONF@
+LIBICONV = @LIBICONV@
+LIBINTL = @LIBINTL@
+LIBMD = @LIBMD@
+LIBOBJS = @LIBOBJS@
+LIBPAM = @LIBPAM@
+LIBS = @LIBS@
+LIBSELINUX = @LIBSELINUX@
+LIBSEMANAGE = @LIBSEMANAGE@
+LIBSKEY = @LIBSKEY@
+LIBTCB = @LIBTCB@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBICONV = @LTLIBICONV@
+LTLIBINTL = @LTLIBINTL@
+LTLIBOBJS = @LTLIBOBJS@
+LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MANIFEST_TOOL = @MANIFEST_TOOL@
+MKDIR_P = @MKDIR_P@
+MSGFMT = @MSGFMT@
+MSGFMT_015 = @MSGFMT_015@
+MSGMERGE = @MSGMERGE@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+POSUB = @POSUB@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+USE_NLS = @USE_NLS@
+VENDORDIR = @VENDORDIR@
+VERSION = @VERSION@
+XGETTEXT = @XGETTEXT@
+XGETTEXT_015 = @XGETTEXT_015@
+XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
+XMLCATALOG = @XMLCATALOG@
+XML_CATALOG_FILE = @XML_CATALOG_FILE@
+XSLTPROC = @XSLTPROC@
+YACC = @YACC@
+YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_AR = @ac_ct_AR@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+capcmd = @capcmd@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+@USE_NLS_FALSE@SUBDIRS =
+
+# subdirectories for translated manual pages
+@USE_NLS_TRUE@SUBDIRS = po cs da de es fi fr hu id it ja ko pl pt_BR ru sv tr zh_CN zh_TW
+man_MANS = man1/chage.1 man1/chfn.1 man8/chgpasswd.8 man8/chpasswd.8 \
+ man1/chsh.1 man1/expiry.1 man5/faillog.5 man8/faillog.8 \
+ man3/getspnam.3 man1/gpasswd.1 man8/groupadd.8 man8/groupdel.8 \
+ man8/groupmems.8 man8/groupmod.8 man1/groups.1 man8/grpck.8 \
+ man8/grpconv.8 man8/grpunconv.8 man5/gshadow.5 man8/lastlog.8 \
+ man1/login.1 man5/login.defs.5 man8/logoutd.8 man1/newgrp.1 \
+ man8/newusers.8 man8/nologin.8 man1/passwd.1 man5/passwd.5 \
+ man8/pwck.8 man8/pwconv.8 man8/pwunconv.8 man1/sg.1 \
+ man3/shadow.3 man5/shadow.5 man5/suauth.5 man8/sulogin.8 man8/useradd.8 \
+ man8/userdel.8 man8/usermod.8 man8/vigr.8 man8/vipw.8 \
+ $(am__append_1) $(am__append_2) $(am__append_3)
+man_nopam = \
+ man5/limits.5 \
+ man5/login.access.5 \
+ man5/porttime.5
+
+man_subids = \
+ man1/newgidmap.1 \
+ man1/newuidmap.1 \
+ man5/subgid.5 \
+ man5/subuid.5
+
+man_XMANS = \
+ chage.1.xml \
+ chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+ chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+ gpasswd.1.xml \
+ groupadd.8.xml \
+ groupdel.8.xml \
+ groupmems.8.xml \
+ groupmod.8.xml \
+ groups.1.xml \
+ grpck.8.xml \
+ gshadow.5.xml \
+ lastlog.8.xml \
+ limits.5.xml \
+ login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+ logoutd.8.xml \
+ newgidmap.1.xml \
+ newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+ passwd.1.xml \
+ passwd.5.xml \
+ porttime.5.xml \
+ pwck.8.xml \
+ pwconv.8.xml \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+ su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ sulogin.8.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+ usermod.8.xml \
+ vipw.8.xml
+
+login_defs_v = \
+ CHFN_AUTH.xml \
+ CHFN_RESTRICT.xml \
+ CHSH_AUTH.xml \
+ CONSOLE.xml \
+ CONSOLE_GROUPS.xml \
+ CREATE_HOME.xml \
+ DEFAULT_HOME.xml \
+ ENCRYPT_METHOD.xml \
+ ENV_HZ.xml \
+ ENVIRON_FILE.xml \
+ ENV_PATH.xml \
+ ENV_SUPATH.xml \
+ ENV_TZ.xml \
+ ERASECHAR.xml \
+ FAIL_DELAY.xml \
+ FAILLOG_ENAB.xml \
+ FAKE_SHELL.xml \
+ FTMP_FILE.xml \
+ GID_MAX.xml \
+ HUSHLOGIN_FILE.xml \
+ ISSUE_FILE.xml \
+ KILLCHAR.xml \
+ LASTLOG_ENAB.xml \
+ LASTLOG_UID_MAX.xml \
+ LOGIN_RETRIES.xml \
+ LOGIN_STRING.xml \
+ LOGIN_TIMEOUT.xml \
+ LOG_OK_LOGINS.xml \
+ LOG_UNKFAIL_ENAB.xml \
+ MAIL_CHECK_ENAB.xml \
+ MAIL_DIR.xml \
+ MAX_MEMBERS_PER_GROUP.xml \
+ MD5_CRYPT_ENAB.xml \
+ MOTD_FILE.xml \
+ NOLOGINS_FILE.xml \
+ OBSCURE_CHECKS_ENAB.xml \
+ PASS_ALWAYS_WARN.xml \
+ PASS_CHANGE_TRIES.xml \
+ PASS_MAX_DAYS.xml \
+ PASS_MAX_LEN.xml \
+ PASS_MIN_DAYS.xml \
+ PASS_WARN_AGE.xml \
+ PORTTIME_CHECKS_ENAB.xml \
+ QUOTAS_ENAB.xml \
+ SHA_CRYPT_MIN_ROUNDS.xml \
+ SULOG_FILE.xml \
+ SU_NAME.xml \
+ SU_WHEEL_ONLY.xml \
+ SYSLOG_SG_ENAB.xml \
+ SYSLOG_SU_ENAB.xml \
+ TCB_AUTH_GROUP.xml \
+ TCB_SYMLINKS.xml \
+ TTYGROUP.xml \
+ TTYTYPE_FILE.xml \
+ UID_MAX.xml \
+ ULIMIT.xml \
+ UMASK.xml \
+ USERDEL_CMD.xml \
+ USERGROUPS_ENAB.xml \
+ USE_TCB.xml \
+ SUB_GID_COUNT.xml \
+ SUB_UID_COUNT.xml \
+ SYS_GID_MAX.xml \
+ SYS_UID_MAX.xml
+
+EXTRA_DIST = $(man_MANS) $(man_XMANS) $(addprefix \
+ login.defs.d/,$(login_defs_v)) man1/id.1 id.1.xml \
+ generate_mans.mak \
+ generate_translations.mak $(am__append_4) $(am__append_5)
+@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_FALSE@PAM_COND = no_pam
+@ENABLE_REGENERATE_MAN_TRUE@@USE_PAM_TRUE@PAM_COND = pam
+@ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_FALSE@SHADOWGRP_COND = no_gshadow
+@ENABLE_REGENERATE_MAN_TRUE@@SHADOWGRP_TRUE@SHADOWGRP_COND = gshadow
+@ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_FALSE@TCB_COND = no_tcb
+@ENABLE_REGENERATE_MAN_TRUE@@WITH_TCB_TRUE@TCB_COND = tcb
+@ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_FALSE@SHA_CRYPT_COND = no_sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@USE_SHA_CRYPT_TRUE@SHA_CRYPT_COND = sha_crypt
+@ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_FALSE@SUBIDS_COND = no_subids
+@ENABLE_REGENERATE_MAN_TRUE@@ENABLE_SUBIDS_TRUE@SUBIDS_COND = subids
+@ENABLE_REGENERATE_MAN_TRUE@CLEANFILES = $(man_MANS) man1/id.1 man8/sulogin.8
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/generate_mans.mak $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign man/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --foreign man/Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
+ esac;
+$(srcdir)/generate_mans.mak $(am__empty):
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+config.xml: $(top_builddir)/config.status $(srcdir)/config.xml.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man1dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.1[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir)
+install-man3: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man3dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man3dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man3dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.3[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man3dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man3dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man3dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man3dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man3:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man3dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.3[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^3][0-9a-z]*$$,3,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man3dir)'; $(am__uninstall_files_from_dir)
+install-man5: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man5dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.5[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man5:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man5dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.5[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
+install-man8: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ @list1=''; \
+ list2='$(man_MANS)'; \
+ test -n "$(man8dir)" \
+ && test -n "`echo $$list1$$list2`" \
+ || exit 0; \
+ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
+ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
+ { for i in $$list1; do echo "$$i"; done; \
+ if test -n "$$list2"; then \
+ for i in $$list2; do echo "$$i"; done \
+ | sed -n '/\.8[a-z]*$$/p'; \
+ fi; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man8:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man8dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.8[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run 'make' without going through this Makefile.
+# To change the values of 'make' variables: instead of editing Makefiles,
+# (1) if the variable is set in 'config.status', edit 'config.status'
+# (which will cause the Makefiles to be regenerated when you run 'make');
+# (2) otherwise, pass the desired values on the 'make' command line.
+$(am__recursive_targets):
+ @fail=; \
+ if $(am__make_keepgoing); then \
+ failcom='fail=yes'; \
+ else \
+ failcom='exit 1'; \
+ fi; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+ID: $(am__tagged_files)
+ $(am__define_uniq_tagged_files); mkid -fID $$unique
+tags: tags-recursive
+TAGS: tags
+
+tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ $(am__define_uniq_tagged_files); \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: ctags-recursive
+
+CTAGS: ctags
+ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
+ $(am__define_uniq_tagged_files); \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+cscopelist: cscopelist-recursive
+
+cscopelist-am: $(am__tagged_files)
+ list='$(am__tagged_files)'; \
+ case "$(srcdir)" in \
+ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
+ *) sdir=$(subdir)/$(srcdir) ;; \
+ esac; \
+ for i in $$list; do \
+ if test -f "$$i"; then \
+ echo "$(subdir)/$$i"; \
+ else \
+ echo "$$sdir/$$i"; \
+ fi; \
+ done >> $(top_builddir)/cscope.files
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) distdir-am
+
+distdir-am: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ $(am__make_dryrun) \
+ || test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(MANS)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man3dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man8dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ if test -z '$(STRIP)'; then \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ install; \
+ else \
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
+ fi
+mostlyclean-generic:
+
+clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+@ENABLE_REGENERATE_MAN_FALSE@clean-local:
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man: install-man1 install-man3 install-man5 install-man8
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man1 uninstall-man3 uninstall-man5 \
+ uninstall-man8
+
+.MAKE: $(am__recursive_targets) install-am install-strip
+
+.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
+ check-am clean clean-generic clean-libtool clean-local \
+ cscopelist-am ctags ctags-am distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-man1 install-man3 \
+ install-man5 install-man8 install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
+ uninstall-am uninstall-man uninstall-man1 uninstall-man3 \
+ uninstall-man5 uninstall-man8
+
+.PRECIOUS: Makefile
+
+
+generate_mans.deps: *.xml
+ echo "# This file is generated" > $@
+ awk 'BEGIN{FS="\"";} /^<!ENTITY .* * SYSTEM ".*">$$/{ f=FILENAME; sub(/.xml/,"",f); print "man" substr(f, length (f)) "/" f ": " $$2 }' $(man_XMANS) >> $@
+
+@ENABLE_REGENERATE_MAN_TRUE@@ENABLE_REGENERATE_MAN_TRUE@include generate_mans.deps
+
+@ENABLE_REGENERATE_MAN_TRUE@%.xml-config: %.xml
+@ENABLE_REGENERATE_MAN_TRUE@ if grep -q SHADOW-CONFIG-HERE $<; then \
+@ENABLE_REGENERATE_MAN_TRUE@ sed -e 's/^<!-- SHADOW-CONFIG-HERE -->/<!ENTITY % config SYSTEM "config.xml">%config;/' $< > $@; \
+@ENABLE_REGENERATE_MAN_TRUE@ else \
+@ENABLE_REGENERATE_MAN_TRUE@ sed -e 's/^\(<!DOCTYPE .*docbookx.dtd"\)>/\1 [<!ENTITY % config SYSTEM "config.xml">%config;]>/' $< > $@; \
+@ENABLE_REGENERATE_MAN_TRUE@ fi
+
+@ENABLE_REGENERATE_MAN_TRUE@man1/% man3/% man5/% man8/%: %.xml-config Makefile config.xml
+@ENABLE_REGENERATE_MAN_TRUE@ $(XSLTPROC) --stringparam profile.condition "$(PAM_COND);$(SHADOWGRP_COND);$(TCB_COND);$(SHA_CRYPT_COND);$(SUBIDS_COND)" \
+@ENABLE_REGENERATE_MAN_TRUE@ --param "man.authors.section.enabled" "0" \
+@ENABLE_REGENERATE_MAN_TRUE@ --stringparam "man.output.base.dir" "" \
+@ENABLE_REGENERATE_MAN_TRUE@ --param "man.output.in.separate.dir" "1" \
+@ENABLE_REGENERATE_MAN_TRUE@ -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/profile-docbook.xsl $<
+
+@ENABLE_REGENERATE_MAN_TRUE@clean-local:
+@ENABLE_REGENERATE_MAN_TRUE@ rm -rf man1 man3 man5 man8
+
+#$(man_MANS):
+# @echo you need to run configure with --enable-man to generate man pages
+
+@ENABLE_REGENERATE_MAN_TRUE@man8/grpconv.8 man8/grpunconv.8 man8/pwunconv.8: man8/pwconv.8
+
+@ENABLE_REGENERATE_MAN_TRUE@man3/getspnam.3: man3/shadow.3
+
+@ENABLE_REGENERATE_MAN_TRUE@man8/vigr.8: man8/vipw.8
+
+@ENABLE_REGENERATE_MAN_FALSE@$(man_MANS):
+@ENABLE_REGENERATE_MAN_FALSE@ @echo ""
+@ENABLE_REGENERATE_MAN_FALSE@ @echo "Error: you need to run configure with '--enable-man'"
+@ENABLE_REGENERATE_MAN_FALSE@ @echo " in order to regenerate man pages."
+@ENABLE_REGENERATE_MAN_FALSE@ @echo ""
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
Index: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man (revision 5)
Property changes on: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new/man
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new (revision 5)
Property changes on: shadow/create-4.8.1-sulogin-man-patch/shadow-4.8.1-new
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/create-4.8.1-sulogin-man-patch
===================================================================
--- shadow/create-4.8.1-sulogin-man-patch (nonexistent)
+++ shadow/create-4.8.1-sulogin-man-patch (revision 5)
Property changes on: shadow/create-4.8.1-sulogin-man-patch
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow/patches/README
===================================================================
--- shadow/patches/README (nonexistent)
+++ shadow/patches/README (revision 5)
@@ -0,0 +1,24 @@
+
+/* begin *
+
+ shadow-4.8.1-short-hostname.patch - login: display short hostname
+
+ shadow-4.8.1-CVE-2005-4890.patch:
+ ================================
+ From 0f6a809b7c4c9a8f4adb5b25808dd68000e17aa2 Mon Sep 17 00:00:00 2001
+ From: mancha <mancha1@hush.com>
+ Date: Wed, 04 Dec 2013
+ Subject: restrict "su -c" only when callee is not root
+
+ Shadow 4.1.5 addressed a tty-hijacking vulnerability in "su -c"
+ (CVE-2005-4890) by detaching the controlling terminal in the non-PAM
+ case via a TIOCNOTTY request.
+
+ Bi-directional protection is excessive and breaks a commonly-used
+ methods for privilege escalation on non-PAM systems (e.g. xterm -e
+ /bin/su -s /bin/bash -c /bin/bash myscript).
+
+ This patch relaxes the restriction and only detaches the controlling
+ tty when the callee is not root (which is, after all, the threat vector).
+
+ * end */
Index: shadow/patches
===================================================================
--- shadow/patches (nonexistent)
+++ shadow/patches (revision 5)
Property changes on: shadow/patches
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: shadow
===================================================================
--- shadow (nonexistent)
+++ shadow (revision 5)
Property changes on: shadow
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~
Index: .
===================================================================
--- . (nonexistent)
+++ . (revision 5)
Property changes on: .
___________________________________________________________________
Added: svn:ignore
## -0,0 +1,73 ##
+
+# install dir
+dist
+
+# Target build dirs
+.a1x-newlib
+.a2x-newlib
+.at91sam7s-newlib
+
+.build-machine
+
+.a1x-glibc
+.a2x-glibc
+.h3-glibc
+.h5-glibc
+.i586-glibc
+.i686-glibc
+.imx6-glibc
+.jz47xx-glibc
+.makefile
+.am335x-glibc
+.omap543x-glibc
+.p5600-glibc
+.power8-glibc
+.power8le-glibc
+.power9-glibc
+.power9le-glibc
+.m1000-glibc
+.riscv64-glibc
+.rk328x-glibc
+.rk33xx-glibc
+.rk339x-glibc
+.s8xx-glibc
+.s9xx-glibc
+.x86_64-glibc
+
+# Hidden files (each file)
+.makefile
+.dist
+.rootfs
+
+# src & hw requires
+.src_requires
+.src_requires_depend
+.requires
+.requires_depend
+
+# Tarballs
+*.gz
+*.bz2
+*.lz
+*.xz
+*.tgz
+*.txz
+
+# Signatures
+*.asc
+*.sig
+*.sign
+*.sha1sum
+
+# Patches
+*.patch
+
+# Descriptions
+*.dsc
+*.txt
+
+# Default linux config files
+*.defconfig
+
+# backup copies
+*~