diff options
Diffstat (limited to 'meta/recipes-extended/shadow')
16 files changed, 388 insertions, 530 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch index a6f604b652..ab317b9aa0 100644 --- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch +++ b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch @@ -1,4 +1,4 @@ -From 8cf3454d567f77233023be49a39a33e9f0836f89 Mon Sep 17 00:00:00 2001 +From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001 From: Scott Garman <scott.a.garman@intel.com> Date: Thu, 14 Apr 2016 12:28:57 +0200 Subject: [PATCH] Disable use of syslog for sysroot @@ -11,6 +11,8 @@ Upstream-Status: Inappropriate [disable feature] Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + --- src/groupadd.c | 3 +++ src/groupdel.c | 3 +++ @@ -22,7 +24,7 @@ Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> 7 files changed, 21 insertions(+) diff --git a/src/groupadd.c b/src/groupadd.c -index 39b4ec0..f716f57 100644 +index 2dd8eec..e9c4bb7 100644 --- a/src/groupadd.c +++ b/src/groupadd.c @@ -34,6 +34,9 @@ @@ -36,7 +38,7 @@ index 39b4ec0..f716f57 100644 #include <fcntl.h> #include <getopt.h> diff --git a/src/groupdel.c b/src/groupdel.c -index da99347..46a679c 100644 +index f941a84..5a70056 100644 --- a/src/groupdel.c +++ b/src/groupdel.c @@ -34,6 +34,9 @@ @@ -50,7 +52,7 @@ index da99347..46a679c 100644 #include <fcntl.h> #include <grp.h> diff --git a/src/groupmems.c b/src/groupmems.c -index e4f107f..95cb073 100644 +index fc91c8b..2842514 100644 --- a/src/groupmems.c +++ b/src/groupmems.c @@ -32,6 +32,9 @@ @@ -64,7 +66,7 @@ index e4f107f..95cb073 100644 #include <getopt.h> #include <grp.h> diff --git a/src/groupmod.c b/src/groupmod.c -index d9d3807..6229737 100644 +index 1dca5fc..bc14438 100644 --- a/src/groupmod.c +++ b/src/groupmod.c @@ -34,6 +34,9 @@ @@ -78,7 +80,7 @@ index d9d3807..6229737 100644 #include <fcntl.h> #include <getopt.h> diff --git a/src/useradd.c b/src/useradd.c -index e1ebf50..25679d8 100644 +index 4af0f7c..1b7bf06 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -34,6 +34,9 @@ @@ -92,7 +94,7 @@ index e1ebf50..25679d8 100644 #include <ctype.h> #include <errno.h> diff --git a/src/userdel.c b/src/userdel.c -index 19b12bc..a083929 100644 +index cc951e5..153e0be 100644 --- a/src/userdel.c +++ b/src/userdel.c @@ -34,6 +34,9 @@ @@ -102,11 +104,11 @@ index 19b12bc..a083929 100644 +/* Disable use of syslog since we're running this command against a sysroot */ +#undef USE_SYSLOG + + #include <assert.h> #include <errno.h> #include <fcntl.h> - #include <getopt.h> diff --git a/src/usermod.c b/src/usermod.c -index 685b50a..28e5cfc 100644 +index 05b9871..21c6da9 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -34,6 +34,9 @@ @@ -116,9 +118,6 @@ index 685b50a..28e5cfc 100644 +/* Disable use of syslog since we're running this command against a sysroot */ +#undef USE_SYSLOG + + #include <assert.h> #include <ctype.h> #include <errno.h> - #include <fcntl.h> --- -2.1.0 - diff --git a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch b/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch deleted file mode 100644 index 828b95a572..0000000000 --- a/meta/recipes-extended/shadow/files/0001-Do-not-read-login.defs-before-doing-chroot.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 170c25c8e0b5c3dc2615d1db94c8d24a13ff99bf Mon Sep 17 00:00:00 2001 -From: Peter Kjellerstedt <pkj@axis.com> -Date: Thu, 11 Sep 2014 15:11:23 +0200 -Subject: [PATCH] Do not read login.defs before doing chroot() - -If "useradd --root <root> ..." was used, the login.defs file would still -be read from /etc/login.defs instead of <root>/etc/login.defs. This was -due to getdef_ulong() being called before process_root_flag(). - -Upstream-Status: Submitted [http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2014-September/010446.html] - -Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> ---- - src/useradd.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index a8a1f76..e1ebf50 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1993,9 +1993,11 @@ int main (int argc, char **argv) - #endif /* USE_PAM */ - #endif /* ACCT_TOOLS_SETUID */ - -+#ifdef ENABLE_SUBIDS - /* Needed for userns check */ -- uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -- uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); -+ uid_t uid_min; -+ uid_t uid_max; -+#endif - - /* - * Get my name so that I can use it to report errors. -@@ -2026,6 +2028,8 @@ int main (int argc, char **argv) - is_shadow_grp = sgr_file_present (); - #endif - #ifdef ENABLE_SUBIDS -+ uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL); -+ uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL); - is_sub_uid = sub_uid_file_present () && !rflg && - (!user_id || (user_id <= uid_max && user_id >= uid_min)); - is_sub_gid = sub_gid_file_present () && !rflg && --- -1.9.0 - diff --git a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch deleted file mode 100644 index 85dde8e1bb..0000000000 --- a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch +++ /dev/null @@ -1,109 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Subject: useradd.c: create parent directories when necessary - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------ - 1 file changed, 49 insertions(+), 23 deletions(-) - -diff --git a/src/useradd.c b/src/useradd.c -index 4bd969d..cb5dd6c 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1893,6 +1893,35 @@ static void usr_update (void) - } - - /* -+ * mkdir_p - create directories, including parent directories when needed -+ * -+ * similar to `mkdir -p' -+ */ -+void mkdir_p(const char *path) { -+ int len = strlen(path); -+ char newdir[len + 1]; -+ mode_t mode = 0755; -+ int i = 0; -+ -+ if (path[i] == '\0') { -+ return; -+ } -+ -+ /* skip the leading '/' */ -+ i++; -+ -+ while(path[i] != '\0') { -+ if (path[i] == '/') { -+ strncpy(newdir, path, i); -+ newdir[i] = '\0'; -+ mkdir(newdir, mode); -+ } -+ i++; -+ } -+ mkdir(path, mode); -+} -+ -+/* - * create_home - create the user's home directory - * - * create_home() creates the user's home directory if it does not -@@ -1907,36 +1936,33 @@ static void create_home (void) - fail_exit (E_HOMEDIR); - } - #endif -- /* XXX - create missing parent directories. --marekm */ -- if (mkdir (user_home, 0) != 0) { -- fprintf (stderr, -- _("%s: cannot create directory %s\n"), -- Prog, user_home); --#ifdef WITH_AUDIT -- audit_logger (AUDIT_ADD_USER, Prog, -- "adding home directory", -- user_name, (unsigned int) user_id, -- SHADOW_AUDIT_FAILURE); --#endif -- fail_exit (E_HOMEDIR); -- } -- chown (user_home, user_id, user_gid); -- chmod (user_home, -- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -- home_added = true; -+ mkdir_p(user_home); -+ } -+ if (access (user_home, F_OK) != 0) { - #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - "adding home directory", - user_name, (unsigned int) user_id, -- SHADOW_AUDIT_SUCCESS); -+ SHADOW_AUDIT_FAILURE); - #endif --#ifdef WITH_SELINUX -- /* Reset SELinux to create files with default contexts */ -- if (reset_selinux_file_context () != 0) { -- fail_exit (E_HOMEDIR); -- } -+ fail_exit (E_HOMEDIR); -+ } -+ chown (user_home, user_id, user_gid); -+ chmod (user_home, -+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK)); -+ home_added = true; -+#ifdef WITH_AUDIT -+ audit_logger (AUDIT_ADD_USER, Prog, -+ "adding home directory", -+ user_name, (unsigned int) user_id, -+ SHADOW_AUDIT_SUCCESS); - #endif -+#ifdef WITH_SELINUX -+ /* Reset SELinux to create files with default contexts */ -+ if (reset_selinux_file_context () != 0) { -+ fail_exit (E_HOMEDIR); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch new file mode 100644 index 0000000000..c6332e4f76 --- /dev/null +++ b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch @@ -0,0 +1,301 @@ +From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Sat, 16 Nov 2013 15:27:47 +0800 +Subject: [PATCH] Allow for setting password in clear text + +Upstream-Status: Inappropriate [OE specific] + +Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + +--- + src/Makefile.am | 8 ++++---- + src/groupadd.c | 20 +++++++++++++++----- + src/groupmod.c | 20 +++++++++++++++----- + src/useradd.c | 21 +++++++++++++++------ + src/usermod.c | 20 +++++++++++++++----- + 5 files changed, 64 insertions(+), 25 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index f31fd7a..4a317a3 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) + chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) + expiry_LDADD = $(LDADD) $(LIBECONF) + gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) +-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) ++groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) + groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) + groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) ++groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT) + grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) + grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) + grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) +@@ -127,9 +127,9 @@ su_SOURCES = \ + suauth.c + su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) + sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF) +-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) ++useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) + userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) +-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) ++usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT) + vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) + + install-am: all-am +diff --git a/src/groupadd.c b/src/groupadd.c +index e9c4bb7..d572c00 100644 +--- a/src/groupadd.c ++++ b/src/groupadd.c +@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status) + (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" + " (non-unique) GID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +- (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout); ++ (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); + } +@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv) + {"key", required_argument, NULL, 'K'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, +- {"prefix", required_argument, NULL, 'P'}, ++ {"prefix", required_argument, NULL, 'A'}, + {NULL, 0, NULL, '\0'} + }; + +- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:", ++ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:", + long_options, NULL)) != -1) { + switch (c) { + case 'f': +@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv) + pflg = true; + group_passwd = optarg; + break; ++ case 'P': ++ pflg = true; ++ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ break; + case 'r': + rflg = true; + break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +- case 'P': /* no-op, handled in process_prefix_flag () */ ++ case 'A': /* no-op, handled in process_prefix_flag () */ ++ fprintf (stderr, ++ _("%s: -A is deliberately not supported \n"), ++ Prog); ++ exit (E_BAD_ARG); + break; + default: + usage (E_USAGE); +@@ -588,7 +598,7 @@ int main (int argc, char **argv) + (void) textdomain (PACKAGE); + + process_root_flag ("-R", argc, argv); +- prefix = process_prefix_flag ("-P", argc, argv); ++ prefix = process_prefix_flag ("-A", argc, argv); + + OPENLOG ("groupadd"); + #ifdef WITH_AUDIT +diff --git a/src/groupmod.c b/src/groupmod.c +index bc14438..25ccb44 100644 +--- a/src/groupmod.c ++++ b/src/groupmod.c +@@ -138,8 +138,9 @@ static void usage (int status) + (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" + " PASSWORD\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); ++ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs ("\n", usageout); + exit (status); + } +@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv) + {"new-name", required_argument, NULL, 'n'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"root", required_argument, NULL, 'R'}, +- {"prefix", required_argument, NULL, 'P'}, ++ {"prefix", required_argument, NULL, 'A'}, + {NULL, 0, NULL, '\0'} + }; +- while ((c = getopt_long (argc, argv, "g:hn:op:R:P:", ++ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:", + long_options, NULL)) != -1) { + switch (c) { + case 'g': +@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv) + group_passwd = optarg; + pflg = true; + break; ++ case 'P': ++ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ pflg = true; ++ break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +- case 'P': /* no-op, handled in process_prefix_flag () */ ++ case 'A': /* no-op, handled in process_prefix_flag () */ ++ fprintf (stderr, ++ _("%s: -A is deliberately not supported \n"), ++ Prog); ++ exit (E_BAD_ARG); + break; + default: + usage (E_USAGE); +@@ -761,7 +771,7 @@ int main (int argc, char **argv) + (void) textdomain (PACKAGE); + + process_root_flag ("-R", argc, argv); +- prefix = process_prefix_flag ("-P", argc, argv); ++ prefix = process_prefix_flag ("-A", argc, argv); + + OPENLOG ("groupmod"); + #ifdef WITH_AUDIT +diff --git a/src/useradd.c b/src/useradd.c +index 1b7bf06..44f09e2 100644 +--- a/src/useradd.c ++++ b/src/useradd.c +@@ -853,9 +853,10 @@ static void usage (int status) + (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" + " (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); + (void) fputs (_(" -r, --system create a system account\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); ++ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); + (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout); + (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout); +@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv) + {"no-user-group", no_argument, NULL, 'N'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"system", no_argument, NULL, 'r'}, + {"root", required_argument, NULL, 'R'}, +- {"prefix", required_argument, NULL, 'P'}, ++ {"prefix", required_argument, NULL, 'A'}, + {"shell", required_argument, NULL, 's'}, + {"uid", required_argument, NULL, 'u'}, + {"user-group", no_argument, NULL, 'U'}, +@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv) + }; + while ((c = getopt_long (argc, argv, + #ifdef WITH_SELINUX +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:", + #else /* !WITH_SELINUX */ +- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U", ++ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U", + #endif /* !WITH_SELINUX */ + long_options, NULL)) != -1) { + switch (c) { +@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv) + } + user_pass = optarg; + break; ++ case 'P': /* set clear text password */ ++ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ break; + case 'r': + rflg = true; + break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +- case 'P': /* no-op, handled in process_prefix_flag () */ ++ case 'A': /* no-op, handled in process_prefix_flag () */ ++ fprintf (stderr, ++ _("%s: -A is deliberately not supported \n"), ++ Prog); ++ exit (E_BAD_ARG); + break; + case 's': + if ( ( !VALID (optarg) ) +@@ -2257,7 +2266,7 @@ int main (int argc, char **argv) + + process_root_flag ("-R", argc, argv); + +- prefix = process_prefix_flag("-P", argc, argv); ++ prefix = process_prefix_flag("-A", argc, argv); + + OPENLOG ("useradd"); + #ifdef WITH_AUDIT +diff --git a/src/usermod.c b/src/usermod.c +index 21c6da9..cffdb3e 100644 +--- a/src/usermod.c ++++ b/src/usermod.c +@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status) + " new location (use only with -d)\n"), usageout); + (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); + (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); ++ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); + (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); +- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); ++ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout); + (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); + (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); + (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout); +@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv) + {"move-home", no_argument, NULL, 'm'}, + {"non-unique", no_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'}, ++ {"clear-password", required_argument, NULL, 'P'}, + {"root", required_argument, NULL, 'R'}, +- {"prefix", required_argument, NULL, 'P'}, ++ {"prefix", required_argument, NULL, 'A'}, + {"shell", required_argument, NULL, 's'}, + {"uid", required_argument, NULL, 'u'}, + {"unlock", no_argument, NULL, 'U'}, +@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv) + {NULL, 0, NULL, '\0'} + }; + while ((c = getopt_long (argc, argv, +- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:" ++ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:" + #ifdef ENABLE_SUBIDS + "v:w:V:W:" + #endif /* ENABLE_SUBIDS */ +@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv) + user_pass = optarg; + pflg = true; + break; ++ case 'P': ++ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); ++ pflg = true; ++ break; + case 'R': /* no-op, handled in process_root_flag () */ + break; +- case 'P': /* no-op, handled in process_prefix_flag () */ ++ case 'A': /* no-op, handled in process_prefix_flag () */ ++ fprintf (stderr, ++ _("%s: -A is deliberately not supported \n"), ++ Prog); ++ exit (E_BAD_ARG); + break; + case 's': + if (!VALID (optarg)) { +@@ -2127,7 +2137,7 @@ int main (int argc, char **argv) + (void) textdomain (PACKAGE); + + process_root_flag ("-R", argc, argv); +- prefix = process_prefix_flag ("-P", argc, argv); ++ prefix = process_prefix_flag ("-A", argc, argv); + + OPENLOG ("usermod"); + #ifdef WITH_AUDIT diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch deleted file mode 100644 index 68da25f406..0000000000 --- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch +++ /dev/null @@ -1,201 +0,0 @@ -Upstream-Status: Inappropriate [OE specific] - -Allow for setting password in clear text. - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 8 ++++---- - src/groupadd.c | 8 +++++++- - src/groupmod.c | 8 +++++++- - src/useradd.c | 9 +++++++-- - src/usermod.c | 8 +++++++- - 5 files changed, 32 insertions(+), 9 deletions(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..856b087 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) --groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) --groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) -+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - grpck_LDADD = $(LDADD) $(LIBSELINUX) - grpconv_LDADD = $(LDADD) $(LIBSELINUX) - grpunconv_LDADD = $(LDADD) $(LIBSELINUX) -@@ -111,9 +111,9 @@ su_SOURCES = \ - suauth.c - su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - sulogin_LDADD = $(LDADD) $(LIBCRYPT) --useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) --usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) -+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT) - vipw_LDADD = $(LDADD) $(LIBSELINUX) - - install-am: all-am -diff --git a/src/groupadd.c b/src/groupadd.c -index f716f57..4e28c26 100644 ---- a/src/groupadd.c -+++ b/src/groupadd.c -@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" - " (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); -@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv) - {"key", required_argument, NULL, 'K'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; - -- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:", -+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:", - long_options, NULL)) != -1) { - switch (c) { - case 'f': -@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv) - pflg = true; - group_passwd = optarg; - break; -+ case 'P': -+ pflg = true; -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/groupmod.c b/src/groupmod.c -index d9d3807..68f49d1 100644 ---- a/src/groupmod.c -+++ b/src/groupmod.c -@@ -127,6 +127,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" - " PASSWORD\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs ("\n", usageout); - exit (status); -@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv) - {"new-name", required_argument, NULL, 'n'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {NULL, 0, NULL, '\0'} - }; -- while ((c = getopt_long (argc, argv, "g:hn:op:R:", -+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:", - long_options, NULL)) != -1) { - switch (c) { - case 'g': -@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv) - group_passwd = optarg; - pflg = true; - break; -+ case 'P': -+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - default: -diff --git a/src/useradd.c b/src/useradd.c -index b3bd451..4416f90 100644 ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -773,6 +773,7 @@ static void usage (int status) - (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" - " (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout); - (void) fputs (_(" -r, --system create a system account\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout); -@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv) - {"no-user-group", no_argument, NULL, 'N'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"system", no_argument, NULL, 'r'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, -@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv) - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv) - } - user_pass = optarg; - break; -+ case 'P': /* set clear text password */ -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ break; - case 'r': - rflg = true; - break; -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..b79f7a3 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status) - " new location (use only with -d)\n"), usageout); - (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout); - (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout); -+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout); - (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout); - (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout); - (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout); -@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv) - {"move-home", no_argument, NULL, 'm'}, - {"non-unique", no_argument, NULL, 'o'}, - {"password", required_argument, NULL, 'p'}, -+ {"clear-password", required_argument, NULL, 'P'}, - {"root", required_argument, NULL, 'R'}, - {"shell", required_argument, NULL, 's'}, - {"uid", required_argument, NULL, 'u'}, -@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv) - {NULL, 0, NULL, '\0'} - }; - while ((c = getopt_long (argc, argv, -- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U" -+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U" - #ifdef ENABLE_SUBIDS - "v:w:V:W:" - #endif /* ENABLE_SUBIDS */ -@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv) - user_pass = optarg; - pflg = true; - break; -+ case 'P': -+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); -+ pflg = true; -+ break; - case 'R': /* no-op, handled in process_root_flag () */ - break; - case 's': --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch b/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch deleted file mode 100644 index 185590cabd..0000000000 --- a/meta/recipes-extended/shadow/files/check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 2cb54158b80cdbd97ca3b36df83f9255e923ae3f Mon Sep 17 00:00:00 2001 -From: James Le Cuirot <chewi@aura-online.co.uk> -Date: Sat, 23 Aug 2014 09:46:39 +0100 -Subject: [PATCH] Check size of uid_t and gid_t using AC_CHECK_SIZEOF - -This built-in check is simpler than the previous method and, most -importantly, works when cross-compiling. - -Upstream-Status: Accepted -[https://github.com/shadow-maint/shadow/commit/2cb54158b80cdbd97ca3b36df83f9255e923ae3f] - -Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> ---- - configure.in | 14 ++++---------- - 1 file changed, 4 insertions(+), 10 deletions(-) - -diff --git a/configure.in b/configure.in -index 1a3f841..4a4d6d0 100644 ---- a/configure.in -+++ b/configure.in -@@ -335,16 +335,10 @@ if test "$enable_subids" != "no"; then - dnl - dnl FIXME: check if 32 bit UIDs/GIDs are supported by libc - dnl -- AC_RUN_IFELSE([AC_LANG_SOURCE([ --#include <sys/types.h> --int main(void) { -- uid_t u; -- gid_t g; -- return (sizeof u < 4) || (sizeof g < 4); --} -- ])], [id32bit="yes"], [id32bit="no"]) -- -- if test "x$id32bit" = "xyes"; then -+ AC_CHECK_SIZEOF([uid_t],, [#include "sys/types.h"]) -+ AC_CHECK_SIZEOF([gid_t],, [#include "sys/types.h"]) -+ -+ if test "$ac_cv_sizeof_uid_t" -ge 4 && test "$ac_cv_sizeof_gid_t" -ge 4; then - AC_DEFINE(ENABLE_SUBIDS, 1, [Define to support the subordinate IDs.]) - enable_subids="yes" - else diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch index 4fa3d184ed..9825216369 100644 --- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch +++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch @@ -1,3 +1,8 @@ +From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 +From: Chen Qi <Qi.Chen@windriver.com> +Date: Thu, 17 Jul 2014 15:53:34 +0800 +Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env + Upstream-Status: Inappropriate [OE specific] commonio.c: fix unexpected open failure in chroot environment @@ -10,15 +15,16 @@ Note that this patch doesn't change the logic in the code, it just expands the codes. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> + --- - lib/commonio.c | 16 ++++++++++++---- + lib/commonio.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/commonio.c b/lib/commonio.c -index cc536bf..51cafd9 100644 +index 16fa7e7..d6bc297 100644 --- a/lib/commonio.c +++ b/lib/commonio.c -@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode) +@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) db->cursor = NULL; db->changed = false; @@ -41,6 +47,3 @@ index cc536bf..51cafd9 100644 db->fp = NULL; if (fd >= 0) { #ifdef WITH_TCB --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch deleted file mode 100644 index 02cb91aafd..0000000000 --- a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,28 +0,0 @@ -Upstream-Status: Pending - -Subject: fix installation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/Makefile.am | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 25e288d..076f8ef 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -52,7 +52,10 @@ usbin_PROGRAMS = \ - noinst_PROGRAMS = id sulogin - - suidbins = su --suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap -+suidubins = chage chfn chsh expiry gpasswd newgrp passwd -+if ENABLE_SUBIDS -+suidubins += newgidmap newuidmap -+endif - if ACCT_TOOLS_SETUID - suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod - endif --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/files/pam.d/chpasswd b/meta/recipes-extended/shadow/files/pam.d/chpasswd index 9e3efa68ba..b769d92ba4 100644 --- a/meta/recipes-extended/shadow/files/pam.d/chpasswd +++ b/meta/recipes-extended/shadow/files/pam.d/chpasswd @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'chpasswd' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/meta/recipes-extended/shadow/files/pam.d/newusers b/meta/recipes-extended/shadow/files/pam.d/newusers index 4aa3dde48b..4c59dfa478 100644 --- a/meta/recipes-extended/shadow/files/pam.d/newusers +++ b/meta/recipes-extended/shadow/files/pam.d/newusers @@ -1,4 +1,6 @@ # The PAM configuration file for the Shadow 'newusers' service # +auth sufficient pam_rootok.so +account required pam_permit.so password include common-password diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch index 1af04d5fe8..cc833362e9 100644 --- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch +++ b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch @@ -1,26 +1,37 @@ +From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001 +From: Shan Hai <shan.hai@windriver.com> +Date: Tue, 13 Sep 2016 13:45:46 +0800 +Subject: [PATCH] shadow: use relaxed usernames The groupadd from shadow does not allow upper case group names, the same is true for the upstream shadow. But distributions like Debian/Ubuntu/CentOS has their own way to cope with this problem, this patch is picked up from CentOS release 7.0 to relax the usernames restrictions to allow the upper case group names, and the relaxation is -POSIX compliant because POSIX indicate that usernames are composed of +POSIX compliant because POSIX indicate that usernames are composed of characters from the portable filename character set [A-Za-z0-9._-]. Upstream-Status: Pending -Signed-off-by: Shan Hai <shan.hai@windriver.com> +Signed-off-by: Shan Hai <shan.hai@windriver.com> -diff -urpN a/libmisc/chkname.c b/libmisc/chkname.c -index 5089112..f40a0da 100644 +--- + libmisc/chkname.c | 30 ++++++++++++++++++------------ + man/groupadd.8.xml | 6 ------ + man/useradd.8.xml | 8 +------- + 3 files changed, 19 insertions(+), 25 deletions(-) + +diff --git a/libmisc/chkname.c b/libmisc/chkname.c +index 90f185c..65762b4 100644 --- a/libmisc/chkname.c +++ b/libmisc/chkname.c -@@ -49,21 +49,28 @@ - static bool is_valid_name (const char *name) - { +@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name) + } + /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ +- - if (('\0' == *name) || - !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + * User/group names must match gnu e-regex: @@ -55,28 +66,28 @@ index 5089112..f40a0da 100644 return false; } } -diff -urpN a/man/groupadd.8.xml b/man/groupadd.8.xml -index 230fd0c..94f7807 100644 +diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml +index 1e58f09..d804b61 100644 --- a/man/groupadd.8.xml +++ b/man/groupadd.8.xml -@@ -222,12 +222,6 @@ +@@ -272,12 +272,6 @@ + <refsect1 id='caveats'> <title>CAVEATS</title> - <para> +- <para> - Groupnames must start with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> -- <para> + <para> Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. </para> - <para> -diff -urpN a/man/useradd.8.xml b/man/useradd.8.xml -index 5dec989..fe623b9 100644 +diff --git a/man/useradd.8.xml b/man/useradd.8.xml +index a16d730..c0bd777 100644 --- a/man/useradd.8.xml +++ b/man/useradd.8.xml -@@ -336,7 +336,7 @@ +@@ -366,7 +366,7 @@ </term> <listitem> <para> @@ -85,16 +96,16 @@ index 5dec989..fe623b9 100644 wide setting from <filename>/etc/login.defs</filename> (<option>CREATE_HOME</option>) is set to <replaceable>yes</replaceable>. -@@ -607,12 +607,6 @@ +@@ -660,12 +660,6 @@ + the user account creation request. </para> - <para> +- <para> - Usernames must start with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> -- <para> + <para> Usernames may only be up to 32 characters long. </para> - </refsect1> diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch deleted file mode 100644 index 37dc153fca..0000000000 --- a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch +++ /dev/null @@ -1,33 +0,0 @@ -Upstream-Status: Pending - -usermod: fix compilation failure with subids disabled - -Signed-off-by: Chen Qi <Qi.Chen@windriver.com> ---- - src/usermod.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/usermod.c b/src/usermod.c -index e7d4351..685b50a 100644 ---- a/src/usermod.c -+++ b/src/usermod.c -@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv) - Prog, (unsigned long) user_newid); - exit (E_UID_IN_USE); - } -- -+#ifdef ENABLE_SUBIDS - if ( (vflg || Vflg) - && !is_sub_uid) { - fprintf (stderr, -@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv) - Prog, sub_gid_dbname (), "-w", "-W"); - exit (E_USAGE); - } -+#endif - } - - /* --- -1.7.9.5 - diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb index c78f888cf4..c78f888cf4 100644 --- a/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-securetty_4.6.bb diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index ef014628f6..a8c1539c92 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -1,6 +1,6 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" +HOMEPAGE = "http://github.com/shadow-maint/shadow" +BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" LICENSE = "BSD | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" @@ -14,9 +14,6 @@ PR = "r3" # can add custom users/groups for recipes that use inherit useradd. SRC_URI = "file://login.defs_shadow-sysroot" -SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" -SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" - S = "${WORKDIR}" do_install() { @@ -27,6 +24,6 @@ do_install() { SYSROOT_DIRS += "${sysconfdir}" # don't create any packages -# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot +# otherwise: dbus-dev depends on shadow-sysroot-dev which depends on shadow-sysroot # and this has another copy of /etc/login.defs already provided by shadow PACKAGES = "" diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 35a18f8ab0..f86e5e03c0 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -1,42 +1,36 @@ SUMMARY = "Tools to change and administer password and group data" -HOMEPAGE = "http://pkg-shadow.alioth.debian.org" -BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" +HOMEPAGE = "http://github.com/shadow-maint/shadow" +BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" LICENSE = "BSD | Artistic-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ - file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" + file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" -DEPENDS = "shadow-native" -DEPENDS_class-native = "" -DEPENDS_class-nativesdk = "" +DEPENDS = "virtual/crypt" -SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \ +UPSTREAM_CHECK_URI = "https://github.com/shadow-maint/shadow/releases" +SRC_URI = "https://github.com/shadow-maint/shadow/releases/download/${PV}/${BP}.tar.gz \ file://shadow-4.1.3-dots-in-usernames.patch \ - file://usermod-fix-compilation-failure-with-subids-disabled.patch \ - file://fix-installation-failure-with-subids-disabled.patch \ - file://0001-Do-not-read-login.defs-before-doing-chroot.patch \ - file://check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch \ ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ + file://shadow-relaxed-usernames.patch \ " SRC_URI_append_class-target = " \ file://login_defs_pam.sed \ file://shadow-update-pam-conf.patch \ - file://shadow-relaxed-usernames.patch \ " SRC_URI_append_class-native = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ - file://allow-for-setting-password-in-clear-text.patch \ + file://0002-Allow-for-setting-password-in-clear-text.patch \ file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \ - file://0001-useradd.c-create-parent-directories-when-necessary.patch \ " SRC_URI_append_class-nativesdk = " \ file://0001-Disable-use-of-syslog-for-sysroot.patch \ " -SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8" -SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41" +SRC_URI[md5sum] = "3d97f11e66bfb0b14702b115fa8be480" +SRC_URI[sha256sum] = "3ee3081fbbcbcfea5c8916419e46bc724807bab271072104f23e7a29e9668f3a" # Additional Policy files for PAM PAM_SRC_URI = "file://pam.d/chfn \ @@ -49,19 +43,21 @@ PAM_SRC_URI = "file://pam.d/chfn \ inherit autotools gettext +export CONFIG_SHELL="/bin/sh" + EXTRA_OECONF += "--without-audit \ --without-libcrack \ --without-selinux \ --with-group-name-max-length=24 \ --enable-subordinate-ids=yes \ + --without-sssd \ ${NSCDOPT}" NSCDOPT = "" NSCDOPT_class-native = "--without-nscd" NSCDOPT_class-nativesdk = "--without-nscd" -NSCDOPT_libc-uclibc = " --without-nscd" -NSCDOPT_libc-glibc = "${@bb.utils.contains('DISTRO_FEATURES', 'libc-spawn', '--with-nscd', '--without-nscd', d)}" - +NSCDOPT_libc-glibc = "--with-nscd" + PAM_PLUGINS = "libpam-runtime \ pam-plugin-faildelay \ pam-plugin-securetty \ @@ -75,8 +71,9 @@ PAM_PLUGINS = "libpam-runtime \ pam-plugin-shells \ pam-plugin-rootok" -PACKAGECONFIG = "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" -PACKAGECONFIG_class-native = "" +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" +PACKAGECONFIG_class-native ??= "${@bb.utils.contains('DISTRO_FEATURES', 'xattr', 'attr', '', d)}" PACKAGECONFIG_class-nativesdk = "" PACKAGECONFIG[pam] = "--with-libpam,--without-libpam,libpam,${PAM_PLUGINS}" PACKAGECONFIG[attr] = "--with-attr,--without-attr,attr" @@ -127,7 +124,8 @@ do_install_append() { # Ensure that the image has as a /var/spool/mail dir so shadow can # put mailboxes there if the user reconfigures shadow to its # defaults (see sed below). - install -d ${D}${localstatedir}/spool/mail + install -m 0775 -d ${D}${localstatedir}/spool/mail + chown root:mail ${D}${localstatedir}/spool/mail if [ -e ${WORKDIR}/pam.d ]; then install -d ${D}${sysconfdir}/pam.d/ @@ -136,7 +134,7 @@ do_install_append() { sed -i -f ${WORKDIR}/login_defs_pam.sed ${D}${sysconfdir}/login.defs fi - install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} + install -d ${D}${sbindir} ${D}${base_sbindir} ${D}${base_bindir} # Move binaries to the locations we want rm ${D}${sbindir}/vigr @@ -171,22 +169,25 @@ inherit update-alternatives ALTERNATIVE_PRIORITY = "200" -ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr" +ALTERNATIVE_${PN} = "passwd chfn chsh chpasswd vipw vigr nologin" ALTERNATIVE_LINK_NAME[chpasswd] = "${sbindir}/chpasswd" ALTERNATIVE_LINK_NAME[vipw] = "${base_sbindir}/vipw" ALTERNATIVE_LINK_NAME[vigr] = "${base_sbindir}/vigr" +ALTERNATIVE_LINK_NAME[nologin] = "${base_sbindir}/nologin" ALTERNATIVE_${PN}-base = "newgrp groups login su" ALTERNATIVE_LINK_NAME[login] = "${base_bindir}/login" ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su" -ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1" +ALTERNATIVE_${PN}-doc = "passwd.5 getspnam.3 groups.1 su.1 nologin.8" ALTERNATIVE_LINK_NAME[passwd.5] = "${mandir}/man5/passwd.5" ALTERNATIVE_LINK_NAME[getspnam.3] = "${mandir}/man3/getspnam.3" ALTERNATIVE_LINK_NAME[groups.1] = "${mandir}/man1/groups.1" ALTERNATIVE_LINK_NAME[su.1] = "${mandir}/man1/su.1" +ALTERNATIVE_LINK_NAME[nologin.8] = "${mandir}/man8/nologin.8" -pkg_postinst_${PN} () { +PACKAGE_WRITE_DEPS += "shadow-native" +pkg_postinst_${PN}_class-target () { if [ "x$D" != "x" ]; then rootarg="--root $D" else diff --git a/meta/recipes-extended/shadow/shadow_4.2.1.bb b/meta/recipes-extended/shadow/shadow_4.8.1.bb index 5675cb8cc9..c975395ff8 100644 --- a/meta/recipes-extended/shadow/shadow_4.2.1.bb +++ b/meta/recipes-extended/shadow/shadow_4.8.1.bb @@ -2,7 +2,7 @@ require shadow.inc # Build falsely assumes that if --enable-libpam is set, we don't need to link against # libcrypt. This breaks chsh. -BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', bb.utils.contains('DISTRO_FEATURES', 'libc-crypt', '-lcrypt', '', d), '', d)}" +BUILD_LDFLAGS_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '-lcrypt', '', d)}" BBCLASSEXTEND = "native nativesdk" |