summaryrefslogtreecommitdiffstats
path: root/source/a/shadow
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2020-02-15 02:42:28 +0000
committer Eric Hameleers <alien@slackware.com>2020-02-15 08:59:47 +0100
commit7cde3ca9e7c5de666cc607e737f984a52f94e021 (patch)
tree9625b6c02d0dad1e8cc40f9713b2c1d4919d011a /source/a/shadow
parentbea4af160dc640549e07144b9a0dddf09b569861 (diff)
downloadcurrent-7cde3ca9e7c5de666cc607e737f984a52f94e021.tar.gz
current-7cde3ca9e7c5de666cc607e737f984a52f94e021.tar.xz
Sat Feb 15 02:42:28 UTC 202020200215024228
a/kernel-generic-5.4.20-x86_64-1.txz: Upgraded. a/kernel-huge-5.4.20-x86_64-1.txz: Upgraded. a/kernel-modules-5.4.20-x86_64-1.txz: Upgraded. a/shadow-4.8.1-x86_64-3.txz: Rebuilt. a/util-linux-2.35.1-x86_64-3.txz: Rebuilt. d/kernel-headers-5.4.20-x86-1.txz: Upgraded. k/kernel-source-5.4.20-noarch-1.txz: Upgraded. l/ConsoleKit2-1.2.1-x86_64-2.txz: Rebuilt. l/dconf-editor-3.34.4-x86_64-1.txz: Upgraded. l/libxkbcommon-0.10.0-x86_64-1.txz: Added. l/openal-soft-1.19.1-x86_64-1.txz: Added. l/qt5-5.13.2-x86_64-1.txz: Added. Thanks to alienBOB. n/openssh-8.2p1-x86_64-1.txz: Upgraded. Potentially incompatible changes: * ssh(1), sshd(8): the removal of "ssh-rsa" from the accepted CASignatureAlgorithms list. * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1 from the default key exchange proposal for both the client and server. * ssh-keygen(1): the command-line options related to the generation and screening of safe prime numbers used by the diffie-hellman-group-exchange-* key exchange algorithms have changed. Most options have been folded under the -O flag. * sshd(8): the sshd listener process title visible to ps(1) has changed to include information about the number of connections that are currently attempting authentication and the limits configured by MaxStartups. x/mesa-19.3.4-x86_64-2.txz: Rebuilt. Reverted "[PATCH] swr: Fix GCC 4.9 checks." which makes X fail to start with an illegal instruction on some hardware. isolinux/initrd.img: Rebuilt. kernels/*: Upgraded. testing/packages/PAM/ConsoleKit2-1.2.1-x86_64-2_pam.txz: Rebuilt. Rebuilt with --disable-libcgmanager to fix setting limits on PAM. Thanks to gattocarlo. testing/packages/PAM/openssh-8.2p1-x86_64-1_pam.txz: Upgraded. testing/packages/PAM/shadow-4.8.1-x86_64-3_pam.txz: Rebuilt. Moved some of the /etc/pam.d/ file to the util-linux package where they more properly belong. testing/packages/PAM/util-linux-2.35.1-x86_64-3_pam.txz: Rebuilt. Added some /etc/pam.d/ files previously in the shadow package. Changed /etc/pam.d/{chfn,chsh} and made chfn/chsh setuid root to fix them. Added /etc/pam.d/{runuser,runuser-l}. usb-and-pxe-installers/usbboot.img: Rebuilt.
Diffstat (limited to 'source/a/shadow')
-rw-r--r--source/a/shadow/doinst.sh27
-rw-r--r--source/a/shadow/pam.d/chfn4
-rw-r--r--source/a/shadow/pam.d/chsh4
-rw-r--r--source/a/shadow/pam.d/login11
-rw-r--r--source/a/shadow/pam.d/su11
-rw-r--r--source/a/shadow/pam.d/su-l6
-rwxr-xr-xsource/a/shadow/shadow.SlackBuild2
7 files changed, 16 insertions, 49 deletions
diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh
index ce3e8116a..98c8a92c5 100644
--- a/source/a/shadow/doinst.sh
+++ b/source/a/shadow/doinst.sh
@@ -10,17 +10,20 @@ config() {
# Otherwise, we leave the .new copy for the admin to consider...
}
-# First, check for PAM:
-if [ -r etc/pam.d/login.new ]; then
- # If there's an existing /etc/login.defs that contains an obsolete option
- # intended for a non-pam system, rename it to back it up and allow the
- # pam-enabled login.defs to be installed automatically:
- if grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
- mv etc/login.defs etc/login.defs.non-pam.backup
- fi
-else # Same thing, but in reverse for a non-pam system:
- if ! grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
- mv etc/login.defs etc/login.defs.pam.backup
+# See if we need to backup an existing login.defs:
+if [ -r etc/login.defs ]; then
+ # First, check for PAM:
+ if [ -r etc/pam.d/login.new ]; then
+ # If there's an existing /etc/login.defs that contains an obsolete option
+ # intended for a non-pam system, rename it to back it up and allow the
+ # pam-enabled login.defs to be installed automatically:
+ if grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
+ mv etc/login.defs etc/login.defs.non-pam.backup
+ fi
+ else # Same thing, but in reverse for a non-pam system:
+ if ! grep -q "^LASTLOG_ENAB" etc/login.defs 1> /dev/null 2> /dev/null ; then
+ mv etc/login.defs etc/login.defs.pam.backup
+ fi
fi
fi
@@ -31,7 +34,7 @@ rm -f var/log/faillog.new
if [ -r etc/login.access.new ]; then
config etc/login.access.new
fi
-for configfile in chage.new chfn.new chgpasswd.new chpasswd.new chsh.new groupadd.new groupdel.new groupmems.new groupmod.new login.new newusers.new other.new passwd.new postlogin.new su-l.new su.new system-auth.new useradd.new userdel.new usermod.new ; do
+for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new system-auth.new useradd.new userdel.new usermod.new ; do
if [ -r etc/pam.d/$configfile ]; then
config etc/pam.d/$configfile
fi
diff --git a/source/a/shadow/pam.d/chfn b/source/a/shadow/pam.d/chfn
deleted file mode 100644
index 8f49f5cc8..000000000
--- a/source/a/shadow/pam.d/chfn
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth sufficient pam_rootok.so
-account required pam_permit.so
-password include system-auth
diff --git a/source/a/shadow/pam.d/chsh b/source/a/shadow/pam.d/chsh
deleted file mode 100644
index 8f49f5cc8..000000000
--- a/source/a/shadow/pam.d/chsh
+++ /dev/null
@@ -1,4 +0,0 @@
-#%PAM-1.0
-auth sufficient pam_rootok.so
-account required pam_permit.so
-password include system-auth
diff --git a/source/a/shadow/pam.d/login b/source/a/shadow/pam.d/login
deleted file mode 100644
index eb3121996..000000000
--- a/source/a/shadow/pam.d/login
+++ /dev/null
@@ -1,11 +0,0 @@
-#%PAM-1.0
-auth required pam_securetty.so
-auth include system-auth
-auth include postlogin
-account required pam_nologin.so
-account include system-auth
-password include system-auth
-session include system-auth
-session include postlogin
-session required pam_loginuid.so
-session optional pam_ck_connector.so nox11
diff --git a/source/a/shadow/pam.d/su b/source/a/shadow/pam.d/su
deleted file mode 100644
index c7c814877..000000000
--- a/source/a/shadow/pam.d/su
+++ /dev/null
@@ -1,11 +0,0 @@
-#%PAM-1.0
-auth sufficient pam_rootok.so
-# Uncomment the following line to implicitly trust users in the "wheel" group.
-#auth sufficient pam_wheel.so trust use_uid
-# Uncomment the following line to require a user to be in the "wheel" group.
-#auth required pam_wheel.so use_uid
-auth include system-auth
-account include system-auth
-password include system-auth
-session include system-auth
-session optional pam_xauth.so
diff --git a/source/a/shadow/pam.d/su-l b/source/a/shadow/pam.d/su-l
deleted file mode 100644
index 656a139a8..000000000
--- a/source/a/shadow/pam.d/su-l
+++ /dev/null
@@ -1,6 +0,0 @@
-#%PAM-1.0
-auth include su
-account include su
-password include su
-session optional pam_keyinit.so force revoke
-session include su
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index bc22d5e84..1cd486be9 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
PKGNAM=shadow
VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+BUILD=${BUILD:-3}
# Automatically determine the architecture we're building on:
if [ -z "$ARCH" ]; then