ports/core (3.5): shadow: converted to use PAM
commit 45c632287c255c1493f5cdf03653557074241e9f Author: Matt Housh <jaeger@crux.ninja> Date: Sun Feb 3 00:40:08 2019 -0600 shadow: converted to use PAM diff --git a/shadow/.footprint b/shadow/.footprint index 4d8875b0..8aa5cd48 100644 --- a/shadow/.footprint +++ b/shadow/.footprint @@ -5,6 +5,19 @@ drwxr-xr-x root/root etc/cron/ drwxr-xr-x root/root etc/cron/daily/ -rwxr-xr-x root/root etc/cron/daily/pwck -rw-r--r-- root/root etc/login.defs +drwxr-xr-x root/root etc/pam.d/ +-rw-r--r-- root/root etc/pam.d/chfn +-rw-r--r-- root/root etc/pam.d/chsh +-rw-r--r-- root/root etc/pam.d/groupadd +-rw-r--r-- root/root etc/pam.d/groupdel +-rw-r--r-- root/root etc/pam.d/groupmems +-rw-r--r-- root/root etc/pam.d/groupmod +-rw-r--r-- root/root etc/pam.d/login +-rw-r--r-- root/root etc/pam.d/passwd +-rw-r--r-- root/root etc/pam.d/su +-rw-r--r-- root/root etc/pam.d/useradd +-rw-r--r-- root/root etc/pam.d/userdel +-rw-r--r-- root/root etc/pam.d/usermod drwxr-xr-x root/root sbin/ -rwxr-xr-x root/root sbin/nologin drwxr-xr-x root/root usr/ @@ -52,11 +65,8 @@ drwxr-xr-x root/root usr/share/man/man1/ -rw-r--r-- root/root usr/share/man/man1/su.1.gz drwxr-xr-x root/root usr/share/man/man5/ -rw-r--r-- root/root usr/share/man/man5/faillog.5.gz --rw-r--r-- root/root usr/share/man/man5/limits.5.gz --rw-r--r-- root/root usr/share/man/man5/login.access.5.gz -rw-r--r-- root/root usr/share/man/man5/login.defs.5.gz -rw-r--r-- root/root usr/share/man/man5/passwd.5.gz --rw-r--r-- root/root usr/share/man/man5/porttime.5.gz -rw-r--r-- root/root usr/share/man/man5/shadow.5.gz -rw-r--r-- root/root usr/share/man/man5/suauth.5.gz -rw-r--r-- root/root usr/share/man/man5/subgid.5.gz diff --git a/shadow/.signature b/shadow/.signature index 8a121d86..006444b8 100644 --- a/shadow/.signature +++ b/shadow/.signature @@ -1,7 +1,19 @@ untrusted comment: verify with /etc/ports/core.pub -RWRJc1FUaeVeqpdbafEtEvgpRhYNzcGr9mzcyuw3nNoO7EawXtg05K/XdcDqIzBEs3WOrB5Vfcv/TmOkj/Q6uTF5sw+1FzJ9ZQQ= -SHA256 (Pkgfile) = 2a6884a5a14315e85f82c1cea46d43d5b9d61bd24f70fe64c9a4630d499ac2ed -SHA256 (.footprint) = 196891826eef19be5e249380bc5c9560b10051556be4a3be5d33e099a56f23ae +RWRJc1FUaeVeqidLKmJ8enSHLXy4oT1/02Up72IWtmJnhWtN5RCFagV0vdYA8Oy6RycuZE1SacxqRrY6+bbCmN7IwFiufmYxZAk= +SHA256 (Pkgfile) = d9d7dfdd3b83728df47cdcdbb65f879487702a95f460290cf7835d9d9f846096 +SHA256 (.footprint) = 63fc924400dd4fcaf8a613912291d830ae89c2fa3cc17983f06f0d54597f3640 SHA256 (shadow-4.6.tar.xz) = 0998c8d84242a231ab0acb7f8613927ff5bcff095f8aa6b79478893a03f05583 SHA256 (pwck) = c62f1bf5785c2bb93bb269156bfa02b06728a01ff5d6c2e09cf6285701a1fda0 -SHA256 (login.defs) = a5c63da222b9dd921b60a21be8fc888726b557fd3fde9f60c8899376d0311b0b +SHA256 (login.defs) = def991c4bc012834d726a4010783634a930558b91650bc4cba5fe822064c3535 +SHA256 (chfn) = b31ef7a14f747e114c970027a57acb5dcefffee439ce0b4a7d55cc2f6b632fcf +SHA256 (chsh) = 20e39e9c738599272a10f46a11338d62d755df32a26db27ce0b5c04a71d66460 +SHA256 (login) = ae3f6b4ddfc86f30f864e3e9cb514964bb323a9e59840624672f412005c64285 +SHA256 (groupadd) = c7b90c655b974d396328ddf5d028ef682c2115b6646433f430d8d4a5f9f21bc5 +SHA256 (groupdel) = c84a5e8751ca237eddaf2ac3a3bb7ef63f6535a83df6a8c52511eed65a981314 +SHA256 (groupmems) = 1bb62dc2a199118900c6c690888342e1c80d38aae89e7f29138edbfd1d8b1194 +SHA256 (groupmod) = 9cf502d1fb1d89b5115592cf5d3151bf1fca6f69ea27592768789573a079c02f +SHA256 (passwd) = e746db74b7d3ed8d4bfb796c8e27c666ea2df73504e0620fd5ac8766b055175d +SHA256 (su) = fd033d23c243c3ec7c0491f109365419bfa34c305fe6554f526b4df797486454 +SHA256 (useradd) = 2988d648da4c4c6924360aa3c648937e11ea8f5e98c856d293d071adf63a0ec9 +SHA256 (userdel) = 478cc2d620831ca266f953c0a743c19c1f007d567fb61a1757b631a80b328d41 +SHA256 (usermod) = 800ba6178170142c7202c7fdbdc30323bdbcf9b592c4f0328375b8830cf81d51 diff --git a/shadow/Pkgfile b/shadow/Pkgfile index ffb0dad1..d0ffbbb6 100644 --- a/shadow/Pkgfile +++ b/shadow/Pkgfile @@ -1,13 +1,14 @@ # Description: Shadow password file utilities -# URL: https://github.com/shadow-maint/shadow +# URL: https://github.com/shadow-maint/shadow/ # Maintainer: CRUX System Team, core-ports at crux dot nu -# Depends on: acl +# Depends on: acl linux-pam name=shadow version=4.6 -release=1 -source=(https://github.com/shadow-maint/shadow/releases/download/$version/shadow-$ve... - pwck login.defs) +release=2 +source=(https://github.com/shadow-maint/$name/releases/download/$version/$name-$vers... \ + pwck login.defs chfn chsh login groupadd groupdel \ + groupmems groupmod passwd su useradd userdel usermod) build() { cd $name-$version @@ -18,7 +19,6 @@ build() { --disable-shadowgrp \ --disable-nls \ --without-selinux \ - --without-libpam \ --without-audit make @@ -38,5 +38,9 @@ build() { $PKG/usr/share/man/man8/{newusers.8,pwconv.8,pwunconv.8} \ $PKG/usr/share/man/man5/gshadow.5 \ $PKG/usr/share/man/man3 \ - $PKG/etc/{login.access,limits,default} + $PKG/etc/{default,pam.d/*} + + install -o root -g root -m 0644 \ + $SRC/{ch{fn,sh},login,group{add,del,mems,mod},passwd,su,user{add,del,mod}} \ + $PKG/etc/pam.d/ } diff --git a/shadow/chfn b/shadow/chfn new file mode 100644 index 00000000..5c7dc45d --- /dev/null +++ b/shadow/chfn @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chfn - chfn service module configuration +# + +auth sufficient pam_rootok.so + +auth include common-auth + +account include common-account diff --git a/shadow/chsh b/shadow/chsh new file mode 100644 index 00000000..e0ee4876 --- /dev/null +++ b/shadow/chsh @@ -0,0 +1,9 @@ +# +# /etc/pam.d/chsh - chsh service module configuration +# + +auth sufficient pam_rootok.so + +auth include common-auth + +account include common-account diff --git a/shadow/groupadd b/shadow/groupadd new file mode 100644 index 00000000..22ff0707 --- /dev/null +++ b/shadow/groupadd @@ -0,0 +1,7 @@ +# +# /etc/pam.d/groupadd - groupadd service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/groupdel b/shadow/groupdel new file mode 100644 index 00000000..dce358d0 --- /dev/null +++ b/shadow/groupdel @@ -0,0 +1,7 @@ +# +# /etc/pam.d/groupdel - groupdel service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/groupmems b/shadow/groupmems new file mode 100644 index 00000000..bd60d055 --- /dev/null +++ b/shadow/groupmems @@ -0,0 +1,7 @@ +# +# /etc/pam.d/groupmems - groupmems service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/groupmod b/shadow/groupmod new file mode 100644 index 00000000..c6f9878f --- /dev/null +++ b/shadow/groupmod @@ -0,0 +1,7 @@ +# +# /etc/pam.d/groupmod - groupmod service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/login b/shadow/login new file mode 100644 index 00000000..de1a8e65 --- /dev/null +++ b/shadow/login @@ -0,0 +1,17 @@ +# +# /etc/pam.d/login - login service module configuration +# + +auth include common-auth + +auth required pam_securetty.so +auth requisite pam_nologin.so + +account include common-account + +password include common-password + +session include common-session + +session optional pam_lastlog.so +session optional pam_motd.so diff --git a/shadow/login.defs b/shadow/login.defs index 5eaaae6d..1a1293bf 100644 --- a/shadow/login.defs +++ b/shadow/login.defs @@ -3,23 +3,14 @@ # FAIL_DELAY 0 -FAILLOG_ENAB yes LOG_UNKFAIL_ENAB no LOG_OK_LOGINS no -LASTLOG_ENAB yes -MAIL_CHECK_ENAB yes -OBSCURE_CHECKS_ENAB yes -QUOTAS_ENAB no SYSLOG_SU_ENAB yes SYSLOG_SG_ENAB yes CONSOLE /etc/securetty -MOTD_FILE /etc/motd -FTMP_FILE /var/log/btmp -NOLOGINS_FILE /etc/nologin SU_NAME su MAIL_DIR /var/spool/mail HUSHLOGIN_FILE .hushlogin -ENV_HZ HZ=100 ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin ENV_PATH PATH=/bin:/usr/bin TTYGROUP tty @@ -29,9 +20,7 @@ KILLCHAR 025 UMASK 022 PASS_MAX_DAYS 99999 PASS_MIN_DAYS 0 -PASS_MIN_LEN 5 PASS_WARN_AGE 7 -SU_WHEEL_ONLY no UID_MIN 100 UID_MAX 60000 GID_MIN 100 @@ -42,12 +31,8 @@ SYS_GID_MIN 25 SYS_GID_MAX 99 LOGIN_RETRIES 5 LOGIN_TIMEOUT 60 -PASS_CHANGE_TRIES 5 -PASS_ALWAYS_WARN yes -CHFN_AUTH yes CHFN_RESTRICT rwh ENCRYPT_METHOD SHA512 -PASS_MAX_LEN 8 DEFAULT_HOME yes USERGROUPS_ENAB no diff --git a/shadow/passwd b/shadow/passwd new file mode 100644 index 00000000..079f5d3c --- /dev/null +++ b/shadow/passwd @@ -0,0 +1,5 @@ +# +# /etc/pam.d/passwd - passwd service module configuration +# + +password include common-password diff --git a/shadow/su b/shadow/su new file mode 100644 index 00000000..01417c6d --- /dev/null +++ b/shadow/su @@ -0,0 +1,12 @@ +# +# /etc/pam.d/su - su service module configuration +# + +auth sufficient pam_rootok.so +#auth required pam_wheel.so use_uid + +auth include common-auth + +account include common-account + +session include common-session diff --git a/shadow/useradd b/shadow/useradd new file mode 100644 index 00000000..8df28b11 --- /dev/null +++ b/shadow/useradd @@ -0,0 +1,7 @@ +# +# /etc/pam.d/useradd - useradd service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/userdel b/shadow/userdel new file mode 100644 index 00000000..ffee7b5b --- /dev/null +++ b/shadow/userdel @@ -0,0 +1,7 @@ +# +# /etc/pam.d/userdel - userdel service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account diff --git a/shadow/usermod b/shadow/usermod new file mode 100644 index 00000000..7a0c27d4 --- /dev/null +++ b/shadow/usermod @@ -0,0 +1,7 @@ +# +# /etc/pam.d/usermod - usermod service module configuration +# + +auth sufficient pam_rootok.so + +account include common-account
participants (1)
-
crux@crux.nu