more files for util-linux & shadow

shadow/LICENSE

@@ -0,0 +1,31 @@
+/*
+ * Copyright (c) 1990 - 1994, Julianne Frances Haugh
+ * Copyright (c) 1996 - 2000, Marek Micha?kiewicz
+ * Copyright (c) 2001 - 2006, Tomasz K?oczko
+ * Copyright (c) 2007 - 2009, Nicolas François
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the copyright holders or contributors may not be used to
+ *    endorse or promote products derived from this software without
+ *    specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */

shadow/chpasswd

@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient      pam_rootok.so
+auth		required        pam_unix.so
+account		required        pam_unix.so
+session		required        pam_unix.so
+password		required        pam_permit.so

shadow/newusers

@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient       pam_rootok.so
+auth		required         pam_unix.so
+account		required         pam_unix.so
+session		required         pam_unix.so
+password 	required         pam_unix.so sha512 shadow

shadow/nscd-error-reporting.patch

@@ -0,0 +1,17 @@
+diff --git a/upstream/trunk/lib/nscd.c b/upstream/trunk/lib/nscd.c
+index 227c205..7adb58f 100644
+--- a/lib/nscd.c
++++ b/lib/nscd.c
+@@ -39,8 +39,11 @@ int nscd_flush_cache (const char *service)
+		/* nscd is not installed, or it is installed but uses an
+		   interpreter that is missing.  Probably the former. */
+		return 0;
++	} else if (code == 1) {
++		/* nscd is installed, but it isn't active. */
++		return 0;
+	} else if (code != 0) {
+-		(void) fprintf (stderr, _("%s: nscd exited with status %d"),
++		(void) fprintf (stderr, _("%s: nscd exited with status %d\n"),
+		                Prog, code);
+		(void) fprintf (stderr, _(MSG_NSCD_FLUSH_CACHE_FAILED), Prog);
+		return -1;

shadow/userdel-avoid-bad-mem-access.patch

@@ -0,0 +1,57 @@
+Index: src/userdel.c
+===================================================================
+--- src/userdel.c	(revision 3713)
++++ src/userdel.c	(working copy)
+@@ -329,26 +329,33 @@
+	}
+
+	if (NULL == pwd) {
++		char gr_name[GROUP_NAME_MAX_LENGTH + 1];
++
++		/* make a copy of the group name before we delete it.
++		 * we can't use ->gr_name after the group is deleted
++		 * for logging purposes */
++		snprintf(gr_name, GROUP_NAME_MAX_LENGTH, "%s", grp->gr_name);
++
+		/*
+		 * We can remove this group, it is not the primary
+		 * group of any remaining user.
+		 */
+-		if (gr_remove (grp->gr_name) == 0) {
++		if (gr_remove (gr_name) == 0) {
+			fprintf (stderr,
+			         _("%s: cannot remove entry '%s' from %s\n"),
+-			         Prog, grp->gr_name, gr_dbname ());
++			         Prog, gr_name, gr_dbname ());
+			fail_exit (E_GRP_UPDATE);
+		}
+
+ #ifdef WITH_AUDIT
+		audit_logger (AUDIT_DEL_GROUP, Prog,
+		              "deleting group",
+-		              grp->gr_name, AUDIT_NO_ID,
++		              gr_name, AUDIT_NO_ID,
+		              SHADOW_AUDIT_SUCCESS);
+ #endif				/* WITH_AUDIT */
+		SYSLOG ((LOG_INFO,
+		         "removed group '%s' owned by '%s'\n",
+-		         grp->gr_name, user_name));
++		         gr_name, user_name));
+
+ #ifdef	SHADOWGRP
+		if (sgr_locate (user_name) != NULL) {
+@@ -361,12 +368,12 @@
+ #ifdef WITH_AUDIT
+			audit_logger (AUDIT_DEL_GROUP, Prog,
+			              "deleting shadow group",
+-			              grp->gr_name, AUDIT_NO_ID,
++			              gr_name, AUDIT_NO_ID,
+			              SHADOW_AUDIT_SUCCESS);
+ #endif				/* WITH_AUDIT */
+			SYSLOG ((LOG_INFO,
+			         "removed shadow group '%s' owned by '%s'\n",
+-			         grp->gr_name, user_name));
++			         gr_name, user_name));
+
+		}
+ #endif				/* SHADOWGRP */

shadow/write-utmp-wtmp-entries.patch

@@ -0,0 +1,47 @@
+Index: upstream/trunk/src/login.c
+===================================================================
+--- a/src/login.c	(revision 3437)
++++ b/src/login.c	(revision 3438)
+@@ -126,10 +126,12 @@
+ static void setup_tty (void);
+ static void process_flags (int argc, char *const *argv);
+ static /*@observer@*/const char *get_failent_user (/*@returned@*/const char *user);
++#ifndef USE_PAM
+ static void update_utmp (const char *user,
+                          const char *tty,
+                          const char *host,
+                          /*@null@*/const struct utmp *utent);
++#endif				/* ! USE_PAM */
+
+ #ifndef USE_PAM
+ static struct faillog faillog;
+@@ -471,6 +473,7 @@
+	return failent_user;
+ }
+
++#ifndef USE_PAM
+ /*
+  * update_utmp - Update or create an utmp entry in utmp, wtmp, utmpw, and
+  *               wtmpx
+@@ -496,6 +499,7 @@
+	free (utx);
+ #endif				/* USE_UTMPX */
+ }
++#endif				/* ! USE_PAM */
+
+ /*
+  * login - create a new login session for a user
+@@ -1208,11 +1212,13 @@
+		}
+	}
+
++#ifndef USE_PAM
+	/*
+	 * The utmp entry needs to be updated to indicate the new status
+	 * of the session, the new PID and SID.
+	 */
+	update_utmp (username, tty, hostname, utent);
++#endif				/* ! USE_PAM */
+
+	/* The pwd and spwd entries for the user have been copied.
+	 *

util-linux/pam-common

@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+auth		required	pam_unix.so
+account		required	pam_unix.so
+session		required	pam_unix.so
+password	required	pam_permit.so

util-linux/pam-login

@@ -0,0 +1,20 @@
+#%PAM-1.0
+auth		required	pam_securetty.so
+auth		requisite	pam_nologin.so
+auth		required	pam_unix.so nullok
+auth		required	pam_tally.so onerr=succeed file=/var/log/faillog
+# use this to lockout accounts for 10 minutes after 3 failed attempts
+#auth		required	pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
+account		required	pam_access.so
+account		required	pam_time.so
+account		required	pam_unix.so
+#password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
+#password	required	pam_unix.so sha512 shadow use_authtok
+session		required	pam_unix.so
+session		required	pam_env.so
+session		required	pam_motd.so
+session		required	pam_limits.so
+session		optional	pam_mail.so dir=/var/spool/mail standard
+session		optional	pam_loginuid.so
+-session	optional	pam_ck_connector.so nox11
+-session	optional	pam_systemd.so