summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow
diff options
context:
space:
mode:
authorChen Qi <Qi.Chen@windriver.com>2014-07-17 15:53:34 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2014-07-17 12:36:18 +0100
commit012a572e861d95d35c97a4da34dbad6d93cc9962 (patch)
treebb885411bed3c3990523650ccf1d10cd004d7328 /meta/recipes-extended/shadow
parent3ab35e4a47fdf76f86b7b84fbb61e79a25b230fa (diff)
downloadpoky-012a572e861d95d35c97a4da34dbad6d93cc9962.tar.gz
shadow: upgrade from 4.1.4.3 to 4.2.1
Upgrade shadow from 4.1.4.3 to 4.2.1. Changes during this upgrade are as following. 1. Remove the "merged" patches. These patches are either merged or the same functionality has been implemented upstream. add_root_cmd_groupmems.patch add_root_cmd_options.patch fix-etc-gshadow-reading.patch shadow-4.1.4.2-env-reset-keep-locale.patch shadow-4.1.4.2-groupmod-pam-check.patch shadow-4.1.4.2-su_no_sanitize_env.patch shadow.automake-1.11.patch shadow_fix_for_automake-1.12.patch useradd.patch 2. Remove the unneeded patch. The following patch has been removed because the logic in the related codes of the new version has been changed. In specific, the codes now can handle the 'NULL' return value. So there's no need for the following patch. slackware_fix_for_glib-2.17_crypt.patch 3. Teak the current patch to match the new version. allow-for-setting-password-in-clear-text.patch 4. Add a patch to fix compilation failure. usermod-fix-compilation-failure-with-subids-disabled.patch 5. Add a patch to fix the installation failure. fix-installation-failure-with-subids-disabled.patch 5. Add a patch to fix the failure at rootfs time if extrausers is inherited. commonio.c-fix-unexpected-open-failure-in-chroot-env.patch 6. Fix the bad section in the recipe. 7. Disable the new subids feature in the new version as it doesn't support cross compilation for now. 8. Modify the pkg_postinst to `exit 1' if the `pwconv' or `grpconv' fails. Also, fix the arguments to use '--root $D' instead of '--root=$D'. 9. Add a patch for shadow-native to create parent directories when necessary. 0001-useradd.c-create-parent-directories-when-necessary.patch (From OE-Core rev: b73e5cd51551556f9e6a4f7d9e7deec4d9d661bd) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/shadow')
-rw-r--r--meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch109
-rw-r--r--meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch75
-rw-r--r--meta/recipes-extended/shadow/files/add_root_cmd_options.patch1384
-rw-r--r--meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch215
-rw-r--r--meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch46
-rw-r--r--meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch36
-rw-r--r--meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch28
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch31
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch36
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch31
-rw-r--r--meta/recipes-extended/shadow/files/shadow.automake-1.11.patch106
-rw-r--r--meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch23
-rw-r--r--meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch63
-rw-r--r--meta/recipes-extended/shadow/files/useradd.patch17
-rw-r--r--meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch33
-rw-r--r--meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb (renamed from meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb)0
-rw-r--r--meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb (renamed from meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb)0
-rw-r--r--meta/recipes-extended/shadow/shadow.inc36
-rw-r--r--meta/recipes-extended/shadow/shadow_4.2.1.bb (renamed from meta/recipes-extended/shadow/shadow_4.1.4.3.bb)0
19 files changed, 333 insertions, 1936 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
new file mode 100644
index 0000000000..85dde8e1bb
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/0001-useradd.c-create-parent-directories-when-necessary.patch
@@ -0,0 +1,109 @@
1Upstream-Status: Inappropriate [OE specific]
2
3Subject: useradd.c: create parent directories when necessary
4
5Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
6---
7 src/useradd.c | 72 +++++++++++++++++++++++++++++++++++++++------------------
8 1 file changed, 49 insertions(+), 23 deletions(-)
9
10diff --git a/src/useradd.c b/src/useradd.c
11index 4bd969d..cb5dd6c 100644
12--- a/src/useradd.c
13+++ b/src/useradd.c
14@@ -1893,6 +1893,35 @@ static void usr_update (void)
15 }
16
17 /*
18+ * mkdir_p - create directories, including parent directories when needed
19+ *
20+ * similar to `mkdir -p'
21+ */
22+void mkdir_p(const char *path) {
23+ int len = strlen(path);
24+ char newdir[len + 1];
25+ mode_t mode = 0755;
26+ int i = 0;
27+
28+ if (path[i] == '\0') {
29+ return;
30+ }
31+
32+ /* skip the leading '/' */
33+ i++;
34+
35+ while(path[i] != '\0') {
36+ if (path[i] == '/') {
37+ strncpy(newdir, path, i);
38+ newdir[i] = '\0';
39+ mkdir(newdir, mode);
40+ }
41+ i++;
42+ }
43+ mkdir(path, mode);
44+}
45+
46+/*
47 * create_home - create the user's home directory
48 *
49 * create_home() creates the user's home directory if it does not
50@@ -1907,36 +1936,33 @@ static void create_home (void)
51 fail_exit (E_HOMEDIR);
52 }
53 #endif
54- /* XXX - create missing parent directories. --marekm */
55- if (mkdir (user_home, 0) != 0) {
56- fprintf (stderr,
57- _("%s: cannot create directory %s\n"),
58- Prog, user_home);
59-#ifdef WITH_AUDIT
60- audit_logger (AUDIT_ADD_USER, Prog,
61- "adding home directory",
62- user_name, (unsigned int) user_id,
63- SHADOW_AUDIT_FAILURE);
64-#endif
65- fail_exit (E_HOMEDIR);
66- }
67- chown (user_home, user_id, user_gid);
68- chmod (user_home,
69- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
70- home_added = true;
71+ mkdir_p(user_home);
72+ }
73+ if (access (user_home, F_OK) != 0) {
74 #ifdef WITH_AUDIT
75 audit_logger (AUDIT_ADD_USER, Prog,
76 "adding home directory",
77 user_name, (unsigned int) user_id,
78- SHADOW_AUDIT_SUCCESS);
79+ SHADOW_AUDIT_FAILURE);
80 #endif
81-#ifdef WITH_SELINUX
82- /* Reset SELinux to create files with default contexts */
83- if (reset_selinux_file_context () != 0) {
84- fail_exit (E_HOMEDIR);
85- }
86+ fail_exit (E_HOMEDIR);
87+ }
88+ chown (user_home, user_id, user_gid);
89+ chmod (user_home,
90+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
91+ home_added = true;
92+#ifdef WITH_AUDIT
93+ audit_logger (AUDIT_ADD_USER, Prog,
94+ "adding home directory",
95+ user_name, (unsigned int) user_id,
96+ SHADOW_AUDIT_SUCCESS);
97 #endif
98+#ifdef WITH_SELINUX
99+ /* Reset SELinux to create files with default contexts */
100+ if (reset_selinux_file_context () != 0) {
101+ fail_exit (E_HOMEDIR);
102 }
103+#endif
104 }
105
106 /*
107--
1081.7.9.5
109
diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch b/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
deleted file mode 100644
index 40444967ab..0000000000
--- a/meta/recipes-extended/shadow/files/add_root_cmd_groupmems.patch
+++ /dev/null
@@ -1,75 +0,0 @@
1Add a --root command option to groupmems utility.
2
3This option allows the utility to be chrooted when run under pseudo.
4
5Signed-off-by: Mikhail Durnev <mikhail_durnev@mentor.com>
6
7diff -Naur old/src/groupmems.c new/src/groupmems.c
8--- old/src/groupmems.c 2011-02-13 11:58:16.000000000 -0600
9+++ new/src/groupmems.c 2013-05-30 04:45:38.000000000 -0500
10@@ -60,6 +60,7 @@
11 #define EXIT_MEMBER_EXISTS 7 /* member of group already exists */
12 #define EXIT_INVALID_USER 8 /* specified user does not exist */
13 #define EXIT_INVALID_GROUP 9 /* specified group does not exist */
14+#define EXIT_BAD_ARG 10 /* invalid argument to option */
15
16 /*
17 * Global variables
18@@ -79,6 +80,7 @@
19 static bool is_shadowgrp;
20 static bool sgr_locked = false;
21 #endif
22+static const char *newroot = "";
23
24 /* local function prototypes */
25 static char *whoami (void);
26@@ -368,6 +370,7 @@
27 "Options:\n"
28 " -g, --group groupname change groupname instead of the user's group\n"
29 " (root only)\n"
30+ " -R, --root CHROOT_DIR directory to chroot into\n"
31 "\n"
32 "Actions:\n"
33 " -a, --add username add username to the members of the group\n"
34@@ -391,10 +394,11 @@
35 {"group", required_argument, NULL, 'g'},
36 {"list", no_argument, NULL, 'l'},
37 {"purge", no_argument, NULL, 'p'},
38+ {"root", required_argument, NULL, 'R'},
39 {NULL, 0, NULL, '\0'}
40 };
41
42- while ((arg = getopt_long (argc, argv, "a:d:g:lp", long_options,
43+ while ((arg = getopt_long (argc, argv, "a:d:g:lpR:", long_options,
44 &option_index)) != EOF) {
45 switch (arg) {
46 case 'a':
47@@ -416,6 +420,28 @@
48 purge = true;
49 ++exclusive;
50 break;
51+ case 'R':
52+ if ('/' != optarg[0]) {
53+ fprintf (stderr,
54+ _("%s: invalid chroot path '%s'\n"),
55+ Prog, optarg);
56+ exit (EXIT_BAD_ARG);
57+ }
58+ newroot = optarg;
59+
60+ if (access (newroot, F_OK) != 0) {
61+ fprintf(stderr,
62+ _("%s: chroot directory %s does not exist\n"),
63+ Prog, newroot);
64+ exit (EXIT_BAD_ARG);
65+ }
66+ if ( chroot(newroot) != 0 ) {
67+ fprintf(stderr,
68+ _("%s: unable to chroot to directory %s\n"),
69+ Prog, newroot);
70+ exit (EXIT_BAD_ARG);
71+ }
72+ break;
73 default:
74 usage ();
75 }
diff --git a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch b/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
deleted file mode 100644
index ab87e35535..0000000000
--- a/meta/recipes-extended/shadow/files/add_root_cmd_options.patch
+++ /dev/null
@@ -1,1384 +0,0 @@
1Add a --root command option to the following utilties:
2
3* useradd
4* groupadd
5* usermod
6* groupmod
7* userdel
8* groupdel
9* passwd
10* gpasswd
11* pwconv
12* pwunconv
13* grpconv
14* grpunconv
15
16This option allows the utilities to be chrooted when run under pseudo.
17They can then be used to manipulate user and group account information
18in target sysroots.
19
20The useradd utility was also modified to create home directories
21recursively when necessary.
22
23Upstream-Status: Inappropriate [Other]
24Workaround is specific to our build system.
25
26Signed-off-by: Scott Garman <scott.a.garman@intel.com>
27
282011-09-29 Fix the parsing of the --root option in gpasswd, useradd, usermod:
29
30In programs which need to scan the command line in two passes to handle
31--root option separately from the rest of the arguments, replace the first
32calls to getopt_long with a simple iteration over the argument list since
33getopt_long has the bad habit of reordering arguments on the command line.
34
35Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
36
37diff -urN shadow-4.1.4.3.orig//src/gpasswd.c shadow-4.1.4.3//src/gpasswd.c
38--- shadow-4.1.4.3.orig//src/gpasswd.c 2011-09-29 12:00:45.211000091 +0100
39+++ shadow-4.1.4.3//src/gpasswd.c 2011-09-29 12:09:54.590000090 +0100
40@@ -63,6 +63,7 @@
41 * (/etc/gshadow present) */
42 static bool is_shadowgrp;
43 #endif
44+static const char *newroot = "";
45
46 /* Flags set by options */
47 static bool aflg = false;
48@@ -97,6 +98,7 @@
49 static void usage (void);
50 static RETSIGTYPE catch_signals (int killed);
51 static bool is_valid_user_list (const char *users);
52+static void process_root_flag (int argc, char **argv);
53 static void process_flags (int argc, char **argv);
54 static void check_flags (int argc, int opt_index);
55 static void open_files (void);
56@@ -136,6 +138,7 @@
57 "Options:\n"
58 " -a, --add USER add USER to GROUP\n"
59 " -d, --delete USER remove USER from GROUP\n"
60+ " -Q --root CHROOT_DIR directory to chroot into\n"
61 " -r, --remove-password remove the GROUP's password\n"
62 " -R, --restrict restrict access to GROUP to its members\n"
63 " -M, --members USER,... set the list of members of GROUP\n"
64@@ -226,6 +229,57 @@
65 }
66
67 /*
68+ * process_root_flag - chroot if given the --root option
69+ *
70+ * We do this outside of process_flags() because
71+ * the is_shadow_pwd boolean needs to be set before
72+ * process_flags(), and if we do need to chroot() we
73+ * must do so before is_shadow_pwd gets set.
74+ */
75+static void process_root_flag (int argc, char **argv)
76+{
77+ /*
78+ * Parse the command line options.
79+ */
80+ int i;
81+ char *root;
82+
83+ for (i = 0; i < argc; i++) {
84+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-Q")) {
85+ if (i + 1 == argc) {
86+ fprintf (stderr,
87+ _("%s: option '%s' requires an argument\n"),
88+ Prog, argv[i]);
89+ exit (E_BAD_ARG);
90+ }
91+ root = argv[i + 1];
92+
93+ if ('/' != root[0]) {
94+ fprintf (stderr,
95+ _("%s: invalid chroot path '%s'\n"),
96+ Prog, root);
97+ exit (E_BAD_ARG);
98+ }
99+ newroot = root;
100+
101+ if (access (newroot, F_OK) != 0) {
102+ fprintf(stderr,
103+ _("%s: chroot directory %s does not exist\n"),
104+ Prog, newroot);
105+ exit (E_BAD_ARG);
106+ }
107+ if ( chroot(newroot) != 0 ) {
108+ fprintf(stderr,
109+ _("%s: unable to chroot to directory %s\n"),
110+ Prog, newroot);
111+ exit (E_BAD_ARG);
112+ }
113+ break;
114+ }
115+ }
116+}
117+
118+/*
119 * process_flags - process the command line options and arguments
120 */
121 static void process_flags (int argc, char **argv)
122@@ -235,6 +289,7 @@
123 static struct option long_options[] = {
124 {"add", required_argument, NULL, 'a'},
125 {"delete", required_argument, NULL, 'd'},
126+ {"root", required_argument, NULL, 'Q'},
127 {"remove-password", no_argument, NULL, 'r'},
128 {"restrict", no_argument, NULL, 'R'},
129 {"administrators", required_argument, NULL, 'A'},
130@@ -242,7 +297,7 @@
131 {NULL, 0, NULL, '\0'}
132 };
133
134- while ((flag = getopt_long (argc, argv, "a:A:d:gM:rR", long_options, &option_index)) != -1) {
135+ while ((flag = getopt_long (argc, argv, "a:A:d:gM:Q:rR", long_options, &option_index)) != -1) {
136 switch (flag) {
137 case 'a': /* add a user */
138 aflg = true;
139@@ -283,6 +338,9 @@
140 }
141 Mflg = true;
142 break;
143+ case 'Q':
144+ /* no-op since we handled this in process_root_flag() earlier */
145+ break;
146 case 'r': /* remove group password */
147 rflg = true;
148 break;
149@@ -995,6 +1053,8 @@
150 setbuf (stdout, NULL);
151 setbuf (stderr, NULL);
152
153+ process_root_flag (argc, argv);
154+
155 #ifdef SHADOWGRP
156 is_shadowgrp = sgr_file_present ();
157 #endif
158diff -urN shadow-4.1.4.3.orig//src/groupadd.c shadow-4.1.4.3//src/groupadd.c
159--- shadow-4.1.4.3.orig//src/groupadd.c 2011-09-29 12:00:45.212000091 +0100
160+++ shadow-4.1.4.3//src/groupadd.c 2011-09-29 11:59:28.386000092 +0100
161@@ -76,6 +76,7 @@
162 static gid_t group_id;
163 static /*@null@*/char *group_passwd;
164 static /*@null@*/char *empty_list = NULL;
165+static const char *newroot = "";
166
167 static bool oflg = false; /* permit non-unique group ID to be specified with -g */
168 static bool gflg = false; /* ID value for the new group */
169@@ -120,6 +121,7 @@
170 (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
171 " (non-unique) GID\n"), stderr);
172 (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr);
173+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
174 (void) fputs (_(" -r, --system create a system account\n"), stderr);
175 (void) fputs ("\n", stderr);
176 exit (E_USAGE);
177@@ -383,12 +385,13 @@
178 {"key", required_argument, NULL, 'K'},
179 {"non-unique", no_argument, NULL, 'o'},
180 {"password", required_argument, NULL, 'p'},
181+ {"root", required_argument, NULL, 'R'},
182 {"system", no_argument, NULL, 'r'},
183 {NULL, 0, NULL, '\0'}
184 };
185
186 while ((c =
187- getopt_long (argc, argv, "fg:hK:op:r", long_options,
188+ getopt_long (argc, argv, "fg:hK:op:R:r", long_options,
189 &option_index)) != -1) {
190 switch (c) {
191 case 'f':
192@@ -440,6 +443,28 @@
193 pflg = true;
194 group_passwd = optarg;
195 break;
196+ case 'R':
197+ if ('/' != optarg[0]) {
198+ fprintf (stderr,
199+ _("%s: invalid chroot path '%s'\n"),
200+ Prog, optarg);
201+ exit (E_BAD_ARG);
202+ }
203+ newroot = optarg;
204+
205+ if (access (newroot, F_OK) != 0) {
206+ fprintf(stderr,
207+ _("%s: chroot directory %s does not exist\n"),
208+ Prog, newroot);
209+ exit (E_BAD_ARG);
210+ }
211+ if ( chroot(newroot) != 0 ) {
212+ fprintf(stderr,
213+ _("%s: unable to chroot to directory %s\n"),
214+ Prog, newroot);
215+ exit (E_BAD_ARG);
216+ }
217+ break;
218 case 'r':
219 rflg = true;
220 break;
221diff -urN shadow-4.1.4.3.orig//src/groupdel.c shadow-4.1.4.3//src/groupdel.c
222--- shadow-4.1.4.3.orig//src/groupdel.c 2011-09-29 12:00:45.212000091 +0100
223+++ shadow-4.1.4.3//src/groupdel.c 2011-09-29 11:59:28.386000092 +0100
224@@ -36,6 +36,7 @@
225
226 #include <ctype.h>
227 #include <fcntl.h>
228+#include <getopt.h>
229 #include <grp.h>
230 #include <pwd.h>
231 #ifdef ACCT_TOOLS_SETUID
232@@ -59,6 +60,7 @@
233
234 static char *group_name;
235 static gid_t group_id = -1;
236+static const char *newroot = "";
237
238 #ifdef SHADOWGRP
239 static bool is_shadow_grp;
240@@ -70,12 +72,14 @@
241 /*@-exitarg@*/
242 #define E_SUCCESS 0 /* success */
243 #define E_USAGE 2 /* invalid command syntax */
244+#define E_BAD_ARG 3 /* invalid argument to option */
245 #define E_NOTFOUND 6 /* specified group doesn't exist */
246 #define E_GROUP_BUSY 8 /* can't remove user's primary group */
247 #define E_GRP_UPDATE 10 /* can't update group file */
248
249 /* local function prototypes */
250 static void usage (void);
251+static void process_flags (int argc, char **argv);
252 static void grp_update (void);
253 static void close_files (void);
254 static void open_files (void);
255@@ -86,11 +90,78 @@
256 */
257 static void usage (void)
258 {
259- fputs (_("Usage: groupdel group\n"), stderr);
260+ (void) fprintf (stderr,
261+ _("Usage: groupdel [options]\n"
262+ "\n"
263+ "Options:\n"),
264+ Prog);
265+ (void) fputs (_(" -g, --group GROUP group name to delete\n"), stderr);
266+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
267+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
268+ (void) fputs ("\n", stderr);
269 exit (E_USAGE);
270 }
271
272 /*
273+ * process_flags - perform command line argument setting
274+ *
275+ * process_flags() interprets the command line arguments and sets
276+ * the values that the user will be created with accordingly. The
277+ * values are checked for sanity.
278+ */
279+static void process_flags (int argc, char **argv)
280+{
281+ {
282+ /*
283+ * Parse the command line options.
284+ */
285+ int c;
286+ static struct option long_options[] = {
287+ {"group", required_argument, NULL, 'g'},
288+ {"help", no_argument, NULL, 'h'},
289+ {"root", required_argument, NULL, 'R'},
290+ {NULL, 0, NULL, '\0'}
291+ };
292+ while ((c = getopt_long (argc, argv,
293+ "g:R:",
294+ long_options, NULL)) != -1) {
295+ switch (c) {
296+ case 'g':
297+ group_name = optarg;
298+ break;
299+ case 'h':
300+ usage ();
301+ break;
302+ case 'R':
303+ if ('/' != optarg[0]) {
304+ fprintf (stderr,
305+ _("%s: invalid chroot path '%s'\n"),
306+ Prog, optarg);
307+ exit (E_BAD_ARG);
308+ }
309+ newroot = optarg;
310+
311+ if (access (newroot, F_OK) != 0) {
312+ fprintf(stderr,
313+ _("%s: chroot directory %s does not exist\n"),
314+ Prog, newroot);
315+ exit (E_BAD_ARG);
316+ }
317+ if ( chroot(newroot) != 0 ) {
318+ fprintf(stderr,
319+ _("%s: unable to chroot to directory %s\n"),
320+ Prog, newroot);
321+ exit (E_BAD_ARG);
322+ }
323+ break;
324+ default:
325+ usage ();
326+ }
327+ }
328+ }
329+}
330+
331+/*
332 * grp_update - update group file entries
333 *
334 * grp_update() writes the new records to the group files.
335@@ -328,14 +399,14 @@
336 (void) bindtextdomain (PACKAGE, LOCALEDIR);
337 (void) textdomain (PACKAGE);
338
339- if (argc != 2) {
340+ if (argc == 1) {
341 usage ();
342 }
343
344- group_name = argv[1];
345-
346 OPENLOG ("groupdel");
347
348+ process_flags (argc, argv);
349+
350 #ifdef ACCT_TOOLS_SETUID
351 #ifdef USE_PAM
352 {
353diff -urN shadow-4.1.4.3.orig//src/groupmod.c shadow-4.1.4.3//src/groupmod.c
354--- shadow-4.1.4.3.orig//src/groupmod.c 2011-09-29 12:00:45.212000091 +0100
355+++ shadow-4.1.4.3//src/groupmod.c 2011-09-29 11:59:28.387000092 +0100
356@@ -79,6 +79,7 @@
357 static char *group_passwd;
358 static gid_t group_id;
359 static gid_t group_newid;
360+static char *newroot = "";
361
362 struct cleanup_info_mod info_passwd;
363 struct cleanup_info_mod info_group;
364@@ -126,6 +127,7 @@
365 (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr);
366 (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
367 " PASSWORD\n"), stderr);
368+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
369 (void) fputs ("\n", stderr);
370 exit (E_USAGE);
371 }
372@@ -346,10 +348,11 @@
373 {"new-name", required_argument, NULL, 'n'},
374 {"non-unique", no_argument, NULL, 'o'},
375 {"password", required_argument, NULL, 'p'},
376+ {"root", required_argument, NULL, 'R'},
377 {NULL, 0, NULL, '\0'}
378 };
379 while ((c =
380- getopt_long (argc, argv, "g:hn:op:",
381+ getopt_long (argc, argv, "g:hn:op:R:",
382 long_options, &option_index)) != -1) {
383 switch (c) {
384 case 'g':
385@@ -373,6 +376,28 @@
386 group_passwd = optarg;
387 pflg = true;
388 break;
389+ case 'R':
390+ if ('/' != optarg[0]) {
391+ fprintf (stderr,
392+ _("%s: invalid chroot path '%s'\n"),
393+ Prog, optarg);
394+ exit (E_BAD_ARG);
395+ }
396+ newroot = optarg;
397+
398+ if (access (newroot, F_OK) != 0) {
399+ fprintf(stderr,
400+ _("%s: chroot directory %s does not exist\n"),
401+ Prog, newroot);
402+ exit (E_BAD_ARG);
403+ }
404+ if ( chroot(newroot) != 0 ) {
405+ fprintf(stderr,
406+ _("%s: unable to chroot to directory %s\n"),
407+ Prog, newroot);
408+ exit (E_BAD_ARG);
409+ }
410+ break;
411 default:
412 usage ();
413 }
414diff -urN shadow-4.1.4.3.orig//src/grpconv.c shadow-4.1.4.3//src/grpconv.c
415--- shadow-4.1.4.3.orig//src/grpconv.c 2011-09-29 12:00:45.213000091 +0100
416+++ shadow-4.1.4.3//src/grpconv.c 2011-09-29 11:59:28.387000092 +0100
417@@ -39,6 +39,7 @@
418
419 #include <errno.h>
420 #include <fcntl.h>
421+#include <getopt.h>
422 #include <grp.h>
423 #include <stdio.h>
424 #include <stdlib.h>
425@@ -50,6 +51,14 @@
426 #ifdef SHADOWGRP
427 #include "groupio.h"
428 #include "sgroupio.h"
429+
430+/*
431+ * exit status values
432+ */
433+/*@-exitarg@*/
434+#define E_USAGE 2 /* invalid command syntax */
435+#define E_BAD_ARG 3 /* invalid argument to option */
436+
437 /*
438 * Global variables
439 */
440@@ -57,9 +66,12 @@
441
442 static bool gr_locked = false;
443 static bool sgr_locked = false;
444+static const char *newroot = "";
445
446 /* local function prototypes */
447 static void fail_exit (int status);
448+static void usage (void);
449+static void process_flags (int argc, char **argv);
450
451 static void fail_exit (int status)
452 {
453@@ -82,6 +94,77 @@
454 exit (status);
455 }
456
457+/*
458+ * usage - display usage message and exit
459+ */
460+static void usage (void)
461+{
462+ (void) fprintf (stderr,
463+ _("Usage: grpconv [options]\n"
464+ "\n"
465+ "Options:\n"),
466+ Prog);
467+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
468+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
469+ (void) fputs ("\n", stderr);
470+ exit (E_USAGE);
471+}
472+
473+/*
474+ * process_flags - perform command line argument setting
475+ *
476+ * process_flags() interprets the command line arguments and sets
477+ * the values that the user will be created with accordingly. The
478+ * values are checked for sanity.
479+ */
480+static void process_flags (int argc, char **argv)
481+{
482+ {
483+ /*
484+ * Parse the command line options.
485+ */
486+ int c;
487+ static struct option long_options[] = {
488+ {"help", no_argument, NULL, 'h'},
489+ {"root", required_argument, NULL, 'R'},
490+ {NULL, 0, NULL, '\0'}
491+ };
492+ while ((c = getopt_long (argc, argv,
493+ "R:",
494+ long_options, NULL)) != -1) {
495+ switch (c) {
496+ case 'h':
497+ usage ();
498+ break;
499+ case 'R':
500+ if ('/' != optarg[0]) {
501+ fprintf (stderr,
502+ _("%s: invalid chroot path '%s'\n"),
503+ Prog, optarg);
504+ exit (E_BAD_ARG);
505+ }
506+ newroot = optarg;
507+
508+ if (access (newroot, F_OK) != 0) {
509+ fprintf(stderr,
510+ _("%s: chroot directory %s does not exist\n"),
511+ Prog, newroot);
512+ exit (E_BAD_ARG);
513+ }
514+ if ( chroot(newroot) != 0 ) {
515+ fprintf(stderr,
516+ _("%s: unable to chroot to directory %s\n"),
517+ Prog, newroot);
518+ exit (E_BAD_ARG);
519+ }
520+ break;
521+ default:
522+ usage ();
523+ }
524+ }
525+ }
526+}
527+
528 int main (int argc, char **argv)
529 {
530 const struct group *gr;
531@@ -89,9 +172,6 @@
532 const struct sgrp *sg;
533 struct sgrp sgent;
534
535- if (1 != argc) {
536- (void) fputs (_("Usage: grpconv\n"), stderr);
537- }
538 Prog = Basename (argv[0]);
539
540 (void) setlocale (LC_ALL, "");
541@@ -100,6 +180,8 @@
542
543 OPENLOG ("grpconv");
544
545+ process_flags (argc, argv);
546+
547 if (gr_lock () == 0) {
548 fprintf (stderr,
549 _("%s: cannot lock %s; try again later.\n"),
550diff -urN shadow-4.1.4.3.orig//src/grpunconv.c shadow-4.1.4.3//src/grpunconv.c
551--- shadow-4.1.4.3.orig//src/grpunconv.c 2011-09-29 12:00:45.213000091 +0100
552+++ shadow-4.1.4.3//src/grpunconv.c 2011-09-29 11:59:28.387000092 +0100
553@@ -43,6 +43,7 @@
554 #include <stdlib.h>
555 #include <string.h>
556 #include <fcntl.h>
557+#include <getopt.h>
558 #include <time.h>
559 #include <unistd.h>
560 #include <grp.h>
561@@ -51,6 +52,14 @@
562 #ifdef SHADOWGRP
563 #include "groupio.h"
564 #include "sgroupio.h"
565+
566+/*
567+ * exit status values
568+ */
569+/*@-exitarg@*/
570+#define E_USAGE 2 /* invalid command syntax */
571+#define E_BAD_ARG 3 /* invalid argument to option */
572+
573 /*
574 * Global variables
575 */
576@@ -58,9 +67,12 @@
577
578 static bool gr_locked = false;
579 static bool sgr_locked = false;
580+static const char *newroot = "";
581
582 /* local function prototypes */
583 static void fail_exit (int status);
584+static void usage (void);
585+static void process_flags (int argc, char **argv);
586
587 static void fail_exit (int status)
588 {
589@@ -83,6 +95,77 @@
590 exit (status);
591 }
592
593+/*
594+ * usage - display usage message and exit
595+ */
596+static void usage (void)
597+{
598+ (void) fprintf (stderr,
599+ _("Usage: grpunconv [options]\n"
600+ "\n"
601+ "Options:\n"),
602+ Prog);
603+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
604+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
605+ (void) fputs ("\n", stderr);
606+ exit (E_USAGE);
607+}
608+
609+/*
610+ * process_flags - perform command line argument setting
611+ *
612+ * process_flags() interprets the command line arguments and sets
613+ * the values that the user will be created with accordingly. The
614+ * values are checked for sanity.
615+ */
616+static void process_flags (int argc, char **argv)
617+{
618+ {
619+ /*
620+ * Parse the command line options.
621+ */
622+ int c;
623+ static struct option long_options[] = {
624+ {"help", no_argument, NULL, 'h'},
625+ {"root", required_argument, NULL, 'R'},
626+ {NULL, 0, NULL, '\0'}
627+ };
628+ while ((c = getopt_long (argc, argv,
629+ "R:",
630+ long_options, NULL)) != -1) {
631+ switch (c) {
632+ case 'h':
633+ usage ();
634+ break;
635+ case 'R':
636+ if ('/' != optarg[0]) {
637+ fprintf (stderr,
638+ _("%s: invalid chroot path '%s'\n"),
639+ Prog, optarg);
640+ exit (E_BAD_ARG);
641+ }
642+ newroot = optarg;
643+
644+ if (access (newroot, F_OK) != 0) {
645+ fprintf(stderr,
646+ _("%s: chroot directory %s does not exist\n"),
647+ Prog, newroot);
648+ exit (E_BAD_ARG);
649+ }
650+ if ( chroot(newroot) != 0 ) {
651+ fprintf(stderr,
652+ _("%s: unable to chroot to directory %s\n"),
653+ Prog, newroot);
654+ exit (E_BAD_ARG);
655+ }
656+ break;
657+ default:
658+ usage ();
659+ }
660+ }
661+ }
662+}
663+
664 int main (int argc, char **argv)
665 {
666 const struct group *gr;
667@@ -100,6 +183,8 @@
668
669 OPENLOG ("grpunconv");
670
671+ process_flags (argc, argv);
672+
673 if (sgr_file_present () == 0) {
674 exit (0); /* no /etc/gshadow, nothing to do */
675 }
676diff -urN shadow-4.1.4.3.orig//src/passwd.c shadow-4.1.4.3//src/passwd.c
677--- shadow-4.1.4.3.orig//src/passwd.c 2011-09-29 12:00:45.214000091 +0100
678+++ shadow-4.1.4.3//src/passwd.c 2011-09-29 11:59:28.388000092 +0100
679@@ -75,6 +75,7 @@
680 static char *name; /* The name of user whose password is being changed */
681 static char *myname; /* The current user's name */
682 static bool amroot; /* The caller's real UID was 0 */
683+static const char *newroot = "";
684
685 static bool
686 aflg = false, /* -a - show status for all users */
687@@ -174,6 +175,7 @@
688 " -n, --mindays MIN_DAYS set minimum number of days before password\n"
689 " change to MIN_DAYS\n"
690 " -q, --quiet quiet mode\n"
691+ " -R, --root CHROOT_DIR directory to chroot into\n"
692 " -r, --repository REPOSITORY change password in REPOSITORY repository\n"
693 " -S, --status report password status on the named account\n"
694 " -u, --unlock unlock the password of the named account\n"
695@@ -803,6 +805,7 @@
696 {"lock", no_argument, NULL, 'l'},
697 {"mindays", required_argument, NULL, 'n'},
698 {"quiet", no_argument, NULL, 'q'},
699+ {"root", required_argument, NULL, 'R'},
700 {"repository", required_argument, NULL, 'r'},
701 {"status", no_argument, NULL, 'S'},
702 {"unlock", no_argument, NULL, 'u'},
703@@ -811,7 +814,7 @@
704 {NULL, 0, NULL, '\0'}
705 };
706
707- while ((c = getopt_long (argc, argv, "adei:kln:qr:Suw:x:",
708+ while ((c = getopt_long (argc, argv, "adei:kln:qR:r:Suw:x:",
709 long_options, &option_index)) != -1) {
710 switch (c) {
711 case 'a':
712@@ -858,6 +861,28 @@
713 case 'q':
714 qflg = true; /* ok for users */
715 break;
716+ case 'R':
717+ if ('/' != optarg[0]) {
718+ fprintf (stderr,
719+ _("%s: invalid chroot path '%s'\n"),
720+ Prog, optarg);
721+ exit (E_BAD_ARG);
722+ }
723+ newroot = optarg;
724+
725+ if (access (newroot, F_OK) != 0) {
726+ fprintf(stderr,
727+ _("%s: chroot directory %s does not exist\n"),
728+ Prog, newroot);
729+ exit (E_BAD_ARG);
730+ }
731+ if ( chroot(newroot) != 0 ) {
732+ fprintf(stderr,
733+ _("%s: unable to chroot to directory %s\n"),
734+ Prog, newroot);
735+ exit (E_BAD_ARG);
736+ }
737+ break;
738 case 'r':
739 /* -r repository (files|nis|nisplus) */
740 /* only "files" supported for now */
741diff -urN shadow-4.1.4.3.orig//src/pwconv.c shadow-4.1.4.3//src/pwconv.c
742--- shadow-4.1.4.3.orig//src/pwconv.c 2011-09-29 12:00:45.214000091 +0100
743+++ shadow-4.1.4.3//src/pwconv.c 2011-09-29 11:59:28.388000092 +0100
744@@ -59,6 +59,7 @@
745
746 #include <errno.h>
747 #include <fcntl.h>
748+#include <getopt.h>
749 #include <pwd.h>
750 #include <stdio.h>
751 #include <stdlib.h>
752@@ -79,6 +80,7 @@
753 #define E_SUCCESS 0 /* success */
754 #define E_NOPERM 1 /* permission denied */
755 #define E_USAGE 2 /* invalid command syntax */
756+#define E_BAD_ARG 3 /* invalid argument to option */
757 #define E_FAILURE 3 /* unexpected failure, nothing done */
758 #define E_MISSING 4 /* unexpected failure, passwd file missing */
759 #define E_PWDBUSY 5 /* passwd file(s) busy */
760@@ -90,9 +92,12 @@
761
762 static bool spw_locked = false;
763 static bool pw_locked = false;
764+static const char *newroot = "";
765
766 /* local function prototypes */
767 static void fail_exit (int status);
768+static void usage (void);
769+static void process_flags (int argc, char **argv);
770
771 static void fail_exit (int status)
772 {
773@@ -115,6 +120,77 @@
774 exit (status);
775 }
776
777+/*
778+ * usage - display usage message and exit
779+ */
780+static void usage (void)
781+{
782+ (void) fprintf (stderr,
783+ _("Usage: pwconv [options]\n"
784+ "\n"
785+ "Options:\n"),
786+ Prog);
787+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
788+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
789+ (void) fputs ("\n", stderr);
790+ exit (E_USAGE);
791+}
792+
793+/*
794+ * process_flags - perform command line argument setting
795+ *
796+ * process_flags() interprets the command line arguments and sets
797+ * the values that the user will be created with accordingly. The
798+ * values are checked for sanity.
799+ */
800+static void process_flags (int argc, char **argv)
801+{
802+ {
803+ /*
804+ * Parse the command line options.
805+ */
806+ int c;
807+ static struct option long_options[] = {
808+ {"help", no_argument, NULL, 'h'},
809+ {"root", required_argument, NULL, 'R'},
810+ {NULL, 0, NULL, '\0'}
811+ };
812+ while ((c = getopt_long (argc, argv,
813+ "R:",
814+ long_options, NULL)) != -1) {
815+ switch (c) {
816+ case 'h':
817+ usage ();
818+ break;
819+ case 'R':
820+ if ('/' != optarg[0]) {
821+ fprintf (stderr,
822+ _("%s: invalid chroot path '%s'\n"),
823+ Prog, optarg);
824+ exit (E_BAD_ARG);
825+ }
826+ newroot = optarg;
827+
828+ if (access (newroot, F_OK) != 0) {
829+ fprintf(stderr,
830+ _("%s: chroot directory %s does not exist\n"),
831+ Prog, newroot);
832+ exit (E_BAD_ARG);
833+ }
834+ if ( chroot(newroot) != 0 ) {
835+ fprintf(stderr,
836+ _("%s: unable to chroot to directory %s\n"),
837+ Prog, newroot);
838+ exit (E_BAD_ARG);
839+ }
840+ break;
841+ default:
842+ usage ();
843+ }
844+ }
845+ }
846+}
847+
848 int main (int argc, char **argv)
849 {
850 const struct passwd *pw;
851@@ -122,9 +198,6 @@
852 const struct spwd *sp;
853 struct spwd spent;
854
855- if (1 != argc) {
856- (void) fputs (_("Usage: pwconv\n"), stderr);
857- }
858 Prog = Basename (argv[0]);
859
860 (void) setlocale (LC_ALL, "");
861@@ -133,6 +206,8 @@
862
863 OPENLOG ("pwconv");
864
865+ process_flags (argc, argv);
866+
867 if (pw_lock () == 0) {
868 fprintf (stderr,
869 _("%s: cannot lock %s; try again later.\n"),
870diff -urN shadow-4.1.4.3.orig//src/pwunconv.c shadow-4.1.4.3//src/pwunconv.c
871--- shadow-4.1.4.3.orig//src/pwunconv.c 2011-09-29 12:00:45.214000091 +0100
872+++ shadow-4.1.4.3//src/pwunconv.c 2011-09-29 11:59:28.388000092 +0100
873@@ -35,6 +35,7 @@
874 #ident "$Id: pwunconv.c 2852 2009-04-30 21:44:35Z nekral-guest $"
875
876 #include <fcntl.h>
877+#include <getopt.h>
878 #include <pwd.h>
879 #include <stdio.h>
880 #include <sys/types.h>
881@@ -46,15 +47,24 @@
882 #include "shadowio.h"
883
884 /*
885+ * exit status values
886+ */
887+/*@-exitarg@*/
888+#define E_USAGE 2 /* invalid command syntax */
889+#define E_BAD_ARG 3 /* invalid argument to option */
890+/*
891 * Global variables
892 */
893 char *Prog;
894
895 static bool spw_locked = false;
896 static bool pw_locked = false;
897+static const char *newroot = "";
898
899 /* local function prototypes */
900 static void fail_exit (int status);
901+static void usage (void);
902+static void process_flags (int argc, char **argv);
903
904 static void fail_exit (int status)
905 {
906@@ -75,6 +85,76 @@
907 exit (status);
908 }
909
910+/*
911+ * usage - display usage message and exit
912+ */
913+static void usage (void)
914+{
915+ (void) fprintf (stderr,
916+ _("Usage: pwunconv [options]\n"
917+ "\n"
918+ "Options:\n"),
919+ Prog);
920+ (void) fputs (_(" -h, --help display this help message and exit\n"), stderr);
921+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
922+ (void) fputs ("\n", stderr);
923+ exit (E_USAGE);
924+}
925+
926+/*
927+ * process_flags - perform command line argument setting
928+ *
929+ * process_flags() interprets the command line arguments and sets
930+ * the values that the user will be created with accordingly. The
931+ * values are checked for sanity.
932+ */
933+static void process_flags (int argc, char **argv)
934+{
935+ {
936+ /*
937+ * Parse the command line options.
938+ */
939+ int c;
940+ static struct option long_options[] = {
941+ {"help", no_argument, NULL, 'h'},
942+ {"root", required_argument, NULL, 'R'},
943+ {NULL, 0, NULL, '\0'}
944+ };
945+ while ((c = getopt_long (argc, argv,
946+ "R:",
947+ long_options, NULL)) != -1) {
948+ switch (c) {
949+ case 'h':
950+ usage ();
951+ break;
952+ case 'R':
953+ if ('/' != optarg[0]) {
954+ fprintf (stderr,
955+ _("%s: invalid chroot path '%s'\n"),
956+ Prog, optarg);
957+ exit (E_BAD_ARG);
958+ }
959+ newroot = optarg;
960+
961+ if (access (newroot, F_OK) != 0) {
962+ fprintf(stderr,
963+ _("%s: chroot directory %s does not exist\n"),
964+ Prog, newroot);
965+ exit (E_BAD_ARG);
966+ }
967+ if ( chroot(newroot) != 0 ) {
968+ fprintf(stderr,
969+ _("%s: unable to chroot to directory %s\n"),
970+ Prog, newroot);
971+ exit (E_BAD_ARG);
972+ }
973+ break;
974+ default:
975+ usage ();
976+ }
977+ }
978+ }
979+}
980
981 int main (int argc, char **argv)
982 {
983@@ -93,6 +173,8 @@
984
985 OPENLOG ("pwunconv");
986
987+ process_flags (argc, argv);
988+
989 if (!spw_file_present ()) {
990 /* shadow not installed, do nothing */
991 exit (0);
992diff -urN shadow-4.1.4.3.orig//src/useradd.c shadow-4.1.4.3//src/useradd.c
993--- shadow-4.1.4.3.orig//src/useradd.c 2011-09-29 12:00:45.215000091 +0100
994+++ shadow-4.1.4.3//src/useradd.c 2011-09-29 11:59:28.520000092 +0100
995@@ -112,6 +112,7 @@
996 #ifdef WITH_SELINUX
997 static const char *user_selinux = "";
998 #endif
999+static const char *newroot = "";
1000
1001 static long user_expire = -1;
1002 static bool is_shadow_pwd;
1003@@ -189,6 +190,7 @@
1004 static void new_spent (struct spwd *);
1005 static void grp_update (void);
1006
1007+static void process_root_flag (int argc, char **argv);
1008 static void process_flags (int argc, char **argv);
1009 static void close_files (void);
1010 static void open_files (void);
1011@@ -711,6 +713,7 @@
1012 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
1013 " (non-unique) UID\n"), stderr);
1014 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr);
1015+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr);
1016 (void) fputs (_(" -r, --system create a system account\n"), stderr);
1017 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr);
1018 (void) fputs (_(" -u, --uid UID user ID of the new account\n"), stderr);
1019@@ -943,6 +946,57 @@
1020 }
1021
1022 /*
1023+ * process_root_flag - chroot if given the --root option
1024+ *
1025+ * We do this outside of process_flags() because
1026+ * the is_shadow_pwd boolean needs to be set before
1027+ * process_flags(), and if we do need to chroot() we
1028+ * must do so before is_shadow_pwd gets set.
1029+ */
1030+static void process_root_flag (int argc, char **argv)
1031+{
1032+ /*
1033+ * Parse the command line options.
1034+ */
1035+ int i;
1036+ char *root;
1037+
1038+ for (i = 0; i < argc; i++) {
1039+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) {
1040+ if (i + 1 == argc) {
1041+ fprintf (stderr,
1042+ _("%s: option '%s' requires an argument\n"),
1043+ Prog, argv[i]);
1044+ exit (E_BAD_ARG);
1045+ }
1046+ root = argv[i + 1];
1047+
1048+ if ('/' != root[0]) {
1049+ fprintf (stderr,
1050+ _("%s: invalid chroot path '%s'\n"),
1051+ Prog, root);
1052+ exit (E_BAD_ARG);
1053+ }
1054+ newroot = root;
1055+
1056+ if (access (newroot, F_OK) != 0) {
1057+ fprintf(stderr,
1058+ _("%s: chroot directory %s does not exist\n"),
1059+ Prog, newroot);
1060+ exit (E_BAD_ARG);
1061+ }
1062+ if ( chroot(newroot) != 0 ) {
1063+ fprintf(stderr,
1064+ _("%s: unable to chroot to directory %s\n"),
1065+ Prog, newroot);
1066+ exit (E_BAD_ARG);
1067+ }
1068+ break;
1069+ }
1070+ }
1071+}
1072+
1073+/*
1074 * process_flags - perform command line argument setting
1075 *
1076 * process_flags() interprets the command line arguments and sets
1077@@ -978,6 +1032,7 @@
1078 {"no-user-group", no_argument, NULL, 'N'},
1079 {"non-unique", no_argument, NULL, 'o'},
1080 {"password", required_argument, NULL, 'p'},
1081+ {"root", required_argument, NULL, 'R'},
1082 {"system", no_argument, NULL, 'r'},
1083 {"shell", required_argument, NULL, 's'},
1084 #ifdef WITH_SELINUX
1085@@ -989,9 +1044,9 @@
1086 };
1087 while ((c = getopt_long (argc, argv,
1088 #ifdef WITH_SELINUX
1089- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:UZ:",
1090+ "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:",
1091 #else
1092- "b:c:d:De:f:g:G:k:K:lmMNop:rs:u:U",
1093+ "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U",
1094 #endif
1095 long_options, NULL)) != -1) {
1096 switch (c) {
1097@@ -1156,6 +1211,9 @@
1098 }
1099 user_pass = optarg;
1100 break;
1101+ case 'R':
1102+ /* no-op since we handled this in process_root_flag() earlier */
1103+ break;
1104 case 'r':
1105 rflg = true;
1106 break;
1107@@ -1735,6 +1793,36 @@
1108 }
1109 }
1110 #endif
1111+
1112+/*
1113+ * mkdir_p - create directories, including parent directories when needed
1114+ *
1115+ * similar to mkdir -p
1116+ */
1117+void mkdir_p(const char *path) {
1118+ int len = strlen(path);
1119+ char newdir[len + 1];
1120+ mode_t mode = 0755;
1121+ int i = 0;
1122+
1123+ if (path[i] == '\0') {
1124+ return;
1125+ }
1126+
1127+ /* skip the leading '/' */
1128+ i++;
1129+
1130+ while(path[i] != '\0') {
1131+ if (path[i] == '/') {
1132+ strncpy(newdir, path, i);
1133+ newdir[i] = '\0';
1134+ mkdir(newdir, mode);
1135+ }
1136+ i++;
1137+ }
1138+ mkdir(path, mode);
1139+}
1140+
1141 /*
1142 * create_home - create the user's home directory
1143 *
1144@@ -1748,34 +1836,31 @@
1145 #ifdef WITH_SELINUX
1146 selinux_file_context (user_home);
1147 #endif
1148- /* XXX - create missing parent directories. --marekm */
1149- if (mkdir (user_home, 0) != 0) {
1150- fprintf (stderr,
1151- _("%s: cannot create directory %s\n"),
1152- Prog, user_home);
1153-#ifdef WITH_AUDIT
1154- audit_logger (AUDIT_ADD_USER, Prog,
1155- "adding home directory",
1156- user_name, (unsigned int) user_id,
1157- SHADOW_AUDIT_FAILURE);
1158-#endif
1159- fail_exit (E_HOMEDIR);
1160- }
1161- chown (user_home, user_id, user_gid);
1162- chmod (user_home,
1163- 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1164- home_added = true;
1165+ mkdir_p(user_home);
1166+ }
1167+ if (access (user_home, F_OK) != 0) {
1168 #ifdef WITH_AUDIT
1169 audit_logger (AUDIT_ADD_USER, Prog,
1170 "adding home directory",
1171 user_name, (unsigned int) user_id,
1172- SHADOW_AUDIT_SUCCESS);
1173+ SHADOW_AUDIT_FAILURE);
1174+#endif
1175+ fail_exit (E_HOMEDIR);
1176+ }
1177+ chown (user_home, user_id, user_gid);
1178+ chmod (user_home,
1179+ 0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
1180+ home_added = true;
1181+#ifdef WITH_AUDIT
1182+ audit_logger (AUDIT_ADD_USER, Prog,
1183+ "adding home directory",
1184+ user_name, (unsigned int) user_id,
1185+ SHADOW_AUDIT_SUCCESS);
1186 #endif
1187 #ifdef WITH_SELINUX
1188- /* Reset SELinux to create files with default contexts */
1189- setfscreatecon (NULL);
1190+ /* Reset SELinux to create files with default contexts */
1191+ setfscreatecon (NULL);
1192 #endif
1193- }
1194 }
1195
1196 /*
1197@@ -1861,6 +1946,7 @@
1198 */
1199 user_groups[0] = (char *) 0;
1200
1201+ process_root_flag (argc, argv);
1202
1203 is_shadow_pwd = spw_file_present ();
1204 #ifdef SHADOWGRP
1205diff -urN shadow-4.1.4.3.orig//src/userdel.c shadow-4.1.4.3//src/userdel.c
1206--- shadow-4.1.4.3.orig//src/userdel.c 2011-09-29 12:00:45.216000091 +0100
1207+++ shadow-4.1.4.3//src/userdel.c 2011-09-29 11:59:28.389000092 +0100
1208@@ -79,6 +79,7 @@
1209 static char *user_name;
1210 static uid_t user_id;
1211 static char *user_home;
1212+static const char *newroot = "";
1213
1214 static bool fflg = false;
1215 static bool rflg = false;
1216@@ -119,6 +120,7 @@
1217 " -f, --force force removal of files,\n"
1218 " even if not owned by user\n"
1219 " -h, --help display this help message and exit\n"
1220+ " -R, --root CHROOT_DIR directory to chroot into\n"
1221 " -r, --remove remove home directory and mail spool\n"
1222 "\n"), stderr);
1223 exit (E_USAGE);
1224@@ -768,12 +770,34 @@
1225 {"remove", no_argument, NULL, 'r'},
1226 {NULL, 0, NULL, '\0'}
1227 };
1228- while ((c = getopt_long (argc, argv, "fhr",
1229+ while ((c = getopt_long (argc, argv, "fhR:r",
1230 long_options, NULL)) != -1) {
1231 switch (c) {
1232 case 'f': /* force remove even if not owned by user */
1233 fflg = true;
1234 break;
1235+ case 'R':
1236+ if ('/' != optarg[0]) {
1237+ fprintf (stderr,
1238+ _("%s: invalid chroot path '%s'\n"),
1239+ Prog, optarg);
1240+ exit (E_BAD_ARG);
1241+ }
1242+ newroot = optarg;
1243+
1244+ if (access (newroot, F_OK) != 0) {
1245+ fprintf(stderr,
1246+ _("%s: chroot directory %s does not exist\n"),
1247+ Prog, newroot);
1248+ exit (E_BAD_ARG);
1249+ }
1250+ if ( chroot(newroot) != 0 ) {
1251+ fprintf(stderr,
1252+ _("%s: unable to chroot to directory %s\n"),
1253+ Prog, newroot);
1254+ exit (E_BAD_ARG);
1255+ }
1256+ break;
1257 case 'r': /* remove home dir and mailbox */
1258 rflg = true;
1259 break;
1260diff -urN shadow-4.1.4.3.orig//src/usermod.c shadow-4.1.4.3//src/usermod.c
1261--- shadow-4.1.4.3.orig//src/usermod.c 2011-09-29 12:00:45.216000091 +0100
1262+++ shadow-4.1.4.3//src/usermod.c 2011-09-29 11:59:28.390000092 +0100
1263@@ -110,6 +110,7 @@
1264 static long user_newinactive;
1265 static long sys_ngroups;
1266 static char **user_groups; /* NULL-terminated list */
1267+static const char *newroot = "";
1268
1269 static bool
1270 aflg = false, /* append to existing secondary group set */
1271@@ -164,6 +165,7 @@
1272 #endif
1273 static void grp_update (void);
1274
1275+static void process_root_flag (int, char **);
1276 static void process_flags (int, char **);
1277 static void close_files (void);
1278 static void open_files (void);
1279@@ -323,6 +325,7 @@
1280 " new location (use only with -d)\n"
1281 " -o, --non-unique allow using duplicate (non-unique) UID\n"
1282 " -p, --password PASSWORD use encrypted password for the new password\n"
1283+ " -R --root CHROOT_DIR directory to chroot into\n"
1284 " -s, --shell SHELL new login shell for the user account\n"
1285 " -u, --uid UID new UID for the user account\n"
1286 " -U, --unlock unlock the user account\n"
1287@@ -802,6 +805,58 @@
1288 }
1289
1290 /*
1291+ * process_root_flag - chroot if given the --root option
1292+ *
1293+ * We do this outside of process_flags() because
1294+ * the is_shadow_pwd boolean needs to be set before
1295+ * process_flags(), and if we do need to chroot() we
1296+ * must do so before is_shadow_pwd gets set.
1297+ */
1298+static void process_root_flag (int argc, char **argv)
1299+{
1300+ /*
1301+ * Parse the command line options.
1302+ */
1303+ int i;
1304+ char *root;
1305+
1306+ for (i = 0; i < argc; i++) {
1307+ if (!strcmp (argv[i], "--root") || !strcmp (argv[i], "-R")) {
1308+ if (i + 1 == argc) {
1309+ fprintf (stderr,
1310+ _("%s: option '%s' requires an argument\n"),
1311+ Prog, argv[i]);
1312+ exit (E_BAD_ARG);
1313+ }
1314+ root = argv[i + 1];
1315+
1316+ if ( (!VALID (root) )
1317+ || ( ('/' != root[0]) ) ) {
1318+ fprintf (stderr,
1319+ _("%s: invalid chroot path '%s'\n"),
1320+ Prog, root);
1321+ exit (E_BAD_ARG);
1322+ }
1323+ newroot = root;
1324+
1325+ if (access (newroot, F_OK) != 0) {
1326+ fprintf(stderr,
1327+ _("%s: chroot directory %s does not exist\n"),
1328+ Prog, newroot);
1329+ exit (E_BAD_ARG);
1330+ }
1331+ if ( chroot(newroot) != 0 ) {
1332+ fprintf(stderr,
1333+ _("%s: unable to chroot to directory %s\n"),
1334+ Prog, newroot);
1335+ exit (E_BAD_ARG);
1336+ }
1337+ break;
1338+ }
1339+ }
1340+}
1341+
1342+/*
1343 * process_flags - perform command line argument setting
1344 *
1345 * process_flags() interprets the command line arguments and sets the
1346@@ -895,6 +950,7 @@
1347 {"move-home", no_argument, NULL, 'm'},
1348 {"non-unique", no_argument, NULL, 'o'},
1349 {"password", required_argument, NULL, 'p'},
1350+ {"root", required_argument, NULL, 'R'},
1351 #ifdef WITH_SELINUX
1352 {"selinux-user", required_argument, NULL, 'Z'},
1353 #endif
1354@@ -905,9 +961,9 @@
1355 };
1356 while ((c = getopt_long (argc, argv,
1357 #ifdef WITH_SELINUX
1358- "ac:d:e:f:g:G:hl:Lmop:s:u:UZ:",
1359+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:",
1360 #else
1361- "ac:d:e:f:g:G:hl:Lmop:s:u:U",
1362+ "ac:d:e:f:g:G:hl:Lmop:R:s:u:U",
1363 #endif
1364 long_options, NULL)) != -1) {
1365 switch (c) {
1366@@ -999,6 +1055,9 @@
1367 user_pass = optarg;
1368 pflg = true;
1369 break;
1370+ case 'R':
1371+ /* no-op since we handled this in process_root_flag() earlier */
1372+ break;
1373 case 's':
1374 if (!VALID (optarg)) {
1375 fprintf (stderr,
1376@@ -1715,6 +1774,8 @@
1377
1378 OPENLOG ("usermod");
1379
1380+ process_root_flag (argc, argv);
1381+
1382 is_shadow_pwd = spw_file_present ();
1383 #ifdef SHADOWGRP
1384 is_shadow_grp = sgr_file_present ();
diff --git a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
index eafb935a3a..68da25f406 100644
--- a/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
+++ b/meta/recipes-extended/shadow/files/allow-for-setting-password-in-clear-text.patch
@@ -3,20 +3,19 @@ Upstream-Status: Inappropriate [OE specific]
3Allow for setting password in clear text. 3Allow for setting password in clear text.
4 4
5Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 5Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
6
7--- 6---
8 src/Makefile.am | 8 ++++---- 7 src/Makefile.am | 8 ++++----
9 src/groupadd.c | 8 +++++++- 8 src/groupadd.c | 8 +++++++-
10 src/groupmod.c | 9 ++++++++- 9 src/groupmod.c | 8 +++++++-
11 src/useradd.c | 9 +++++++-- 10 src/useradd.c | 9 +++++++--
12 src/usermod.c | 10 ++++++++-- 11 src/usermod.c | 8 +++++++-
13 5 files changed, 34 insertions(+), 10 deletions(-) 12 5 files changed, 32 insertions(+), 9 deletions(-)
14 13
15diff --git a/src/Makefile.am b/src/Makefile.am 14diff --git a/src/Makefile.am b/src/Makefile.am
16index 6a3b4c5..1ffdbc6 100644 15index 25e288d..856b087 100644
17--- a/src/Makefile.am 16--- a/src/Makefile.am
18+++ b/src/Makefile.am 17+++ b/src/Makefile.am
19@@ -76,10 +76,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) 18@@ -88,10 +88,10 @@ chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
20 chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) 19 chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
21 chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) 20 chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
22 gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) 21 gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
@@ -29,47 +28,46 @@ index 6a3b4c5..1ffdbc6 100644
29 grpck_LDADD = $(LDADD) $(LIBSELINUX) 28 grpck_LDADD = $(LDADD) $(LIBSELINUX)
30 grpconv_LDADD = $(LDADD) $(LIBSELINUX) 29 grpconv_LDADD = $(LDADD) $(LIBSELINUX)
31 grpunconv_LDADD = $(LDADD) $(LIBSELINUX) 30 grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
32@@ -99,9 +99,9 @@ su_SOURCES = \ 31@@ -111,9 +111,9 @@ su_SOURCES = \
33 suauth.c 32 suauth.c
34 su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) 33 su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
35 sulogin_LDADD = $(LDADD) $(LIBCRYPT) 34 sulogin_LDADD = $(LDADD) $(LIBCRYPT)
36-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) 35-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
37+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) 36+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
38 userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) 37 userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
39-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) 38-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
40+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) 39+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBCRYPT)
41 vipw_LDADD = $(LDADD) $(LIBSELINUX) 40 vipw_LDADD = $(LDADD) $(LIBSELINUX)
42 41
43 install-am: all-am 42 install-am: all-am
44diff --git a/src/groupadd.c b/src/groupadd.c 43diff --git a/src/groupadd.c b/src/groupadd.c
45index 66b38de..3157486 100644 44index f716f57..4e28c26 100644
46--- a/src/groupadd.c 45--- a/src/groupadd.c
47+++ b/src/groupadd.c 46+++ b/src/groupadd.c
48@@ -124,6 +124,7 @@ static void usage (void) 47@@ -124,6 +124,7 @@ static /*@noreturn@*/void usage (int status)
49 (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n" 48 (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
50 " (non-unique) GID\n"), stderr); 49 " (non-unique) GID\n"), usageout);
51 (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), stderr); 50 (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
52+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear text password for the new group\n"), stderr); 51+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
53 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); 52 (void) fputs (_(" -r, --system create a system account\n"), usageout);
54 (void) fputs (_(" -r, --system create a system account\n"), stderr); 53 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
55 (void) fputs ("\n", stderr); 54 (void) fputs ("\n", usageout);
56@@ -388,13 +389,14 @@ static void process_flags (int argc, char **argv) 55@@ -387,12 +388,13 @@ static void process_flags (int argc, char **argv)
57 {"key", required_argument, NULL, 'K'}, 56 {"key", required_argument, NULL, 'K'},
58 {"non-unique", no_argument, NULL, 'o'}, 57 {"non-unique", no_argument, NULL, 'o'},
59 {"password", required_argument, NULL, 'p'}, 58 {"password", required_argument, NULL, 'p'},
60+ {"clear-password", required_argument, NULL, 'P'}, 59+ {"clear-password", required_argument, NULL, 'P'},
61 {"root", required_argument, NULL, 'R'}, 60 {"system", no_argument, NULL, 'r'},
62 {"system", no_argument, NULL, 'r'}, 61 {"root", required_argument, NULL, 'R'},
63 {NULL, 0, NULL, '\0'} 62 {NULL, 0, NULL, '\0'}
64 }; 63 };
65 64
66 while ((c = 65- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:",
67- getopt_long (argc, argv, "fg:hK:op:R:r", long_options, 66+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:",
68+ getopt_long (argc, argv, "fg:hK:op:P:R:r", long_options, 67 long_options, NULL)) != -1) {
69 &option_index)) != -1) {
70 switch (c) { 68 switch (c) {
71 case 'f': 69 case 'f':
72@@ -446,6 +448,10 @@ static void process_flags (int argc, char **argv) 70@@ -444,6 +446,10 @@ static void process_flags (int argc, char **argv)
73 pflg = true; 71 pflg = true;
74 group_passwd = optarg; 72 group_passwd = optarg;
75 break; 73 break;
@@ -77,37 +75,35 @@ index 66b38de..3157486 100644
77+ pflg = true; 75+ pflg = true;
78+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); 76+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
79+ break; 77+ break;
80 case 'R': 78 case 'r':
81 if ('/' != optarg[0]) { 79 rflg = true;
82 fprintf (stderr, 80 break;
83diff --git a/src/groupmod.c b/src/groupmod.c 81diff --git a/src/groupmod.c b/src/groupmod.c
84index 27eb159..17acbc3 100644 82index d9d3807..68f49d1 100644
85--- a/src/groupmod.c 83--- a/src/groupmod.c
86+++ b/src/groupmod.c 84+++ b/src/groupmod.c
87@@ -127,6 +127,8 @@ static void usage (void) 85@@ -127,6 +127,7 @@ static void usage (int status)
88 (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), stderr); 86 (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
89 (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n" 87 (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
90 " PASSWORD\n"), stderr); 88 " PASSWORD\n"), usageout);
91+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this (clear text)\n" 89+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
92+ " PASSWORD\n"), stderr); 90 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
93 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); 91 (void) fputs ("\n", usageout);
94 (void) fputs ("\n", stderr); 92 exit (status);
95 exit (E_USAGE); 93@@ -375,10 +376,11 @@ static void process_flags (int argc, char **argv)
96@@ -348,11 +350,12 @@ static void process_flags (int argc, char **argv) 94 {"new-name", required_argument, NULL, 'n'},
97 {"new-name", required_argument, NULL, 'n'}, 95 {"non-unique", no_argument, NULL, 'o'},
98 {"non-unique", no_argument, NULL, 'o'}, 96 {"password", required_argument, NULL, 'p'},
99 {"password", required_argument, NULL, 'p'},
100+ {"clear-password", required_argument, NULL, 'P'}, 97+ {"clear-password", required_argument, NULL, 'P'},
101 {"root", required_argument, NULL, 'R'}, 98 {"root", required_argument, NULL, 'R'},
102 {NULL, 0, NULL, '\0'} 99 {NULL, 0, NULL, '\0'}
103 }; 100 };
104 while ((c = 101- while ((c = getopt_long (argc, argv, "g:hn:op:R:",
105- getopt_long (argc, argv, "g:hn:op:R:", 102+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:",
106+ getopt_long (argc, argv, "g:hn:op:P:R:", 103 long_options, NULL)) != -1) {
107 long_options, &option_index)) != -1) {
108 switch (c) { 104 switch (c) {
109 case 'g': 105 case 'g':
110@@ -376,6 +379,10 @@ static void process_flags (int argc, char **argv) 106@@ -405,6 +407,10 @@ static void process_flags (int argc, char **argv)
111 group_passwd = optarg; 107 group_passwd = optarg;
112 pflg = true; 108 pflg = true;
113 break; 109 break;
@@ -115,84 +111,81 @@ index 27eb159..17acbc3 100644
115+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); 111+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
116+ pflg = true; 112+ pflg = true;
117+ break; 113+ break;
118 case 'R': 114 case 'R': /* no-op, handled in process_root_flag () */
119 if ('/' != optarg[0]) { 115 break;
120 fprintf (stderr, 116 default:
121diff --git a/src/useradd.c b/src/useradd.c 117diff --git a/src/useradd.c b/src/useradd.c
122index 2102630..390909c 100644 118index b3bd451..4416f90 100644
123--- a/src/useradd.c 119--- a/src/useradd.c
124+++ b/src/useradd.c 120+++ b/src/useradd.c
125@@ -716,6 +716,7 @@ static void usage (void) 121@@ -773,6 +773,7 @@ static void usage (int status)
126 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n" 122 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
127 " (non-unique) UID\n"), stderr); 123 " (non-unique) UID\n"), usageout);
128 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), stderr); 124 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
129+ (void) fputs (_(" -P, --clear-password PASSWORD clear text password of the new account\n"), stderr); 125+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
130 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), stderr); 126 (void) fputs (_(" -r, --system create a system account\n"), usageout);
131 (void) fputs (_(" -r, --system create a system account\n"), stderr); 127 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
132 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), stderr); 128 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
133@@ -1035,6 +1036,7 @@ static void process_flags (int argc, char **argv) 129@@ -1047,6 +1048,7 @@ static void process_flags (int argc, char **argv)
134 {"no-user-group", no_argument, NULL, 'N'}, 130 {"no-user-group", no_argument, NULL, 'N'},
135 {"non-unique", no_argument, NULL, 'o'}, 131 {"non-unique", no_argument, NULL, 'o'},
136 {"password", required_argument, NULL, 'p'}, 132 {"password", required_argument, NULL, 'p'},
137+ {"clear-password", required_argument, NULL, 'P'}, 133+ {"clear-password", required_argument, NULL, 'P'},
138 {"root", required_argument, NULL, 'R'}, 134 {"system", no_argument, NULL, 'r'},
139 {"system", no_argument, NULL, 'r'}, 135 {"root", required_argument, NULL, 'R'},
140 {"shell", required_argument, NULL, 's'}, 136 {"shell", required_argument, NULL, 's'},
141@@ -1047,9 +1049,9 @@ static void process_flags (int argc, char **argv) 137@@ -1059,9 +1061,9 @@ static void process_flags (int argc, char **argv)
142 }; 138 };
143 while ((c = getopt_long (argc, argv, 139 while ((c = getopt_long (argc, argv,
144 #ifdef WITH_SELINUX 140 #ifdef WITH_SELINUX
145- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:UZ:", 141- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
146+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:UZ:", 142+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:UZ:",
147 #else 143 #else /* !WITH_SELINUX */
148- "b:c:d:De:f:g:G:k:K:lmMNop:R:rs:u:U", 144- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
149+ "b:c:d:De:f:g:G:k:K:lmMNop:P:R:rs:u:U", 145+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:s:u:U",
150 #endif 146 #endif /* !WITH_SELINUX */
151 long_options, NULL)) != -1) { 147 long_options, NULL)) != -1) {
152 switch (c) { 148 switch (c) {
153@@ -1214,6 +1216,9 @@ static void process_flags (int argc, char **argv) 149@@ -1227,6 +1229,9 @@ static void process_flags (int argc, char **argv)
154 } 150 }
155 user_pass = optarg; 151 user_pass = optarg;
156 break; 152 break;
157+ case 'P': /* set clear text password */ 153+ case 'P': /* set clear text password */
158+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); 154+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
159+ break; 155+ break;
160 case 'R': 156 case 'r':
161 /* no-op since we handled this in process_root_flag() earlier */ 157 rflg = true;
162 break; 158 break;
163diff --git a/src/usermod.c b/src/usermod.c 159diff --git a/src/usermod.c b/src/usermod.c
164index 8363597..f4c1cee 100644 160index e7d4351..b79f7a3 100644
165--- a/src/usermod.c 161--- a/src/usermod.c
166+++ b/src/usermod.c 162+++ b/src/usermod.c
167@@ -325,6 +325,7 @@ static void usage (void) 163@@ -419,6 +419,7 @@ static /*@noreturn@*/void usage (int status)
168 " new location (use only with -d)\n" 164 " new location (use only with -d)\n"), usageout);
169 " -o, --non-unique allow using duplicate (non-unique) UID\n" 165 (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
170 " -p, --password PASSWORD use encrypted password for the new password\n" 166 (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
171+ " -P, --clear-password PASSWORD use clear text password for the new password\n" 167+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
172 " -R --root CHROOT_DIR directory to chroot into\n" 168 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
173 " -s, --shell SHELL new login shell for the user account\n" 169 (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
174 " -u, --uid UID new UID for the user account\n" 170 (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
175@@ -950,6 +951,7 @@ static void process_flags (int argc, char **argv) 171@@ -996,6 +997,7 @@ static void process_flags (int argc, char **argv)
176 {"move-home", no_argument, NULL, 'm'}, 172 {"move-home", no_argument, NULL, 'm'},
177 {"non-unique", no_argument, NULL, 'o'}, 173 {"non-unique", no_argument, NULL, 'o'},
178 {"password", required_argument, NULL, 'p'}, 174 {"password", required_argument, NULL, 'p'},
179+ {"clear-password", required_argument, NULL, 'P'}, 175+ {"clear-password", required_argument, NULL, 'P'},
180 {"root", required_argument, NULL, 'R'}, 176 {"root", required_argument, NULL, 'R'},
181 #ifdef WITH_SELINUX 177 {"shell", required_argument, NULL, 's'},
182 {"selinux-user", required_argument, NULL, 'Z'}, 178 {"uid", required_argument, NULL, 'u'},
183@@ -961,9 +963,9 @@ static void process_flags (int argc, char **argv) 179@@ -1012,7 +1014,7 @@ static void process_flags (int argc, char **argv)
180 {NULL, 0, NULL, '\0'}
184 }; 181 };
185 while ((c = getopt_long (argc, argv, 182 while ((c = getopt_long (argc, argv,
186 #ifdef WITH_SELINUX 183- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U"
187- "ac:d:e:f:g:G:hl:Lmop:R:s:u:UZ:", 184+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U"
188+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:UZ:", 185 #ifdef ENABLE_SUBIDS
189 #else 186 "v:w:V:W:"
190- "ac:d:e:f:g:G:hl:Lmop:R:s:u:U", 187 #endif /* ENABLE_SUBIDS */
191+ "ac:d:e:f:g:G:hl:Lmop:P:R:s:u:U", 188@@ -1112,6 +1114,10 @@ static void process_flags (int argc, char **argv)
192 #endif
193 long_options, NULL)) != -1) {
194 switch (c) {
195@@ -1055,6 +1057,10 @@ static void process_flags (int argc, char **argv)
196 user_pass = optarg; 189 user_pass = optarg;
197 pflg = true; 190 pflg = true;
198 break; 191 break;
@@ -200,9 +193,9 @@ index 8363597..f4c1cee 100644
200+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL)); 193+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
201+ pflg = true; 194+ pflg = true;
202+ break; 195+ break;
203 case 'R': 196 case 'R': /* no-op, handled in process_root_flag () */
204 /* no-op since we handled this in process_root_flag() earlier */
205 break; 197 break;
198 case 's':
206-- 199--
2071.7.9.5 2001.7.9.5
208 201
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
new file mode 100644
index 0000000000..4fa3d184ed
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -0,0 +1,46 @@
1Upstream-Status: Inappropriate [OE specific]
2
3commonio.c: fix unexpected open failure in chroot environment
4
5When using commands with '-R <newroot>' option in our pseudo environment,
6we would usually get the 'Pemission Denied' error. This patch serves as
7a workaround to this problem.
8
9Note that this patch doesn't change the logic in the code, it just expands
10the codes.
11
12Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
13---
14 lib/commonio.c | 16 ++++++++++++----
15 1 file changed, 12 insertions(+), 4 deletions(-)
16
17diff --git a/lib/commonio.c b/lib/commonio.c
18index cc536bf..51cafd9 100644
19--- a/lib/commonio.c
20+++ b/lib/commonio.c
21@@ -613,10 +613,18 @@ int commonio_open (struct commonio_db *db, int mode)
22 db->cursor = NULL;
23 db->changed = false;
24
25- fd = open (db->filename,
26- (db->readonly ? O_RDONLY : O_RDWR)
27- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
28- saved_errno = errno;
29+ if (db->readonly) {
30+ fd = open (db->filename,
31+ (true ? O_RDONLY : O_RDWR)
32+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
33+ saved_errno = errno;
34+ } else {
35+ fd = open (db->filename,
36+ (false ? O_RDONLY : O_RDWR)
37+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW);
38+ saved_errno = errno;
39+ }
40+
41 db->fp = NULL;
42 if (fd >= 0) {
43 #ifdef WITH_TCB
44--
451.7.9.5
46
diff --git a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch b/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
deleted file mode 100644
index 80ebdc22a4..0000000000
--- a/meta/recipes-extended/shadow/files/fix-etc-gshadow-reading.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1shadow: Fix parsing of gshadow entries
2
3Upstream-Status: Backport [http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3096]
4
5newgrp command does not function properly.
6Even with the valid password, it outputs: "'Invalid password'"
7
8Signed-off-by: Roy.Li <rongqing.li@windriver.com>
9
102010-02-14 Michael Bunk <mb@computer-leipzig.com>
11
12 * NEWS, lib/gshadow.c: Fix parsing of gshadow entries.
13
14diff -urpN a/lib/gshadow.c b/lib/gshadow.c
15--- a/lib/gshadow.c 2013-07-11 10:18:15.745450428 +0800
16+++ b/lib/gshadow.c 2013-07-11 10:17:30.465450280 +0800
17@@ -222,6 +222,7 @@ void endsgent (void)
18 if (NULL == buf) {
19 return NULL;
20 }
21+ buflen = BUFSIZ;
22 }
23
24 if (NULL == fp) {
25@@ -229,9 +230,9 @@ void endsgent (void)
26 }
27
28 #ifdef USE_NIS
29- while (fgetsx (buf, (int) sizeof buf, fp) == buf)
30+ while (fgetsx (buf, (int) buflen, fp) == buf)
31 #else
32- if (fgetsx (buf, (int) sizeof buf, fp) == buf)
33+ if (fgetsx (buf, (int) buflen, fp) == buf)
34 #endif
35 {
36 while ( ((cp = strrchr (buf, '\n')) == NULL)
diff --git a/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
new file mode 100644
index 0000000000..02cb91aafd
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/fix-installation-failure-with-subids-disabled.patch
@@ -0,0 +1,28 @@
1Upstream-Status: Pending
2
3Subject: fix installation failure with subids disabled
4
5Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
6---
7 src/Makefile.am | 5 ++++-
8 1 file changed, 4 insertions(+), 1 deletion(-)
9
10diff --git a/src/Makefile.am b/src/Makefile.am
11index 25e288d..076f8ef 100644
12--- a/src/Makefile.am
13+++ b/src/Makefile.am
14@@ -52,7 +52,10 @@ usbin_PROGRAMS = \
15 noinst_PROGRAMS = id sulogin
16
17 suidbins = su
18-suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap
19+suidubins = chage chfn chsh expiry gpasswd newgrp passwd
20+if ENABLE_SUBIDS
21+suidubins += newgidmap newuidmap
22+endif
23 if ACCT_TOOLS_SETUID
24 suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
25 endif
26--
271.7.9.5
28
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
deleted file mode 100644
index 651474674b..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-env-reset-keep-locale.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/283725
13https://alioth.debian.org/tracker/index.php?func=detail&aid=311740&group_id=30580&atid=411480
14
15Upstream-Status: Pending
16
17Signed-off-by: Scott Garman <scott.a.garman@intel.com>
18
19Index: shadow-4.1.4.2/libmisc/env.c
20===================================================================
21--- shadow-4.1.4.2.orig/libmisc/env.c 2009-04-27 13:07:56.000000000 -0700
22+++ shadow-4.1.4.2/libmisc/env.c 2010-06-03 17:44:51.456408474 -0700
23@@ -251,7 +251,7 @@ void sanitize_env (void)
24 if (strncmp (*cur, *bad, strlen (*bad)) != 0) {
25 continue;
26 }
27- if (strchr (*cur, '/') != NULL) {
28+ if (strchr (*cur, '/') == NULL) {
29 continue; /* OK */
30 }
31 for (move = cur; NULL != *move; move++) {
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
deleted file mode 100644
index 640200b796..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-groupmod-pam-check.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/300790
13http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2009-November/007850.html
14
152009-11-05 Nicolas François <nicolas.francois@centraliens.net>
16
17 * NEWS, src/groupmod.c: Fixed groupmod when configured with
18 --enable-account-tools-setuid.
19
20Upstream-Status: Pending
21
22Signed-off-by: Scott Garman <scott.a.garman@intel.com>
23
24Index: shadow-4.1.4.2/src/groupmod.c
25===================================================================
26--- shadow-4.1.4.2.orig/src/groupmod.c 2009-06-05 15:16:58.000000000 -0700
27+++ shadow-4.1.4.2/src/groupmod.c 2010-06-03 17:45:43.828952613 -0700
28@@ -720,7 +720,7 @@ int main (int argc, char **argv)
29 {
30 struct passwd *pampw;
31 pampw = getpwuid (getuid ()); /* local, no need for xgetpwuid */
32- if (NULL == pamh) {
33+ if (NULL == pampw) {
34 fprintf (stderr,
35 _("%s: Cannot determine your user name.\n"),
36 Prog);
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch b/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
deleted file mode 100644
index 0dc4d75b97..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.4.2-su_no_sanitize_env.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12http://bugs.gentoo.org/show_bug.cgi?id=301957
13https://alioth.debian.org/scm/browser.php?group_id=30580
14
15Upstream-Status: Pending
16
17Signed-off-by: Scott Garman <scott.a.garman@intel.com>
18
19Index: shadow-4.1.4.2/src/su.c
20===================================================================
21--- shadow-4.1.4.2.orig/src/su.c 2009-07-23 13:38:56.000000000 -0700
22+++ shadow-4.1.4.2/src/su.c 2010-06-03 17:46:47.718944010 -0700
23@@ -378,7 +378,7 @@ int main (int argc, char **argv)
24 #endif
25 #endif /* !USE_PAM */
26
27- sanitize_env ();
28+ /* sanitize_env (); */
29
30 (void) setlocale (LC_ALL, "");
31 (void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch b/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
deleted file mode 100644
index a793f09a4e..0000000000
--- a/meta/recipes-extended/shadow/files/shadow.automake-1.11.patch
+++ /dev/null
@@ -1,106 +0,0 @@
1# patch is from openembedded:
2# commit 2db61370333f7a2fc1dbb86385734883387e0217
3# Author: Martin Jansa <Martin.Jansa@gmail.com>
4# Date: Fri Apr 2 07:34:46 2010 +0200
5#
6# shadow: fix do_install with automake-1.11
7#
8# Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>
11
12man_nopan is for !USE_PAM already included in man_MANS and automake-1.11 hates to install some file twice
13
14Upstream-Status: Pending
15
16Signed-off-by: Scott Garman <scott.a.garman@intel.com>
17
18diff -uNr shadow-4.1.4.2.orig/man/Makefile.am shadow-4.1.4.2/man/Makefile.am
19--- shadow-4.1.4.2.orig/man/Makefile.am 2009-03-14 15:40:10.000000000 +0100
20+++ shadow-4.1.4.2/man/Makefile.am 2010-04-02 07:31:17.000000000 +0200
21@@ -163,7 +163,6 @@
22 $(man_MANS) \
23 $(man_XMANS) \
24 $(addprefix login.defs.d/,$(login_defs_v)) \
25- $(man_nopam) \
26 id.1 \
27 id.1.xml \
28 sulogin.8 \
29diff -uNr shadow-4.1.4.2.orig/man/fr/Makefile.am shadow-4.1.4.2/man/fr/Makefile.am
30--- shadow-4.1.4.2.orig/man/fr/Makefile.am 2008-09-06 18:44:45.000000000 +0200
31+++ shadow-4.1.4.2/man/fr/Makefile.am 2010-04-02 07:42:11.000000000 +0200
32@@ -52,7 +52,6 @@
33
34 EXTRA_DIST = \
35 $(man_MANS) \
36- $(man_nopam) \
37 id.1
38
39 include ../generate_translations.mak
40diff -uNr shadow-4.1.4.2.orig/man/it/Makefile.am shadow-4.1.4.2/man/it/Makefile.am
41--- shadow-4.1.4.2.orig/man/it/Makefile.am 2008-09-06 18:44:45.000000000 +0200
42+++ shadow-4.1.4.2/man/it/Makefile.am 2010-04-02 07:42:20.000000000 +0200
43@@ -46,7 +46,6 @@
44
45 EXTRA_DIST = \
46 $(man_MANS) \
47- $(man_nopam) \
48 id.1 \
49 logoutd.8
50
51diff -uNr shadow-4.1.4.2.orig/man/ja/Makefile.am shadow-4.1.4.2/man/ja/Makefile.am
52--- shadow-4.1.4.2.orig/man/ja/Makefile.am 2007-12-31 17:48:28.000000000 +0100
53+++ shadow-4.1.4.2/man/ja/Makefile.am 2010-04-02 07:42:17.000000000 +0200
54@@ -49,7 +49,6 @@
55
56 EXTRA_DIST = \
57 $(man_MANS) \
58- $(man_nopam) \
59 id.1 \
60 shadow.3 \
61 sulogin.8
62diff -uNr shadow-4.1.4.2.orig/man/pl/Makefile.am shadow-4.1.4.2/man/pl/Makefile.am
63--- shadow-4.1.4.2.orig/man/pl/Makefile.am 2008-09-06 18:44:45.000000000 +0200
64+++ shadow-4.1.4.2/man/pl/Makefile.am 2010-04-02 07:42:07.000000000 +0200
65@@ -49,7 +49,6 @@
66
67 EXTRA_DIST = \
68 $(man_MANS) \
69- $(man_nopam) \
70 getspnam.3 \
71 id.1 \
72 shadow.3 \
73diff -uNr shadow-4.1.4.2.orig/man/ru/Makefile.am shadow-4.1.4.2/man/ru/Makefile.am
74--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:39:00.000000000 +0200
75+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:42:01.000000000 +0200
76@@ -54,7 +54,6 @@
77
78 EXTRA_DIST = \
79 $(man_MANS) \
80- $(man_nopam) \
81 id.1 \
82 sulogin.8
83
84diff -uNr shadow-4.1.4.2.orig/man/sv/Makefile.am shadow-4.1.4.2/man/sv/Makefile.am
85--- shadow-4.1.4.2.orig/man/sv/Makefile.am 2008-09-06 18:44:45.000000000 +0200
86+++ shadow-4.1.4.2/man/sv/Makefile.am 2010-04-02 07:42:24.000000000 +0200
87@@ -53,8 +53,7 @@
88 endif
89
90 EXTRA_DIST = \
91- $(man_MANS) \
92- $(man_nopam)
93+ $(man_MANS)
94
95 include ../generate_translations.mak
96
97--- shadow-4.1.4.2.orig/man/ru/Makefile.am 2010-04-02 07:54:09.000000000 +0200
98+++ shadow-4.1.4.2/man/ru/Makefile.am 2010-04-02 07:51:57.000000000 +0200
99@@ -1,7 +1,6 @@
100 mandir = @mandir@/ru
101
102 man_MANS = \
103- $(man_nopam) \
104 chage.1 \
105 chfn.1 \
106 chgpasswd.8 \
diff --git a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch b/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
deleted file mode 100644
index 6a27ed387d..0000000000
--- a/meta/recipes-extended/shadow/files/shadow_fix_for_automake-1.12.patch
+++ /dev/null
@@ -1,23 +0,0 @@
1Upstream-Status: pending
2
3Automake 1.12 has deprecated automatic de-ANSI-fication support
4
5This patch avoids this issue with automake 1.12:
6
7| configure.in:22: error: automatic de-ANSI-fication support has been removed
8
9Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com>
102012/05/02
11
12Index: shadow-4.1.4.3/configure.in
13===================================================================
14--- shadow-4.1.4.3.orig/configure.in
15+++ shadow-4.1.4.3/configure.in
16@@ -19,7 +19,6 @@ AC_PROG_CC
17 AC_ISC_POSIX
18 AC_PROG_LN_S
19 AC_PROG_YACC
20-AM_C_PROTOTYPES
21 AM_PROG_LIBTOOL
22
23 dnl Checks for libraries.
diff --git a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch b/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
deleted file mode 100644
index 7cd45afebb..0000000000
--- a/meta/recipes-extended/shadow/files/slackware_fix_for_glib-2.17_crypt.patch
+++ /dev/null
@@ -1,63 +0,0 @@
1
2This patch is from Slackware, I tried to find the actual
3author to add that attribution. The comment below is the
4best summary, I will not repeat it here.
5
6Upstream-Status: Backport from slackware
7
8Signed-off-by: Saul Wold <sgw@linux.intel.com>
9
10Index: shadow-4.1.4.3/lib/encrypt.c
11===================================================================
12--- shadow-4.1.4.3.orig/lib/encrypt.c
13+++ shadow-4.1.4.3/lib/encrypt.c
14@@ -45,15 +45,40 @@ char *pw_encrypt (const char *clear, con
15 static char cipher[128];
16 char *cp;
17
18- cp = crypt (clear, salt);
19- if (!cp) {
20- /*
21- * Single Unix Spec: crypt() may return a null pointer,
22- * and set errno to indicate an error. The caller doesn't
23- * expect us to return NULL, so...
24- */
25- perror ("crypt");
26- exit (EXIT_FAILURE);
27+ cp = crypt (clear, salt);
28+ if (!cp) {
29+ /*
30+ * In glibc-2.17 and newer, crypt() will return NULL if
31+ * it was called using an invalid salt format. Previous
32+ * versions of glibc would go ahead and compute a DES hash
33+ * using the invalid salt. The salt value in this case was
34+ * always '!'. We might arrive at this place if either the
35+ * user does not exist, or if the hash in /etc/shadow doesn't
36+ * have the proper magic for one of the supported hash
37+ * formats (for example, if the account was locked using
38+ * "passwd -l". To handle this situation, we will recompute
39+ * the hash using a hardcoded salt as was previously done
40+ * by glibc. The hash returned by the old glibc function
41+ * always began with "!!", which would ensure that it could
42+ * never match an otherwise valid hash in /etc/shadow that
43+ * was disabled with a "!" at the beginning (since the second
44+ * character would never be "!" as well), so we will also
45+ * prepend the resulting hash with "!!". Finally, in case
46+ * crypt() failed for some other reason we will check to see
47+ * if we still get NULL from crypt even with the valid salt
48+ * and will fail if that's the case.
49+ */
50+
51+ /* Recalculate hash using a hardcoded, valid SHA512 salt: */
52+ cp = crypt (clear, "$6$8IIcy/1EPOk/");
53+
54+ if (!cp) {
55+ perror ("crypt");
56+ exit (EXIT_FAILURE);
57+ } else {
58+ sprintf (cipher, "!!%s", cp);
59+ return cipher;
60+ }
61 }
62
63 /* The GNU crypt does not return NULL if the algorithm is not
diff --git a/meta/recipes-extended/shadow/files/useradd.patch b/meta/recipes-extended/shadow/files/useradd.patch
deleted file mode 100644
index ff5016c0bf..0000000000
--- a/meta/recipes-extended/shadow/files/useradd.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1Work around a bug introduced with the --root option which was causing
2all other arguments to be ignored.
3
4Upstream-Status: inappropriate
5Signed-off-by: Phil Blundell <philb@gnu.org>
6
7--- a/src/useradd.c~ 2011-09-01 15:36:40.398234861 +0100
8+++ b/src/useradd.c 2011-09-01 17:29:00.782004133 +0100
9@@ -1957,6 +1957,8 @@
10
11 get_defaults ();
12
13+ optind = 1;
14+
15 process_flags (argc, argv);
16
17 #ifdef ACCT_TOOLS_SETUID
diff --git a/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
new file mode 100644
index 0000000000..37dc153fca
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/usermod-fix-compilation-failure-with-subids-disabled.patch
@@ -0,0 +1,33 @@
1Upstream-Status: Pending
2
3usermod: fix compilation failure with subids disabled
4
5Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
6---
7 src/usermod.c | 3 ++-
8 1 file changed, 2 insertions(+), 1 deletion(-)
9
10diff --git a/src/usermod.c b/src/usermod.c
11index e7d4351..685b50a 100644
12--- a/src/usermod.c
13+++ b/src/usermod.c
14@@ -1360,7 +1360,7 @@ static void process_flags (int argc, char **argv)
15 Prog, (unsigned long) user_newid);
16 exit (E_UID_IN_USE);
17 }
18-
19+#ifdef ENABLE_SUBIDS
20 if ( (vflg || Vflg)
21 && !is_sub_uid) {
22 fprintf (stderr,
23@@ -1376,6 +1376,7 @@ static void process_flags (int argc, char **argv)
24 Prog, sub_gid_dbname (), "-w", "-W");
25 exit (E_USAGE);
26 }
27+#endif
28 }
29
30 /*
31--
321.7.9.5
33
diff --git a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb
index 0e0410043b..0e0410043b 100644
--- a/meta/recipes-extended/shadow/shadow-securetty_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow-securetty_4.2.1.bb
diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb
index 697569c47e..697569c47e 100644
--- a/meta/recipes-extended/shadow/shadow-sysroot_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow-sysroot_4.2.1.bb
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index 6848e054b3..40f58f0d12 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -1,50 +1,39 @@
1SUMMARY = "Tools to change and administer password and group data" 1SUMMARY = "Tools to change and administer password and group data"
2HOMEPAGE = "http://pkg-shadow.alioth.debian.org" 2HOMEPAGE = "http://pkg-shadow.alioth.debian.org"
3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580" 3BUGTRACKER = "https://alioth.debian.org/tracker/?group_id=30580"
4SECTION = "base utils" 4SECTION = "base/utils"
5LICENSE = "BSD | Artistic-1.0" 5LICENSE = "BSD | Artistic-1.0"
6LIC_FILES_CHKSUM = "file://COPYING;md5=08c553a87d4e51bbed50b20e0adcaede \ 6LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \
7 file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661" 7 file://src/passwd.c;beginline=8;endline=30;md5=d83888ea14ae61951982d77125947661"
8 8
9DEPENDS = "shadow-native" 9DEPENDS = "shadow-native"
10DEPENDS_class-native = "" 10DEPENDS_class-native = ""
11DEPENDS_class-nativesdk = "" 11DEPENDS_class-nativesdk = ""
12 12
13SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.bz2 \ 13SRC_URI = "http://pkg-shadow.alioth.debian.org/releases/${BPN}-${PV}.tar.xz \
14 file://shadow.automake-1.11.patch \
15 file://shadow_fix_for_automake-1.12.patch \
16 file://shadow-4.1.3-dots-in-usernames.patch \ 14 file://shadow-4.1.3-dots-in-usernames.patch \
17 file://shadow-4.1.4.2-env-reset-keep-locale.patch \ 15 file://usermod-fix-compilation-failure-with-subids-disabled.patch \
16 file://fix-installation-failure-with-subids-disabled.patch \
18 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \ 17 ${@bb.utils.contains('PACKAGECONFIG', 'pam', '${PAM_SRC_URI}', '', d)} \
19 " 18 "
20 19
21SRC_URI_append_class-target = " \ 20SRC_URI_append_class-target = " \
22 file://login_defs_pam.sed \ 21 file://login_defs_pam.sed \
23 file://shadow-4.1.4.2-groupmod-pam-check.patch \
24 file://shadow-4.1.4.2-su_no_sanitize_env.patch \
25 file://shadow-update-pam-conf.patch \ 22 file://shadow-update-pam-conf.patch \
26 file://slackware_fix_for_glib-2.17_crypt.patch \
27 file://fix-etc-gshadow-reading.patch \
28 " 23 "
29 24
30SRC_URI_append_class-native = " \ 25SRC_URI_append_class-native = " \
31 file://add_root_cmd_options.patch \
32 file://disable-syslog.patch \ 26 file://disable-syslog.patch \
33 file://useradd.patch \
34 file://add_root_cmd_groupmems.patch \
35 file://allow-for-setting-password-in-clear-text.patch \ 27 file://allow-for-setting-password-in-clear-text.patch \
28 file://commonio.c-fix-unexpected-open-failure-in-chroot-env.patch \
29 file://0001-useradd.c-create-parent-directories-when-necessary.patch \
36 " 30 "
37SRC_URI_append_class-nativesdk = " \ 31SRC_URI_append_class-nativesdk = " \
38 file://add_root_cmd_options.patch \
39 file://disable-syslog.patch \ 32 file://disable-syslog.patch \
40 file://useradd.patch \
41 file://add_root_cmd_groupmems.patch \
42 " 33 "
43 34
44SRC_URI[md5sum] = "b8608d8294ac88974f27b20f991c0e79" 35SRC_URI[md5sum] = "2bfafe7d4962682d31b5eba65dba4fc8"
45SRC_URI[sha256sum] = "633f5bb4ea0c88c55f3642c97f9d25cbef74f82e0b4cf8d54e7ad6f9f9caa778" 36SRC_URI[sha256sum] = "3b0893d1476766868cd88920f4f1231c4795652aa407569faff802bcda0f3d41"
46
47PR = "r14"
48 37
49# Additional Policy files for PAM 38# Additional Policy files for PAM
50PAM_SRC_URI = "file://pam.d/chfn \ 39PAM_SRC_URI = "file://pam.d/chfn \
@@ -61,6 +50,7 @@ EXTRA_OECONF += "--without-audit \
61 --without-libcrack \ 50 --without-libcrack \
62 --without-selinux \ 51 --without-selinux \
63 --with-group-name-max-length=24 \ 52 --with-group-name-max-length=24 \
53 --enable-subordinate-ids=no \
64 ${NSCDOPT}" 54 ${NSCDOPT}"
65 55
66NSCDOPT = "" 56NSCDOPT = ""
@@ -166,11 +156,11 @@ ALTERNATIVE_LINK_NAME[su] = "${base_bindir}/su"
166 156
167pkg_postinst_${PN} () { 157pkg_postinst_${PN} () {
168 if [ "x$D" != "x" ]; then 158 if [ "x$D" != "x" ]; then
169 rootarg="--root=$D" 159 rootarg="--root $D"
170 else 160 else
171 rootarg="" 161 rootarg=""
172 fi 162 fi
173 163
174 pwconv $rootarg 164 pwconv $rootarg || exit 1
175 grpconv $rootarg 165 grpconv $rootarg || exit 1
176} 166}
diff --git a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb b/meta/recipes-extended/shadow/shadow_4.2.1.bb
index 5675cb8cc9..5675cb8cc9 100644
--- a/meta/recipes-extended/shadow/shadow_4.1.4.3.bb
+++ b/meta/recipes-extended/shadow/shadow_4.2.1.bb