summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/shadow/files
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-extended/shadow/files')
-rw-r--r--meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch123
-rw-r--r--meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch301
-rw-r--r--meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch13
-rw-r--r--meta/recipes-extended/shadow/files/login.defs_shadow-sysroot1
-rw-r--r--meta/recipes-extended/shadow/files/pam.d/login4
-rw-r--r--meta/recipes-extended/shadow/files/securetty1
-rw-r--r--meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch27
-rw-r--r--meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch111
-rw-r--r--meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch83
-rw-r--r--meta/recipes-extended/shadow/files/useradd8
10 files changed, 71 insertions, 601 deletions
diff --git a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch b/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
deleted file mode 100644
index ab317b9aa0..0000000000
--- a/meta/recipes-extended/shadow/files/0001-Disable-use-of-syslog-for-sysroot.patch
+++ /dev/null
@@ -1,123 +0,0 @@
1From fa2d9453656641002802d8165e80adb9e6a729d2 Mon Sep 17 00:00:00 2001
2From: Scott Garman <scott.a.garman@intel.com>
3Date: Thu, 14 Apr 2016 12:28:57 +0200
4Subject: [PATCH] Disable use of syslog for sysroot
5
6Disable use of syslog to prevent sysroot user and group additions from
7writing entries to the host's syslog. This patch should only be used
8with the shadow-native recipe.
9
10Upstream-Status: Inappropriate [disable feature]
11
12Signed-off-by: Scott Garman <scott.a.garman@intel.com>
13Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
14Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
15
16---
17 src/groupadd.c | 3 +++
18 src/groupdel.c | 3 +++
19 src/groupmems.c | 3 +++
20 src/groupmod.c | 3 +++
21 src/useradd.c | 3 +++
22 src/userdel.c | 3 +++
23 src/usermod.c | 3 +++
24 7 files changed, 21 insertions(+)
25
26diff --git a/src/groupadd.c b/src/groupadd.c
27index 2dd8eec..e9c4bb7 100644
28--- a/src/groupadd.c
29+++ b/src/groupadd.c
30@@ -34,6 +34,9 @@
31
32 #ident "$Id$"
33
34+/* Disable use of syslog since we're running this command against a sysroot */
35+#undef USE_SYSLOG
36+
37 #include <ctype.h>
38 #include <fcntl.h>
39 #include <getopt.h>
40diff --git a/src/groupdel.c b/src/groupdel.c
41index f941a84..5a70056 100644
42--- a/src/groupdel.c
43+++ b/src/groupdel.c
44@@ -34,6 +34,9 @@
45
46 #ident "$Id$"
47
48+/* Disable use of syslog since we're running this command against a sysroot */
49+#undef USE_SYSLOG
50+
51 #include <ctype.h>
52 #include <fcntl.h>
53 #include <grp.h>
54diff --git a/src/groupmems.c b/src/groupmems.c
55index fc91c8b..2842514 100644
56--- a/src/groupmems.c
57+++ b/src/groupmems.c
58@@ -32,6 +32,9 @@
59
60 #include <config.h>
61
62+/* Disable use of syslog since we're running this command against a sysroot */
63+#undef USE_SYSLOG
64+
65 #include <fcntl.h>
66 #include <getopt.h>
67 #include <grp.h>
68diff --git a/src/groupmod.c b/src/groupmod.c
69index 1dca5fc..bc14438 100644
70--- a/src/groupmod.c
71+++ b/src/groupmod.c
72@@ -34,6 +34,9 @@
73
74 #ident "$Id$"
75
76+/* Disable use of syslog since we're running this command against a sysroot */
77+#undef USE_SYSLOG
78+
79 #include <ctype.h>
80 #include <fcntl.h>
81 #include <getopt.h>
82diff --git a/src/useradd.c b/src/useradd.c
83index 4af0f7c..1b7bf06 100644
84--- a/src/useradd.c
85+++ b/src/useradd.c
86@@ -34,6 +34,9 @@
87
88 #ident "$Id$"
89
90+/* Disable use of syslog since we're running this command against a sysroot */
91+#undef USE_SYSLOG
92+
93 #include <assert.h>
94 #include <ctype.h>
95 #include <errno.h>
96diff --git a/src/userdel.c b/src/userdel.c
97index cc951e5..153e0be 100644
98--- a/src/userdel.c
99+++ b/src/userdel.c
100@@ -34,6 +34,9 @@
101
102 #ident "$Id$"
103
104+/* Disable use of syslog since we're running this command against a sysroot */
105+#undef USE_SYSLOG
106+
107 #include <assert.h>
108 #include <errno.h>
109 #include <fcntl.h>
110diff --git a/src/usermod.c b/src/usermod.c
111index 05b9871..21c6da9 100644
112--- a/src/usermod.c
113+++ b/src/usermod.c
114@@ -34,6 +34,9 @@
115
116 #ident "$Id$"
117
118+/* Disable use of syslog since we're running this command against a sysroot */
119+#undef USE_SYSLOG
120+
121 #include <assert.h>
122 #include <ctype.h>
123 #include <errno.h>
diff --git a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch b/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
deleted file mode 100644
index c6332e4f76..0000000000
--- a/meta/recipes-extended/shadow/files/0002-Allow-for-setting-password-in-clear-text.patch
+++ /dev/null
@@ -1,301 +0,0 @@
1From a7d995228491ad5255ad86c1f04ba071f6880897 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Sat, 16 Nov 2013 15:27:47 +0800
4Subject: [PATCH] Allow for setting password in clear text
5
6Upstream-Status: Inappropriate [OE specific]
7
8Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
9
10---
11 src/Makefile.am | 8 ++++----
12 src/groupadd.c | 20 +++++++++++++++-----
13 src/groupmod.c | 20 +++++++++++++++-----
14 src/useradd.c | 21 +++++++++++++++------
15 src/usermod.c | 20 +++++++++++++++-----
16 5 files changed, 64 insertions(+), 25 deletions(-)
17
18diff --git a/src/Makefile.am b/src/Makefile.am
19index f31fd7a..4a317a3 100644
20--- a/src/Makefile.am
21+++ b/src/Makefile.am
22@@ -103,10 +103,10 @@ chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
23 chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
24 expiry_LDADD = $(LDADD) $(LIBECONF)
25 gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF)
26-groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
27+groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
28 groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
29 groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
30-groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
31+groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) $(LIBCRYPT)
32 grpck_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
33 grpconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
34 grpunconv_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
35@@ -127,9 +127,9 @@ su_SOURCES = \
36 suauth.c
37 su_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF)
38 sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
39-useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
40+useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
41 userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF)
42-usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF)
43+usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) $(LIBCRYPT)
44 vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
45
46 install-am: all-am
47diff --git a/src/groupadd.c b/src/groupadd.c
48index e9c4bb7..d572c00 100644
49--- a/src/groupadd.c
50+++ b/src/groupadd.c
51@@ -127,9 +127,10 @@ static /*@noreturn@*/void usage (int status)
52 (void) fputs (_(" -o, --non-unique allow to create groups with duplicate\n"
53 " (non-unique) GID\n"), usageout);
54 (void) fputs (_(" -p, --password PASSWORD use this encrypted password for the new group\n"), usageout);
55+ (void) fputs (_(" -P, --clear-password PASSWORD use this clear password for the new group\n"), usageout);
56 (void) fputs (_(" -r, --system create a system account\n"), usageout);
57 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
58- (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
59+ (void) fputs (_(" -A, --prefix PREFIX_DIR directory prefix\n"), usageout);
60 (void) fputs ("\n", usageout);
61 exit (status);
62 }
63@@ -391,13 +392,14 @@ static void process_flags (int argc, char **argv)
64 {"key", required_argument, NULL, 'K'},
65 {"non-unique", no_argument, NULL, 'o'},
66 {"password", required_argument, NULL, 'p'},
67+ {"clear-password", required_argument, NULL, 'P'},
68 {"system", no_argument, NULL, 'r'},
69 {"root", required_argument, NULL, 'R'},
70- {"prefix", required_argument, NULL, 'P'},
71+ {"prefix", required_argument, NULL, 'A'},
72 {NULL, 0, NULL, '\0'}
73 };
74
75- while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
76+ while ((c = getopt_long (argc, argv, "fg:hK:op:P:rR:A:",
77 long_options, NULL)) != -1) {
78 switch (c) {
79 case 'f':
80@@ -449,12 +451,20 @@ static void process_flags (int argc, char **argv)
81 pflg = true;
82 group_passwd = optarg;
83 break;
84+ case 'P':
85+ pflg = true;
86+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
87+ break;
88 case 'r':
89 rflg = true;
90 break;
91 case 'R': /* no-op, handled in process_root_flag () */
92 break;
93- case 'P': /* no-op, handled in process_prefix_flag () */
94+ case 'A': /* no-op, handled in process_prefix_flag () */
95+ fprintf (stderr,
96+ _("%s: -A is deliberately not supported \n"),
97+ Prog);
98+ exit (E_BAD_ARG);
99 break;
100 default:
101 usage (E_USAGE);
102@@ -588,7 +598,7 @@ int main (int argc, char **argv)
103 (void) textdomain (PACKAGE);
104
105 process_root_flag ("-R", argc, argv);
106- prefix = process_prefix_flag ("-P", argc, argv);
107+ prefix = process_prefix_flag ("-A", argc, argv);
108
109 OPENLOG ("groupadd");
110 #ifdef WITH_AUDIT
111diff --git a/src/groupmod.c b/src/groupmod.c
112index bc14438..25ccb44 100644
113--- a/src/groupmod.c
114+++ b/src/groupmod.c
115@@ -138,8 +138,9 @@ static void usage (int status)
116 (void) fputs (_(" -o, --non-unique allow to use a duplicate (non-unique) GID\n"), usageout);
117 (void) fputs (_(" -p, --password PASSWORD change the password to this (encrypted)\n"
118 " PASSWORD\n"), usageout);
119+ (void) fputs (_(" -P, --clear-password PASSWORD change the password to this clear PASSWORD\n"), usageout);
120 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
121- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
122+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
123 (void) fputs ("\n", usageout);
124 exit (status);
125 }
126@@ -387,11 +388,12 @@ static void process_flags (int argc, char **argv)
127 {"new-name", required_argument, NULL, 'n'},
128 {"non-unique", no_argument, NULL, 'o'},
129 {"password", required_argument, NULL, 'p'},
130+ {"clear-password", required_argument, NULL, 'P'},
131 {"root", required_argument, NULL, 'R'},
132- {"prefix", required_argument, NULL, 'P'},
133+ {"prefix", required_argument, NULL, 'A'},
134 {NULL, 0, NULL, '\0'}
135 };
136- while ((c = getopt_long (argc, argv, "g:hn:op:R:P:",
137+ while ((c = getopt_long (argc, argv, "g:hn:op:P:R:A:",
138 long_options, NULL)) != -1) {
139 switch (c) {
140 case 'g':
141@@ -418,9 +420,17 @@ static void process_flags (int argc, char **argv)
142 group_passwd = optarg;
143 pflg = true;
144 break;
145+ case 'P':
146+ group_passwd = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
147+ pflg = true;
148+ break;
149 case 'R': /* no-op, handled in process_root_flag () */
150 break;
151- case 'P': /* no-op, handled in process_prefix_flag () */
152+ case 'A': /* no-op, handled in process_prefix_flag () */
153+ fprintf (stderr,
154+ _("%s: -A is deliberately not supported \n"),
155+ Prog);
156+ exit (E_BAD_ARG);
157 break;
158 default:
159 usage (E_USAGE);
160@@ -761,7 +771,7 @@ int main (int argc, char **argv)
161 (void) textdomain (PACKAGE);
162
163 process_root_flag ("-R", argc, argv);
164- prefix = process_prefix_flag ("-P", argc, argv);
165+ prefix = process_prefix_flag ("-A", argc, argv);
166
167 OPENLOG ("groupmod");
168 #ifdef WITH_AUDIT
169diff --git a/src/useradd.c b/src/useradd.c
170index 1b7bf06..44f09e2 100644
171--- a/src/useradd.c
172+++ b/src/useradd.c
173@@ -853,9 +853,10 @@ static void usage (int status)
174 (void) fputs (_(" -o, --non-unique allow to create users with duplicate\n"
175 " (non-unique) UID\n"), usageout);
176 (void) fputs (_(" -p, --password PASSWORD encrypted password of the new account\n"), usageout);
177+ (void) fputs (_(" -P, --clear-password PASSWORD clear password of the new account\n"), usageout);
178 (void) fputs (_(" -r, --system create a system account\n"), usageout);
179 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
180- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
181+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
182 (void) fputs (_(" -s, --shell SHELL login shell of the new account\n"), usageout);
183 (void) fputs (_(" -u, --uid UID user ID of the new account\n"), usageout);
184 (void) fputs (_(" -U, --user-group create a group with the same name as the user\n"), usageout);
185@@ -1133,9 +1134,10 @@ static void process_flags (int argc, char **argv)
186 {"no-user-group", no_argument, NULL, 'N'},
187 {"non-unique", no_argument, NULL, 'o'},
188 {"password", required_argument, NULL, 'p'},
189+ {"clear-password", required_argument, NULL, 'P'},
190 {"system", no_argument, NULL, 'r'},
191 {"root", required_argument, NULL, 'R'},
192- {"prefix", required_argument, NULL, 'P'},
193+ {"prefix", required_argument, NULL, 'A'},
194 {"shell", required_argument, NULL, 's'},
195 {"uid", required_argument, NULL, 'u'},
196 {"user-group", no_argument, NULL, 'U'},
197@@ -1146,9 +1148,9 @@ static void process_flags (int argc, char **argv)
198 };
199 while ((c = getopt_long (argc, argv,
200 #ifdef WITH_SELINUX
201- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
202+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:UZ:",
203 #else /* !WITH_SELINUX */
204- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
205+ "b:c:d:De:f:g:G:hk:K:lmMNop:P:rR:A:s:u:U",
206 #endif /* !WITH_SELINUX */
207 long_options, NULL)) != -1) {
208 switch (c) {
209@@ -1320,12 +1322,19 @@ static void process_flags (int argc, char **argv)
210 }
211 user_pass = optarg;
212 break;
213+ case 'P': /* set clear text password */
214+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
215+ break;
216 case 'r':
217 rflg = true;
218 break;
219 case 'R': /* no-op, handled in process_root_flag () */
220 break;
221- case 'P': /* no-op, handled in process_prefix_flag () */
222+ case 'A': /* no-op, handled in process_prefix_flag () */
223+ fprintf (stderr,
224+ _("%s: -A is deliberately not supported \n"),
225+ Prog);
226+ exit (E_BAD_ARG);
227 break;
228 case 's':
229 if ( ( !VALID (optarg) )
230@@ -2257,7 +2266,7 @@ int main (int argc, char **argv)
231
232 process_root_flag ("-R", argc, argv);
233
234- prefix = process_prefix_flag("-P", argc, argv);
235+ prefix = process_prefix_flag("-A", argc, argv);
236
237 OPENLOG ("useradd");
238 #ifdef WITH_AUDIT
239diff --git a/src/usermod.c b/src/usermod.c
240index 21c6da9..cffdb3e 100644
241--- a/src/usermod.c
242+++ b/src/usermod.c
243@@ -431,8 +431,9 @@ static /*@noreturn@*/void usage (int status)
244 " new location (use only with -d)\n"), usageout);
245 (void) fputs (_(" -o, --non-unique allow using duplicate (non-unique) UID\n"), usageout);
246 (void) fputs (_(" -p, --password PASSWORD use encrypted password for the new password\n"), usageout);
247+ (void) fputs (_(" -P, --clear-password PASSWORD use clear password for the new password\n"), usageout);
248 (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
249- (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
250+ (void) fputs (_(" -A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
251 (void) fputs (_(" -s, --shell SHELL new login shell for the user account\n"), usageout);
252 (void) fputs (_(" -u, --uid UID new UID for the user account\n"), usageout);
253 (void) fputs (_(" -U, --unlock unlock the user account\n"), usageout);
254@@ -1010,8 +1011,9 @@ static void process_flags (int argc, char **argv)
255 {"move-home", no_argument, NULL, 'm'},
256 {"non-unique", no_argument, NULL, 'o'},
257 {"password", required_argument, NULL, 'p'},
258+ {"clear-password", required_argument, NULL, 'P'},
259 {"root", required_argument, NULL, 'R'},
260- {"prefix", required_argument, NULL, 'P'},
261+ {"prefix", required_argument, NULL, 'A'},
262 {"shell", required_argument, NULL, 's'},
263 {"uid", required_argument, NULL, 'u'},
264 {"unlock", no_argument, NULL, 'U'},
265@@ -1027,7 +1029,7 @@ static void process_flags (int argc, char **argv)
266 {NULL, 0, NULL, '\0'}
267 };
268 while ((c = getopt_long (argc, argv,
269- "abc:d:e:f:g:G:hl:Lmop:R:s:u:UP:"
270+ "abc:d:e:f:g:G:hl:Lmop:P:R:s:u:UA:"
271 #ifdef ENABLE_SUBIDS
272 "v:w:V:W:"
273 #endif /* ENABLE_SUBIDS */
274@@ -1130,9 +1132,17 @@ static void process_flags (int argc, char **argv)
275 user_pass = optarg;
276 pflg = true;
277 break;
278+ case 'P':
279+ user_pass = pw_encrypt (optarg, crypt_make_salt (NULL, NULL));
280+ pflg = true;
281+ break;
282 case 'R': /* no-op, handled in process_root_flag () */
283 break;
284- case 'P': /* no-op, handled in process_prefix_flag () */
285+ case 'A': /* no-op, handled in process_prefix_flag () */
286+ fprintf (stderr,
287+ _("%s: -A is deliberately not supported \n"),
288+ Prog);
289+ exit (E_BAD_ARG);
290 break;
291 case 's':
292 if (!VALID (optarg)) {
293@@ -2127,7 +2137,7 @@ int main (int argc, char **argv)
294 (void) textdomain (PACKAGE);
295
296 process_root_flag ("-R", argc, argv);
297- prefix = process_prefix_flag ("-P", argc, argv);
298+ prefix = process_prefix_flag ("-A", argc, argv);
299
300 OPENLOG ("usermod");
301 #ifdef WITH_AUDIT
diff --git a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
index 9825216369..cd99aad135 100644
--- a/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
+++ b/meta/recipes-extended/shadow/files/commonio.c-fix-unexpected-open-failure-in-chroot-env.patch
@@ -1,4 +1,4 @@
1From 66533c7c6f347d257020675a1ed6e0c59cbbc3f0 Mon Sep 17 00:00:00 2001 1From f512071dd3a4c29d4bf048c5a89c4ba9160e37b1 Mon Sep 17 00:00:00 2001
2From: Chen Qi <Qi.Chen@windriver.com> 2From: Chen Qi <Qi.Chen@windriver.com>
3Date: Thu, 17 Jul 2014 15:53:34 +0800 3Date: Thu, 17 Jul 2014 15:53:34 +0800
4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env 4Subject: [PATCH] commonio.c-fix-unexpected-open-failure-in-chroot-env
@@ -15,32 +15,31 @@ Note that this patch doesn't change the logic in the code, it just expands
15the codes. 15the codes.
16 16
17Signed-off-by: Chen Qi <Qi.Chen@windriver.com> 17Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
18
19--- 18---
20 lib/commonio.c | 16 ++++++++++++---- 19 lib/commonio.c | 16 ++++++++++++----
21 1 file changed, 12 insertions(+), 4 deletions(-) 20 1 file changed, 12 insertions(+), 4 deletions(-)
22 21
23diff --git a/lib/commonio.c b/lib/commonio.c 22diff --git a/lib/commonio.c b/lib/commonio.c
24index 16fa7e7..d6bc297 100644 23index 01a26c9..82b2868 100644
25--- a/lib/commonio.c 24--- a/lib/commonio.c
26+++ b/lib/commonio.c 25+++ b/lib/commonio.c
27@@ -632,10 +632,18 @@ int commonio_open (struct commonio_db *db, int mode) 26@@ -601,10 +601,18 @@ int commonio_open (struct commonio_db *db, int mode)
28 db->cursor = NULL; 27 db->cursor = NULL;
29 db->changed = false; 28 db->changed = false;
30 29
31- fd = open (db->filename, 30- fd = open (db->filename,
32- (db->readonly ? O_RDONLY : O_RDWR) 31- (db->readonly ? O_RDONLY : O_RDWR)
33- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 32- | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
34- saved_errno = errno; 33- saved_errno = errno;
35+ if (db->readonly) { 34+ if (db->readonly) {
36+ fd = open (db->filename, 35+ fd = open (db->filename,
37+ (true ? O_RDONLY : O_RDWR) 36+ (true ? O_RDONLY : O_RDWR)
38+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 37+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW | O_CLOEXEC);
39+ saved_errno = errno; 38+ saved_errno = errno;
40+ } else { 39+ } else {
41+ fd = open (db->filename, 40+ fd = open (db->filename,
42+ (false ? O_RDONLY : O_RDWR) 41+ (false ? O_RDONLY : O_RDWR)
43+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW); 42+ | O_NOCTTY | O_NONBLOCK | O_NOFOLLOW| O_CLOEXEC);
44+ saved_errno = errno; 43+ saved_errno = errno;
45+ } 44+ }
46+ 45+
diff --git a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
index 8a68dd341a..09df77d2e7 100644
--- a/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
+++ b/meta/recipes-extended/shadow/files/login.defs_shadow-sysroot
@@ -1,3 +1,4 @@
1# SPDX-License-Identifier: BSD-3-Clause OR Artistic-1.0
1# 2#
2# /etc/login.defs - Configuration control definitions for the shadow package. 3# /etc/login.defs - Configuration control definitions for the shadow package.
3# 4#
diff --git a/meta/recipes-extended/shadow/files/pam.d/login b/meta/recipes-extended/shadow/files/pam.d/login
index b340058539..d39e09b1ea 100644
--- a/meta/recipes-extended/shadow/files/pam.d/login
+++ b/meta/recipes-extended/shadow/files/pam.d/login
@@ -57,10 +57,6 @@ auth optional pam_group.so
57# (Replaces the use of /etc/limits in old login) 57# (Replaces the use of /etc/limits in old login)
58session required pam_limits.so 58session required pam_limits.so
59 59
60# Prints the last login info upon succesful login
61# (Replaces the `LASTLOG_ENAB' option from login.defs)
62session optional pam_lastlog.so
63
64# Prints the motd upon succesful login 60# Prints the motd upon succesful login
65# (Replaces the `MOTD_FILE' option in login.defs) 61# (Replaces the `MOTD_FILE' option in login.defs)
66session optional pam_motd.so 62session optional pam_motd.so
diff --git a/meta/recipes-extended/shadow/files/securetty b/meta/recipes-extended/shadow/files/securetty
index 2be341a216..820728faa6 100644
--- a/meta/recipes-extended/shadow/files/securetty
+++ b/meta/recipes-extended/shadow/files/securetty
@@ -7,6 +7,7 @@ ttyS0
7ttyS1 7ttyS1
8ttyS2 8ttyS2
9ttyS3 9ttyS3
10ttyS4
10 11
11# ARM AMBA SoCs 12# ARM AMBA SoCs
12ttyAM0 13ttyAM0
diff --git a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch b/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
deleted file mode 100644
index a7bb0a9290..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-4.1.3-dots-in-usernames.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1# commit message copied from openembedded:
2# commit 246c80637b135f3a113d319b163422f98174ee6c
3# Author: Khem Raj <raj.khem@gmail.com>
4# Date: Wed Jun 9 13:37:03 2010 -0700
5#
6# shadow-4.1.4.2: Add patches to support dots in login id.
7#
8# Signed-off-by: Khem Raj <raj.khem@gmail.com>
9#
10# comment added by Kevin Tian <kevin.tian@intel.com>, 2010-08-11
11
12Upstream-Status: Pending
13
14Signed-off-by: Scott Garman <scott.a.garman@intel.com>
15
16Index: shadow-4.1.4.2/libmisc/chkname.c
17===================================================================
18--- shadow-4.1.4.2.orig/libmisc/chkname.c 2009-04-28 12:14:04.000000000 -0700
19+++ shadow-4.1.4.2/libmisc/chkname.c 2010-06-03 17:43:20.638973857 -0700
20@@ -61,6 +61,7 @@ static bool is_valid_name (const char *n
21 ( ('0' <= *name) && ('9' >= *name) ) ||
22 ('_' == *name) ||
23 ('-' == *name) ||
24+ ('.' == *name) ||
25 ( ('$' == *name) && ('\0' == *(name + 1)) )
26 )) {
27 return false;
diff --git a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch b/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch
deleted file mode 100644
index cc833362e9..0000000000
--- a/meta/recipes-extended/shadow/files/shadow-relaxed-usernames.patch
+++ /dev/null
@@ -1,111 +0,0 @@
1From ca472d6866e545aaa70a70020e3226f236a8aafc Mon Sep 17 00:00:00 2001
2From: Shan Hai <shan.hai@windriver.com>
3Date: Tue, 13 Sep 2016 13:45:46 +0800
4Subject: [PATCH] shadow: use relaxed usernames
5
6The groupadd from shadow does not allow upper case group names, the
7same is true for the upstream shadow. But distributions like
8Debian/Ubuntu/CentOS has their own way to cope with this problem,
9this patch is picked up from CentOS release 7.0 to relax the usernames
10restrictions to allow the upper case group names, and the relaxation is
11POSIX compliant because POSIX indicate that usernames are composed of
12characters from the portable filename character set [A-Za-z0-9._-].
13
14Upstream-Status: Pending
15
16Signed-off-by: Shan Hai <shan.hai@windriver.com>
17
18---
19 libmisc/chkname.c | 30 ++++++++++++++++++------------
20 man/groupadd.8.xml | 6 ------
21 man/useradd.8.xml | 8 +-------
22 3 files changed, 19 insertions(+), 25 deletions(-)
23
24diff --git a/libmisc/chkname.c b/libmisc/chkname.c
25index 90f185c..65762b4 100644
26--- a/libmisc/chkname.c
27+++ b/libmisc/chkname.c
28@@ -55,22 +55,28 @@ static bool is_valid_name (const char *name)
29 }
30
31 /*
32- * User/group names must match [a-z_][a-z0-9_-]*[$]
33- */
34-
35- if (('\0' == *name) ||
36- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
37+ * User/group names must match gnu e-regex:
38+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
39+ *
40+ * as a non-POSIX, extension, allow "$" as the last char for
41+ * sake of Samba 3.x "add machine script"
42+ */
43+ if ( ('\0' == *name) ||
44+ !((*name >= 'a' && *name <= 'z') ||
45+ (*name >= 'A' && *name <= 'Z') ||
46+ (*name >= '0' && *name <= '9') ||
47+ (*name == '_') || (*name == '.')
48+ )) {
49 return false;
50 }
51
52 while ('\0' != *++name) {
53- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
54- ( ('0' <= *name) && ('9' >= *name) ) ||
55- ('_' == *name) ||
56- ('-' == *name) ||
57- ('.' == *name) ||
58- ( ('$' == *name) && ('\0' == *(name + 1)) )
59- )) {
60+ if (!( (*name >= 'a' && *name <= 'z') ||
61+ (*name >= 'A' && *name <= 'Z') ||
62+ (*name >= '0' && *name <= '9') ||
63+ (*name == '_') || (*name == '.') || (*name == '-') ||
64+ (*name == '$' && *(name + 1) == '\0')
65+ )) {
66 return false;
67 }
68 }
69diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
70index 1e58f09..d804b61 100644
71--- a/man/groupadd.8.xml
72+++ b/man/groupadd.8.xml
73@@ -272,12 +272,6 @@
74
75 <refsect1 id='caveats'>
76 <title>CAVEATS</title>
77- <para>
78- Groupnames must start with a lower case letter or an underscore,
79- followed by lower case letters, digits, underscores, or dashes.
80- They can end with a dollar sign.
81- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
82- </para>
83 <para>
84 Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
85 </para>
86diff --git a/man/useradd.8.xml b/man/useradd.8.xml
87index a16d730..c0bd777 100644
88--- a/man/useradd.8.xml
89+++ b/man/useradd.8.xml
90@@ -366,7 +366,7 @@
91 </term>
92 <listitem>
93 <para>
94- Do no create the user's home directory, even if the system
95+ Do not create the user's home directory, even if the system
96 wide setting from <filename>/etc/login.defs</filename>
97 (<option>CREATE_HOME</option>) is set to
98 <replaceable>yes</replaceable>.
99@@ -660,12 +660,6 @@
100 the user account creation request.
101 </para>
102
103- <para>
104- Usernames must start with a lower case letter or an underscore,
105- followed by lower case letters, digits, underscores, or dashes.
106- They can end with a dollar sign.
107- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
108- </para>
109 <para>
110 Usernames may only be up to 32 characters long.
111 </para>
diff --git a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
index 15f8044fa2..1eacb8a53f 100644
--- a/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
+++ b/meta/recipes-extended/shadow/files/shadow-update-pam-conf.patch
@@ -1,88 +1,115 @@
1From 38882ab288fd4d2cc2e45dff222ae3412c8fe357 Mon Sep 17 00:00:00 2001
2From: Kang Kai <kai.kang@windriver.com>
3Date: Wed, 20 Jul 2011 19:18:14 +0800
4Subject: [PATCH] shadow: update pam related configure files
5
1The system-auth in the configure files is from Fedora which put all the 4 pam type rules 6The system-auth in the configure files is from Fedora which put all the 4 pam type rules
2in one file. 7in one file.
3In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account, 8In yocto it obey the way with Debian/Ubuntu, and the names are common-auth, common-account,
4common-password and common-session. 9common-password and common-session.
5So update them with oe way. 10So update them with oe way.
6 11
7Upstream-Status: Pending 12See meta/recipes-extended/pam/libpam/pam.d/common-password
13
14Upstream-Status: Inappropriate [oe-core specific]
8 15
9Signed-off-by: Kang Kai <kai.kang@windriver.com> 16Signed-off-by: Kang Kai <kai.kang@windriver.com>
17---
18 etc/pam.d/chage | 2 +-
19 etc/pam.d/chgpasswd | 2 +-
20 etc/pam.d/groupadd | 2 +-
21 etc/pam.d/groupdel | 2 +-
22 etc/pam.d/groupmems | 2 +-
23 etc/pam.d/groupmod | 2 +-
24 etc/pam.d/useradd | 2 +-
25 etc/pam.d/userdel | 2 +-
26 etc/pam.d/usermod | 2 +-
27 9 files changed, 9 insertions(+), 9 deletions(-)
10 28
11diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chage shadow-4.1.4.3/etc/pam.d/chage 29diff --git a/etc/pam.d/chage b/etc/pam.d/chage
12--- shadow-4.1.4.3/etc/pam.d.orig/chage 2011-07-20 19:02:27.384844958 +0800 30index 8f49f5c..b1f365d 100644
13+++ shadow-4.1.4.3/etc/pam.d/chage 2011-07-20 19:03:08.964844958 +0800 31--- a/etc/pam.d/chage
32+++ b/etc/pam.d/chage
14@@ -1,4 +1,4 @@ 33@@ -1,4 +1,4 @@
15 #%PAM-1.0 34 #%PAM-1.0
16 auth sufficient pam_rootok.so 35 auth sufficient pam_rootok.so
17 account required pam_permit.so 36 account required pam_permit.so
18-password include system-auth 37-password include system-auth
19+password include common-password 38+password include common-password
20diff -Nur shadow-4.1.4.3/etc/pam.d.orig/chgpasswd shadow-4.1.4.3/etc/pam.d/chgpasswd 39diff --git a/etc/pam.d/chgpasswd b/etc/pam.d/chgpasswd
21--- shadow-4.1.4.3/etc/pam.d.orig/chgpasswd 2011-07-20 19:02:27.384844958 +0800 40index 8f49f5c..b1f365d 100644
22+++ shadow-4.1.4.3/etc/pam.d/chgpasswd 2011-07-20 19:03:26.544844958 +0800 41--- a/etc/pam.d/chgpasswd
42+++ b/etc/pam.d/chgpasswd
23@@ -1,4 +1,4 @@ 43@@ -1,4 +1,4 @@
24 #%PAM-1.0 44 #%PAM-1.0
25 auth sufficient pam_rootok.so 45 auth sufficient pam_rootok.so
26 account required pam_permit.so 46 account required pam_permit.so
27-password include system-auth 47-password include system-auth
28+password include common-password 48+password include common-password
29diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupadd shadow-4.1.4.3/etc/pam.d/groupadd 49diff --git a/etc/pam.d/groupadd b/etc/pam.d/groupadd
30--- shadow-4.1.4.3/etc/pam.d.orig/groupadd 2011-07-20 19:02:27.384844958 +0800 50index 8f49f5c..b1f365d 100644
31+++ shadow-4.1.4.3/etc/pam.d/groupadd 2011-07-20 19:04:08.124844958 +0800 51--- a/etc/pam.d/groupadd
52+++ b/etc/pam.d/groupadd
32@@ -1,4 +1,4 @@ 53@@ -1,4 +1,4 @@
33 #%PAM-1.0 54 #%PAM-1.0
34 auth sufficient pam_rootok.so 55 auth sufficient pam_rootok.so
35 account required pam_permit.so 56 account required pam_permit.so
36-password include system-auth 57-password include system-auth
37+password include common-password 58+password include common-password
38diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupdel shadow-4.1.4.3/etc/pam.d/groupdel 59diff --git a/etc/pam.d/groupdel b/etc/pam.d/groupdel
39--- shadow-4.1.4.3/etc/pam.d.orig/groupdel 2011-07-20 19:02:27.384844958 +0800 60index 8f49f5c..b1f365d 100644
40+++ shadow-4.1.4.3/etc/pam.d/groupdel 2011-07-20 19:04:26.114844958 +0800 61--- a/etc/pam.d/groupdel
62+++ b/etc/pam.d/groupdel
41@@ -1,4 +1,4 @@ 63@@ -1,4 +1,4 @@
42 #%PAM-1.0 64 #%PAM-1.0
43 auth sufficient pam_rootok.so 65 auth sufficient pam_rootok.so
44 account required pam_permit.so 66 account required pam_permit.so
45-password include system-auth 67-password include system-auth
46+password include common-password 68+password include common-password
47diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmems shadow-4.1.4.3/etc/pam.d/groupmems 69diff --git a/etc/pam.d/groupmems b/etc/pam.d/groupmems
48--- shadow-4.1.4.3/etc/pam.d.orig/groupmems 2011-07-20 19:02:27.384844958 +0800 70index 8f49f5c..b1f365d 100644
49+++ shadow-4.1.4.3/etc/pam.d/groupmems 2011-07-20 19:04:35.074844958 +0800 71--- a/etc/pam.d/groupmems
72+++ b/etc/pam.d/groupmems
50@@ -1,4 +1,4 @@ 73@@ -1,4 +1,4 @@
51 #%PAM-1.0 74 #%PAM-1.0
52 auth sufficient pam_rootok.so 75 auth sufficient pam_rootok.so
53 account required pam_permit.so 76 account required pam_permit.so
54-password include system-auth 77-password include system-auth
55+password include common-password 78+password include common-password
56diff -Nur shadow-4.1.4.3/etc/pam.d.orig/groupmod shadow-4.1.4.3/etc/pam.d/groupmod 79diff --git a/etc/pam.d/groupmod b/etc/pam.d/groupmod
57--- shadow-4.1.4.3/etc/pam.d.orig/groupmod 2011-07-20 19:02:27.384844958 +0800 80index 8f49f5c..b1f365d 100644
58+++ shadow-4.1.4.3/etc/pam.d/groupmod 2011-07-20 19:04:44.864844958 +0800 81--- a/etc/pam.d/groupmod
82+++ b/etc/pam.d/groupmod
59@@ -1,4 +1,4 @@ 83@@ -1,4 +1,4 @@
60 #%PAM-1.0 84 #%PAM-1.0
61 auth sufficient pam_rootok.so 85 auth sufficient pam_rootok.so
62 account required pam_permit.so 86 account required pam_permit.so
63-password include system-auth 87-password include system-auth
64+password include common-password 88+password include common-password
65diff -Nur shadow-4.1.4.3/etc/pam.d.orig/useradd shadow-4.1.4.3/etc/pam.d/useradd 89diff --git a/etc/pam.d/useradd b/etc/pam.d/useradd
66--- shadow-4.1.4.3/etc/pam.d.orig/useradd 2011-07-20 19:02:27.384844958 +0800 90index 8f49f5c..b1f365d 100644
67+++ shadow-4.1.4.3/etc/pam.d/useradd 2011-07-20 19:07:26.244844958 +0800 91--- a/etc/pam.d/useradd
92+++ b/etc/pam.d/useradd
68@@ -1,4 +1,4 @@ 93@@ -1,4 +1,4 @@
69 #%PAM-1.0 94 #%PAM-1.0
70 auth sufficient pam_rootok.so 95 auth sufficient pam_rootok.so
71 account required pam_permit.so 96 account required pam_permit.so
72-password include system-auth 97-password include system-auth
73+password include common-password 98+password include common-password
74diff -Nur shadow-4.1.4.3/etc/pam.d.orig/userdel shadow-4.1.4.3/etc/pam.d/userdel 99diff --git a/etc/pam.d/userdel b/etc/pam.d/userdel
75--- shadow-4.1.4.3/etc/pam.d.orig/userdel 2011-07-20 19:02:27.384844958 +0800 100index 8f49f5c..b1f365d 100644
76+++ shadow-4.1.4.3/etc/pam.d/userdel 2011-07-20 19:07:35.734844958 +0800 101--- a/etc/pam.d/userdel
102+++ b/etc/pam.d/userdel
77@@ -1,4 +1,4 @@ 103@@ -1,4 +1,4 @@
78 #%PAM-1.0 104 #%PAM-1.0
79 auth sufficient pam_rootok.so 105 auth sufficient pam_rootok.so
80 account required pam_permit.so 106 account required pam_permit.so
81-password include system-auth 107-password include system-auth
82+password include common-password 108+password include common-password
83diff -Nur shadow-4.1.4.3/etc/pam.d.orig/usermod shadow-4.1.4.3/etc/pam.d/usermod 109diff --git a/etc/pam.d/usermod b/etc/pam.d/usermod
84--- shadow-4.1.4.3/etc/pam.d.orig/usermod 2011-07-20 19:02:27.384844958 +0800 110index 8f49f5c..b1f365d 100644
85+++ shadow-4.1.4.3/etc/pam.d/usermod 2011-07-20 19:07:42.024844958 +0800 111--- a/etc/pam.d/usermod
112+++ b/etc/pam.d/usermod
86@@ -1,4 +1,4 @@ 113@@ -1,4 +1,4 @@
87 #%PAM-1.0 114 #%PAM-1.0
88 auth sufficient pam_rootok.so 115 auth sufficient pam_rootok.so
diff --git a/meta/recipes-extended/shadow/files/useradd b/meta/recipes-extended/shadow/files/useradd
new file mode 100644
index 0000000000..782aeef418
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/useradd
@@ -0,0 +1,8 @@
1# useradd defaults file
2GROUP=100
3HOME=/home
4INACTIVE=-1
5EXPIRE=
6SHELL=/bin/sh
7SKEL=/etc/skel
8CREATE_MAIL_SPOOL=no
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-04 21:01:59 +0000