2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:25 +05:30
|
|
|
EXTRA_DIST = \
|
|
|
|
.indent.pro
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
ubindir = ${prefix}/bin
|
|
|
|
usbindir = ${prefix}/sbin
|
2007-11-14 19:02:25 +05:30
|
|
|
suidperms = 4755
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
sgidperms = 2755
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:15:23 +05:30
|
|
|
INCLUDES = \
|
2007-10-07 17:14:51 +05:30
|
|
|
-I${top_srcdir}/lib \
|
|
|
|
-I$(top_srcdir)/libmisc
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
# XXX why are login and su in /bin anyway (other than for
|
|
|
|
# historical reasons)?
|
|
|
|
#
|
|
|
|
# if the system is screwed so badly that it can't mount /usr,
|
|
|
|
# you can (hopefully) boot single user, and then you're root
|
|
|
|
# so you don't need these programs for recovery.
|
|
|
|
#
|
|
|
|
# also /lib/libshadow.so.x.xx (if any) could be moved to /usr/lib
|
|
|
|
# and installation would be much simpler (just two directories,
|
|
|
|
# $prefix/bin and $prefix/sbin, no install-data hacks...)
|
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
bin_PROGRAMS = groups login su
|
2007-10-07 17:17:45 +05:30
|
|
|
sbin_PROGRAMS = nologin
|
2013-01-22 14:50:07 +05:30
|
|
|
ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd \
|
|
|
|
newgidmap newuidmap
|
2007-10-07 17:15:23 +05:30
|
|
|
usbin_PROGRAMS = \
|
2007-10-07 17:17:22 +05:30
|
|
|
chgpasswd \
|
2007-10-07 17:15:23 +05:30
|
|
|
chpasswd \
|
|
|
|
groupadd \
|
|
|
|
groupdel \
|
2007-10-07 17:17:57 +05:30
|
|
|
groupmems \
|
2007-10-07 17:15:23 +05:30
|
|
|
groupmod \
|
|
|
|
grpck \
|
|
|
|
grpconv \
|
|
|
|
grpunconv \
|
|
|
|
logoutd \
|
|
|
|
newusers \
|
|
|
|
pwck \
|
|
|
|
pwconv \
|
|
|
|
pwunconv \
|
|
|
|
useradd \
|
|
|
|
userdel \
|
|
|
|
usermod \
|
|
|
|
vipw
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
# id and groups are from gnu, sulogin from sysvinit
|
2007-10-07 17:16:34 +05:30
|
|
|
noinst_PROGRAMS = id sulogin
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
suidbins = su
|
2013-01-22 14:50:07 +05:30
|
|
|
suidubins = chage chfn chsh expiry gpasswd newgrp passwd newuidmap newgidmap
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
if ACCT_TOOLS_SETUID
|
|
|
|
suidubins += chage chgpasswd chpasswd groupadd groupdel groupmod newusers useradd userdel usermod
|
|
|
|
endif
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
if WITH_TCB
|
|
|
|
suidubins -= passwd
|
|
|
|
shadowsgidubins = passwd
|
|
|
|
endif
|
|
|
|
|
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
2008-01-06 19:49:32 +05:30
|
|
|
LDADD = $(INTLLIBS) \
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
$(LIBTCB) \
|
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
2008-01-06 19:49:32 +05:30
|
|
|
$(top_builddir)/libmisc/libmisc.a \
|
2007-10-07 17:16:34 +05:30
|
|
|
$(top_builddir)/lib/libshadow.la
|
|
|
|
AM_CPPFLAGS = -DLOCALEDIR=\"$(datadir)/locale\"
|
2007-10-07 17:14:51 +05:30
|
|
|
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
if ACCT_TOOLS_SETUID
|
|
|
|
LIBPAM_SUID = $(LIBPAM)
|
|
|
|
else
|
|
|
|
LIBPAM_SUID =
|
|
|
|
endif
|
|
|
|
|
2008-12-23 06:14:29 +05:30
|
|
|
if USE_PAM
|
|
|
|
LIBCRYPT_NOPAM =
|
|
|
|
else
|
|
|
|
LIBCRYPT_NOPAM = $(LIBCRYPT)
|
|
|
|
endif
|
|
|
|
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
2013-06-06 21:11:58 +05:30
|
|
|
newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
|
|
|
newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
|
2008-12-23 06:14:29 +05:30
|
|
|
chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
|
2008-12-23 06:14:29 +05:30
|
|
|
chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
2009-05-09 18:44:44 +05:30
|
|
|
chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
2008-01-06 19:49:32 +05:30
|
|
|
gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
|
|
|
groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
2007-10-07 17:17:57 +05:30
|
|
|
groupmems_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX)
|
* configure.in: Added option --enable-account-tools-setuid to
enable/disable the usage of PAM to authenticate the callers of
account management tools: chage, chgpasswd, chpasswd, groupadd,
groupdel, groupmod, useradd, userdel, usermod.
* src/Makefile.am: Do not link the above tools with libpam if
account-tools-setuid is disabled.
* src/userdel.c, src/newusers.c, src/chpasswd.c, src/usermod.c,
src/groupdel.c, src/chgpasswd.c, src/useradd.c, src/groupmod.c,
src/groupadd.c, src/chage.c: Implement ACCT_TOOLS_SETUID
(--enable-account-tools-setuid).
* etc/pam.d/Makefile.am: Install the pam service file for the
above tools only when needed.
* src/useradd.c, src/userdel.c, src/usermod.c: It is no more
needed to initialize retval to PAM_SUCCESS.
2008-09-07 03:05:37 +05:30
|
|
|
groupmod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
|
2007-10-07 17:17:22 +05:30
|
|
|
grpck_LDADD = $(LDADD) $(LIBSELINUX)
|
|
|
|
grpconv_LDADD = $(LDADD) $(LIBSELINUX)
|
|
|
|
grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
2008-01-06 19:49:32 +05:30
|
|
|
login_SOURCES = \
|
2007-10-07 17:16:34 +05:30
|
|
|
login.c \
|
|
|
|
login_nopam.c
|
2008-12-23 06:14:29 +05:30
|
|
|
login_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
|
|
|
newgrp_LDADD = $(LDADD) $(LIBAUDIT) $(LIBCRYPT)
|
2009-05-09 18:45:57 +05:30
|
|
|
newusers_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
|
2007-10-07 17:17:11 +05:30
|
|
|
nologin_LDADD =
|
2008-12-23 06:14:29 +05:30
|
|
|
passwd_LDADD = $(LDADD) $(LIBPAM) $(LIBCRACK) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM)
|
2007-10-07 17:17:22 +05:30
|
|
|
pwck_LDADD = $(LDADD) $(LIBSELINUX)
|
|
|
|
pwconv_LDADD = $(LDADD) $(LIBSELINUX)
|
|
|
|
pwunconv_LDADD = $(LDADD) $(LIBSELINUX)
|
2007-10-07 17:16:34 +05:30
|
|
|
su_SOURCES = \
|
|
|
|
su.c \
|
|
|
|
suauth.c
|
2008-12-23 06:14:29 +05:30
|
|
|
su_LDADD = $(LDADD) $(LIBPAM) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
|
* lib/Makefile.am: Do not link libshadow.la with the intl, crypt,
skey and md libraries...
* src/Makefile.am: ...Specify for each binary which library is
required. skey and md are required for the binaries with
authentication of the user (chfn, chsh, login, passwd, su). intl
is required for all. mcrypt is required for user (chfn, chsh,
login, passwd, su, sulogin) and group (newgrp, gpasswd)
authentication and for the creation of passwords (chpasswd,
chgpasswd, gpasswd, newusers, passwd).
2008-01-06 19:49:32 +05:30
|
|
|
sulogin_LDADD = $(LDADD) $(LIBCRYPT)
|
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/Makefile.am: Removed
safe_system().
* lib/selinux.c, po/POTFILES.in, lib/prototypes.h,
lib/Makefile.am: Added helper functions for semanage.
* README, src/useradd.c, src/usermod.c, src/userdel.c,
configure.in: Use libsemanage instead of semanage.
2011-11-18 03:21:07 +05:30
|
|
|
useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
|
|
|
|
userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE)
|
|
|
|
usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR)
|
2007-10-07 17:17:22 +05:30
|
|
|
vipw_LDADD = $(LDADD) $(LIBSELINUX)
|
2007-10-07 17:14:51 +05:30
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
install-am: all-am
|
|
|
|
$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
|
|
|
|
ln -sf newgrp $(DESTDIR)$(ubindir)/sg
|
|
|
|
ln -sf vipw $(DESTDIR)$(usbindir)/vigr
|
2007-10-07 17:14:02 +05:30
|
|
|
for i in $(suidbins); do \
|
2007-11-14 19:02:25 +05:30
|
|
|
chmod -f $(suidperms) $(DESTDIR)$(bindir)/$$i; \
|
2007-10-07 17:14:02 +05:30
|
|
|
done
|
|
|
|
for i in $(suidubins); do \
|
2007-11-14 19:02:25 +05:30
|
|
|
chmod -f $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
|
2007-10-07 17:14:02 +05:30
|
|
|
done
|
2010-01-30 Paweł Hajdan, Jr. <phajdan.jr@gentoo.org>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/Makefile.am: New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* configure.in: Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
remove_tree().
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/Makefile.am: Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/Makefile.am: New configuration
parameters: TCB_AUTH_GROUP, TCB_SYMLINKS, USE_TCB.
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-03-04 23:41:13 +05:30
|
|
|
if WITH_TCB
|
|
|
|
for i in $(shadowsgidubins); do \
|
|
|
|
chown root:shadow $(DESTDIR)$(ubindir)/$$i; \
|
|
|
|
chmod -f $(sgidperms) $(DESTDIR)$(ubindir)/$$i; \
|
|
|
|
done
|
|
|
|
endif
|