emo/shadow
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

[svn-upgrade] Integrating new upstream version, shadow (19990709)

Browse Source
This commit is contained in:
nekral-guest
2007-10-07 11:44:02 +00:00
parent 9c72ed9062
commit 45c6603cc8
350 changed files with 89554 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
doc/ANNOUNCE Normal file
View File

@@ -0,0 +1,48 @@
$Id: ANNOUNCE,v 1.3 1998/01/29 23:22:25 marekm Exp $
[ This is the original comp.os.linux.announce posting (only the
author's name and e-mail address has been updated), kept here
for historical reasons. Many things have changed since then.
Linux distributions are using it, and the mailing list address
has been changed. See README.linux (in the same directory)
for more up to date information. --marekm ]
This is a new beta release of the Shadow Password Suite for Linux.
Many bugs have been reported (and fixed!), and the package is now
under a BSD-style copyright. It was written by Julianne F. Haugh
<jfh@tab.com>, and the Linux port is now maintained by me.
Again, this is beta software which may still have some bugs, please
treat it as such. Please don't install it if you don't know what
you're doing. Please test it as much as you can, and report any
bugs - if you report them, they will be fixed! If all goes well,
Shadow should be stable enough for general use within a few months.
Once it is stable, Linux distributions can start using it - there
are no copyright problems anymore.
Thanks to Greg Gallagher <ggallag@orion.it.luc.edu> there is now
a developers mailing list, shadow-list@neptune.cin.net. Send the
command "subscribe" to shadow-list-request@neptune.cin.net (NOT to
the mailing list itself!) to subscribe if you are interested.
LSM entry follows:
Begin3
Title: Shadow Password Suite
Version: 3.3.3-951218
Entered-date: 18DEC95
Description:
Keywords: login passwd security shadow
Author: jfh@tab.com (Julie Haugh)
Maintained-by: marekm@i17linuxb.ists.pwr.wroc.pl (Marek Michalkiewicz)
Primary-site: sunsite.unc.edu /pub/Linux/system/Admin
220K shadow-951218.tar.gz
Alternate-site: ftp.ists.pwr.wroc.pl /pub/linux/shadow
Original-site: ftp.uu.net ?
Platforms:
Copying-policy: BSD-like
End
Marek Michalkiewicz
marekm@i17linuxb.ists.pwr.wroc.pl

625
doc/CHANGES Normal file
View File

@@ -0,0 +1,625 @@
$Id: CHANGES,v 1.27 1999/07/09 18:02:43 marekm Exp $
shadow-19990607 => shadow-19990709
- added PAM support to chfn and chsh (thanks to Thorsten Kukuk)
- fixed a bug in newgrp if the user is in >= 17 groups
- added @LIBSKEY@ to LDADD for all programs (for some reason,
almost all programs need it if skey/opie support is enabled)
- changed grpconv/grpunconv to compile with --disable-shadowgrp
- changed faillog to do something (assume -p) with no options specified
- updated version of the udbachk passwd/shadow/group file integrity
checker (contrib/udbachk.v012.tgz)
shadow-19990307 => shadow-19990607
- upgraded to libtool-1.2, latest config.{guess,sub}
- added missing #include "defines.h" in libmisc/login_desrpc.c - thanks
to almost everyone for reporting it :-)
- moved PAM-related defines to pam_defs.h
- added some braces to if/else to avoid egcs warnings
- started adding PAM support to login (based on util-linux, not finished yet)
- changed "!" to "x" for pw_passwd in src/newusers.c
- a few more Y2K fixes
- added contrib/udbachk.tgz (passwd/shadow/group file integrity checker),
thanks to Sami Kerola
- Debian: made /etc/{limits,login.access,login.defs,porttime,securetty}
files all mode 0600 (Bug#38729 - login: /etc/limits is world readable)
- updated mailing list information (moved again, now hosted by SuSE),
updated README.mirrors, other minor documentation updates
- made getpass work with redirected stdin
- new readpass echoing asterisks disabled by default by popular demand
(can be enabled at compile time: ./configure --enable-readpass)
- the random number of asterisks in readpass is now more random
(random number generator initialization was missing)
- commented out --enable-md5crypt (obsolete) in configure.in
- when checking for libskey, link with -lcrypt if libcrypt is available
(otherwise the configure test for libskey fails - libskey needs libcrypt)
- added Package/Version ident strings (so you can use the RCS "ident"
command to check any binary, which version of shadow it comes from)
shadow-981228 => shadow-19990307
- added support for setting process priority in /etc/limits
- i18n: updated Greek translation
- i18n: added Polish translation by Arkadiusz Miskiewicz
- documented the -p option in useradd.8 and usermod.8 man pages
- some "const" gcc warning fixes
- attempt to fix lib/snprintf.c compilation problems
- added restart/reload/force-reload to /etc/init.d/logoutd (found by lintian)
- always require password for root logins (even with NO_PASSWORD_CONSOLE)
- workaround for RedHat's CREATE_HOME feature in /etc/login.defs
- changed to Y2K compatible version numbering
- more Y2K fixes, use the ISO 8601 date format (yyyy-mm-dd) for default
values of user-entered dates (you can still enter dates in any format
supported by GNU date)
- oops, added doc/README.nls to list of files to distribute
- added missing sanitize_env() call to src/login.c
- debian/rules installs /bin/login non-setuid by default, just in case...
- build Debian packages with cracklib support (depends on cracklib-runtime)
shadow-980724 => shadow-981228
- login now clears the username in argv[] (in case someone types the
password instead of username, by mistake)
- i18n support, Greek translation (Nikos Mavroyanopoulos), see README.nls
- updated author's e-mail address (jfh@tab.com -> jfh@bga.com)
- new getpass() replacement that displays *'s (Pavel Machek)
- no password required when logging in from ttys listed under
NO_PASSWORD_CONSOLE in login.defs (Pavel Machek)
- fixed limits code so RLIMIT_AS should work
- upgraded to Debian 2.0
- built a new machine (P2 350MHz, 64MB RAM) so the thing can be compiled
in reasonable time again
- upgraded to automake-1.3, libtool-1.0h (also new config.guess and
config.sub that work on i686)
- usermod fixed to handle group names starting with digits (not recommended)
shadow-980626 => shadow-980724
- security: login no longer gives you a root shell if setgid()
or initgroups() or setuid() fails for any reason, discovered
by Ted Hickman <thickman@sy.net>
- remove libshadow.so -> libshadow.so.x.x symlink after install
- a few int -> uid_t type cleanups
- fail immediately (don't retry) in *_lock() if euid != 0
- added sample PAM config files etc/pam.d/{passwd,su}
- preliminary PAM support in su (untested - use at your own risk,
comments and patches welcome!)
- cleanup and more comments in OPIE code (Algis Rudys)
- added support for TCFS (Transparent Cryptographic File System)
(use ./configure --with-libtcfs, see http://tcfs.dia.unisa.it/
for more info), thanks to Aniello Del Sorbo
shadow-980529 => shadow-980626
- fixed bug in commonio_lock() (infinite recursion if lckpwdf() not
used and database cannot be locked), thanks to Jonathan Hankins
- fixed bug in copy_tree() (NUL-terminate readlink() results),
thanks to Lutz Schwalowsky
- no need to press Enter after Ctrl-C to interrupt password prompt
- removed a few harmless gcc warnings
- secure RPC login disabled if <rpc/key_prot.h> not found (glibc 2.0)
- faillog.8: changed /usr/adm -> /var/log
- pwconv.8: documented that it may fail on invalid password files
shadow-980417 => shadow-980529
- fixed "interesting" strzero() bug introduced by me in 980417:
strzero(cp) didn't work as intended (the macro used a local
variable called "cp" - oops...); Leonard N. Zubkoff was the
first person to report it - thanks!
- fixed usermod -e to accept empty argument (like useradd),
thanks to Martin Bene
- several changes from Debian 980403-0.2, see debian/changelog
- added contrib/shadow-anonftp.patch (not yet merged, sorry...)
thanks to Calle Karlsson
shadow-980403 => shadow-980417
- fixed login session limits (again - broken since 980130)
- more symbolic constants for exit status values
- fixed logoutd to work with 8-character usernames in utmp
(no room for terminating NUL!)
- various fixes to make the code more glibc2-friendly
- updated doc/cracklib26.diff (fix for empty gecos, etc.)
- updated the files in redhat/ from shadow-utils-970616-11.src.rpm
(RH 5.0 updates)
shadow-980130 => shadow-980403
- security: su now creates the sulog file (if enabled and doesn't
already exist) with umask 077
- hopefully removed arbitrary group size limits (not yet for
shadow groups though - sgetsgent() still needs a rewrite,
but I don't want to delay this release any longer...)
- fixed NULL dereference in groupmod -n
shadow-971215 => shadow-980130
- Debian binary packages can be built without root privileges
(tar wrapper - debian/tar.c)
- new subdir "redhat" (needs more work, see redhat/README)
- in several places, exit(127) if exec fails with ENOENT, and
exit(126) on other errors (as in ksh and bash)
- renamed getpass() and md5_crypt() to libshadow_* to avoid name
conflicts with libc functions - md5_crypt() is also in libcrypt.a
on Linux/PPC, thanks to Anton Gluck <gluc@midway.uchicago.edu>
- handle crypt() returning NULL (possible according to Single Unix
Spec) more gracefully (exit instead of SIGSEGV)
- fixed bug in putgrent() that showed up when realloc() moved the
buffer while expanding it, thanks to Floody <flood@evcom.net>
- fixed bug in login session limits (with a limit set to N logins,
only N-1 logins were allowed), thanks to Floody <flood@evcom.net>
- upgraded to libtool-1.0h (now recognizes GNU ld on Debian 1.3.1)
- newer config.guess and config.sub (should work on x86 for x > 5)
- removed doc/automake-1.0.diff (obsoleted by automake-1.2)
- added doc/cracklib26.diff (some patches for cracklib-2.6)
- documented more (not all yet) login.defs(5) settings
- replaced more exit status numeric values with #defines
- shadow-utils.spec now generated from shadow-utils.spec.in
(so I don't have to edit version numbers for every new release)
- groupadd -f option, based on RedHat's shadow-utils-970616-9 patch
("force" - exit(0) if the group already exists); other RedHat-
specific options not added yet (best done in a perl script that
runs useradd/usermod/groupadd - see Debian's adduser-3.x)
- added -O option (override login.defs values) to useradd and groupadd
- if usermod can't update the group file(s), exit(10) but update the
password file(s) anyway (as documented by Solaris man page)
- useradd should no longer set sp_expire to the current date (oops)
- configure.in: added --enable-desrpc, check for gethostbyname in libc
before trying libnsl (necessary for Solaris; not for Linux or Irix,
even though libnsl may be present), fixed pw_age/pw_comment/pw_quota
detection, setpgrp vs. setpgid, other minor tweaks
- various */Makefile.am tweaks
- login.defs: added FAKE_SHELL - program to run instead of the login
shell, with the real shell in argv[0] (Frank Denis)
- login.defs: ignore case in yes/no settings
- more E_* defines instead of hardcoded numbers for exit()
- added sanitize_env() for setuid programs
- login_desrpc() checks for getnetname() errors
- new password is not "too similar" if it is long enough
- replacement strstr() was static, no one noticed :-)
- {pw,spw}_lock() and {pw,spw}_unlock() track the lock count and call
lckpwdf() and ulckpwdf() as needed, *_lock_first() hack removed
- login sets $REMOTEHOST for remote logins
- added newgrp -l option (Single Unix Spec, same as "-")
- EXPERIMENTAL shared lib support using libtool (libshadow.so saves about
200K of disk space on Linux/x86), enabled by default if supported by
the system, use ./configure --disable-shared if it causes any problems.
Warning: libshadow.so is intended for internal use by this package
only - binary compatibility with future releases is not guaranteed.
There should be no need to link any other programs with libshadow.so -
the libshadow.so -> libshadow.so.x.x symlink is unnecessary.
- pam_strerror() takes one or two arguments, depending on the Linux-PAM
version (!) - added check to configure; fixed do_pam_passwd prototype
- libmisc/login_access.c should compile on Linux/PPC and Solaris
- added information about the new ftp site to doc/README.mirrors
shadow-971001 => shadow-971215
- added workaround for NYS libc 5.3.12 (RedHat 4.2) bug to grpck
- updated the RPM .spec file
- renamed rlogin() to do_rlogin() to avoid Linux/PPC build problem
(glibc defines something else named "rlogin" in utmpbits.h ?)
- added MD5 checksums in Debian packages
- added -p and -g options to vipw (edit the password or group file
respectively, regardless of the command name in argv[0])
- removed old DBM support (NDBM code is still there)
- fixed a bug in gpasswd: current username was incorrectly identified as
"root" because of setuid(0) done too early. It may be a security hole
when using shadow groups - if "root" is listed as a group administrator,
any user can add/remove members in that group. Thanks to Jesse Thilo.
- gpasswd now logs which user (root or group admin) made the changes
- passwd now uses $PATH to search for the chfn, chsh, gpasswd commands
- newgrp and add_groups() allocate supplementary group lists dynamically
- moved check_shell() from src/chsh.c to libmisc/chkshell.c
- CHFN_RESTRICT in login.defs can now specify exactly which fields may be
changed by regular users (any combination of letters "frwh")
- fixed contrib/pwdauth.c segfault with non-existent usernames
- minor change in lib/getdef.c to handle quotes better (Juergen Heinzl)
- new date parsing code (from GNU date) used by useradd, usermod, chage
- upgraded to automake-1.2, added libtool-0.7 (no libshadow.so yet)
- converted code to ANSI C, added ansi2knr (untested - use gcc!)
- fixed useradd -G segfault (one '*' that shouldn't be there)
- allow 8-bit characters in chfn
- added support for RLIMIT_AS (max address space) in libmisc/limits.c
- changed the handling of NIS plus entries in password files
- some more tweaking in various debian/* files
- logoutd uses getutent() instead of reading utmp file directly
- fixed lckpwdf() called twice (and failing) when changing password
if the user is not listed in /etc/shadow (Mike Pakovic)
- erase and kill characters left unchanged if not defined in login.defs
shadow-970616 => shadow-971001
- Debian: mkpasswd no longer installed (dbm files not supported)
- chpasswd checks for shadow/non-shadow at run time, too
- added chpasswd -e (input file with encrypted passwords) - Jay Soffian
- changed libmisc/login_access.c as suggested by Dave Hagewood
- replaced sprintf() with snprintf() in several places
- added lib/snprintf.[ch] (from XFree86) for systems without snprintf()
- minor tweaks in contrib/adduser.c (/usr/local -> /usr)
- non-root users can only run su with a terminal on stdin
- temporarily disabled DES_RPC because getsecretkey() causes login to hang
for 5 minutes on at least one RH 4.0 system. Not sure if this is a bug
in libc, or system misconfiguration. Needs further investigation.
- check for strerror() and -lrpcsvc (should compile on SunOS again)
- fixed free() called twice in libmisc/mail.c
- added information about mirror sites (doc/README.mirrors)
- updated pwconv.8 and pwunconv.8 man pages
- "make install" now installs pwconv, pwunconv, grpconv, grpunconv
- pwauth.8 no longer installed (AUTH_METHODS not supported by default)
- corrected su.1 man page ($SHELL not used)
- no need for --with-md5crypt if the MD5-based crypt() is already in libc
(or another library specified in /etc/ld.so.preload - Linux ld.so 1.8.0+)
- cleaned up PASS_MAX in getpass() (127 always assumed)
- default editor for vipw changed from /bin/ae to a real editor :)
shadow-970601 => shadow-970616
- fixed execlp call (missing NULL) in src/vipw.c
- vipw now preserves permissions on edited files
- commented out the xdm-shadow hack in shadowconfig
- improved RedHat spec file (Timo Karjalainen)
- updated mailing list information
- added information about the shadow paper (doc/README.shadow-paper)
- renamed doc/console.c.spec (confused RPM)
shadow-970502-2 => shadow-970601
- fixed a typo in libmisc/mail.c causing login to segfault
if MAIL_CHECK_ENAB=yes (sorry!)
- patches for OPIE support (Algis Rudys) (untested)
- programs that modify /etc/passwd or /etc/shadow will use
lckpwdf() if available
- now compiles with PAM support! (still untested)
- cosmetic error message changes (prefixed by argv[0]:)
shadow-970216 => shadow-970502-2
- shadow group support fixes (grpconv didn't work - for some
reason, putsgent() returns 1 instead of 0 on success;
now -1 = failure, anything else = success)
- upgraded to autoconf-2.12
- pwconv and pwunconv now follow other UN*X systems and SVID3
(modify files in place), original versions moved to "old"
- scologin.c moved to "old" (it was only for SCO Xenix) so
people stop sending patches for scologin.c gcc warnings :)
- don't use the MD5* functions in libmisc/salt.c (glibc has
the new md5 crypt(), but no <md5.h> and MD5* functions!)
- support for MkLinux, Solaris, JIS, Qmail (Frank Denis)
- "passwd -S -a" now really works
- support for Debian, vipw, a few fixes (Guy Maor)
- src/login.c radius bug fix (Rafal Maszkowski)
- ISSUE_FILE_ENAB -> ISSUE_FILE in the sample /etc/login.defs
- fixes for glibc and DES_RPC (Thorsten Kukuk)
- limits.5 man page (Luca Berra)
- expiry will work setgid shadow too, removed euid 0 check
- added check for a64l() to configure (glibc)
shadow-961025 => shadow-970216
- major rewrite of *io.c (no more 4 copies of almost identical code)
- use fsync() (if available) instead of sync() when updating password files
- use fchmod() and fchown() if available
- keep the NIS "plus on a line by itself" entries at end of passwd/group
- configure checks location of passwd/chfn/chsh programs (/usr/bin or /bin)
- passwd -S -a: list information about all users (root only)
- passwd -k: change only expired passwords
- passwd -q: quiet mode
- first attempt at PAM support in passwd
- passwd updates the non-shadow password if /etc/shadow exists but the
user has no shadow password
- passwd logs who changed the password, added hook to allow non-root
administrators who can change passwords (not implemented yet)
- su sets $HOME even without the "-" option (suggested by Joey Hess)
- added -p (set encrypted password) option to useradd and usermod
(idea from hpux10 - undocumented option used internally by SAM)
- useradd -D -e does the right thing (set default expiration date)
- USERDEL_CMD in login.defs instead of hardcoded {ATRM,CRONTAB}_COMMAND
because there are just too many systems that need different commands
- removed #ifdef FAILLOG_LOCKTIME (now always enabled), warning: the
faillog file format has been changed (somewhere between 960129 and
960810), please truncate the old file (if any) to zero length
- ISSUE_FILE (may be different from /etc/issue) instead of ISSUE_FILE_ENAB
- wtmp, lastlog, faillog file location guessed by configure
- separate checks for invalid user and group names, max username length
based on struct utmp (it's not always 8 characters)
- pwck and grpck now check for invalid user/group names
- pwck -q (quiet, report only serious problems) option added
- separate cleaner sgetpwent() without the NIS magic
- NIS entries ignored (never changed) by *io.c, pwck, grpck
- various code cleanups
- new get_my_pwent() function for getting my own username, uid etc.
- faillog opens the file read-write if possible (even if not root)
- passwd -S allowed for normal users (for their own uid only)
- handle the case of login denied to passwordless accounts better
("Login incorrect" without "Password:" prompt looks strange)
- corrected author information and removed a copyright restriction
shadow-960925 => shadow-961025
- fixed a few typos in shadow group code
- don't check for names starting with 'r' to determine if the shell
is restricted, use /etc/shells instead (for the "rc" shell)
- removed extra definition of LASTLOG_FILE in configure.in
- expiry no longer segfaults if no /etc/shadow
- userdel -r "can't remove mailbox" warning no longer printed on success
- useradd exit codes changed to match hpux10 man page
- fixed possible fd leak etc. in file locking code (lib/commonio.c)
shadow-960920 => shadow-960925
- bug fixes to the new environment code using malloc
- use hardcoded names instead of basename(argv[0]) for openlog() in programs
that users can run (chage, chfn, chsh, gpasswd, login, newgrp, passwd, su)
- small fix to isexpired(), and use it in passwd as well
- use strftime() and strptime() if available
- added chmod 600 /etc/passwd- at the end of pwconv5 (backup file may
contain encrypted passwords!)
- pass size to change_field (chage, chfn, chsh) instead of assuming BUFSIZ
(nothing bad happened yet, just a cleanup)
- gpasswd should work with both shadow and non-shadow group passwords
- detect unsupported options if no shadow (gpasswd, useradd, usermod)
- passwd -e for sunos4 (ATT_AGE), untested
- read environment from file (ENVIRON_FILE in login.defs), idea from ssh
- small fix to l64a()
- passwd prints a message after password successfully changed (for things
like poppassd which run passwd and expect some output)
- passwd logs if password was changed by root (as opposed to a luser)
- passwd uses current uid if no username argument and getlogin() fails
shadow-960910 => shadow-960920
- use malloc for environment variables, no more MAXENV (Juergen Heinzl)
- newusers should work with both shadow and non-shadow passwords
(still left to do: chpasswd, gpasswd)
- login-static no longer compiled by default
- more SYSLOG() macros
shadow-960810 => shadow-960910
- updated README.linux to point to the new ftp site
- chfn and chsh optionally (CHFN_AUTH) prompt for password like util-linux
- man pages now closer to LDP standards (Ivan Nejgebauer)
- newgrp uses SYSLOG_SG_ENAB (not SU) as in the /etc/login.defs comments
- obscure.c fixed to compile with HAVE_LIBCRACK
- cosmetic message changes in age.c
- utmp open error check fixed in utmp.c
- grpunconv added (Michael Meskes)
- login reports invalid login time, not "Login incorrect" (Ivan Nejgebauer)
- logoutd sets OPOST before writing to the tty (Ivan Nejgebauer)
- sulogin: don't use syslog(), other minor changes (Ivan Nejgebauer)
- passwords can be changed if sp_max == -1 (now considered infinity)
- usermod: don't use sizeof(struct lastlog) when writing to faillog (ugh)
- started replacing lots of #ifdef USE_SYSLOG with cleaner macros
- contrib/rpasswd.c added (Joshua Cowan)
- PASS_MAX is 127 with MD5_CRYPT (not just for Linux - sunos4 too...)
- workarounds for a RedHat NYS libc getspnam() bug (if /etc/shadow
doesn't exist, it succeeds and returns sp_lstchg==0 instead of -1).
shadow-960129 => shadow-960810
- automake, configure checks for libcrypt and libcrack (Janos Farkas)
- added --enable-shadowgrp to configure (shadow groups disabled by default)
- should compile on SunOS 4.1.x - but it does NOT mean that it works :-)
- login sets HUSHLOGIN=TRUE or FALSE (for shell startup scripts etc.)
- hopefully removed all the rcsid warnings
- contrib/atudel perl script to remove at jobs (thanks to Brian Gaeke)
- resource limits (Cristian Gafton)
- workaround for buggy init/getty(?) leaving junk in ut_host on RedHat
- more fixes in man pages
- pwck and grpck no longer suggest to run mkpasswd if *DBM not compiled in
- most programs (groupadd, groupdel, groupmod, grpck, login, passwd, pwck,
su, useradd, userdel, usermod) should now work with both shadow and
non-shadow passwords/groups (check for /etc/shadow and /etc/gshadow at
run time); a few programs still left to do
- mailbox mv/chown/rm in usermod/userdel (suggested by Cristian Gafton)
- new contrib/adduser.c from Chris Evans
- lots of other minor changes
- source tree reorganization, GNU autoconf, portability cleanups
- basename() renamed to Basename() to avoid name space confusion
- new programs to create /etc/shadow and /etc/gshadow: pwconv5, grpconv
- newgrp cleanup and a few fixes
- useradd uses PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE
- don't make the first group member the group admin by default
(define FIRST_MEMBER_IS_ADMIN to get the old gpasswd behaviour)
- password aging constants, NGROUPS_MAX and syslog stuff in only one
place (defines.h) instead of repeating it in all source files...
- added userdel -r safety check (refuse to remove the home directory
if it would result in removing some other user's home directory)
- usermod -u now correctly checks for non-unique uid (unless -o)
- sync() after updating password files, just to be more safe
- "make install" should install /etc/login.defs if it doesn't exist
- new option to control what happens if we can't cd to the home directory
(DEFAULT_HOME in /etc/login.defs)
- enter the home directory as the user, not as root (for NFS etc.)
- added check for Slackware bugs (nobody UID -1) in pwck and grpck
- new CONSOLE_GROUPS feature (thanks to pacman@tardis.mars.net), it is
possible to add specified groups (floppy etc.) for console logins
- new faillog feature: lock account for specified (per-user) time since
the last failure after exceeding the failure limit
- new man pages (gpasswd.1, login.access.5, suauth.5)
- fixes in man pages, renamed *.4 to *.5
- new "contrib" directory (two adduser programs)
- changed some "system" to "feature" #ifdefs (autoconf someday...)
- sulogin no longer requires to be run from init, should work from rc
scripts too
- changes to prevent unshadowing with libc SHADOW_COMPAT (get info
using xx_locate(), modify it and call xx_update(), don't write back
anything returned by getpwnam() etc.)
- stupid bug fixed in lastlog.c
- don't move non-directories in "usermod -m"
- don't log unknown usernames (passwords mistyped for usernames) (lmain.c)
- macros to get around ancient compilers which don't like prototypes
- make more use of "const" (not everywhere yet)
- added #ifdef AUTH_METHODS - very few people use administrator defined
authentication methods because many programs are not aware of them;
not supporting them makes the code simpler
- new "save" and "restore" Makefile targets, thanks to Rafal Maszkowski
- sgetgrent() in libshadow.a is optional, some versions of libc have it,
see HAVE_SGETGRENT in config.h (grent.c)
- don't use continued lines in /etc/group, the standard getgr*() functions
don't support that (grent.c)
- removed the third main() argument (according to libc docs, not allowed by
POSIX.1 - use environ instead) (lmain.c, smain.c, newgrp.c, sulogin.c)
- login access control (lmain.c, login_access.c)
- added copyright notice to login_access.c (from logdaemon-5.0)
- detailed su access control (smain.c, suauth.c) - thanks to Chris Evans
- added closelog() in su before executing the shell (smain.c)
- getting current user name changed (smain.c)
- "x" instead of "*" in pw_passwd, consistent with pwconv (useradd.c)
- getpass() shouldn't return NULL except on errors (getpass.c)
- moved isexpired() to isexpired.c (now part of libshadow.a) from age.c
- SunOS4-like passwd -e (force change on next login) (isexpired.c, passwd.c)
- can use shadow support in new versions of Linux libc instead of libshadow.a,
see HAVE_SHADOWPWD, HAVE_SHADOWGRP in config.h.linux (shadow.c, gshadow.c)
- "no shadow password" not logged, the same /bin/login should work with both
shadow and non-shadow passwords (lmain.c)
- some cleanup in various places (lmain.c, passwd.c)
- new program to verify username/password pairs, for xlock etc.; it is not
installed by default, read the comments first (pwdauth.c)
- authentication programs run with empty environment for safety (pwauth.c)
- added missing fstat error checks (faillog.c, lastlog.c, setup.c, *io.c)
- common code separated from *io.c (commonio.c)
- ownership and permissions on password files are now preserved (we may try
to make more use of setgid and setuid non-root programs in the future)
- added (untested) MD5-based crypt() from FreeBSD (md5crypt.c), see
MD5_CRYPT in config.h.linux and MD5_CRYPT_ENAB in login.defs.linux
- termios/termio/sgtty macros cleaned up a bit
shadow-951218 => shadow-960129
Emergency bug fix release - no new features since 951218. There are many
new changes, but this bug really can't wait until they are tested.
Probably all previous versions of the shadow suite have a serious bug which
makes it possible to overwrite the stack by entering very long username at
the login prompt. This can give root access to any remote user!
Changed the maximum size in login.c from BUFSIZ (1024) to 32 (to match
size of the array in lmain.c). Aaargh!!!
shadow-951203 => shadow-951218
Changes:
- Linux utmp handling fixes (utmp.c)
- last failure date printing fixes (failure.c)
- minor fix to compile with USE_CRACKLIB (obscure.c)
- eliminated the use of snprintf (env.c, lmain.c, login.c, shell.c, smain.c)
- basename.c added, replacing duplicated code in various places
- "su -" runs the shell with '-' in argv[0] again (smain.c)
- removing at/cron jobs cleaned up (userdel.c)
- /etc/gshadow should not be world-readable (sgroupio.c)
- if fflush() failed, files were not closed (*io.c)
- login prompt is now "hostname login: " on Linux (lmain.c, login.c)
- "save" and "restore" targets commented out (don't work) (Makefile.linux)
- some minor cleanups for gcc -Wall (unused variables etc.)
- removed README.FIRST (copyrights are OK now)
- updated ANNOUNCE, README.linux, WISHLIST
- as suggested, converted to RCS
shadow-3.3.2-951127 => shadow-951203-jfh
Changes:
- Added the BSD-style copyright to all of the files. Any files with the
old copyright have multiple copyright holders and need to be cleanroomed
to produce BSD-style copyrightable files, or I need to get the consent
of the others to change the copyright.
- Changed the ANNOUNCE file to not refer to the README.FIRST file. Now
that all of the files should have the correct copyright there is no need
to refer to that e-mail message.
- Changes SCCS strings to "%W% %U% %G%". Marek needs to either convert to
RCS or check into SCCS and then checkout. I'd suggest using RCS ;-)
jfh@rpp386.cactus.org
shadow-3.3.2-951106 => shadow-951127
Note: for now this code only supports Linux. All the #ifdef's are there
(and will be; support for at least SunOS 4.1.x would be nice) but:
- I had to fix some potential security problems resulting from sloppy
coding (no bounds checking), and it was easier for me to use snprintf()
(not available on many systems, unfortunately), I'll fix that later.
Old versions of Linux libc don't have snprintf() either, and the one
in libbsd.a ignores the max size - don't use it! (libc-4.6.27 is OK)
- I am lazy and only updated Makefile.linux and config.h.linux this time
- I don't have root access to non-Linux systems (this means no testing)
- this code needs some major reorganization, which will (hopefully)
make porting easier
Changes:
- some code cleanup, prototypes.h, defines.h, Makefile and config.h changes
- login can be statically linked (not that I think it's a good idea, better
fix the telnetd, but paranoid people will like it :-)
- login is installed non-setuid by default
- check for NULL from getpass()
- wipe cleartext password from getpass() when no longer needed (pwauth.c)
- use standard "Password: " prompt by default (pwauth.c)
- hopefully fixed bogus sigaction() stuff (Linux only) (getpass.c)
- oops, setrlimit wants bytes, ulimit wants 512-byte units (lmain.c)
- Linux has <lastlog.h>
- print ll_host on Linux too (lmain.c)
- size checking in various places (setuid root programs, argh!)
- preserve TERM from getty (lmain.c)
- don't ignore SIGHUP (lmain.c)
- :%s/setenv/set_env/g (setenv(3) conflict) (env.c, lmain.c, login.c)
- remove LD_xxx (env.c)
- use bzero() instead of memset() for BSD portability and less #ifdef's
(if the system has no bzero(), implement it as a macro using memset())
- the above fixes wrong order of memset() parameters (log.c)
- use getutent/pututline instead of doing it by hand (utmp.c)
- added the new settings to login.defs.linux
- added login_access.c to the distribution (not used yet)
==========
shadow-3.3.2 => shadow-3.3.2-951106
- added dummy pad.c and #ifdef'ed out references to pad_auth (pwauth.c)
- malloc/strdup error checking, hopefully no more core dumps...
- define HAVE_RLIMIT instead of HAVE_ULIMIT for Linux (config.h.linux)
- changed pathnames on Linux to conform to new FSSTND (/var/log etc.)
- larger buffer for cipher, for md5 crypt() if and when (encrypt.c, passwd.c)
- use POSIX termios whenever possible on Linux
- list.c, removed add_list/del_list from gpmain.c, user{add,del,mod}.c
- strtoday.c, removed duplicates from chage.c, useradd.c, usermod.c
- login -h only for root (lmain.c)
- login -r not needed for Linux (lmain.c)
- sample login.defs modified for Linux (login.defs.linux)
- swapped chfn USAGE and ADMUSAGE (chfn.c)
- added -u to passwd usage (passwd.c)
- no #! check necessary for Linux (shell.c)
- define OLD_CRON for some old incompatible Linux distributions (userdel.c)
- PASS_MAX is now 127 (not 8) for Linux (getpass.c)
- LOGIN_RETRIES, LOGIN_TIMEOUT, PASS_CHANGE_TRIES are no longer compiled in,
can now be set in login.defs, old values are used as defaults (lmain.c)
- unique uid/gid selection now more robust (useradd.c, groupadd.c)
- UID_MIN, UID_MAX, GID_MIN, GID_MAX in login.defs (useradd.c, groupadd.c)
- CRACKLIB_DICTPATH no longer compiled in, can be set in login.defs (passwd.c)
- PASS_ALWAYS_WARN: warn about weak passwords even for root (passwd.c)
- PASS_MAX_LEN, check truncated passwords again (obscure.c)
- check for weak passwords too if previous password was empty (obscure.c)
- CHFN_RESTRICT: don't let users change their full names (chfn.c)
- Linux has getusershell(), use it (chsh.c)
- check if the new shell is executable by the user (chsh.c)
- sleep before printing "Login incorrect", not the other way around (lmain.c)
- don't be picky about utmp only if any of -rfh flags given (lmain.c)
- do "wheel group" more like BSD does (smain.c)
- use getlogin() in su (smain.c)
- UMASK from login.defs defaults to 077, not 0 (lmain.c, newusers.c)
- #undef HAS_ATRM for Linux until atrm can do what we need (config.h.linux)
- Linux has most commands in /usr/bin, not /bin (age.c, passwd.c, userdel.c)
- ULIMIT from login.defs works on systems using setrlimit() too (lmain.c)
- LOGIN_STRING should work now (pwauth.c, getdef.c)
- kludge to avoid conflict with Linux <shadow.h> (gshadow.h)
- mv Makefile Makefile.xenix ; mv config.h config.h.xenix - so that they are
not lost when you copy the right ones to Makefile and config.h
==========
shadow-3.3.2
Original version, received directly from the author.

1918
doc/HOWTO Normal file
View File

File diff suppressed because it is too large Load Diff

176
doc/INSTALL Normal file
View File

@@ -0,0 +1,176 @@
Basic Installation
==================
These are generic installation instructions.
The `configure' shell script attempts to guess correct values for
various system-dependent variables used during compilation. It uses
those values to create a `Makefile' in each directory of the package.
It may also create one or more `.h' files containing system-dependent
definitions. Finally, it creates a shell script `config.status' that
you can run in the future to recreate the current configuration, a file
`config.cache' that saves the results of its tests to speed up
reconfiguring, and a file `config.log' containing compiler output
(useful mainly for debugging `configure').
If you need to do unusual things to compile the package, please try
to figure out how `configure' could check whether to do them, and mail
diffs or instructions to the address given in the `README' so they can
be considered for the next release. If at some point `config.cache'
contains results you don't want to keep, you may remove or edit it.
The file `configure.in' is used to create `configure' by a program
called `autoconf'. You only need `configure.in' if you want to change
it or regenerate `configure' using a newer version of `autoconf'.
The simplest way to compile this package is:
1. `cd' to the directory containing the package's source code and type
`./configure' to configure the package for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
Running `configure' takes a while. While running, it prints some
messages telling which features it is checking for.
2. Type `make' to compile the package.
3. Optionally, type `make check' to run any self-tests that come with
the package.
4. Type `make install' to install the programs and any data files and
documentation.
5. You can remove the program binaries and object files from the
source code directory by typing `make clean'. To also remove the
files that `configure' created (so you can compile the package for
a different kind of computer), type `make distclean'. There is
also a `make maintainer-clean' target, but that is intended mainly
for the package's developers. If you use it, you may have to get
all sorts of other programs in order to regenerate files that came
with the distribution.
Compilers and Options
=====================
Some systems require unusual options for compilation or linking that
the `configure' script does not know about. You can give `configure'
initial values for variables by setting them in the environment. Using
a Bourne-compatible shell, you can do that on the command line like
this:
CC=c89 CFLAGS=-O2 LIBS=-lposix ./configure
Or on systems that have the `env' program, you can do it like this:
env CPPFLAGS=-I/usr/local/include LDFLAGS=-s ./configure
Compiling For Multiple Architectures
====================================
You can compile the package for more than one kind of computer at the
same time, by placing the object files for each architecture in their
own directory. To do this, you must use a version of `make' that
supports the `VPATH' variable, such as GNU `make'. `cd' to the
directory where you want the object files and executables to go and run
the `configure' script. `configure' automatically checks for the
source code in the directory that `configure' is in and in `..'.
If you have to use a `make' that does not supports the `VPATH'
variable, you have to compile the package for one architecture at a time
in the source code directory. After you have installed the package for
one architecture, use `make distclean' before reconfiguring for another
architecture.
Installation Names
==================
By default, `make install' will install the package's files in
`/usr/local/bin', `/usr/local/man', etc. You can specify an
installation prefix other than `/usr/local' by giving `configure' the
option `--prefix=PATH'.
You can specify separate installation prefixes for
architecture-specific files and architecture-independent files. If you
give `configure' the option `--exec-prefix=PATH', the package will use
PATH as the prefix for installing programs and libraries.
Documentation and other data files will still use the regular prefix.
If the package supports it, you can cause programs to be installed
with an extra prefix or suffix on their names by giving `configure' the
option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
Optional Features
=================
Some packages pay attention to `--enable-FEATURE' options to
`configure', where FEATURE indicates an optional part of the package.
They may also pay attention to `--with-PACKAGE' options, where PACKAGE
is something like `gnu-as' or `x' (for the X Window System). The
`README' should mention any `--enable-' and `--with-' options that the
package recognizes.
For packages that use the X Window System, `configure' can usually
find the X include and library files automatically, but if it doesn't,
you can use the `configure' options `--x-includes=DIR' and
`--x-libraries=DIR' to specify their locations.
Specifying the System Type
==========================
There may be some features `configure' can not figure out
automatically, but needs to determine by the type of host the package
will run on. Usually `configure' can figure that out, but if it prints
a message saying it can not guess the host type, give it the
`--host=TYPE' option. TYPE can either be a short name for the system
type, such as `sun4', or a canonical name with three fields:
CPU-COMPANY-SYSTEM
See the file `config.sub' for the possible values of each field. If
`config.sub' isn't included in this package, then this package doesn't
need to know the host type.
If you are building compiler tools for cross-compiling, you can also
use the `--target=TYPE' option to select the type of system they will
produce code for and the `--build=TYPE' option to select the type of
system on which you are compiling the package.
Sharing Defaults
================
If you want to set default values for `configure' scripts to share,
you can create a site shell script called `config.site' that gives
default values for variables like `CC', `cache_file', and `prefix'.
`configure' looks for `PREFIX/share/config.site' if it exists, then
`PREFIX/etc/config.site' if it exists. Or, you can set the
`CONFIG_SITE' environment variable to the location of the site script.
A warning: not all `configure' scripts look for a site script.
Operation Controls
==================
`configure' recognizes the following options to control how it
operates.
`--cache-file=FILE'
Use and save the results of the tests in FILE instead of
`./config.cache'. Set FILE to `/dev/null' to disable caching, for
debugging `configure'.
`--help'
Print a summary of the options to `configure', and exit.
`--quiet'
`--silent'
`-q'
Do not print messages saying which checks are being made.
`--srcdir=DIR'
Look for the package's source code in directory DIR. Usually
`configure' can determine that directory automatically.
`--version'
Print the version of Autoconf used to generate the `configure'
script, and exit.
`configure' also accepts some other, not widely useful, options.

118
doc/LICENSE Normal file
View File

@@ -0,0 +1,118 @@
NOTE:
This license has been obsoleted by the change to the BSD-style copyright.
You may continue to use this license if you wish, but you are under no
obligation to do so.
(*
This document is freely plagiarised from the 'Artistic Licence',
distributed as part of the Perl v4.0 kit by Larry Wall, which is
available from most major archive sites. I stole it from CrackLib.
$Id: LICENSE,v 1.2 1997/05/01 23:14:30 marekm Exp $
*)
This documents purpose is to state the conditions under which this
Package (See definition below) viz: "Shadow", the Shadow Password Suite
which is held by Julianne Frances Haugh, may be copied, such that the
copyright holder maintains some semblance of artistic control over the
development of the package, while giving the users of the package the
right to use and distribute the Package in a more-or-less customary
fashion, plus the right to make reasonable modifications.
So there.
***************************************************************************
Definitions:
A "Package" refers to the collection of files distributed by the
Copyright Holder, and derivatives of that collection of files created
through textual modification, or segments thereof.
"Standard Version" refers to such a Package if it has not been modified,
or has been modified in accordance with the wishes of the Copyright
Holder.
"Copyright Holder" is whoever is named in the copyright or copyrights
for the package.
"You" is you, if you're thinking about copying or distributing this
Package.
"Reasonable copying fee" is whatever you can justify on the basis of
media cost, duplication charges, time of people involved, and so on.
(You will not be required to justify it to the Copyright Holder, but
only to the computing community at large as a market that must bear the
fee.)
"Freely Available" means that no fee is charged for the item itself,
though there may be fees involved in handling the item. It also means
that recipients of the item may redistribute it under the same
conditions they received it.
1. You may make and give away verbatim copies of the source form of the
Standard Version of this Package without restriction, provided that you
duplicate all of the original copyright notices and associated
disclaimers.
2. You may apply bug fixes, portability fixes and other modifications
derived from the Public Domain or from the Copyright Holder. A Package
modified in such a way shall still be considered the Standard Version.
3. You may otherwise modify your copy of this Package in any way,
provided that you insert a prominent notice in each changed file stating
how and when AND WHY you changed that file, and provided that you do at
least ONE of the following:
a) place your modifications in the Public Domain or otherwise make them
Freely Available, such as by posting said modifications to Usenet or an
equivalent medium, or placing the modifications on a major archive site
such as uunet.uu.net, or by allowing the Copyright Holder to include
your modifications in the Standard Version of the Package.
b) use the modified Package only within your corporation or organization.
c) rename any non-standard executables so the names do not conflict with
standard executables, which must also be provided, and provide separate
documentation for each non-standard executable that clearly documents
how it differs from the Standard Version.
d) make other distribution arrangements with the Copyright Holder.
4. You may distribute the programs of this Package in object code or
executable form, provided that you do at least ONE of the following:
a) distribute a Standard Version of the executables and library files,
together with instructions (in the manual page or equivalent) on where
to get the Standard Version.
b) accompany the distribution with the machine-readable source of the
Package with your modifications.
c) accompany any non-standard executables with their corresponding
Standard Version executables, giving the non-standard executables
non-standard names, and clearly documenting the differences in manual
pages (or equivalent), together with instructions on where to get the
Standard Version.
d) make other distribution arrangements with the Copyright Holder.
5. You may charge a reasonable copying fee for any distribution of this
Package. You may charge any fee you choose for support of this Package.
YOU MAY NOT CHARGE A FEE FOR THIS PACKAGE ITSELF. However, you may
distribute this Package in aggregate with other (possibly commercial)
programs as part of a larger (possibly commercial) software distribution
provided that YOU DO NOT ADVERTISE this package as a product of your
own.
6. The name of the Copyright Holder may not be used to endorse or
promote products derived from this software without specific prior
written permission.
7. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The End

19
doc/LSM Normal file
View File

@@ -0,0 +1,19 @@
Begin3
Title: Shadow Password Suite
Version: 19990709
Entered-date: 09JUL99
Description: Shadow password file utilities. This package includes
the programs necessary to convert traditional V7 UNIX
password files to the SVR4 shadow password format, and
additional tools to maintain password and group files
(that work with both shadow and non-shadow passwords).
Keywords: login passwd security shadow
Author: jfh@bga.com (Julianne F. Haugh)
Maintained-by: marekm@linux.org.pl (Marek Michalkiewicz)
Primary-site: piast.t19.ds.pwr.wroc.pl /pub/linux/shadow/
624K shadow-19990709.tar.gz
Alternate-site: ftp.ists.pwr.wroc.pl /pub/linux/shadow/
Original-site: ftp.uu.net ?
Platforms: Linux, SunOS, ...
Copying-policy: FRS
End

7
doc/Makefile.am Normal file
View File

@@ -0,0 +1,7 @@
# This is a dummy Makefile.am to get automake work flawlessly,
# and also cooperate to make a distribution for `make dist'
EXTRA_DIST = ANNOUNCE CHANGES HOWTO LICENSE LSM README README.debian \
README.limits README.linux README.mirrors README.nls README.pam \
README.platforms README.shadow-paper README.sun4 \
WISHLIST console.c.spec.txt cracklib26.diff

198
doc/Makefile.in Normal file
View File

@@ -0,0 +1,198 @@
# Makefile.in generated automatically by automake 1.3 from Makefile.am
# Copyright (C) 1994, 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
# This is a dummy Makefile.am to get automake work flawlessly,
# and also cooperate to make a distribution for `make dist'
SHELL = /bin/sh
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
sbindir = @sbindir@
libexecdir = @libexecdir@
datadir = @datadir@
sysconfdir = @sysconfdir@
sharedstatedir = @sharedstatedir@
localstatedir = @localstatedir@
libdir = @libdir@
infodir = @infodir@
mandir = @mandir@
includedir = @includedir@
oldincludedir = /usr/include
DISTDIR =
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
top_builddir = ..
ACLOCAL = @ACLOCAL@
AUTOCONF = @AUTOCONF@
AUTOMAKE = @AUTOMAKE@
AUTOHEADER = @AUTOHEADER@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
transform = @program_transform_name@
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
host_alias = @host_alias@
host_triplet = @host@
CATALOGS = @CATALOGS@
CATOBJEXT = @CATOBJEXT@
CC = @CC@
CPP = @CPP@
DATADIRNAME = @DATADIRNAME@
GENCAT = @GENCAT@
GMOFILES = @GMOFILES@
GMSGFMT = @GMSGFMT@
GT_NO = @GT_NO@
GT_YES = @GT_YES@
INCLUDE_LOCALE_H = @INCLUDE_LOCALE_H@
INSTOBJEXT = @INSTOBJEXT@
INTLDEPS = @INTLDEPS@
INTLLIBS = @INTLLIBS@
INTLOBJS = @INTLOBJS@
LD = @LD@
LIBCRACK = @LIBCRACK@
LIBCRYPT = @LIBCRYPT@
LIBPAM = @LIBPAM@
LIBSKEY = @LIBSKEY@
LIBTCFS = @LIBTCFS@
LIBTOOL = @LIBTOOL@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MKINSTALLDIRS = @MKINSTALLDIRS@
MSGFMT = @MSGFMT@
NM = @NM@
PACKAGE = @PACKAGE@
POFILES = @POFILES@
POSUB = @POSUB@
RANLIB = @RANLIB@
U = @U@
USE_INCLUDED_LIBINTL = @USE_INCLUDED_LIBINTL@
USE_NLS = @USE_NLS@
VERSION = @VERSION@
YACC = @YACC@
l = @l@
EXTRA_DIST = ANNOUNCE CHANGES HOWTO LICENSE LSM README README.debian \
README.limits README.linux README.mirrors README.nls README.pam \
README.platforms README.shadow-paper README.sun4 \
WISHLIST console.c.spec.txt cracklib26.diff
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = ../config.h
CONFIG_CLEAN_FILES =
DIST_COMMON = README INSTALL Makefile.am Makefile.in
DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST)
TAR = tar
GZIP = --best
all: Makefile
.SUFFIXES:
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOMAKE) --gnu --include-deps doc/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) \
&& CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status
tags: TAGS
TAGS:
distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir)
subdir = doc
distdir: $(DISTFILES)
@for file in $(DISTFILES); do \
d=$(srcdir); \
test -f $(distdir)/$$file \
|| ln $$d/$$file $(distdir)/$$file 2> /dev/null \
|| cp -p $$d/$$file $(distdir)/$$file; \
done
info:
dvi:
check: all
$(MAKE)
installcheck:
install-exec:
@$(NORMAL_INSTALL)
install-data:
@$(NORMAL_INSTALL)
install: install-exec install-data all
@:
uninstall:
install-strip:
$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' INSTALL_SCRIPT='$(INSTALL_PROGRAM)' install
installdirs:
mostlyclean-generic:
-test -z "$(MOSTLYCLEANFILES)" || rm -f $(MOSTLYCLEANFILES)
clean-generic:
-test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-rm -f Makefile $(DISTCLEANFILES)
-rm -f config.cache config.log stamp-h stamp-h[0-9]*
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
maintainer-clean-generic:
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
mostlyclean: mostlyclean-generic
clean: clean-generic mostlyclean
distclean: distclean-generic clean
-rm -f config.status
-rm -f libtool
maintainer-clean: maintainer-clean-generic distclean
@echo "This command is intended for maintainers to use;"
@echo "it deletes files that may require special tools to rebuild."
.PHONY: tags distdir info dvi installcheck install-exec install-data \
install uninstall all installdirs mostlyclean-generic distclean-generic \
clean-generic maintainer-clean-generic clean mostlyclean distclean \
maintainer-clean
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

253
doc/README Normal file
View File

@@ -0,0 +1,253 @@
[ $Id: README,v 1.3 1998/12/28 20:34:27 marekm Exp $ ]
This is the explanatory document for Julianne Frances Haugh's login
replacement, release 3. This document was last updated 16 Feb 1997.
This software is copyright 1988 - 1997, Julianne F. Haugh. All rights
reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of Julianne F. Haugh nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
This source code is currently archived on ftp.uu.net in the
comp.sources.misc portion of the USENET archives. You may also contact
the author, Julianne F. Haugh, at jfh@bga.com if you have any questions
regarding this package.
THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL
LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE
FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO
OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS
ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL
LOSS OF INFORMATION OR MACHINE RESOURCES.
Special thanks are due to Chip Rosenthal for his fine testing efforts;
to Steve Simmons for his work in porting this code to BSD; and to Bill
Kennedy for his contributions of LaserJet printer time and energies.
Also, thanks for Dennis L. Mumaugh for the initial shadow password
information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System
V Release 4 changes. Effort in porting to SunOS has been contributed
by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr.
(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release
4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au).
Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl)
for taking over the Linux port of this software.
New for Release 3.3:
User-defined authentication has been added. This allows you to
write programs to replace the password authentication method
which uses the crypt() function.
The CrackLib password checking library is supported as of release
3.3.0. It allows you to perform pro-active password checking as
each password is changed.
Warning:
The newuser command will be removed in a later release.
The libsec.a library will be removed at some point after
version 3.3.3.
This software is described in the 3rd USENIX Security Symposium
proceedings. These proceedings are available from
USENIX Association
2560 Ninth Street, Suite 215
Berkeley, CA 94710
The current price is $30 for USENIX members and $39 for non-members.
Begin by reading and editing the config.h file. All options are selected
by using #define's. A brief description for each available option appears
below. You may want to print this file out as it is LONG and you will
need to refer to it while editting config.h. You will also have to edit
the Makefile. The possible differences are documented there. Pay close
attention to the install: rule. Login now runs on about 30 different
varieties of UNIX that I have been made aware of. If you have any qualms,
you should run "make save" before running "make install". If something
breaks you can use "make restore" to put things back. In any case, you
should have a recent system backup as the potential for serious damage
exists.
There are special Makefile and config.h files for SVR4, SunOS 4.1, and
Linux systems. If there is a major UNIX variant that you would like to
see supported, please send working Makefile and config.h files and I will
try to include then in the base distribution.
Note that there are MANY options. As distributed most options are turned
on, which produces a really nice package. This is the system as used on
some of the authors' machines. There are many options which may be
selected at run time. You should refer to the login.5 manual page for
more information regarding these options.
There are several files which you may have to replace. If your system has
a lastlog.h file, you should replace the one which I provide with your
system version. The pwd.h file that is produced by "make" must agree
exactly with the system supplied version. You should re-arrange the
fields or #define's until they match. The same is true for "shadow.h",
if you system provides one. You may want to replace large portions of
that file (or the entire file) with your system version. It is provided
for those systems which do NOT provide /usr/include/shadow.h. If you
do not have a the crypt() function in your library (perhaps because you
are located outside the United States), you may wish to look into the
UFC-crypt package which was posted to comp.sources.misc in volume 23,
issues 97 and 98.
Login Defaults File -
This option selects the name of the file to read for the
run-time configurable options. The default value for
LOGINDEFS is "/etc/login.defs".
Shadow [ unreadable ] Password Files -
This option utilizes an alternate, non-readable file to
contain the actual encrypted passwords. This is presumed
to increase system security by increasing the difficulty
with which system crackers obtain encrypted passwords.
Select this option by defining the SHADOWPWD macro.
This feature is optional, but only certain commands may
be compiled with this option disabled.
Shadow Group Files -
This option utilizes an alternate, non-readable file to
contain encrypted group passwords and group administrator
information.
This feature allows one or more users to be defined as
the administrators of a group for the purpose of adding
or deleting members and changing the group password.
Select this option by defining the SHADOWGRP macro. You
must also create an emptry /etc/gshadow file. You must
select the SHADOWPWD option if you select SHADOWGRP.
DBM Password Files -
This option utilizes the DBM database access routines to
increase the performance of user name and ID lookups in the
password file. You may select the NDBM database instead
and have DBM-style access to all user information files.
Select this option by defining both the DBM and GETPWENT
macros. The FGETPWENT macro must also be defined or the
fgetpwent() library routine must be present.
Double Length Passwords -
This option extends the maximum length of a user password
to 16 characters from eight.
Select this option by defining the DOUBLESIZE macro.
Credit for this option is due Jonathan Bayer.
Password Aging -
This option includes code to perform password aging.
Password aging is presumed to increase system security
by forcing users to change passwords on a regular
basis. The resolution on password age is in weeks for
non-shadow password systems and in days otherwise.
Select this option by defining the AGING macro.
Syslog -
This option causes the code to log various errors or
special conditions to the syslog daemon. The types of
information that are logged security violations, changes
to the user database, and program errors.
Select syslog processing by defining the USE_SYSLOG
macro.
Remote Login -
This option causes certain network login code to be
inserted to enable the "rlogin" and "telnet" commands to
work. To enable network logins, define the RLOGIN macro.
If your <utmp.h> file includes a ut_host member, you must
also define the UT_HOST macro. Note that SVR4 has a
"utmpx" file to hold the ut_host member, so UT_HOST is
not required.
Directory Reading Routines -
Three different macros are defined for opening and reading
directories. They are DIR_XENIX, DIR_BSD, and DIR_SYSV.
Refer to config.h for more details.
Library Configuration Macros -
The following macros define the functions which are present
in your system library:
HAVE_ULIMIT - Define if your UNIX supports ulimit()
GETPWENT - Define if you want my GETPWENT(3) routines
GETGRENT - Define if you want my GETGRENT(3) routines
NEED_AL64 - Define if library does not include a64l()
NEED_MKDIR - Define if system does not have mkdir()
NEED_RMDIR - Define if system does not have rmdir()
NEED_RENAME - Define if system does not have rename()
NEED_STRSTR - Define if library does not include strstr()
Password File Information -
The following macros define the fields which are present in
your system password file. Because the system was compiled
to use the password file in its original form, these macros
must agree with the actual contents of the file.
BSD_QUOTA - the pw_quota field exists
ATT_AGE - the pw_age field exists
ATT_COMMENT - the pw_comment field exists
Signal Return Type -
Because different systems return different data types for
the signal() system call, you must define SIGTYPE to be
the data type your system uses. The default is "int", but
"void" is another popular value.
SunOS 4.1.1 Notes: (mke@kaberd.rain.com) Michael J. Miller Jr.
[ These notes were edited from the original. The standard Makefile
and config.h have notes indicating the changes required for SunOS.
Steve Allen at Lick has been working on cleaning up this platform. ]
You'll need to do the following to get the shadow password dist to
compile on a sun 4.1.1 system.
If using csh, then type 'rehash'. cd to the /etc directory and type
'pwconv'. This will create two files, nshadow and npasswd.
now type 'mkpasswd -f nshadow' and 'mkpasswd -f npasswd'. This will
create the shadow password file.
Note: ftp will still use the old password file. Modified versions of
ftpd are available, or you may modify the version of ftpd from
any of the freely redistributable ftpd clones.
Note: If you run suns pcnfs, be aware that it will still be looking at the
old password file as well. I may work out a patch for this, as I am
fairly certain the stuff on the sun side comes with source.
Note: I have compiled this package with the standard c compiler and
suns unbundled c compiler at an optomization level of 2 in
both casses. Haven't tried gcc yet, so I don't know wether it
works. Same goes for suns C++ compiler.
Note: Has been compiled on a sun 3/75 running sunos 4.1.1. Should compile
fine on sun 4's running 4.1.1, and may compile on suns running
4.1. Have no idea what sort of success people will have that
are running 4.03 and older versions.

68
doc/README.debian Normal file
View File

@@ -0,0 +1,68 @@
Read this file first for a brief overview of the new versions of login
and passwd.
---Shadow passwords
The command `shadowconfig on' will turn on shadow password support.
`shadowconfig off' will turn it back off. If you turn on shadow
password support, you'll gain the ability to set password ages and
expirations with chage(1).
You may want to install the secure-su package which allows more
restrictions on su, for example a wheel group.
---General configuration
Most of the configuration for the shadow utilities is in
/etc/login.defs. See login.defs(5). The defaults are quite
reasonable.
---MD5 Encryption
If you set MD5_CRYPT_ENAB=yes in /etc/login.defs, passwords will be
encrypted with an MD5-based algorithm. It also supports of passwords
of unlimited length and longer salt strings.
---Login and resource control
/etc/login.access and /etc/porttime control who may login to which
ports and when they may login. To enforce time restrictions, you'll
need to run logoutd. /etc/init.d/logoutd will start it on bootup if
there are non-comment lines in /etc/portttime.
The lastlog and faillog commands will report the last time a user had
a successful and failed login, respectively.
You may set per-user resource limits by editing /etc/limits. See
limits(5).
---Adding users and groups
Though you may add users and groups with the SysV type commands,
useradd and groupadd, I recommend you add them with Debian adduser
version 3+. adduser gives you more configuration and conforms to the
Debian UID and GID allocation.
Editing user and group parameters can be done with usermod and
groupmod. Removing users and groups can be done with userdel and
groupdel.
--- Group administration
Local group allocation is much easier. With gpasswd(1) you can
designate users to administer groups. They can then securely add or
remove users from the group.
--- What to read next?
Read the manpages, the other files in this directory, and the Shadow
Password HOWTO (included in the doc-linux package). A large portion
of these files deals with getting shadow installed. You can, of
course, ignore those parts.

66
doc/README.limits Normal file
View File

@@ -0,0 +1,66 @@
ABOUT shadow-login limits:
This code is merged into shadow login program from the original LShell 2.01
written by Joel Katz. The port and some additional features have been added
by Cristian Gafton (gafton@sorosis.ro).
Changes:
- 96/04/16
- {spaces,tabs} allowed within limits string
- Warn via syslog multiple default limits
- added few paragraphs to the login man page
- 96/04/14
- code merged into lmain.c --cristiang
TODO: - support groups in the limits file
(only usernames are supported at this momment :-( )
Setting user limits for shadow login program
First, make a root-only-readable file (/etc/limits by default or LIMITS_FILE
defined config.h) that describes the resource limits you wish to impose. By
default no quotas are imposed on 'root'. In fact, there is no way to impose
limits via this procedure to root-equiv accounts (accounts with UID 0).
Each line describes a limit for a user in the form:
user LIMITS_STRING
The LIMITS_STRING is a string of a concatenated list of resource limits.
Each limit consists of a letter identifier followed by a numerical limit.
The valid identifiers are:
A: max address space (KB)
C: max core file size (KB)
D: max data size (KB)
F: maximum filesize (KB)
M: max locked-in-memory address space (KB)
N: max number of open files
R: max resident set size (KB)
S: max stack size (KB)
T: max CPU time (MIN)
U: max number of processes
L: max number of logins for this user
For example, L2D2048N5 is a valid LIMITS_STRING. For reading convenience,
the following entries are equivalent:
username L2D2048N5
username L2 D2048 N5
Be aware that after <username> the rest of the line is considered a limit
string, thus comments are not allowed. A invalid limits string will be
rejected (not considered) by the login program.
The default entry is denoted by username '*'. If you have multiple 'default'
entries in your LIMITS_FILE, then the last one will be used as the default
entry.
To completely disable limits for a user, a single dash (-) will do.
Also, please note that all limit settings are set PER LOGIN. They are
not global, nor are they permanent. Perhaps global limits will come, but
for now this will have to do ;)

162
doc/README.linux Normal file
View File

@@ -0,0 +1,162 @@
$Id: README.linux,v 1.19 1999/06/07 16:40:44 marekm Exp $
This is the shadow suite hacked a bit for Linux. See CHANGES for
short description of changes. See also WISHLIST if you have too
much time on your hands :-). Now that copyright issues have been
resolved, the most important thing is testing. Please test this
code as much as you can, and report any problems. At this point,
I made so many changes that any bugs are probably mine.
This package uses GNU autoconf, so it should be quite portable
- but it hasn't been tested much on anything but Linux/x86.
Long time ago, it has been reported to work on SunOS 4.1.x,
and recently there has been some success on Solaris 2.x and Irix.
I'd like to compile a current list of platforms this package is
known to work on - if you get it to work on some new OS (non-x86
Linux, or non-Linux), please let me know. Please specify: host
type guessed by autoconf, libc version, distribution, changes
you needed to make (if any), etc. Please see README.platforms
for the current (incomplete - I know there are more...) list of
platforms this package is known to work on.
There is a developers mailing list. It has moved again, and is
now hosted by SuSE - thanks to Thorsten Kukuk <kukuk@suse.de>.
Send the command "subscribe shadow" to majordomo@suse.com to
subscribe if you are interested. To send mail to everyone on
the list, send it to shadow@suse.com.
Before reporting bugs, please check if they still exist in my latest
development snapshot. Every few weeks I make a new version available
at the following URLs:
ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/
ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/
http://www.itnet.pl/amelektr/linux/shadow/
(there are also mirror sites, see README.mirrors).
After installation, please remember to remove any old binaries like
/bin/passwd (this version installs /usr/bin/passwd). If your passwd
program doesn't like the new /etc/login.defs settings, and complains
about "configuration error", this is most likely the problem.
Current versions of the Linux C library (both libc 5.x and glibc 2.x)
have the shadow support, including MD5-based crypt(), built in.
Because of this, libshadow.a will build without these functions,
and the ones from libc will be used instead. Currently, libshadow.a
is for internal use only, so if you see -lshadow in a Makefile of
some other package, it is safe to remove it.
Remember that shadow passwords will not make your system more secure
if your distribution has gaping holes which let any user become root.
Some distributions, especially the older ones, are much like SunOS 4.1
without any security patches installed :-). Read the linux-security
mailing list archives, and plug all holes before attempting to install
the shadow suite.
Very old versions of this package (shadow-3.3.x, shadow-mk) had a few
nasty security holes, too. Please use the latest version if possible.
Encrypted passwords are not readable, but it is highly recommended
to use cracklib with a big dictionary to prevent users from choosing
weak passwords. This way if someone ever gets access to /etc/shadow
(for example, because of some not yet discovered bug), they will not
get half of the passwords using Crack... There is a configure option
to use cracklib, I haven't tested it myself but I'm told it works.
The code feels like stabilizing now - while still BETA, it should
work quite well. Many bugs have been fixed, but there may be still
a few lurking. Again, please test it and report any problems.
Thanks to Julianne Frances Haugh <jfh@bga.com> who wrote the thing
in the first place, sent me the latest version, and released it under
a "free" BSD-style license, so that it can be included in Linux
distributions (at least Debian 1.3 and Slackware 3.2 are already
doing that; Debian and Red Hat packaging standards are supported in
the standard source tree). David Frey <David.Frey@lugs.ch>, Michael
Meskes <meskes@topsystem.de> and Guy Maor <maor@debian.org> have
done a lot of work to integrate shadow passwords into Debian Linux.
Thanks to Bradley Glonka <bradley@123.net> of Linux System Labs
(http://www.lsl.com/) for sending me a free Red Hat 4.2 CD-ROM,
making it possible to test this package on this distribution.
Special thanks to Michael H. Jackson <mhjack@tscnet.com> who wrote
the Linux Shadow Password HOWTO. Special thanks to Greg Gallagher
<ggallag@orion.it.luc.edu> and Jon Lewis for maintaining the
developers mailing list for a long time.
Thanks to Maciej 'Tycoon' Majchrowski <tycoon@piast.t19.ds.pwr.wroc.pl>
for ftp server space on piast.t19.ds.pwr.wroc.pl, and to Pawel Wiecek
<coven@pwr.wroc.pl> for keeping bach.ists.pwr.wroc.pl up and running.
Ian Jackson <iwj10@cus.cam.ac.uk> criticized the current shadow password
system (see the linux-security mailing list archives). We disagree on
some points, but this started a discussion on possible better solutions.
Theodore Ts'o <tytso@mit.edu> has started a new project to implement
Pluggable Authentication Modules - a relatively new standard API which
makes it easier to add new authentication mechanisms (it's more than
just shadow passwords). See http://parc.power.net/morgan/Linux-PAM/ for
more information. (XXX - this URL has changed, I have to check where
PAM is now... -MM)
Thanks to at least the following people for sending me patches, bug
reports and various comments. This list may be incomplete, I received
a lot of mail...
John Adelsberger <jja@umr.edu>
Martin Bene <mb@sime.com>
Luca Berra <bluca@www.polimi.it>
Darcy Boese <possum@chardonnay.niagara.com>
Judd Bourgeois <shagboy@bluesky.net>
Ulisses Alonso Camaro <ulisses@pusa.eleinf.uv.es>
Ed Carp <ecarp@netcom.com>
Rani Chouha <ranibey@smartec.com>
Joshua Cowan <jcowan@hermit.reslife.okstate.edu>
Alan Curry <pacman@tardis.mars.net>
Frank Denis <j@4u.net>
Hrvoje Dogan <hdogan@bjesomar.srce.hr>
Chris Evans <lady0110@sable.ox.ac.uk>
Marc Ewing <marc@redhat.com>
Janos Farkas <chexum@bankinf.banki.hu>
Werner Fink <werner@suse.de>
Floody <flood@evcom.net>
David Frey <David.Frey@lugs.ch>
Brian R. Gaeke <brg@dgate.org>
Cristian Gafton <gafton@sorosis.ro>
Anton Gluck <gluc@midway.uchicago.edu>
Dave Hagewood <admin@arrowweb.com>
Jonathan Hankins <jhankins@mailserv.homewood.k12.al.us>
Juergen Heinzl <unicorn@noris.net>
Joey Hess <joey@kite.ml.org>
Tim Hockin <thockin@eagle.ais.net>
David A. Holland <dholland@hcs.harvard.edu>
Andreas Jaeger <aj@arthur.rhein-neckar.de>
Timo Karjalainen <timok@iki.fi>
Calle Karlsson <ckn@kash.se>
Sami Kerola <kerolasa@rocketmail.com>
Thorsten Kukuk <kukuk@suse.de>
Jon Lewis <jlewis@lewis.org>
Pavel Machek <pavel@bug.ucw.cz>
Guy Maor <maor@debian.org>
Martin Mares <mj@gts.cz>
Rafal Maszkowski <rzm@torun.pdi.net>
Nikos Mavroyanopoulos <nmav@i-net.paiko.gr>
Michael Meskes <meskes@topsystem.de>
Arkadiusz Miskiewicz <misiek@pld.org.pl>
Greg Mortensen <loki@world.std.com>
Mike Pakovic <mpakovic@users.southeast.net>
Steve M. Robbins <steve@nyongwa.montreal.qc.ca>
Adam Rudnicki <adam@v-lo.krakow.pl>
Algis Rudys <arudys@rice.edu>
Lutz Schwalowsky <schwalow@mineralogie.uni-hamburg.de>
Jay Soffian <jay@lw.net>
Aniello Del Sorbo <anidel@edu-gw.dia.unisa.it>
Juha Virtanen <jiivee@iki.fi>
Michael Talbot-Wilson <mike@calypso.bns.com.au>
Jesse Thilo <Jesse.Thilo@pobox.com>
Shane Watts <shane@nexus.mlckew.edu.au>
Alexander O. Yuriev <alex@bach.cis.temple.edu>
Leonard N. Zubkoff <lnz@dandelion.com>
If you want to be added here, or your e-mail address changes,
please let me know. Thanks.
-- Marek Michalkiewicz <marekm@linux.org.pl>

57
doc/README.mirrors Normal file
View File

@@ -0,0 +1,57 @@
Primary sites for the Shadow Password Suite for Linux:
ftp://piast.t19.ds.pwr.wroc.pl/pub/linux/shadow/
ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/
http://www.itnet.pl/amelektr/linux/shadow/
I upload latest versions here (and sometimes also to sunsite, but not
every new release). If you are not in Poland, these sites may be slow
for you - please use a mirror near you.
Thanks to several people who offered to mirror this archive. Mirror
sites known to me (with addresses of people who submitted them to
this list) are listed below. If you want your site to be added here,
please let me know (specify the URL, and contact e-mail address).
If any of these sites become way out of date and should be removed,
or if they are good but the URL changes, please let me know too.
Working mirrors that I know of, sorted by country (note: I removed
a few mirrors that didn't work when I tried to access them several
times - if any of them are still alive, please let me know):
Brazil:
ftp://ftp.athena.del.ufrj.br/pub/linux/shadow_password/
Rafael Jorge Csura Szendrodi <szendro@santuario.del.ufrj.br>
Czech Republic:
ftp://ftp.gts.cz/pub/linux/security/shadow/
Martin Mares <mj@mj.gts.cz>
Greece:
ftp://linux.forthnet.gr/pub/linux/shadow/
http://linux.forthnet.gr/pub/linux/shadow/
Sotiris Tsimbonis <stsimb@forthnet.gr>
Poland:
ftp://xenium.pdi.net/pub/Crypto/shadow/
Marcin E. Bednarz <specula@pdi.net>
ftp://giswitch.sggw.waw.pl/pub/Linux/shadow/
Marek Czajko <mcj@giswitch.sggw.waw.pl>
Romania:
ftp://ftp.kappa.ro/pub/Linux/Security/shadow/
Mircea Damian <dmircea@kappa.ro>
United States:
none?
Thanks,
Marek Michalkiewicz <marekm@linux.org.pl>
(or marekm@piast.t19.ds.pwr.wroc.pl, or marekm@bach.ists.pwr.wroc.pl)

30
doc/README.nls Normal file
View File

@@ -0,0 +1,30 @@
I've added in password suite 980724 nls and locale support (currently
only for greek). Before compiling (configuring) you must have set the
environment variable LINGUAS=el for greek or LINGUAS="" just for english.
To see your language at login (to the other programs export LANG=el is
enough) when you enter your login add LANG=xx, where xx is your language.
An other way to accomplish it is change the variable ENVIRON_FILE in
/etc/login.defs from /etc/environment to .environment. Thus any user
can add, to his .environment file, his language eg. LANG=el.
Nikos Mavroyanopoulos
nmav@i-net.paiko.gr
Note: i18n support as of this release (981218) can have some rough
edges - because of the large number of files updated, there is always
a possibility that I have introduced some new bugs. There are also
potential security problems in GNU gettext (both the included one and
one found in glibc 2.0.x) related to environment variables (LANG,
LANGUAGE, LC_*, NLSPATH) when used in setuid programs. I have tried
to work around them in sanitize_env() but no guarantees. The problem
has been reported to the gettext maintainer.
Also, you may not be able to legally distribute binaries compiled
with included gettext (GPL and BSD-like licenses are not compatible).
I believe that distribution in the same source archive is OK though
(it's a "mere aggregation of another work not based on the Program
with the Program" - here Program == gettext library - "on a volume of
a storage or distribution medium"). Please tell the FSF politely that
they should consider changing the gettext license to LGPL. Thanks!
Marek

36
doc/README.pam Normal file
View File

@@ -0,0 +1,36 @@
About PAM support in the Shadow Password Suite
Warning: this code is still considered ALPHA. It is still incomplete,
and needs more testing. Please let me know if it works, or if something
doesn't work.
Use "./configure --with-libpam" to enable PAM support. Right now it only
works for the passwd and su applications. PAM support still needs to be
implemented in login.
When compiled with PAM support enabled, the following traditional features
of the shadow suite are not implemented directly in the applications -
instead, they should be implemented in the PAM modules.
passwd:
- administrator defined authentication methods
- TCFS support
- password expiration
- password strength checks
su:
- wheel group
- console groups
- su access control (/etc/suauth)
- password expiration
- time restrictions
- resource limits
Known problems:
- the pam_limits module doesn't work with su - it should be changed
to set the limits in pam_setcred() instead of pam_open_session()
(this version of su doesn't open any new sessions, like Solaris su
and unlike SimplePAMApps su)
- PAM support still needs to be implemented in login

33
doc/README.platforms Normal file
View File

@@ -0,0 +1,33 @@
# $Id: README.platforms,v 1.4 1999/06/07 16:40:44 marekm Exp $
#
# This is the current (still incomplete) list of platforms this
# package has been verified to work on. Additions (preferably
# in the format as described below) are welcome. Thanks!
#
# V: last version reported to work
# H: host type
# L: Linux libc version
# D: Linux distribution, or other OS name and version
# C: changes (if any)
# R: reported by
V: 980529
H: sparc-unknown-linux-gnu
L: glibc-2.0.7
D: Ultrapenguin-1.0.9
C: had to explicitly disable desrpc.
R: Bjorn Christianson <bjorn@cascade.psychology.mcmaster.ca>
V: 980724
H: i486-pc-linux-gnulibc1
L: libc-5.4.33
D: Debian-1.3.1.r6
C: none (use dpkg-buildpackage)
R: Marek Michalkiewicz <marekm@linux.org.pl>
V: current
H: i686-pc-linux-gnu
L: glibc-2.0.7.19981211
D: Debian-2.1
C: none (use dpkg-buildpackage)
R: Marek Michalkiewicz <marekm@linux.org.pl>

25
doc/README.shadow-paper Normal file
View File

@@ -0,0 +1,25 @@
Date: Fri, 06 Jun 1997 22:57:27 -0500
From: Julie Haugh <jfh@tab.com>
To: marekm@piast.t19.ds.pwr.wroc.pl
CC: shadow-list@neptune.cin.net, debian-devel@lists.debian.org
Subject: Shadow Paper available from the web now.
Greets,
I've finally managed to key in my '92 security paper on Shadow. You can
find it at
http://www.tab.com/~jfh/shadow-paper.html
As I get some time to go over how things have changed in the last 5
years I intend to update it.
My next Shadow-related project is cleaning up the documentation I
started for the Trusted Subsystem evaluation I started a couple of
years ago. There are a few really worthwhile documents a system
administrator might enjoy in there.
--
Julianne Frances Haugh Feminism:
mailto:jfh@tab.com The belief (considered radical by
http://www.tab.com/~jfh some) that women are people, too.

39
doc/README.sun4 Normal file
View File

@@ -0,0 +1,39 @@
[ $Id: README.sun4,v 1.1.1.1 1996/08/10 07:59:52 marekm Exp $ ]
You'll need to do the following to get the shadow password dist to
compile on a sun 4.1.1 system.
copy Makefile.sun4 to Makefile, and make any system specific changes.
copy config.h.sun4 config.h, and make any system specific changes.
You may have to edit the pwd.h.m4 file by hand, as the sunos m4 may
not grok the pwd.h.m4 file corectly. If you have the /usr/5bin/m4,
substitute that. Be sure to delete the pwd.h file before typeing
'make' again, as there will be an empty one left from the failed attempt
to use the standard sunos m4.
type 'make'. If everything goes well, then type 'make install'
If using csh, then type 'rehash'. cd to the /etc directory and type
'pwconv'. This will create two files, nshadow and npasswd.
now type 'mkpasswd -f nshadow' and 'mkpasswd -f npasswd'. This will
create the shadow password file.
Note: The shadow group stuff does not work with sunos.
Note: ftp will still use the old password file.
Note: if you run suns pcnfs, be aware that it will still be looking at the
old password file as well. I may work out a patch for this, as I am
fairly certain the stuff on the sun side comes with source.
Note: I have compiled this package with the standard c compiler and
suns unbundled c compiler at an optomization level of 2 in
both casses. Haven't tried gcc yet, so I don't know wether it
works. Same goes for suns C++ compiler.
Note: has been compiled on a sun 3/75 running sunos 4.1.1. Should compile
fine on sun 4's running 4.1.1, and may compile on suns running
4.1. Have no idea what sort of success people will have that
are running 4.03 and older versions.

61
doc/WISHLIST Normal file
View File

@@ -0,0 +1,61 @@
$Id: WISHLIST,v 1.22 1999/07/09 18:02:43 marekm Exp $
This is my wishlist for the shadow suite, in no particular order. Feel
free to do anything from this list and mail me the diffs :-).
Patches in diff -u format, against the latest version (sometimes in the
"beta" directory) are preferred and make my job easier. Please, no
MIME, base64, quoted-printable, or HTML. For very big patches, or if
your mailer can corrupt them, please use gzip and uuencode. Thanks!
New ideas to add to this list are welcome, too. --marekm
- fix all the bugs, of course
- implement "su only" accounts (no logins, only su from other account)
- rewrite getdef.c to be more general? (no hardcoded names)
- update man pages to reflect all the changes (real programmers ... :-)
- patch for rlogind/telnetd to create utmp entry and fill in ut_addr
- fix the usermod -l bug properly [for now it's OK - #undef AUTH_METHODS]
- IMPORTANT: finish PAM support (passwd, su - done, untested; login - started)
- option to specify encrypted password in passwd (for yppasswdd, so it
doesn't need to know about shadow/non-shadow); should probably use a pipe
(less insecure than command line arguments)
- add support for changing NIS passwords
- clean up NDBM support, do it in the library and not in all programs
- add option to check passwords by piping them to external programs
- add functionality of the contrib/rpasswd.c wrapper to passwd
- option to generate pronounceable passwords (like on SCO), external program?
- poppassd (remote password change for eudora etc.)
- add support for passwd/shadow db files (glibc)
- better documentation
- su -l, -m, -p, -s options (as in GNU su)
- vipw: check password files for errors after editing
- clean up login utmp(x) handling code
- add "maximum time users allowed to stay logged in" limit option to logoutd
- "make" infinite loop on some systems? (Slackware 3.1, possibly others)
- handle quotes in /etc/environment like the shell does (but sshd doesn't...)
- write man pages: dialups.5, d_passwd.5
- better utmpx support (logoutd, ...)
- better OPIE support (check access file, prompt for one-time password
with echo on, report number of logins left, etc.)
- init sometimes fails to remove the utmp entry on logout, why?
(init 2.74 - can't reproduce with 2.71 on Debian 1.3, works fine)
- new option for /etc/suauth: don't load user's environment (force "su -")
suggested by Ulisses Alonso Camaro
- clean up error messages - "program_name: text of error message\n"
(maybe some common code for common messages about failing to lock/open
something)
- don't use putgrent() even if available (glibc-2.0.100 bug)
- find out why recent releases won't compile on Solaris
- change logoutd to simply cat the contents of /etc/logoutd.mesg to the
luser's tty (no need to reload with SIGHUP)
- make the new getpass() replacement optional configurable at run time
(some people don't like the asterisks)
- newusers UID/GID selection algorithm should be the same as useradd
(and use UID_MIN, UID_MAX from login.defs)
- newusers should be able to copy /etc/skel to the new home directory
(like useradd)
- change makefiles to work with the latest automake
- include i18n files in Debian packages
- integrate the latest upstream version into the Debian distribution
(they still have shadow-980403, many bugs have been fixed since then)

36
doc/console.c.spec.txt Normal file
View File

@@ -0,0 +1,36 @@
$Id: console.c.spec.txt,v 1.1 1997/06/16 00:02:41 marekm Exp $
Specification for console.c source file --
input values --
tty -- character pointer to device name with leading "/dev/"
removed.
return values --
0 -- false
1 -- true
int console (char * tty)
if "CONSOLE" string value is not present in login.defs
return true
if the first character of "CONSOLE" string value is not "/"
treat the string as a ":" delimited list of device
names and search for the value of tty in that
tokenized list.
if a match is found
return true
return false
if the file named by "CONSOLE" cannot be opened
return true
scan the file looking for a match between the input line
and the value of tty
if a match is found
return true
return false

340
doc/cracklib26.diff Normal file
View File

@@ -0,0 +1,340 @@
diff -ur orig/cracklib26_small/cracklib/fascist.c cracklib26_small/cracklib/fascist.c
--- orig/cracklib26_small/cracklib/fascist.c Mon Dec 15 02:56:55 1997
+++ cracklib26_small/cracklib/fascist.c Sat Apr 4 22:14:45 1998
@@ -12,6 +12,7 @@
#include <ctype.h>
#include <sys/types.h>
#include <pwd.h>
+#include <string.h>
#define ISSKIP(x) (isspace(x) || ispunct(x))
@@ -460,28 +461,27 @@
}
char *
-FascistGecos(password, uid)
+FascistGecosPw(password, pwd)
char *password;
- int uid;
+ struct passwd *pwd;
{
int i;
int j;
int wc;
char *ptr;
- struct passwd *pwp;
char gbuffer[STRINGSIZE];
char tbuffer[STRINGSIZE];
char *uwords[STRINGSIZE];
char longbuffer[STRINGSIZE * 2];
- if (!(pwp = getpwuid(uid)))
+ if (!pwd)
{
return ("you are not registered in the password file");
}
/* lets get really paranoid and assume a dangerously long gecos entry */
- strncpy(tbuffer, pwp->pw_name, STRINGSIZE);
+ strncpy(tbuffer, pwd->pw_name, STRINGSIZE);
tbuffer[STRINGSIZE-1] = '\0';
if (GTry(tbuffer, password))
{
@@ -490,12 +490,13 @@
/* it never used to be that you got passwd strings > 1024 chars, but now... */
- strncpy(tbuffer, pwp->pw_gecos, STRINGSIZE);
+ strncpy(tbuffer, pwd->pw_gecos, STRINGSIZE);
tbuffer[STRINGSIZE-1] = '\0';
strcpy(gbuffer, Lowercase(tbuffer));
wc = 0;
ptr = gbuffer;
+ uwords[0] = (char *) 0;
while (*ptr)
{
@@ -530,6 +531,8 @@
*(ptr++) = '\0';
}
}
+ if (!uwords[0])
+ return ((char *) 0); /* empty gecos */
#ifdef DEBUG
for (i = 0; uwords[i]; i++)
{
@@ -586,9 +589,10 @@
}
char *
-FascistLook(pwp, instring)
+FascistLookPw(pwp, instring, pwd)
PWDICT *pwp;
char *instring;
+ struct passwd *pwd;
{
int i;
char *ptr;
@@ -667,7 +671,7 @@
return ("it looks like a National Insurance number.");
}
- if (ptr = FascistGecos(password, getuid()))
+ if (ptr = FascistGecosPw(password, pwd ? pwd : getpwuid(getuid())))
{
return (ptr);
}
@@ -715,9 +719,10 @@
}
char *
-FascistCheck(password, path)
+FascistCheckPw(password, path, pwd)
char *password;
char *path;
+ struct passwd *pwd;
{
static char lastpath[STRINGSIZE];
static PWDICT *pwp;
@@ -750,5 +755,29 @@
strncpy(lastpath, path, STRINGSIZE);
}
- return (FascistLook(pwp, pwtrunced));
+ return (FascistLookPw(pwp, pwtrunced, pwd));
+}
+
+char *
+FascistGecos(password, uid)
+ char *password;
+ int uid;
+{
+ return (FascistGecosPw(password, getpwuid(uid)));
+}
+
+char *
+FascistLook(pwp, instring)
+ PWDICT *pwp;
+ char *instring;
+{
+ return (FascistLookPw(pwp, instring, (char *) 0));
+}
+
+char *
+FascistCheck(password, path)
+ char *password;
+ char *path;
+{
+ return (FascistCheckPw(password, path, (char *) 0));
}
diff -ur orig/cracklib26_small/cracklib/packer.h cracklib26_small/cracklib/packer.h
--- orig/cracklib26_small/cracklib/packer.h Mon Dec 15 00:09:30 1997
+++ cracklib26_small/cracklib/packer.h Sat Jan 10 22:13:46 1998
@@ -34,6 +34,7 @@
FILE *dfp;
FILE *wfp;
+ int canfree;
int32 flags;
#define PFOR_WRITE 0x0001
#define PFOR_FLUSH 0x0002
diff -ur orig/cracklib26_small/cracklib/packlib.c cracklib26_small/cracklib/packlib.c
--- orig/cracklib26_small/cracklib/packlib.c Fri Jul 9 22:22:58 1993
+++ cracklib26_small/cracklib/packlib.c Sat Jan 10 22:28:49 1998
@@ -16,7 +16,7 @@
char *mode;
{
int32 i;
- static PWDICT pdesc;
+ PWDICT *pdesc;
char iname[STRINGSIZE];
char dname[STRINGSIZE];
char wname[STRINGSIZE];
@@ -25,92 +25,94 @@
FILE *ifp;
FILE *wfp;
- if (pdesc.header.pih_magic == PIH_MAGIC)
- {
- fprintf(stderr, "%s: another dictionary already open\n", prefix);
+ if ((pdesc = (PWDICT *) malloc(sizeof(PWDICT))) == 0)
return ((PWDICT *) 0);
- }
- memset(&pdesc, '\0', sizeof(pdesc));
+ memset(pdesc, '\0', sizeof(*pdesc));
sprintf(iname, "%s.pwi", prefix);
sprintf(dname, "%s.pwd", prefix);
sprintf(wname, "%s.hwm", prefix);
- if (!(pdesc.dfp = fopen(dname, mode)))
+ if (!(pdesc->dfp = fopen(dname, mode)))
{
perror(dname);
+ free(pdesc);
return ((PWDICT *) 0);
}
- if (!(pdesc.ifp = fopen(iname, mode)))
+ if (!(pdesc->ifp = fopen(iname, mode)))
{
- fclose(pdesc.dfp);
+ fclose(pdesc->dfp);
perror(iname);
+ free(pdesc);
return ((PWDICT *) 0);
}
- if (pdesc.wfp = fopen(wname, mode))
+ if (pdesc->wfp = fopen(wname, mode))
{
- pdesc.flags |= PFOR_USEHWMS;
+ pdesc->flags |= PFOR_USEHWMS;
}
- ifp = pdesc.ifp;
- dfp = pdesc.dfp;
- wfp = pdesc.wfp;
+ ifp = pdesc->ifp;
+ dfp = pdesc->dfp;
+ wfp = pdesc->wfp;
if (mode[0] == 'w')
{
- pdesc.flags |= PFOR_WRITE;
- pdesc.header.pih_magic = PIH_MAGIC;
- pdesc.header.pih_blocklen = NUMWORDS;
- pdesc.header.pih_numwords = 0;
+ pdesc->flags |= PFOR_WRITE;
+ pdesc->header.pih_magic = PIH_MAGIC;
+ pdesc->header.pih_blocklen = NUMWORDS;
+ pdesc->header.pih_numwords = 0;
- fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp);
+ fwrite((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp);
} else
{
- pdesc.flags &= ~PFOR_WRITE;
+ pdesc->flags &= ~PFOR_WRITE;
- if (!fread((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp))
+ if (!fread((char *) &pdesc->header, sizeof(pdesc->header), 1, ifp))
{
fprintf(stderr, "%s: error reading header\n", prefix);
- pdesc.header.pih_magic = 0;
+ pdesc->header.pih_magic = 0;
fclose(ifp);
fclose(dfp);
+ free(pdesc);
return ((PWDICT *) 0);
}
- if (pdesc.header.pih_magic != PIH_MAGIC)
+ if (pdesc->header.pih_magic != PIH_MAGIC)
{
fprintf(stderr, "%s: magic mismatch\n", prefix);
- pdesc.header.pih_magic = 0;
+ pdesc->header.pih_magic = 0;
fclose(ifp);
fclose(dfp);
+ free(pdesc);
return ((PWDICT *) 0);
}
- if (pdesc.header.pih_blocklen != NUMWORDS)
+ if (pdesc->header.pih_blocklen != NUMWORDS)
{
fprintf(stderr, "%s: size mismatch\n", prefix);
- pdesc.header.pih_magic = 0;
+ pdesc->header.pih_magic = 0;
fclose(ifp);
fclose(dfp);
+ free(pdesc);
return ((PWDICT *) 0);
}
- if (pdesc.flags & PFOR_USEHWMS)
+ if (pdesc->flags & PFOR_USEHWMS)
{
- if (fread(pdesc.hwms, 1, sizeof(pdesc.hwms), wfp) != sizeof(pdesc.hwms))
+ if (fread(pdesc->hwms, 1, sizeof(pdesc->hwms), wfp) != sizeof(pdesc->hwms))
{
- pdesc.flags &= ~PFOR_USEHWMS;
+ pdesc->flags &= ~PFOR_USEHWMS;
}
}
}
-
- return (&pdesc);
+ pdesc->canfree = 1;
+ return (pdesc);
}
int
@@ -159,8 +161,13 @@
fclose(pwp->ifp);
fclose(pwp->dfp);
+ if (pwp->wfp)
+ fclose(pwp->wfp);
- pwp->header.pih_magic = 0;
+ if (pwp->canfree)
+ free(pwp);
+ else
+ pwp->header.pih_magic = 0;
return (0);
}
@@ -307,6 +314,11 @@
register char *this;
int idx;
+/*
+ * comment in npasswd-2.0beta4 says this:
+ * This does not work under all circumstances, so don't bother
+ */
+#if 0
if (pwp->flags & PFOR_USEHWMS)
{
idx = string[0] & 0xff;
@@ -317,6 +329,10 @@
lwm = 0;
hwm = PW_WORDS(pwp) - 1;
}
+#else
+ lwm = 0;
+ hwm = PW_WORDS(pwp);
+#endif
#ifdef DEBUG
printf("---- %lu, %lu ----\n", lwm, hwm);
diff -ur orig/cracklib26_small/util/mkdict cracklib26_small/util/mkdict
--- orig/cracklib26_small/util/mkdict Fri Jul 9 22:23:03 1993
+++ cracklib26_small/util/mkdict Sat Apr 4 22:31:45 1998
@@ -14,9 +14,16 @@
SORT="sort"
###SORT="sort -T /tmp"
-cat $* |
+### Use zcat to read compressed (as well as uncompressed) dictionaries.
+### Compressed dictionaries can save quite a lot of disk space.
+
+CAT="gzip -cdf"
+###CAT="zcat"
+###CAT="cat"
+
+$CAT $* |
tr '[A-Z]' '[a-z]' |
- tr -cd '[\012a-z0-9]' |
+ tr -cd '\012[a-z][0-9]' |
$SORT |
uniq |
grep -v '^#' |