diff options
author | Nicolas Iooss | 2024-03-20 14:48:15 +0100 |
---|---|---|
committer | Nicolas Iooss | 2024-03-20 22:19:48 +0100 |
commit | 241bc36b8da9e162133dc0a2ac90f44e9139d1ca (patch) | |
tree | ce0d6602767d90be9f570d95d41f8b4208dbd991 /0002-Adapt-login.defs-for-PAM-and-util-linux.patch | |
parent | f337fc878ba0b6d5986dc0dcc6ce66064983bd87 (diff) | |
download | aur-241bc36b8da9e162133dc0a2ac90f44e9139d1ca.tar.gz |
shadow-selinux 4.15.0-1 update
Diffstat (limited to '0002-Adapt-login.defs-for-PAM-and-util-linux.patch')
-rw-r--r-- | 0002-Adapt-login.defs-for-PAM-and-util-linux.patch | 98 |
1 files changed, 38 insertions, 60 deletions
diff --git a/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/0002-Adapt-login.defs-for-PAM-and-util-linux.patch index ccf24098c1e6..f4b24d1bf5fc 100644 --- a/0002-Adapt-login.defs-for-PAM-and-util-linux.patch +++ b/0002-Adapt-login.defs-for-PAM-and-util-linux.patch @@ -1,4 +1,4 @@ -From bb10dbe53f1c8613a9586d5255b878f3fc954ef1 Mon Sep 17 00:00:00 2001 +From f65ece73bcd44caaf8ff62c0f427f960be1f40f2 Mon Sep 17 00:00:00 2001 From: David Runge <dvzrv@archlinux.org> Date: Mon, 31 Oct 2022 09:45:13 +0100 Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux @@ -65,12 +65,12 @@ from util-linux: man/login.defs.5.xml: Remove unavailable options from man 5 login.defs. --- - etc/login.defs | 228 +------------------------------------------ - man/login.defs.5.xml | 150 +--------------------------- - 2 files changed, 8 insertions(+), 370 deletions(-) + etc/login.defs | 223 +------------------------------------------ + man/login.defs.5.xml | 148 +--------------------------- + 2 files changed, 8 insertions(+), 363 deletions(-) diff --git a/etc/login.defs b/etc/login.defs -index 114dbcd9..797ca6b3 100644 +index 33622c29..797ca6b3 100644 --- a/etc/login.defs +++ b/etc/login.defs @@ -3,6 +3,8 @@ @@ -245,7 +245,7 @@ index 114dbcd9..797ca6b3 100644 # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. # UMASK is also used by useradd(8) and newusers(8) to set the mode for new -@@ -211,27 +91,12 @@ UMASK 022 +@@ -211,22 +91,12 @@ UMASK 022 # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. @@ -265,15 +265,10 @@ index 114dbcd9..797ca6b3 100644 -# -SU_WHEEL_ONLY no - --# --# If compiled with cracklib support, sets the path to the dictionaries --# --CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict -- # # Min/max values for automatic uid selection in useradd(8) # -@@ -268,28 +133,6 @@ LOGIN_RETRIES 5 +@@ -263,28 +133,6 @@ LOGIN_RETRIES 5 # LOGIN_TIMEOUT 60 @@ -302,7 +297,7 @@ index 114dbcd9..797ca6b3 100644 # # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work -@@ -298,38 +141,13 @@ CHFN_AUTH yes +@@ -293,38 +141,13 @@ CHFN_AUTH yes # CHFN_RESTRICT rwh @@ -341,7 +336,7 @@ index 114dbcd9..797ca6b3 100644 # # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. -@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh +@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh #SHA_CRYPT_MIN_ROUNDS 5000 #SHA_CRYPT_MAX_ROUNDS 5000 @@ -363,7 +358,7 @@ index 114dbcd9..797ca6b3 100644 # # Only works if ENCRYPT_METHOD is set to YESCRYPT. # -@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh +@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh # #YESCRYPT_COST_FACTOR 5 @@ -381,7 +376,7 @@ index 114dbcd9..797ca6b3 100644 # # Should login be allowed if we can't cd to the home directory? # Default is no. -@@ -406,12 +198,6 @@ DEFAULT_HOME yes +@@ -401,12 +198,6 @@ DEFAULT_HOME yes # NONEXISTENT /nonexistent @@ -394,7 +389,7 @@ index 114dbcd9..797ca6b3 100644 # # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by -@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes +@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes # #GRANT_AUX_GROUP_SUBIDS yes @@ -410,13 +405,14 @@ index 114dbcd9..797ca6b3 100644 # Select the HMAC cryptography algorithm. # Used in pam_timestamp module to calculate the keyed-hash message diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml -index ab62fa86..d82c47f1 100644 +index 05ef5125..1ddf537e 100644 --- a/man/login.defs.5.xml +++ b/man/login.defs.5.xml -@@ -7,69 +7,38 @@ +@@ -7,70 +7,38 @@ --> <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [ +-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml"> -<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml"> <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml"> -<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml"> @@ -483,10 +479,11 @@ index ab62fa86..d82c47f1 100644 <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml"> <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml"> <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml"> -@@ -145,47 +114,25 @@ +@@ -147,48 +115,25 @@ <para>The following configuration items are provided:</para> <variablelist remap='IP'> +- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS --> - &CHFN_AUTH; &CHFN_RESTRICT; - &CHSH_AUTH; @@ -531,7 +528,7 @@ index ab62fa86..d82c47f1 100644 &PASS_MAX_DAYS; &PASS_MIN_DAYS; &PASS_WARN_AGE; -@@ -195,25 +142,16 @@ +@@ -198,25 +143,16 @@ time of account creation. Any changes to these settings won't affect existing accounts. </para> @@ -557,35 +554,16 @@ index ab62fa86..d82c47f1 100644 &UMASK; &USERDEL_CMD; &USERGROUPS_ENAB; -@@ -239,9 +177,7 @@ - <term>chfn</term> - <listitem> - <para> -- <phrase condition="no_pam">CHFN_AUTH</phrase> - CHFN_RESTRICT -- <phrase condition="no_pam">LOGIN_STRING</phrase> - </para> - </listitem> - </varlistentry> -@@ -249,7 +185,7 @@ - <term>chgpasswd</term> - <listitem> +@@ -255,7 +191,7 @@ <para> + <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS + BCRYPT_MIN_ROUNDS</phrase> - ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB + ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase> - </para> -@@ -259,8 +195,6 @@ - <term>chpasswd</term> - <listitem> - <para> -- <phrase condition="no_pam">ENCRYPT_METHOD -- MD5_CRYPT_ENAB </phrase> - <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS - SHA_CRYPT_MIN_ROUNDS</phrase> - </para> -@@ -270,7 +204,7 @@ + <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase> +@@ -280,7 +216,7 @@ <term>chsh</term> <listitem> <para> @@ -594,16 +572,16 @@ index ab62fa86..d82c47f1 100644 </para> </listitem> </varlistentry> -@@ -280,7 +214,7 @@ - <term>gpasswd</term> - <listitem> +@@ -292,7 +228,7 @@ <para> + <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS + BCRYPT_MIN_ROUNDS</phrase> - ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB + ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase> - </para> -@@ -339,35 +273,6 @@ + <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase> +@@ -352,35 +288,6 @@ <para>LASTLOG_UID_MAX</para> </listitem> </varlistentry> @@ -639,8 +617,8 @@ index ab62fa86..d82c47f1 100644 <varlistentry> <term>newgrp / sg</term> <listitem> -@@ -382,7 +287,7 @@ - <para> +@@ -397,7 +304,7 @@ + BCRYPT_MIN_ROUNDS</phrase> ENCRYPT_METHOD GID_MAX GID_MIN - MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB @@ -648,17 +626,17 @@ index ab62fa86..d82c47f1 100644 HOME_MODE PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS -@@ -399,8 +304,7 @@ - <term>passwd</term> - <listitem> +@@ -417,8 +324,7 @@ <para> + <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS + BCRYPT_MIN_ROUNDS</phrase> - ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB - PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN + ENCRYPT_METHOD <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS SHA_CRYPT_MIN_ROUNDS</phrase> - </para> -@@ -432,32 +336,6 @@ + <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase> +@@ -451,32 +357,6 @@ </para> </listitem> </varlistentry> @@ -679,19 +657,19 @@ index ab62fa86..d82c47f1 100644 - </para> - </listitem> - </varlistentry> -- <varlistentry> +- <varlistentry condition="no_pam"> - <term>sulogin</term> - <listitem> - <para> - ENV_HZ -- <phrase condition="no_pam">ENV_TZ</phrase> +- ENV_TZ - </para> - </listitem> - </varlistentry> <varlistentry> <term>useradd</term> <listitem> -@@ -486,24 +364,6 @@ +@@ -505,24 +385,6 @@ </para> </listitem> </varlistentry> |