--- libuser-0.56.9.dfsg.1.orig/debian/libuser.dirs +++ libuser-0.56.9.dfsg.1/debian/libuser.dirs @@ -0,0 +1 @@ +usr/share/devhelp/books --- libuser-0.56.9.dfsg.1.orig/debian/libuser.install +++ libuser-0.56.9.dfsg.1/debian/libuser.install @@ -0,0 +1,3 @@ +usr/bin/* +usr/sbin/* +usr/share/* --- libuser-0.56.9.dfsg.1.orig/debian/update-orig-dfsg +++ libuser-0.56.9.dfsg.1/debian/update-orig-dfsg @@ -0,0 +1,14 @@ +#!/bin/bash +ORIGDIR=`pwd` +NAME="libuser" +VERSION=$2 +SOURCE=$3 +NON_FREE="docs/rfc2307.txt" +DFSG="dfsg.1" +FILENAME=$NAME-$VERSION + +cd .. && bunzip2 $FILENAME.tar.bz2 +tar --file=$FILENAME.tar --delete $FILENAME/$NON_FREE +bzip2 $FILENAME.tar +mv $FILENAME.tar.bz2 $FILENAME.$DFSG.tar.bz2 +cd $ORIGDIR && uupdate ../$FILENAME.$DFSG.tar.bz2 -v $VERSION.$DFSG --- libuser-0.56.9.dfsg.1.orig/debian/watch +++ libuser-0.56.9.dfsg.1/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts="dversionmangle=s/\.dfsg\.\d+$//,uversionmangle=s/\-\d+$//,downloadurlmangle=s/tar.bz2/tar.bz2?format=raw/" \ +http://fedorahosted.org/libuser/attachment/wiki/LibuserDownloads /libuser/attachment/wiki/LibuserDownloads/libuser-([\d.-]*).tar.bz2 debian debian/update-orig-dfsg \ No newline at end of file --- libuser-0.56.9.dfsg.1.orig/debian/libuser1-dev.examples +++ libuser-0.56.9.dfsg.1/debian/libuser1-dev.examples @@ -0,0 +1 @@ +samples/*.c --- libuser-0.56.9.dfsg.1.orig/debian/libuser.links +++ libuser-0.56.9.dfsg.1/debian/libuser.links @@ -0,0 +1 @@ +usr/share/gtk-doc/html/libuser/libuser.devhelp usr/share/devhelp/books/libuser.devhelp --- libuser-0.56.9.dfsg.1.orig/debian/libuser1.install +++ libuser-0.56.9.dfsg.1/debian/libuser1.install @@ -0,0 +1,3 @@ +etc/ +usr/lib/*.so.* +usr/lib/libuser/*.so --- libuser-0.56.9.dfsg.1.orig/debian/libuser.docs +++ libuser-0.56.9.dfsg.1/debian/libuser.docs @@ -0,0 +1 @@ +tests/ --- libuser-0.56.9.dfsg.1.orig/debian/compat +++ libuser-0.56.9.dfsg.1/debian/compat @@ -0,0 +1 @@ +4 --- libuser-0.56.9.dfsg.1.orig/debian/rules +++ libuser-0.56.9.dfsg.1/debian/rules @@ -0,0 +1,131 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +#include /usr/share/dpatch/dpatch.make +include /usr/share/python/python.mk + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +include /usr/share/dpatch/dpatch.make + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +clean: unpatch + dh_testdir + dh_testroot + [ ! -f Makefile ] || $(MAKE) distclean + -rm -f config.sub config.guess + dh_clean + +install-python%: patch-stamp + dh_testdir + dh_testroot + dh_installdirs + + [ ! -f Makefile ] || $(MAKE) distclean + +ifneq "$(wildcard /usr/share/misc/config.sub)" "" + cp -f /usr/share/misc/config.sub config.sub +endif +ifneq "$(wildcard /usr/share/misc/config.guess)" "" + cp -f /usr/share/misc/config.guess config.guess +endif + + # configure for pythonX.Y + CFLAGS="$(CFLAGS)" PYTHON=python$* ./configure \ + --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) \ + --prefix=/usr --mandir=\$${prefix}/share/man \ + --infodir=\$${prefix}/share/info --sysconfdir=/etc \ + --with-python --disable-rpath + + # build for pythonX.Y + PYTHON=python$* $(MAKE) + + # install for pythonX.Y + $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp + chrpath -d $(CURDIR)/debian/tmp/usr/bin/lchfn \ + $(CURDIR)/debian/tmp/usr/bin/lchsh \ + $(CURDIR)/debian/tmp/usr/sbin/lchage \ + $(CURDIR)/debian/tmp/usr/sbin/lgroupadd \ + $(CURDIR)/debian/tmp/usr/sbin/lgroupdel \ + $(CURDIR)/debian/tmp/usr/sbin/lgroupmod \ + $(CURDIR)/debian/tmp/usr/sbin/lid \ + $(CURDIR)/debian/tmp/usr/sbin/lnewusers \ + $(CURDIR)/debian/tmp/usr/sbin/lpasswd \ + $(CURDIR)/debian/tmp/usr/sbin/luseradd \ + $(CURDIR)/debian/tmp/usr/sbin/luserdel \ + $(CURDIR)/debian/tmp/usr/sbin/lusermod \ + $(CURDIR)/debian/tmp/usr/lib/libuser.so.1.2.0 \ + $(CURDIR)/debian/tmp/usr/lib/libuser/libuser_files.so \ + $(CURDIR)/debian/tmp/usr/lib/libuser/libuser_shadow.so \ + $(CURDIR)/debian/tmp/usr/lib/python$*/site-packages/libusermodule.so + mkdir -p $(CURDIR)/debian/python-libuser/usr/lib/python$*/$(call py_sitename_sh, $*) + # The build system currently puts everything in site-packages due to including + # prefix= in its get_python_lib call to find where to install, so we'll take from + # there and then put in site-packages/dist-packages as appropriate. + # If this causes build failures in the future due to the build putting some files in + # dist-packages then switching the source to use the same py_sitename_sh call in + # the source path will fix it. + cp $(CURDIR)/debian/tmp/usr/lib/python$*/site-packages/libusermodule.so \ + $(CURDIR)/debian/python-libuser/usr/lib/python$*/$(call py_sitename_sh, $*)/libuser.so + + mkdir -p $(CURDIR)/debian/tmp/usr/share/man/man8 + for n in lchage lgroupadd lgroupdel lgroupmod lid lnewusers \ + lpasswd luseradd luserdel lusermod; \ + do \ + sed "s/^\.TH $$n 1 /.TH $$n 8 /" $(CURDIR)/debian/tmp/usr/share/man/man1/$$n.1 > \ + $(CURDIR)/debian/tmp/usr/share/man/man8/$$n.8; \ + rm -f $(CURDIR)/debian/tmp/usr/share/man/man1/$$n.1; \ + done + +install: $(patsubst %,install-%,$(shell pyversions -s)) + dh_testdir + install -Dm644 debian/shlibs.libuser1 debian/libuser1/DEBIAN/shlibs +# install -m644 apps/libapputil.la debian/tmp/usr/lib/libuser + + sed -i "/dependency_libs/ s/'.*'/''/" `find . -name '*.la'` + +# Build architecture-independent files here. +binary-indep: install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs -X.deps -X.dirstamp + dh_installexamples + dh_install -s --sourcedir=debian/tmp --list-missing + dh_installman + dh_pysupport + dh_link + dh_strip + dh_compress + dh_fixperms + dh_makeshlibs -plibuser1 + dh_installdeb + dh_shlibdeps -L libuser1 -l debian/libuser/usr/lib/ + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install patch unpatch --- libuser-0.56.9.dfsg.1.orig/debian/control +++ libuser-0.56.9.dfsg.1/debian/control @@ -0,0 +1,51 @@ +Source: libuser +Section: admin +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Ghe Rivero +Build-Depends: debhelper (>= 4.0.0), python-all-dev, pkg-config, + libglib2.0-dev, linuxdoc-tools, groff, libpam0g-dev, libpopt-dev, + dpatch, autotools-dev, python-support (>= 0.4), chrpath +Standards-Version: 3.7.3 +Homepage: https://fedorahosted.org/libuser/ + +Package: libuser +Architecture: any +Depends: ${shlibs:Depends} +Description: user and group account administration library + The libuser library implements a standardized interface for manipulating + and administering user and group accounts. The library uses pluggable + back-ends to interface to its data sources. + . + Sample applications modeled after those included with the shadow password + suite are included. + +Package: libuser1-dev +Architecture: any +Depends: ${shlibs:Depends}, libuser1 (= ${binary:Version}) +Section: libdevel +Description: user and group account administration library (development files) + The libuser library implements a standardized interface for manipulating + and administering user and group accounts. The library uses pluggable + back-ends to interface to its data sources. + +Package: libuser1 +Architecture: any +Depends: ${shlibs:Depends} +Section: libs +Description: user and group account administration library (shared libraries) + The libuser library implements a standardized interface for manipulating + and administering user and group accounts. The library uses pluggable + back-ends to interface to its data sources. + +Package: python-libuser +Architecture: any +Depends: ${shlibs:Depends}, ${python:Depends} +Provides: ${python:Provides} +Replaces: python2.3-libuser (<< 1:0.54.6-2.1.dfsg.1-1.1) +Conflicts: python2.3-libuser (<< 1:0.54.6-2.1.dfsg.1-1.1) +Section: admin +Description: user and group account administration library (development files) + The libuser library implements a standardized interface for manipulating + and administering user and group accounts. The library uses pluggable + back-ends to interface to its data sources. --- libuser-0.56.9.dfsg.1.orig/debian/changelog +++ libuser-0.56.9.dfsg.1/debian/changelog @@ -0,0 +1,191 @@ +libuser (1:0.56.9.dfsg.1-1.2ubuntu2) precise; urgency=low + + * No-change rebuild against current pkgbinarymangler to fix broken + md5sums. (see LP #875466) + + -- Martin Pitt Wed, 29 Feb 2012 08:42:43 +0100 + +libuser (1:0.56.9.dfsg.1-1.2ubuntu1) oneiric; urgency=low + + * Merge from debian/unstable, remaining changes: + - debian/libuser1.install: + + Add "etc/" again to fix missing /etc/libuser.conf file. + - debian/rules: + + Adapted python2.6, by changing site-package to + $(call py_sitename_sh, $*) and include python.mk. + + -- Andreas Moog Tue, 14 Jun 2011 17:46:45 +0200 + +libuser (1:0.56.9.dfsg.1-1.2) unstable; urgency=low + + * Non-maintainer upload. + * Remove references to other libraries from dependency_libs field + Closes: #620594 + + -- Luk Claes Thu, 02 Jun 2011 18:27:14 +0200 + +libuser (1:0.56.9.dfsg.1-1.1ubuntu2) natty; urgency=low + + * clean dependency_libs from *.la per policy 10.2 + + -- Andreas Moog Sun, 03 Apr 2011 01:31:44 +0200 + +libuser (1:0.56.9.dfsg.1-1.1ubuntu1) natty; urgency=low + + * Merge from debian unstable. Remaining changes: + - debian/libuser1.install: + + Add "etc/" again to fix missing /etc/libuser.conf file. + - debian/rules: + + Adapted python2.6, by changing site-package to + $(call py_sitename_sh, $*) and include python.mk. + * This upload fixes CVE: + - CVE-2011-0002 + + -- Artur Rona Sun, 20 Feb 2011 16:07:26 +0100 + +libuser (1:0.56.9.dfsg.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Fix CVE-2011-0002 + Mark the LDAP default password value as encrypted + Patch taken from libuser-0.56.18-3.fc14.src.rpm + Add 02libuser-0.56.18-default-pw.dpatch + Closes: 610034 + * Fix binary-or-shlib-defines-rpath + + -- Anibal Monsalve Salazar Wed, 09 Feb 2011 11:22:30 +1100 + +libuser (1:0.56.9.dfsg.1-1ubuntu4) natty; urgency=low + + * Rebuild to add support for python 2.7. + + -- Matthias Klose Fri, 03 Dec 2010 00:04:09 +0000 + +libuser (1:0.56.9.dfsg.1-1ubuntu3) lucid; urgency=low + + * Fix the build by copying from site-packages regardless of python + version. Currently configure uses prefix in the get_python_lib call, + which means it gets site-packages on every version. Therefore we copy + from site-packages, and put it in site-packages/dist-packages as + appropriate. + + -- James Westby Tue, 13 Apr 2010 19:20:07 +0100 + +libuser (1:0.56.9.dfsg.1-1ubuntu2) jaunty; urgency=low + + * debian/rules: + - Adapted python2.6, by changing site-package to $(call py_sitename_sh, $*) + (LP: #340828) + - Included /usr/share/python/python.mk + + -- Fabrice Coutadeur Wed, 18 Mar 2009 06:13:05 +0000 + +libuser (1:0.56.9.dfsg.1-1ubuntu1) intrepid; urgency=low + + [ Saïvann Carignan ] + * debian/libuser1.install: Add "etc/" again to fix missing + /etc/libuser.conf file (LP: #214959) + + [ Soren Hansen ] + * Per SRU policy, this patch needs to land in Intrepid first, hence + this upload. + + -- Soren Hansen Wed, 14 May 2008 10:37:45 +0200 + +libuser (1:0.56.9.dfsg.1-1) unstable; urgency=low + + * New upstream release + + -- Ghe Rivero Fri, 02 May 2008 16:01:50 +0200 + +libuser (1:0.56.8.dfsg.1-1) unstable; urgency=low + + * New upstream release + * New download homepage at copyright file + * Lintian clean: copyright-without-copyright-notice + + -- Ghe Rivero Tue, 11 Mar 2008 17:40:21 +0100 + +libuser (1:0.56.7.dfsg.1-2) unstable; urgency=low + + * libuser1-dev depends on libuser1 (Closes: #464681) + * python-libuser section admin + + -- Ghe Rivero Sat, 9 Feb 2008 00:23:21 +0100 + +libuser (1:0.56.7.dfsg.1-1) unstable; urgency=low + + * Removed non-free RFC-2307 doc. (Closes: #393394) + * Some lintian cleans: + - debian-rules-ignores-make-clean-error + - python-package-should-be-section-python python-libuser + + -- Ghe Rivero Mon, 4 Feb 2008 14:40:27 +0100 + +libuser (1:0.56.7-2) unstable; urgency=low + + * Updated watch file... again! (Closes: #462826) + * debian/control: updated python-libuser override section + + -- Ghe Rivero Mon, 28 Jan 2008 00:31:48 +0100 + +libuser (1:0.56.7-1) unstable; urgency=low + + * New upstream release + * Updated watch file (Closes: #449980) and uupdate script + * Merged patch from Ubuntu (Closes: #426568) + * Bumps Standards-Version to 3.7.3 + + -- Ghe Rivero Wed, 16 Jan 2008 10:41:07 +0100 + +libuser (1:0.54.6-2.1.dfsg.2-0.1) unstable; urgency=medium + + * Non-maintainer upload + * debian/control: updated maintainer email address + * Fixed "Source package contains non-free IETF RFC/I-D's", closes: #393394 + + -- Anibal Monsalve Salazar Tue, 18 Sep 2007 18:13:38 +1000 + +libuser (1:0.54.6-2.1.dfsg.1-1.2) unstable; urgency=medium + + * Non-maintainer upload. + * Moved all manpages of commands in /usr/sbin/ from section 1 to + section 8 (Closes: #404020). + * Added autotools-dev as build-dependency. + + -- Anibal Monsalve Salazar Thu, 28 Dec 2006 19:18:14 +1100 + +libuser (1:0.54.6-2.1.dfsg.1-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Update package to the last python policy (Closes: 380854): + + build for all python versions. + + use python-support. + * Bump Standards-Verstion to 3.7.2. + + -- Pierre Habouzit Sun, 3 Sep 2006 21:58:15 +0200 + +libuser (1:0.54.6-2.1.dfsg.1-1) unstable; urgency=low + + * New upstream release + + -- Ghe Rivero Mon, 31 Jul 2006 17:27:39 +0200 + +libuser (0.54.dfsg.1-1) unstable; urgency=low + + * New upstream release, Closes #331611 + + -- Ghe Rivero Fri, 30 Sep 2005 16:22:04 +0200 + +libuser (0.53.8.dfsg.1-1) unstable; urgency=low + + * Removed non-free RFC-2307 document from source tarball. + + -- Ghe Rivero Mon, 1 Aug 2005 00:59:30 +0200 + +libuser (0.53.8-1) unstable; urgency=low + + * Initial Release, closes: #302312 + + -- Ghe Rivero Mon, 27 Jun 2005 13:31:01 +0200 + --- libuser-0.56.9.dfsg.1.orig/debian/libuser1-dev.install +++ libuser-0.56.9.dfsg.1/debian/libuser1-dev.install @@ -0,0 +1,5 @@ +usr/include/* +usr/lib/*.la +usr/lib/pkgconfig/* +usr/lib/libuser/*.la +usr/lib/*.so --- libuser-0.56.9.dfsg.1.orig/debian/pyversions +++ libuser-0.56.9.dfsg.1/debian/pyversions @@ -0,0 +1 @@ +2.3- --- libuser-0.56.9.dfsg.1.orig/debian/shlibs.libuser1 +++ libuser-0.56.9.dfsg.1/debian/shlibs.libuser1 @@ -0,0 +1 @@ +libuser 0 libuser1 (>= 0.53.8-1) --- libuser-0.56.9.dfsg.1.orig/debian/copyright +++ libuser-0.56.9.dfsg.1/debian/copyright @@ -0,0 +1,9 @@ +This package was debianized by Ghe Rivero on +Thu, 31 Mar 2005 09:56:46 +0200. + +It was downloaded from https://fedorahosted.org/libuser/wiki/LibuserDownloads + +Copyright & Upstream Author: Nalin Dahyabhai + +License: LGPL + /usr/share/common-licenses/LGPL --- libuser-0.56.9.dfsg.1.orig/debian/patches/02libuser-0.56.18-default-pw.dpatch +++ libuser-0.56.9.dfsg.1/debian/patches/02libuser-0.56.18-default-pw.dpatch @@ -0,0 +1,373 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02libuser-0.56.18-default-pw.dpatch by Miloslav Trmac +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Correctly mark the LDAP default password value as encrypted (CVE-2011-0002) + +@DPATCH@ +--- a/Makefile.am 2008-04-10 07:14:41.000000000 +1000 ++++ b/Makefile.am 2011-02-08 12:21:36.000000000 +1100 +@@ -16,7 +16,7 @@ PYTHON_CPPFLAGS = -I/usr/include/python$ + SUBDIRS = po docs + TESTS = tests/config_test.sh tests/files_test tests/pwhash_test tests/utils_test + if LDAP +-TESTS += tests/ldap_test ++TESTS += tests/default_pw_test tests/ldap_test + endif + + EXTRA_DIST = \ +@@ -27,6 +27,7 @@ EXTRA_DIST = \ + tests/config_import.conf.in tests/config_import2.conf.in \ + tests/config_login.defs tests/config_login2.defs \ + tests/config_override.conf.in tests/config_test.sh \ ++ tests/default_pw_test \ + tests/files.conf.in tests/files_test tests/files_test.py \ + tests/ldap.conf.in tests/ldaprc tests/ldap_skel.ldif tests/ldap_test \ + tests/ldap_test.py \ +--- a/modules/ldap.c 2008-04-10 07:14:41.000000000 +1000 ++++ b/modules/ldap.c 2011-02-08 12:31:59.000000000 +1100 +@@ -981,6 +981,7 @@ get_ent_adds(const char *dn, struct lu_e + mod_count = 0; + for (a = attrs; a != NULL; a = a->next) { + const char *attribute; ++ gboolean is_userpassword; + + attribute = a->data; + if (strcasecmp(attribute, DISTINGUISHED_NAME) == 0) +@@ -999,9 +1000,26 @@ get_ent_adds(const char *dn, struct lu_e + mod->mod_values + = g_malloc0((vals->n_values + 1) + * sizeof(*mod->mod_values)); ++ /* Ugly hack: Detect userPassword values set by ++ default (by this module and others), and replace them ++ by LU_CRYPTED "!!" - the default values would be ++ interpreted as plaintext passwords. */ ++ is_userpassword ++ = (g_ascii_strcasecmp(attribute, "userPassword") ++ == 0); + for (i = 0; i < vals->n_values; i++) { + value = g_value_array_get_nth(vals, i); + mod->mod_values[i] = lu_value_strdup(value); ++ if (is_userpassword ++ && (strcmp(mod->mod_values[i], ++ LU_COMMON_DEFAULT_PASSWORD) == 0 ++ || strcmp(mod->mod_values[i], "!!") == 0 ++ || strcmp(mod->mod_values[i], "x") ++ == 0)) { ++ g_free(mod->mod_values[i]); ++ mod->mod_values[i] ++ = g_strdup(LU_CRYPTED "!!"); ++ } + } + mods[mod_count++] = mod; + } +@@ -2185,6 +2203,10 @@ lu_ldap_user_default(struct lu_module *m + const char *user, gboolean is_system, + struct lu_ent *ent, struct lu_error **error) + { ++ /* Note that this will set LU_USERPASSWORD to ++ LU_COMMON_DEFAULT_PASSWORD, which is a valid plaintext password in ++ LDAP. get_ent_adds () makes sure this value is replaced by an ++ invalid encrypted hash. */ + return lu_common_user_default(module, user, is_system, ent, error) && + lu_common_suser_default(module, user, is_system, ent, error); + } +@@ -2194,6 +2216,8 @@ lu_ldap_group_default(struct lu_module * + const char *group, gboolean is_system, + struct lu_ent *ent, struct lu_error **error) + { ++ /* This sets LU_SHADOWPASSWORD, which is ignored by our backend. ++ LU_GROUPPASSWORD is not set. */ + return lu_common_group_default(module, group, is_system, ent, error) && + lu_common_sgroup_default(module, group, is_system, ent, error); + } +--- a/tests/default_pw.conf.in 2010-06-29 15:10:08.510287292 +1000 ++++ b/tests/default_pw.conf.in 2011-02-08 12:21:36.000000000 +1100 +@@ -0,0 +1,48 @@ ++[defaults] ++# non-portable ++moduledir = @TOP_BUILDDIR@/modules/.libs ++skeleton = /etc/skel ++mailspooldir = /var/mail ++modules = @MODULES@ ++create_modules = @MODULES@ ++crypt_style = md5 ++ ++[userdefaults] ++LU_USERNAME = %n ++LU_UIDNUMBER = 500 ++LU_GIDNUMBER = %u ++# LU_USERPASSWORD = !! ++# LU_GECOS = %n ++# LU_HOMEDIRECTORY = /home/%n ++# LU_LOGINSHELL = /bin/bash ++ ++# LU_SHADOWNAME = %n ++# LU_SHADOWPASSWORD = !! ++# LU_SHADOWLASTCHANGE = %d ++# LU_SHADOWMIN = 0 ++# LU_SHADOWMAX = 99999 ++# LU_SHADOWWARNING = 7 ++# LU_SHADOWINACTIVE = -1 ++# LU_SHADOWEXPIRE = -1 ++# LU_SHADOWFLAG = -1 ++ ++[groupdefaults] ++LU_GROUPNAME = %n ++LU_GIDNUMBER = 500 ++# LU_GROUPPASSWORD = !! ++# LU_MEMBERUID = ++# LU_ADMINISTRATORUID = ++ ++[ldap] ++server = 127.0.0.1:3890 ++basedn = dc=libuser ++bindtype = simple ++binddn = cn=Manager,dc=libuser ++ ++[files] ++directory = @WORKDIR@/files ++nonroot = yes ++ ++[shadow] ++directory = @WORKDIR@/files ++nonroot = yes +--- a/tests/default_pw_test 2010-06-29 15:10:08.510287292 +1000 ++++ b/tests/default_pw_test 2011-02-08 12:21:36.000000000 +1100 +@@ -0,0 +1,175 @@ ++#! /bin/sh ++# Automated default password value regression tester ++# ++# Copyright (c) 2004, 2010 Red Hat, Inc. All rights reserved. ++# ++# This is free software; you can redistribute it and/or modify it under ++# the terms of the GNU Library General Public License as published by ++# the Free Software Foundation; either version 2 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# General Public License for more details. ++# ++# You should have received a copy of the GNU Library General Public ++# License along with this program; if not, write to the Free Software ++# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. ++# ++# Author: Miloslav Trmač ++ ++srcdir=$srcdir/tests ++ ++workdir=$(pwd)/test_default_pw ++ ++trap 'status=$?; rm -rf "$workdir"; exit $status' 0 ++trap '(exit 1); exit 1' 1 2 13 15 ++ ++rm -rf "$workdir" ++mkdir "$workdir" ++ ++# Create a SSL key ++/usr/bin/openssl req -newkey rsa:512 -keyout "$workdir"/key1 -nodes \ ++ -x509 -days 2 -out "$workdir"/key3 2>/dev/null < "$workdir"/key2 ++cat "$workdir"/key{1,2,3} > "$workdir"/key.pem ++rm "$workdir"/key{1,2,3} ++ ++sed "s|@WORKDIR@|$workdir|g" < "$srcdir"/slapd.conf.in > "$workdir"/slapd.conf ++LIBUSER_CONF=$workdir/libuser.conf ++export LIBUSER_CONF ++# Ugly non-portable hacks ++LD_LIBRARY_PATH=$(pwd)/lib/.libs ++export LD_LIBRARY_PATH ++PYTHONPATH=$(pwd)/python/.libs ++export PYTHONPATH ++ ++exit_status=0 ++fail() # message ++{ ++ echo "Modules $modules: $1" >&2 ++ exit_status=1 ++} ++ ++get_file_password() # file under $workdir/files, entry name ++{ ++ echo "Checking $1 $2 ..." >&2 ++ awk -F : "\$1 == \"$2\" { print \$2; }" "$workdir/files/$1" ++} ++ ++get_ldap_password() # entry filter ++{ ++ echo "Checking $1 ..." >&2 ++ ldapsearch -LLL -h 127.0.0.1 -p 3890 -x -b 'dc=libuser' "$1" userPassword \ ++ | sed -n 's/userPassword:: //p' ++} ++ ++valid_password() # encoded value ++{ ++ local v=$(python -c "import crypt; print crypt.crypt('password', '$1')") ++ [ "x$v" = "x$1" ] ++} ++ ++# Try all concievable combinations and orders, assuming "shadow" requires ++# "files". ++for modules in \ ++ files ldap \ ++ 'files ldap' 'files shadow' 'ldap files' 'shadow files' \ ++ 'files ldap shadow' 'files shadow ldap' 'ldap files shadow' \ ++ 'ldap shadow files' 'shadow files ldap' 'shadow ldap files'; do ++ ++ # FIXME ++ echo ">>>modules: $modules" >&2 ++ ++ # Set up an LDAP server and database files ++ mkdir "$workdir"/db "$workdir"/files ++ touch "$workdir"/files/{passwd,shadow,group,gshadow} ++ case $modules in ++ *ldap*) ++ # FIXME: path ++ /usr/sbin/slapd \ ++ -h 'ldap://127.0.0.1:3890/ ldaps://127.0.0.1:6360/' \ ++ -f "$workdir"/slapd.conf & ++ sleep 3 # Time for slapd to initialize ++ slapd_pid=$(cat "$workdir"/slapd.pid) ++ trap 'status=$?; kill $slapd_pid; rm -rf "$workdir"; exit $status' 0 ++ ldapadd -h 127.0.0.1 -p 3890 -f "$srcdir/ldap_skel.ldif" -x \ ++ -D cn=Manager,dc=libuser -w password ++ ;; ++ esac ++ ++ # Set up the client ++ sed -e "s|@WORKDIR@|$workdir|g; s|@TOP_BUILDDIR@|$(pwd)|g" \ ++ -e "s|@MODULES@|$modules|g" < "$srcdir"/default_pw.conf.in \ ++ > "$LIBUSER_CONF" ++ ++ # Point "$HOME/ldaprc" to "$srcdir"/ldaprc ++ HOME="$srcdir" python "$srcdir"/default_pw_test.py ++ ++ # Test that {passwd,group} handle passwords correctly ++ case $modules in ++ *shadow*) ++ for pair in 'passwd user_default' 'group group_default'; do ++ if [ "x$(get_file_password $pair)" != xx ]; then ++ fail "Unexpected $pair password value" ++ fi ++ done ++ ;; ++ *files*) ++ for pair in 'passwd user_default' 'group group_default'; do ++ if [ "x$(get_file_password $pair)" != 'x!!' ]; then ++ fail "Unexpected $pair password value" ++ fi ++ done ++ ;; ++ esac ++ ++ # Test that {shadow,gshadow} handle passwords correctly ++ case $modules in ++ *shadow*) ++ for pair in 'shadow user_default' 'gshadow group_default'; do ++ if [ "x$(get_file_password $pair)" != 'x!!' ]; then ++ fail "Unexpected $pair password value" ++ fi ++ done ++ ;; ++ esac ++ ++ # Test that ldap handles password correctly ++ case $modules in ++ *ldap*) ++ if [ "x$(get_ldap_password uid=user_default)" != xe0NSWVBUfSEh ]; ++ then ++ fail "Unexpected uid=user_default password value" ++ fi ++ # The LDAP module does not add a group password by default, but the ++ # shadow module may do so. In that case the LDAP module's override ++ # is triggered and replaces shadow's 'x' with '{CRYPT}!!'. ++ v=$(get_ldap_password cn=group_default) ++ if [ "x$v" != x ] && [ "x$v" != xe0NSWVBUfSEh ]; then ++ fail "Unexpected cn=group_default password" ++ fi ++ ;; ++ esac ++ ++ case $modules in ++ *ldap*) ++ kill "$slapd_pid" ++ trap 'status=$?; rm -rf "$workdir"; exit $status' 0 ++ sleep 1 # Time for slapd to terminate ++ ;; ++ esac ++ slapd_pid= ++ rm -rf "$workdir"/db "$workdir"/files ++done ++ ++(exit "$exit_status"); exit "$exit_status" +--- a/tests/default_pw_test.py 2010-06-29 15:10:08.510287292 +1000 ++++ b/tests/default_pw_test.py 2011-02-08 12:21:36.000000000 +1100 +@@ -0,0 +1,40 @@ ++import crypt ++import libuser ++import unittest ++ ++def prompt_callback(prompts): ++ for p in prompts: ++ if p.key == 'ldap/password': ++ p.value = 'password' ++ else: ++ p.value = p.default_value ++ ++# This is ugly; ideally we would want a separate connection for each test case, ++# but libssl REALLY doesn't like being unloaded (libcrypto is not unloaded ++# and keeps pointers to unloaded libssl) ++admin = libuser.admin(prompt = prompt_callback) ++ ++# Test case order matches the order of function pointers in struct lu_module ++class Tests(unittest.TestCase): ++ def setUp(self): ++ # See the comment at the libuser.admin() call above ++ self.a = admin ++ ++ def testGroupAddDefault(self): ++ # Add an group with default attributes ++ e = self.a.initGroup('group_default') ++ self.a.addGroup(e) ++ del e ++ ++ def testUserAddDefault(self): ++ # Add an user with default attributes ++ e = self.a.initUser('user_default') ++ self.a.addUser(e, False, False) ++ del e ++ ++ def tearDown(self): ++ del self.a ++ ++ ++if __name__ == '__main__': ++ unittest.main() +--- a/tests/ldap_test.py 2008-04-10 07:14:42.000000000 +1000 ++++ b/tests/ldap_test.py 2011-02-08 12:21:36.000000000 +1100 +@@ -65,6 +65,7 @@ class Tests(unittest.TestCase): + e = self.a.lookupUserByName('user6_1') + self.assert_(e) + self.assertEqual(e[libuser.USERNAME], ['user6_1']) ++ self.assertEqual(e[libuser.USERPASSWORD], ['{CRYPT}!!']) + + def testUserAdd2(self): + # A maximal case +@@ -533,6 +534,7 @@ class Tests(unittest.TestCase): + e = self.a.lookupGroupByName('group21_1') + self.assert_(e) + self.assertEqual(e[libuser.GROUPNAME], ['group21_1']) ++ self.assertRaises(KeyError, lambda x: x[libuser.GROUPPASSWORD], e) + + def testGroupAdd2(self): + # A maximal case --- libuser-0.56.9.dfsg.1.orig/debian/patches/01manpage.dpatch +++ libuser-0.56.9.dfsg.1/debian/patches/01manpage.dpatch @@ -0,0 +1,28 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01manpage.dpatch by Ghe Rivero +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad --exclude=CVS --exclude=.svn ./apps/lnewusers.1 /tmp/dpep-work.UgPLTp/libuser-0.53.8.dfsg.1/apps/lnewusers.1 +--- ./apps/lnewusers.1 2005-01-17 02:13:38.000000000 +0100 ++++ /tmp/dpep-work.UgPLTp/libuser-0.53.8.dfsg.1/apps/lnewusers.1 2005-08-06 11:08:21.196167784 +0200 +@@ -54,7 +54,7 @@ + The \f[SM]GECOS\fR field is traditionally used to store user's real name + and other information. + +-.IP Home Directory ++.IP "Home Directory" + If this field is empty, + a default specified by + .B libuser +@@ -64,7 +64,7 @@ + configuration does not specify a default, + is used. + +-.IP Login Shell ++.IP "Login Shell" + If this field is empty, + a default specified by + .B libuser --- libuser-0.56.9.dfsg.1.orig/debian/patches/00list +++ libuser-0.56.9.dfsg.1/debian/patches/00list @@ -0,0 +1,2 @@ +01manpage +02libuser-0.56.18-default-pw.dpatch