#!/bin/bash DEPS=(pam acl audit libcap libxcrypt) PKG_VER=4.11.1 SOURCE=https://github.com/shadow-maint/shadow/releases/download/v$PKG_VER/shadow-$PKG_VER.tar.xz DESC="Password and account management tool suite with support for shadow files and PAM" prepare () { sed -i 's/groups$(EXEEXT) //' src/Makefile.in find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \; find man -name Makefile.in -exec sed -i 's/passwd\.5 / /' {} \; sed -e 's:#ENCRYPT_METHOD DES:ENCRYPT_METHOD SHA512:' \ -e 's:/var/spool/mail:/var/mail:' \ -e '/PATH=/{s@/sbin:@@;s@/bin:@@}' \ -i etc/login.defs sed -e "224s/rounds/min_rounds/" -i libmisc/salt.c mkdir -p $PKG_DEST/usr/bin touch $PKG_DEST/usr/bin/passwd } build () { ./configure --sysconfdir=/etc --with-group-name-max-length=32 make } package () { make exec_prefix=/usr DESTDIR=$PKG_DEST install make DESTDIR=$PKG_DEST -C man install-man mkdir -p $PKG_DEST/etc/default } postinstall () { install -v -m644 /etc/login.defs /etc/login.defs.orig && for FUNCTION in FAIL_DELAY \ FAILLOG_ENAB \ LASTLOG_ENAB \ MAIL_CHECK_ENAB \ OBSCURE_CHECKS_ENAB \ PORTTIME_CHECKS_ENAB \ QUOTAS_ENAB \ CONSOLE MOTD_FILE \ FTMP_FILE NOLOGINS_FILE \ ENV_HZ PASS_MIN_LEN \ SU_WHEEL_ONLY \ CRACKLIB_DICTPATH \ PASS_CHANGE_TRIES \ PASS_ALWAYS_WARN \ CHFN_AUTH ENCRYPT_METHOD \ ENVIRON_FILE do sed -i "s/^${FUNCTION}/# &/" /etc/login.defs done cat > /etc/pam.d/login << "EOF" # Begin /etc/pam.d/login # Set failure delay before next prompt to 3 seconds auth optional pam_faildelay.so delay=3000000 # Check to make sure that the user is allowed to login auth requisite pam_nologin.so # Check to make sure that root is allowed to login # Disabled by default. You will need to create /etc/securetty # file for this module to function. See man 5 securetty. #auth required pam_securetty.so # Additional group memberships - disabled by default #auth optional pam_group.so # include system auth settings auth include system-auth # check access for the user account required pam_access.so # include system account settings account include system-account # Set default environment variables for the user session required pam_env.so # Set resource limits for the user session required pam_limits.so # Display date of last login - Disabled by default #session optional pam_lastlog.so # Display the message of the day - Disabled by default #session optional pam_motd.so # Check user's mail - Disabled by default #session optional pam_mail.so standard quiet # include system session and password settings session include system-session password include system-password # End /etc/pam.d/login EOF cat > /etc/pam.d/passwd << "EOF" # Begin /etc/pam.d/passwd password include system-password # End /etc/pam.d/passwd EOF cat > /etc/pam.d/su << "EOF" # Begin /etc/pam.d/su # always allow root auth sufficient pam_rootok.so # Allow users in the wheel group to execute su without a password # disabled by default #auth sufficient pam_wheel.so trust use_uid # include system auth settings auth include system-auth # limit su to users in the wheel group auth required pam_wheel.so use_uid # include system account settings account include system-account # Set default environment variables for the service user session required pam_env.so # include system session settings session include system-session # End /etc/pam.d/su EOF cat > /etc/pam.d/chpasswd << "EOF" # Begin /etc/pam.d/chpasswd # always allow root auth sufficient pam_rootok.so # include system auth and account settings auth include system-auth account include system-account password include system-password # End /etc/pam.d/chpasswd EOF sed -e s/chpasswd/newusers/ /etc/pam.d/chpasswd >/etc/pam.d/newusers cat > /etc/pam.d/chage << "EOF" # Begin /etc/pam.d/chage # always allow root auth sufficient pam_rootok.so # include system auth and account settings auth include system-auth account include system-account # End /etc/pam.d/chage EOF }