community/shadow: add pam config

fixes #6643

community/shadow/APKBUILD

@@ -3,7 +3,7 @@
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=shadow
 pkgver=4.2.1
-pkgrel=8
+pkgrel=9
 pkgdesc="PAM-using login and passwd utilities (usermod, useradd, ...)"
 url="http://pkg-shadow.alioth.debian.org/"
 arch="all"
@@ -19,6 +19,7 @@ source="http://pkg-shadow.alioth.debian.org/releases/shadow-$pkgver.tar.xz
 	301-CVE-2017-2616-su-properly-clear-child-PID.patch
 	302-CVE-2016-6252-fix-integer-overflow.patch
 	useradd-usergroups.patch
+	pam-useradd.patch
 	"
 # secfixes:
 #     - CVE-2016-6252
@@ -54,10 +55,17 @@ package() {
 	make DESTDIR="$pkgdir" install || return 1
 
 	# Do not install these pam.d files they are broken and outdated.
+	rm "$pkgdir"/etc/pam.d/* || return 1
+
+	# install some pam.d files based on a patched useradd
+	for pamf in groupadd groupdel groupmems groupmod \
+		 useradd userdel usermod
+	do
+		install -m0644 etc/pam.d/useradd \
+			"$pkgdir/etc/pam.d/$pamf" || return 1
+	done
 	# nologin is provided by util-linux.
-	rm "$pkgdir"/etc/pam.d/* \
-		"$pkgdir"/sbin/nologin \
-		|| return 1
+	rm "$pkgdir"/sbin/nologin  || return 1
 
 	# However, install our own for login.
 	cp "$srcdir"/login.pamd "$pkgdir"/etc/pam.d/login || return 1
@@ -93,4 +101,5 @@ c46760254439176babeef24d93900914092655af3a48f54385adf6ef5a3af76799fb7e96083acd27
 1b3513772a7a0294b587723213e4464cc5a1a42ae6a79e9b9f9ea20083684a21d81e362f44d87ce2e6de2daf396d8422b39019923c0b0cbb44fa4c4c24613c0c  verbose-error-when-uid-doesnt-match.patch
 0954920ce9307948848d8f9ca5ea5bba4db8394793ef314ab5c6770948e96071748192b52ba8c31d543fe71ce0e6e2a7f3a2a92862966a940639a19df1048634  301-CVE-2017-2616-su-properly-clear-child-PID.patch
 36f494347cb980d85ea82331ec620a949be45f5f2c400a3b13f409a8d9c932c0f822cb0baa2ee78c6f356e7bf93de51c1b0f20730e8f3af36a746a5632d19bbe  302-CVE-2016-6252-fix-integer-overflow.patch
-49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56  useradd-usergroups.patch"
+49f1d5ded82d2d479805c77d7cc6274c30233596e375b28306b31a33f8fbfc3611dbc77d606081b8300247908c267297dbb6c5d1a30d56095dda53c6a636fb56  useradd-usergroups.patch
+0b4587e263cb6be12fa5ae6bc3b3fc4d3696dae355bc67d085dc58c52ff96edb4d163b95db2092b8c2f3310839430cac03c7af356641b42e24ee4aa6410f5cf1  pam-useradd.patch"

community/shadow/pam-useradd.patch

+--- a/etc/pam.d/useradd
++++ b/etc/pam.d/useradd
+@@ -1,4 +1,4 @@
+ #%PAM-1.0
+ auth		sufficient	pam_rootok.so
+-account		required	pam_permit.so
+-password	include		system-auth
++account		include		base-account
++password	include		base-password